Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

strongswan: bump to 5.3.0

Browse source 
Signed-off-by: Steven Barth <steven@midlink.org>
This commit is contained in:
Steven Barth 2015-04-06 12:23:27 +02:00
parent 71ef5bbbb1
commit 41222e6c1a
3 changed files with 6 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
net/strongswan/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan PKG_NAME:=strongswan
PKG_VERSION:=5.2.2 PKG_VERSION:=5.3.0
PKG_RELEASE:=2 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/ PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
PKG_MD5SUM:=7ee1a33060b2bde35be0f6d78a1d26d0 PKG_MD5SUM:=c52d4228231c2025d9c320d0e9990327
PKG_LICENSE:=GPL-2.0+ PKG_LICENSE:=GPL-2.0+
PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org> PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
@ -407,7 +407,7 @@ endef
define Plugin/updown/install define Plugin/updown/install
$(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/_updown $(1)/usr/lib/ipsec/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/
$(INSTALL_DIR) $(1)/etc $(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/

48
net/strongswan/patches/001-ikev1-fix.patch
View file

@ -1,48 +0,0 @@
From 627f870ee6256b4b2e36e9ca768fc578febbccef Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 10 Feb 2015 19:03:44 +0100
Subject: [PATCH] ikev1: Set protocol ID and SPIs in INITIAL-CONTACT
notification payloads
The payload we sent before is not compliant with RFC 2407 and thus some
peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error).
---
src/libcharon/sa/ikev1/tasks/main_mode.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 5065e70ffc25..3ea4a2a85e4f 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -213,6 +213,10 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
{
identification_t *idr;
host_t *host;
+ notify_payload_t *notify;
+ ike_sa_id_t *ike_sa_id;
+ u_int64_t spi_i, spi_r;
+ chunk_t spi;
idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE);
if (idr && !idr->contains_wildcards(idr))
@@ -224,8 +228,15 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message,
if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager,
idi, idr, host->get_family(host)))
{
- message->add_notify(message, FALSE, INITIAL_CONTACT_IKEV1,
- chunk_empty);
+ notify = notify_payload_create_from_protocol_and_type(
+ PLV1_NOTIFY, PROTO_IKE, INITIAL_CONTACT_IKEV1);
+ ike_sa_id = this->ike_sa->get_id(this->ike_sa);
+ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id);
+ spi_r = ike_sa_id->get_responder_spi(ike_sa_id);
+ spi = chunk_cata("cc", chunk_from_thing(spi_i),
+ chunk_from_thing(spi_r));
+ notify->set_spi_data(notify, spi);
+ message->add_payload(message, (payload_t*)notify);
}
}
}
--
1.9.1

4
net/strongswan/patches/300-include-ipsec-user-script.patch
View file

@ -13,5 +13,5 @@
+ +
+[ -e /etc/ipsec.user ] && . /etc/ipsec.user "$1" +[ -e /etc/ipsec.user ] && . /etc/ipsec.user "$1"
# things that this script gets (from ipsec_pluto(8) man page) # PLUTO_VERSION
# # indicates what version of this interface is being