diff options
author | Timo Teräs <timo.teras@iki.fi> | 2016-11-07 09:51:06 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2016-11-07 09:51:06 +0200 |
commit | 4a4776379ec19429dda0153467b4efdae4fe1bb5 (patch) | |
tree | 3dd9ff8d14278d913fac242219583eb44a15af0a | |
parent | bfbbc4254ea59cb538d4ea741bccc1aa93709df4 (diff) | |
download | aports-4a4776379ec19429dda0153467b4efdae4fe1bb5.tar.bz2 aports-4a4776379ec19429dda0153467b4efdae4fe1bb5.tar.xz |
main/strongswan: fix libressl support, remove deprecated patch
-rw-r--r-- | main/strongswan/2002-vici-add-deprecated-async-parameter.patch | 49 | ||||
-rw-r--r-- | main/strongswan/APKBUILD | 12 | ||||
-rw-r--r-- | main/strongswan/libressl.patch | 201 |
3 files changed, 200 insertions, 62 deletions
diff --git a/main/strongswan/2002-vici-add-deprecated-async-parameter.patch b/main/strongswan/2002-vici-add-deprecated-async-parameter.patch deleted file mode 100644 index 577532867c..0000000000 --- a/main/strongswan/2002-vici-add-deprecated-async-parameter.patch +++ /dev/null @@ -1,49 +0,0 @@ -From d3c1585742909cbf306da1bf489b7f1560e8dab5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:42:15 +0300 -Subject: [PATCH 5/5] vici: add (deprecated) async parameter -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is obsoleted by the new "timeout=-1" option that achieves -the same. Only for compatibility with old versions of quagga-nhrp. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/libcharon/plugins/vici/vici_control.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c -index 55b8c99..eba7640 100644 ---- a/src/libcharon/plugins/vici/vici_control.c -+++ b/src/libcharon/plugins/vici/vici_control.c -@@ -195,7 +195,7 @@ CALLBACK(initiate, vici_message_t*, - host_t *my_host = NULL, *other_host = NULL; - char *child, *ike, *my_host_str, *other_host_str; - int timeout; -- bool limits; -+ bool limits, async; - controller_cb_t log_cb = NULL; - log_info_t log = { - .dispatcher = this->dispatcher, -@@ -206,6 +206,7 @@ CALLBACK(initiate, vici_message_t*, - ike = request->get_str(request, NULL, "ike"); - timeout = request->get_int(request, 0, "timeout"); - limits = request->get_bool(request, FALSE, "init-limits"); -+ async = request->get_bool(request, FALSE, "async"); - log.level = request->get_int(request, 1, "loglevel"); - my_host_str = request->get_str(request, NULL, "my-host"); - other_host_str = request->get_str(request, NULL, "other-host"); -@@ -214,7 +215,7 @@ CALLBACK(initiate, vici_message_t*, - { - return send_reply(this, "missing configuration name"); - } -- if (timeout >= 0) -+ if (timeout >= 0 && !async) - { - log_cb = (controller_cb_t)log_vici; - } --- -2.5.0 - diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 18c07cf5ea..72d5e34d75 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.5.1 _pkgver=${pkgver//_rc/rc} -pkgrel=0 +pkgrel=1 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="http://www.strongswan.org/" arch="all" @@ -22,7 +22,6 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-for-individual-sa-state-changes.patch 2001-support-gre-key-in-ikev1.patch - 2002-vici-add-deprecated-async-parameter.patch libressl.patch strongswan.initd @@ -119,8 +118,7 @@ dc38d5a2e8bf98e3137cc5608d4d1392 1001-charon-add-optional-source-and-remote-ove 1d174dd2c9fcfdc9e2260a249395ab8d 1002-vici-send-certificates-for-ike-sa-events.patch 167c525d4945d4e9a36fe75aabbbb895 1003-vici-add-support-for-individual-sa-state-changes.patch 97bb0e061ba1576bab0e053afc2a4a72 2001-support-gre-key-in-ikev1.patch -31f4bda273d364095e9e6167da417e08 2002-vici-add-deprecated-async-parameter.patch -3e64f8272f98199234b5ea98748090a7 libressl.patch +360c16bcd6c03505b4f3ca308dd4932d libressl.patch 72a956819c451931d3d31a528a0d1b9c strongswan.initd a7993f28e4eacc61f51722044645587e charon.initd" sha256sums="720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7 strongswan-5.5.1.tar.bz2 @@ -129,8 +127,7 @@ sha256sums="720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7 