community/strongswan to 5.8.2-1

2024-11-08 22:45:43 +00:00 · 2019-12-23 03:37:08 +00:00 · 2019-12-23 03:37:08 +00:00 · 35a90351cf
commit 35a90351cf
parent 38f2704b91
3 changed files with 88 additions and 125 deletions
--- a/community/strongswan/PKGBUILD
+++ b/community/strongswan/PKGBUILD
@ -13,117 +13,116 @@
 #  - remove --enable-aesni from configure

 pkgname=strongswan
-pkgver=5.8.1
-pkgrel=3
+pkgver=5.8.2
+pkgrel=1
 pkgdesc='Open source IPsec implementation'
 url='https://www.strongswan.org'
 license=('GPL2')
 arch=('x86_64')
 makedepends=('curl' 'gmp' 'libnm' 'iproute2' 'openssl' 'sqlite' 'libcap' 'systemd-libs'
-    'systemd' 'pam' 'python' 'ruby' 'mariadb' 'python-setuptools')
+  'systemd' 'pam' 'python' 'ruby' 'mariadb' 'python-setuptools')
 depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'systemd-libs' 'pam')
 optdepends=('libnm: for networkmanager support'
-    'mariadb: MySQL support'
-    'ruby: Ruby support'
-    'python: Python support'
-    'resolvconf: Resolveplugin'
-    'openldap: LDAP support')
+  'mariadb: MySQL support'
+  'ruby: Ruby support'
+  'python: Python support'
+  'resolvconf: Resolveplugin'
+  'openldap: LDAP support')
 # TODO: move to package() and use find
 backup=(
-    etc/ipsec.conf
-    etc/ipsec.secrets
-    etc/swanctl/swanctl.conf
-    etc/strongswan.conf
-    etc/strongswan.d/{charon-logging.conf,charon.conf,pki.conf,pool.conf,scepclient.conf,starter.conf,swanctl.conf}
-    etc/strongswan.d/charon/{aesni.conf,attr-sql.conf,attr.conf,bliss.conf,chapoly.conf,cmac.conf,connmark.conf,constraints.conf,curl.conf,des.conf,dhcp.conf,dnskey.conf,eap-aka-3gpp2.conf,eap-aka.conf,eap-gtc.conf,eap-identity.conf,eap-md5.conf,eap-mschapv2.conf,eap-radius.conf,eap-sim-file.conf,eap-sim.conf,eap-simaka-pseudonym.conf,eap-simaka-reauth.conf,eap-tls.conf,ext-auth.conf,farp.conf,fips-prf.conf,forecast.conf,gmp.conf,ha.conf,hmac.conf,kernel-netlink.conf,md5.conf,mgf1.conf,nonce.conf,newhope.conf,ntru.conf,openssl.conf,pem.conf,pgp.conf,pkcs1.conf,pkcs12.conf,pkcs7.conf,pkcs8.conf,pubkey.conf,random.conf,rc2.conf,resolve.conf,revocation.conf,sha1.conf,sha2.conf,sha3.conf,socket-default.conf,sql.conf,sqlite.conf,sshkey.conf,stroke.conf,updown.conf,vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf,curve25519.conf,bypass-lan.conf})
+  etc/ipsec.conf
+  etc/ipsec.secrets
+  etc/swanctl/swanctl.conf
+  etc/strongswan.conf
+  etc/strongswan.d/{charon-logging.conf,charon.conf,pki.conf,pool.conf,scepclient.conf,starter.conf,swanctl.conf}
+  etc/strongswan.d/charon/{aesni.conf,attr-sql.conf,attr.conf,bliss.conf,chapoly.conf,cmac.conf,connmark.conf,constraints.conf,curl.conf,des.conf,dhcp.conf,dnskey.conf,eap-aka-3gpp2.conf,eap-aka.conf,eap-gtc.conf,eap-identity.conf,eap-md5.conf,eap-mschapv2.conf,eap-radius.conf,eap-sim-file.conf,eap-sim.conf,eap-simaka-pseudonym.conf,eap-simaka-reauth.conf,eap-tls.conf,ext-auth.conf,farp.conf,fips-prf.conf,forecast.conf,gmp.conf,ha.conf,hmac.conf,kernel-netlink.conf,md5.conf,mgf1.conf,nonce.conf,newhope.conf,ntru.conf,openssl.conf,pem.conf,pgp.conf,pkcs1.conf,pkcs12.conf,pkcs7.conf,pkcs8.conf,pubkey.conf,random.conf,rc2.conf,resolve.conf,revocation.conf,sha1.conf,sha2.conf,sha3.conf,socket-default.conf,sql.conf,sqlite.conf,sshkey.conf,stroke.conf,updown.conf,vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf,curve25519.conf,bypass-lan.conf})
 source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2"{,.sig}
-    'configure_ac.patch')
+  'configure_ac.patch')
 validpgpkeys=("948F158A4E76A27BF3D07532DF42C170B34DBA77")
-sha512sums=('630d24643b3d61e931bb25cdd083ad3c55f92fe41f3fcd3198012eee486fb3b1a16dc3f80936162afb7da9e471d45d92b7d183a00153a558babb2a79e5f6813f'
-    'SKIP'
-    '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74')
+sha512sums=('423e7924acfe8a03ad7d4359ae9086fd516798fcf5eb948a27b52ea719f4d8954b83ea30ce94191ea1647616611df8a1215cb4d5c7ec48676624df6c41853e1d'
+  'SKIP'
+  '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74')
 install=strongswan.install

