Changeset 40518


Ignore:
Timestamp:
2014-04-15T19:28:55+02:00 (4 years ago)
Author:
nbd
Message:

AA: strongswan: update to the latest version to fix various security issues, including CVE-2014-2338

Signed-off-by: Felix Fietkau <nbd@…>

Location:
branches/packages_12.09/net/strongswan
Files:
4 added
1 edited
1 moved

Legend:

Unmodified
Added
Removed
  • branches/packages_12.09/net/strongswan/Makefile

    r33589 r40518  
    1 #  
    2 # Copyright (C) 2012 OpenWrt.org 
     1# 
     2# Copyright (C) 2012-2014 OpenWrt.org 
    33# 
    44# This is free software, licensed under the GNU General Public License v2. 
     
    99 
    1010PKG_NAME:=strongswan 
    11 PKG_VERSION:=5.0.0 
     11PKG_VERSION:=5.1.3 
    1212PKG_RELEASE:=1 
    1313 
    1414PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 
    15 PKG_SOURCE_URL:=http://download.strongswan.org/ 
    16 PKG_MD5SUM:=c8b861305def7c0abae04f7bbefec212 
     15PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/ 
     16PKG_MD5SUM:=1d1c108775242743cd8699215b2918c3 
    1717 
    1818PKG_MOD_AVAILABLE:= \ 
     
    3737        eap-md5 \ 
    3838        eap-mschapv2 \ 
     39        eap-radius \ 
    3940        farp \ 
    4041        fips-prf \ 
     
    4546        hmac \ 
    4647        kernel-klips \ 
     48        kernel-libipsec \ 
    4749        kernel-netlink \ 
    4850        kernel-pfkey \ 
     
    7072        socket-default \ 
    7173        socket-dynamic \ 
    72         socket-raw \ 
    7374        sql \ 
    7475        sqlite \ 
    7576        stroke \ 
    7677        test-vectors \ 
     78        unity \ 
    7779        uci \ 
    7880        updown \ 
     
    8183        xauth-eap \ 
    8284        xauth-generic \ 
    83         xcbc \ 
     85        xcbc 
    8486 
    8587PKG_CONFIG_DEPENDS:= \ 
     
    151153        +strongswan-mod-eap-md5 \ 
    152154        +strongswan-mod-eap-mschapv2 \ 
     155        +strongswan-mod-eap-radius \ 
    153156        +strongswan-mod-farp \ 
    154157        +strongswan-mod-fips-prf \ 
     
    186189        +strongswan-mod-test-vectors \ 
    187190        +strongswan-mod-uci \ 
     191        +strongswan-mod-unity \ 
    188192        +strongswan-mod-updown \ 
    189193        +strongswan-mod-whitelist \ 
     
    199203$(call Package/strongswan/description/Default) 
    200204 This meta-package contains dependencies for all of the strongswan plugins 
    201  except kernel-klips, kernel-pfkey, socket-dynamic and socket-raw which are 
    202  ommitted in favor of the kernel-netlink and socket-default plugins. 
     205 except kernel-klips, kernel-libipsec, kernel-pfkey, 
     206 socket-dynamic and which are ommitted in favor of the kernel-netlink and 
     207 socket-default plugins. 
    203208endef 
    204209 
     
    302307define Package/strongswan-utils/description 
    303308$(call Package/strongswan/description/Default) 
    304  This package contains the openac, pki & scepclient utilities. 
     309 This package contains the pki & scepclient utilities. 
    305310endef 
    306311 
     
    344349/etc/ipsec.conf 
    345350/etc/ipsec.secrets 
     351/etc/ipsec.user 
    346352/etc/strongswan.conf 
    347353endef 
     
    353359        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{libstrongswan.so.*,libhydra.so.*} $(1)/usr/lib/ipsec/ 
    354360        $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ 
     361        $(INSTALL_DIR) $(1)/etc/init.d 
     362        $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec 
    355363endef 
    356364 
     
    381389        $(INSTALL_DIR) $(1)/usr/sbin 
    382390        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ 
     391        $(INSTALL_DIR) $(1)/usr/bin 
     392        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/pki $(1)/usr/bin/ 
    383393        $(INSTALL_DIR) $(1)/usr/lib/ipsec 
    384         $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/ 
     394        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/scepclient $(1)/usr/lib/ipsec/ 
    385395endef 
    386396 
     