st e2de070bdb5fd9e19d02d18829ad9684e3a9fa64f0bc45015249c7f1f738f7be 1002-vici-send-certificates-for-ike-sa-events.patch c92a8641093e343f1f652213fb4469622a82f9f3c759e065b2b553ef3cf8cfec 1003-vici-add-support-for-individual-sa-state-changes.patch f038cadddde9f0ea2f36df03f81445b2f6a6d6b09cf4a21bfcdb61c62706a66b 2001-support-gre-key-in-ikev1.patch -fec398ec01dbc3f10693ec128b0f39b90284c89ae65cad6230fd277e6f67e023 2002-vici-add-deprecated-async-parameter.patch -0ed364080e84f58915548c2ea9812fe7c354bdcf3c640fabe24e47ae58fa61ba libressl.patch +c2e94e169bd5923fe90f4cfdd2568b0bc6accd8fb9c1a32a07e795dd8a3fe7f9 libressl.patch fdb781fa59700ca83b9fd2f2ff0b9c45467448ebd82da96286b3e2aa477ef7f4 strongswan.initd 7bcc57e4a778f87645c6b9d76ba2c04e1c11c326bc9a4968561788711c7fe58a charon.initd" sha512sums="051352a941a02ae227f3a7d4ee9d6d5651daa0fb4d01b7086c3bb18815ea94f63b5f94f29e6ef46ef3360666f7c95936cbfde9393d6a0c677de64850056519b9 strongswan-5.5.1.tar.bz2 @@ -139,7 +136,6 @@ e97382673d807dc09a64c617af4ec4879386cfab9ebcc843ee517388c5cedca6fc37f3df2649dd5b f1aa4eed2258527dcc787ef41af7fdb9d6eb83e18d1ac2d8eebace47d0f41d5b719f80508691f271e67f2fac2f041b57a02cfea4a289eb38b3619c3ae2e18b9a 1002-vici-send-certificates-for-ike-sa-events.patch 9c94dd2063265581aff60960f795e7e5a7f8992dfb875d2bceff8028ae1c45afd6ec48a0729a0da14e86245b5017c85cdd33b1baa5b7faff4edc1783b5ffedcc 1003-vici-add-support-for-individual-sa-state-changes.patch 1544a409ad08f46a5dffbe3b4e8cf0e973c58140bf225f7c4e9b29be7fe6178f63d73730d1b2f7a755ed0d5dc09ee9fa0a08ac35761b01c5914d9bde1044ce7a 2001-support-gre-key-in-ikev1.patch -769536476e941882c3a244b3c47eb4cc8ab1ec026862acfa1e00469114b532f8965890b21ff2e9e129778ead9b273ce47923b9bc0e788be3c0292023f5a32ee5 2002-vici-add-deprecated-async-parameter.patch -d51b39ab2bc6f8771da3f1ade959db35576ad94c8a55dc082b211405e02109b060e687dff5c696b4e8b4232800b5a39752bb2982003eb9a4c066dc9d529106a8 libressl.patch +8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4 libressl.patch 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd" diff --git a/main/strongswan/libressl.patch b/main/strongswan/libressl.patch index b01eff3e4a..9973b20cee 100644 --- a/main/strongswan/libressl.patch +++ b/main/strongswan/libressl.patch @@ -1,8 +1,133 @@ -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 3e3b986..ada218c 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -573,7 +573,7 @@ plugin_t *openssl_plugin_create() +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c 2016-06-30 17:20:10.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c 2016-11-07 09:43:34.386040269 +0200 +@@ -46,7 +46,7 @@ + #include <collections/enumerator.h> + #include <credentials/certificates/x509.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) { + if (psig) { *psig = crl->signature; } + if (palg) { *palg = crl->sig_alg; } +@@ -281,7 +281,7 @@ + return FALSE; + } + /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl); + #else + tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl); +@@ -524,7 +524,7 @@ + + X509_CRL_get0_signature(NULL, &alg, this->crl); + X509_ALGOR_get0(&oid, NULL, NULL, alg); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + if (!chunk_equals( + openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm), + openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm))) +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c 2016-06-30 17:20:10.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c 2016-11-07 09:43:49.292891861 +0200 +@@ -27,7 +27,7 @@ + #include <utils/debug.h> + + /* these were added with 1.1.0 when DH was made opaque */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key) + OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g) + #define DH_set_length(dh, len) ({ (dh)->length = len; 1; }) +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c 2016-10-08 15:17:09.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c 2016-11-07 09:43:54.582957491 +0200 +@@ -28,7 +28,7 @@ + #include <openssl/ecdsa.h> + #include <openssl/x509.