 # We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
 # would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
 # add --enable-libipsec and --enable-kernel-libipsec
 prepare() {
-    cd ${pkgname}-${pkgver}
-    patch -p1 -l < "${srcdir}/configure_ac.patch"
-    autoreconf -fiv
+  cd   ${pkgname}-${pkgver}
+  patch   -p1 -l <"${srcdir}/configure_ac.patch"
+  autoreconf   -fiv
 }

 build() {
-    cd ${pkgname}-${pkgver}
+  cd   ${pkgname}-${pkgver}

-    ./configure --prefix=/usr \
-        --sbindir=/usr/bin \
-        --sysconfdir=/etc \
-        --libexecdir=/usr/lib \
-        --with-ipsecdir=/usr/lib/strongswan \
-        --with-nm-ca-dir=/etc/ssl/certs \
-        --enable-integrity-test \
-        --enable-sqlite \
-        --enable-pkcs11 \
-        --enable-openssl \
-        --enable-curl \
-        --enable-sql \
-        --enable-attr-sql \
-        --enable-farp \
-        --enable-dhcp \
-        --enable-eap-sim \
-        --enable-eap-sim-file \
-        --enable-eap-simaka-pseudonym \
-        --enable-eap-simaka-reauth \
-        --enable-eap-identity \
-        --enable-eap-md5 \
-        --enable-eap-gtc \
-        --enable-eap-aka \
-        --enable-eap-aka-3gpp2 \
-        --enable-eap-mschapv2 \
-        --enable-eap-radius \
-        --enable-xauth-eap \
-        --enable-ha \
-        --enable-vici \
-        --enable-swanctl \
-        --enable-systemd \
-        --enable-ext-auth \
-        --enable-mysql \
-        --enable-ldap \
-        --enable-cmd \
-        --enable-forecast \
-        --enable-connmark \
-        --enable-eap-ttls \
-        --enable-radattr \
-        --enable-xauth-pam \
-        --enable-xauth-noauth \
-        --enable-eap-dynamic \
-        --enable-eap-peap \
-        --enable-eap-tls \
-        --enable-chapoly \
-        --enable-unity \
-        --with-capabilities=libcap \
-        --enable-newhope \
-        --enable-ntru \
-        --enable-mgf1 \
-        --enable-sha3 \
-        --enable-bliss \
-        --enable-dnscert \
-        --enable-nm \
-        --enable-agent \
-        --enable-bypass-lan \
-        --enable-ruby-gems \
-        --enable-python-eggs
-    make
+  ./configure   --prefix=/usr \
+    --sbindir=/usr/bin \
+    --sysconfdir=/etc \
+    --libexecdir=/usr/lib \
+    --with-ipsecdir=/usr/lib/strongswan \
+    --with-nm-ca-dir=/etc/ssl/certs \
+    --enable-integrity-test \
+    --enable-sqlite \
+    --enable-pkcs11 \
+    --enable-openssl \
+    --enable-curl \
+    --enable-sql \
+    --enable-attr-sql \
+    --enable-farp \
+    --enable-dhcp \
+    --enable-eap-sim \
+    --enable-eap-sim-file \
+    --enable-eap-simaka-pseudonym \
+    --enable-eap-simaka-reauth \
+    --enable-eap-identity \
+    --enable-eap-md5 \
+    --enable-eap-gtc \
+    --enable-eap-aka \
+    --enable-eap-aka-3gpp2 \
+    --enable-eap-mschapv2 \
+    --enable-eap-radius \
+    --enable-xauth-eap \
+    --enable-ha \
+    --enable-vici \
+    --enable-swanctl \
+    --enable-systemd \
+    --enable-ext-auth \
+    --enable-mysql \
+    --enable-ldap \
+    --enable-cmd \
+    --enable-forecast \
+    --enable-connmark \
+    --enable-eap-ttls \
+    --enable-radattr \
+    --enable-xauth-pam \
+    --enable-xauth-noauth \
+    --enable-eap-dynamic \
+    --enable-eap-peap \
+    --enable-eap-tls \
+    --enable-chapoly \
+    --enable-unity \
+    --with-capabilities=libcap \
+    --enable-newhope \
+    --enable-ntru \
+    --enable-mgf1 \
+    --enable-sha3 \
+    --enable-bliss \
+    --enable-dnscert \
+    --enable-nm \
+    --enable-agent \
+    --enable-bypass-lan \
+    --enable-ruby-gems \
+    --enable-python-eggs
+  make
 }