    389399        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/duplicheck $(1)/usr/lib/ipsec/ 
    390400        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-duplicheck.so $(1)/usr/lib/ipsec/plugins/ 
     401endef 
     402 
     403define Plugin/eap-radius/install 
     404        $(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins 
     405        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libradius.so.* $(1)/usr/lib/ipsec/ 
     406        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-eap-radius.so $(1)/usr/lib/ipsec/plugins/ 
    391407endef 
    392408 
     
    417433        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/ 
    418434        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/ 
     435        $(INSTALL_DIR) $(1)/etc 
     436        $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ 
    419437endef 
    420438 
     
    423441        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/whitelist $(1)/usr/lib/ipsec/ 
    424442        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-whitelist.so $(1)/usr/lib/ipsec/plugins/ 
     443endef 
     444 
     445define Plugin/kernel-libipsec/install 
     446        $(INSTALL_DIR) $(1)/usr/lib/ipsec 
     447        $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libipsec.so.* $(1)/usr/lib/ipsec/ 
    425448endef 
    426449 
     
    451474$(eval $(call BuildPlugin,eap-identity,EAP identity helper,)) 
    452475$(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,)) 
    453 $(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,)) 
     476$(eval $(call BuildPlugin,eap-mschapv2,EAP MS-CHAPv2 EAP auth,+strongswan-mod-md4 +strongswan-mod-des)) 
     477$(eval $(call BuildPlugin,eap-radius,EAP RADIUS auth,)) 
    454478$(eval $(call BuildPlugin,farp,fake arp respsonses,)) 
    455479$(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1)) 
     
    460484$(eval $(call BuildPlugin,hmac,HMAC crypto,)) 
    461485$(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,)) 
     486$(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,)) 
    462487$(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,)) 
    463488$(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,)) 
     
    485510$(eval $(call BuildPlugin,socket-default,default socket implementation for charon,)) 
    486511$(eval $(call BuildPlugin,socket-dynamic,dynamic socket implementation for charon,)) 
    487 $(eval $(call BuildPlugin,socket-raw,raw socket implementation for charon,)) 
    488512$(eval $(call BuildPlugin,sql,SQL database interface,)) 
    489513$(eval $(call BuildPlugin,sqlite,SQLite database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-sqlite:libsqlite3)) 
     
    491515$(eval $(call BuildPlugin,test-vectors,crypto test vectors,)) 
    492516$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci)) 
     517$(eval $(call BuildPlugin,unity,Cisco Unity extension,)) 
    493518$(eval $(call BuildPlugin,updown,updown firewall,)) 
    494519$(eval $(call BuildPlugin,whitelist,peer identity whitelisting,)) 
  • branches/packages_12.09/net/strongswan/patches/201-kmodloader.patch

    r40517 r40518  
    66                { 
    77-                       ignore_result(system("modprobe -qv af_key")); 
    8 +                       ignore_result(system("insmod -qv af_key")); 
     8+                       ignore_result(system("modprobe af_key 2>&1 >/dev/null")); 
    99                } 
    1010  
     
    1919-               ignore_result(system("modprobe -qv xfrm4_tunnel")); 
    2020-               ignore_result(system("modprobe -qv xfrm_user")); 
    21 +               ignore_result(system("insmod -qv ah4")); 
    22 +               ignore_result(system("insmod -qv esp4")); 
    23 +               ignore_result(system("insmod -qv ipcomp")); 
    24 +               ignore_result(system("insmod -qv xfrm4_tunnel")); 
    25 +               ignore_result(system("insmod -qv xfrm_user")); 
     21+               ignore_result(system("modprobe ah4 2>&1 >/dev/null")); 
     22+               ignore_result(system("modprobe esp4 2>&1 >/dev/null")); 
     23+               ignore_result(system("modprobe ipcomp 2>&1 >/dev/null")); 
     24+               ignore_result(system("modprobe xfrm4_tunnel 2>&1 >/dev/null")); 
     25+               ignore_result(system("modprobe xfrm_user 2>&1 >/dev/null")); 
    2626        } 
    2727  
Note: See TracChangeset for help on using the changeset viewer.