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) + #endif + +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c 2016-06-30 17:20:10.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c 2016-11-07 09:43:58.653007980 +0200 +@@ -27,7 +27,7 @@ + #include <openssl/ecdsa.h> + #include <openssl/x509.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) + #endif + +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c 2016-06-30 17:20:10.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c 2016-11-07 09:44:46.043595875 +0200 +@@ -70,7 +70,7 @@ + */ + HMAC_CTX *hmac; + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /** + * Static context for OpenSSL < 1.1.0 + */ +@@ -140,7 +140,7 @@ + METHOD(mac_t, destroy, void, + private_mac_t *this) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + HMAC_CTX_free(this->hmac); + #else + HMAC_CTX_cleanup(&this->hmac_ctx); +@@ -178,7 +178,7 @@ + return NULL; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + this->hmac = HMAC_CTX_new(); + #else + HMAC_CTX_init(&this->hmac_ctx); +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c 2016-07-08 11:57:18.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c 2016-11-07 09:44:58.337081716 +0200 +@@ -29,7 +29,7 @@ + + #include <openssl/cms.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; }) + #endif + +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-10-08 15:17:09.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-11-07 09:45:31.187489232 +0200 +@@ -68,7 +68,7 @@ + /** + * OpenSSL is thread-safe since 1.1.0 + */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /** + * Array of static mutexs, with CRYPTO_num_locks() mutex +@@ -568,7 +568,7 @@ + /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #ifndef OPENSSL_IS_BORINGSSL + CONF_modules_free(); + OBJ_cleanup(); +@@ -623,7 +623,7 @@ }, ); @@ -11,3 +136,69 @@ index 3e3b986..ada218c 100644 /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed * as we couldn't initialize the library again afterwards */ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c 2016-10-08 15:17:09.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c 2016-11-07 09:45:57.407814497 +0200 +@@ -36,7 +36,7 @@ + */ + #define PUBLIC_EXPONENT 0x10001 + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) + OPENSSL_KEY_FALLBACK(RSA, factors, p, q) + OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c 2016-09-27 11:40:31.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c 2016-11-07 09:46:02.771214366 +0200 +@@ -28,7 +28,7 @@ + #include <openssl/rsa.h> + #include <openssl/x509.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) + #endif + +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c 2016-06-30 17:20:10.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c 2016-11-07 09:46:15.918044119 +0200 +@@ -23,7 +23,7 @@ + #include <openssl/x509.h> + + /* these were added with 1.1.0 when ASN1_OBJECT was made opaque */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define OBJ_get0_data(o) ((o)->data) + #define OBJ_length(o) ((o)->length) + #endif +diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c 2016-06-30 17:20:10.000000000 +0300 ++++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c 2016-11-07 09:46:51.818489485 +0200 +@@ -61,7 +61,7 @@ + #endif + + /* added with 1.0.2 */ +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) { + if (psig) { *psig = x->signature; } + if (palg) { *palg = x->sig_alg; } +@@ -69,7 +69,7 @@ + #endif + + /* added with 1.1.0 when X509 etc. was made opaque */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; }) + #define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; }) + #define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; }) +@@ -434,7 +434,7 @@ + return FALSE; + } + /* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + tbs = openssl_i2chunk(re_X509_tbs, this->x509); + #else + tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info); |