 package() {
-    cd ${pkgname}-${pkgver}
-    make DESTDIR="${pkgdir}" install
-    install -Dm644 "${pkgdir}/etc/dbus-1/system.d/nm-strongswan-service.conf" "${pkgdir}/usr/share/dbus-1/system.d/nm-strongswan-service.conf"
-    rm -v "${pkgdir}/etc/dbus-1/system.d/nm-strongswan-service.conf"
-    # remove empty directory
-    rmdir -v "${pkgdir}/etc/dbus-1/system.d"
+  cd   ${pkgname}-${pkgver}
+  make   DESTDIR="${pkgdir}" install
+  # this is not necessary anymore
+  #install -Dm644 "${pkgdir}/etc/dbus-1/system.d/nm-strongswan-service.conf" "${pkgdir}/usr/share/dbus-1/system.d/nm-strongswan-service.conf"
+  #rm -v "${pkgdir}/etc/dbus-1/system.d/nm-strongswan-service.conf"
+  # remove empty directory
+  #rmdir -v "${pkgdir}/etc/dbus-1/system.d"
 }
-
-# vim: ts=2 sw=2 et:
--- a/community/strongswan/cve_2018_5388.patch
+++ b/community/strongswan/cve_2018_5388.patch
@ -1,25 +0,0 @@
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Tue, 13 Mar 2018 17:54:08 +0000 (+0100)
-Subject: stroke: Ensure a minimum message length
-X-Git-Tag: 5.6.3dr1~28
-X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=0acd1ab4
-
-stroke: Ensure a minimum message length
---
-
-diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
-index c568440..1e7f210 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
-+++ b/src/libcharon/plugins/stroke/stroke_socket.c
-@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
- 		}
- 		return FALSE;
- 	}
-+	if (len < offsetof(stroke_msg_t, buffer))
-+	{
-+		DBG1(DBG_CFG, "invalid stroke message length %d", len);
-+		return FALSE;
-+	}
- 
- 	/* read message (we need an additional byte to terminate the buffer) */
- 	msg = malloc(len + 1);
--- a/community/strongswan/stdint.patch
+++ b/community/strongswan/stdint.patch
@ -1,11 +0,0 @@
--- strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h    2017-08-14 02:48:41.000000000 -0400
-+++ strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h    2017-09-12 01:15:29.690527667 -0400
-@@ -14,6 +14,8 @@
-  * for more details.
-  */
-
-+#include <stdint.h> /* for uintptr_t */
-+
- /**
-  * @defgroup memory_i memory
-  * @{ @ingroup utils_i