diff options
author | prspkt <prspkt@protonmail.com> | 2018-05-30 19:26:02 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-06-01 14:50:42 +0000 |
commit | f48354faeaa48613ec150ba912a378e92d8fd969 (patch) | |
tree | cc5efbe92540f8437171997de69e126d31c57986 | |
parent | 010840ca3bcee6754b05730d36e91c75d78953d9 (diff) | |
download | aports-f48354faeaa48613ec150ba912a378e92d8fd969.tar.bz2 aports-f48354faeaa48613ec150ba912a378e92d8fd969.tar.xz |
main/strongswan: upgrade to 5.6.3
5 files changed, 36 insertions, 33 deletions
diff --git a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch index 1d13f7dab2..cc14dab02d 100644 --- a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch +++ b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch @@ -13,7 +13,7 @@ diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager index ce44207..37d49da 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c -@@ -1401,48 +1401,51 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1419,48 +1419,51 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, DBG2(DBG_MGR, "checkout IKE_SA by config"); diff --git a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch index 823a8e16b7..d9aea3c4d2 100644 --- a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch +++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch @@ -46,7 +46,7 @@ diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 571c0edba..e7922cf4d 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c -@@ -580,7 +580,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, +@@ 6220,7 +622,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, * Prepare IKE_SA */ ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, @@ -105,7 +105,7 @@ index 8e7816b39..7d7b3bcbc 100644 * unique ID, used for various methods */ uint32_t id; -@@ -405,9 +437,14 @@ METHOD(job_t, initiate_execute, job_requeue_t, +@@ -409,9 +441,14 @@ METHOD(job_t, initiate_execute, job_requeue_t, ike_sa_t *ike_sa; interface_listener_t *listener = &job->listener; peer_cfg_t *peer_cfg = listener->peer_cfg; @@ -121,7 +121,7 @@ index 8e7816b39..7d7b3bcbc 100644 if (!ike_sa) { listener->child_cfg->destroy(listener->child_cfg); -@@ -416,6 +453,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, +@@ -420,6 +457,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, listener_done(listener); return JOB_REQUEUE_NONE; } @@ -129,7 +129,7 @@ index 8e7816b39..7d7b3bcbc 100644 listener->lock->lock(listener->lock); listener->ike_sa = ike_sa; listener->lock->unlock(listener->lock); -@@ -488,6 +526,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, +@@ -492,6 +530,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, METHOD(controller_t, initiate, status_t, private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, @@ -137,7 +137,7 @@ index 8e7816b39..7d7b3bcbc 100644 controller_cb_t callback, void *param, u_int timeout, bool limits) { interface_job_t *job; -@@ -510,6 +549,8 @@ METHOD(controller_t, initiate, status_t, +@@ -514,6 +553,8 @@ METHOD(controller_t, initiate, status_t, .status = FAILED, .child_cfg = child_cfg, .peer_cfg = peer_cfg, @@ -194,7 +194,7 @@ diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vi index 12497ec5e..ba954e5cb 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c -@@ -1911,7 +1911,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, +@@ -1978,7 +1978,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg)); charon->controller->initiate(charon->controller, peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), @@ -331,7 +331,7 @@ diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager index 3ee233c1f..def2a6f1b 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c -@@ -16,6 +16,28 @@ +@@ -17,6 +17,28 @@ * for more details. */ @@ -360,7 +360,7 @@ index 3ee233c1f..def2a6f1b 100644 #include <string.h> #include <inttypes.h> -@@ -1390,7 +1412,8 @@ out: +@@ -1408,7 +1430,8 @@ out: } METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, @@ -370,7 +370,7 @@ index 3ee233c1f..def2a6f1b 100644 { enumerator_t *enumerator; entry_t *entry; -@@ -1399,7 +1422,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1417,7 +1440,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, ike_cfg_t *current_ike; u_int segment; @@ -389,7 +389,7 @@ index 3ee233c1f..def2a6f1b 100644 if (this->reuse_ikesa || peer_cfg->get_ike_version(peer_cfg) == IKEV1) { -@@ -1416,6 +1449,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1434,6 +1457,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, entry->condvar->signal(entry->condvar); continue; } @@ -406,7 +406,7 @@ index 3ee233c1f..def2a6f1b 100644 current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); if (current_peer && current_peer->equals(current_peer, peer_cfg)) { -@@ -1447,6 +1490,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1465,6 +1508,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, return NULL; } ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE); @@ -450,7 +450,7 @@ diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 40a0682f2..ea79d95ae 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c -@@ -399,7 +399,7 @@ METHOD(trap_manager_t, acquire, void, +@@ -421,7 +421,7 @@ METHOD(trap_manager_t, acquire, void, peer_cfg_t *peer; child_cfg_t *child; ike_sa_t *ike_sa; @@ -459,7 +459,7 @@ index 40a0682f2..ea79d95ae 100644 bool wildcard, ignore = FALSE; this->lock->read_lock(this->lock); -@@ -475,36 +475,27 @@ METHOD(trap_manager_t, acquire, void, +@@ -497,36 +497,27 @@ METHOD(trap_manager_t, acquire, void, this->lock->unlock(this->lock); if (wildcard) diff --git a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch index 34d9b44d61..94814e13da 100644 --- a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch +++ b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch @@ -15,7 +15,7 @@ diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vic index c0f4e2de9..309a11c03 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c -@@ -305,7 +305,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b, +@@ -337,7 +337,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b, * List details of an IKE_SA */ static void list_ike(private_vici_query_t *this, vici_builder_t *b, @@ -24,7 +24,7 @@ index c0f4e2de9..309a11c03 100644 { time_t t; ike_sa_id_t *id; -@@ -313,6 +313,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, +@@ -345,6 +345,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, proposal_t *proposal; uint16_t alg, ks; host_t *host; @@ -33,7 +33,7 @@ index c0f4e2de9..309a11c03 100644 b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa)); b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa)); -@@ -322,11 +324,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, +@@ -354,11 +356,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "local-host", "%H", host); b->add_kv(b, "local-port", "%d", host->get_port(host)); b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa)); @@ -77,7 +77,7 @@ index c0f4e2de9..309a11c03 100644 eap = ike_sa->get_other_eap_id(ike_sa); -@@ -444,7 +478,7 @@ CALLBACK(list_sas, vici_message_t*, +@@ -476,7 +510,7 @@ CALLBACK(list_sas, vici_message_t*, b = vici_builder_create(); b->begin_section(b, ike_sa->get_name(ike_sa)); @@ -86,7 +86,7 @@ index c0f4e2de9..309a11c03 100644 b->begin_section(b, "child-sas"); csas = ike_sa->create_child_sa_enumerator(ike_sa); -@@ -1448,7 +1482,7 @@ METHOD(listener_t, ike_updown, bool, +@@ -1624,7 +1658,7 @@ METHOD(listener_t, ike_updown, bool, } b->begin_section(b, ike_sa->get_name(ike_sa)); @@ -95,7 +95,7 @@ index c0f4e2de9..309a11c03 100644 b->end_section(b); this->dispatcher->raise_event(this->dispatcher, -@@ -1473,10 +1507,10 @@ METHOD(listener_t, ike_rekey, bool, +@@ -1649,10 +1683,10 @@ METHOD(listener_t, ike_rekey, bool, b = vici_builder_create(); b->begin_section(b, old->get_name(old)); b->begin_section(b, "old"); @@ -108,7 +108,7 @@ index c0f4e2de9..309a11c03 100644 b->end_section(b); b->end_section(b); -@@ -1506,7 +1540,7 @@ METHOD(listener_t, child_updown, bool, +@@ -1682,7 +1716,7 @@ METHOD(listener_t, child_updown, bool, } b->begin_section(b, ike_sa->get_name(ike_sa)); @@ -117,7 +117,7 @@ index c0f4e2de9..309a11c03 100644 b->begin_section(b, "child-sas"); b->begin_section(b, child_sa->get_name(child_sa)); -@@ -1538,7 +1572,7 @@ METHOD(listener_t, child_rekey, bool, +@@ -1714,7 +1748,7 @@ METHOD(listener_t, child_rekey, bool, b = vici_builder_create(); b->begin_section(b, ike_sa->get_name(ike_sa)); diff --git a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch index 0475ab1dcf..06dc121e86 100644 --- a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch +++ b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch @@ -17,7 +17,7 @@ diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vic index 309a11c03..83a5daaa7 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c -@@ -1450,8 +1450,16 @@ static void manage_commands(private_vici_query_t *this, bool reg) +@@ -1624,8 +1624,16 @@ static void manage_commands(private_vici_query_t *this, bool reg) this->dispatcher->manage_event(this->dispatcher, "list-cert", reg); this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg); this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg); @@ -34,7 +34,7 @@ index 309a11c03..83a5daaa7 100644 manage_command(this, "list-sas", list_sas, reg); manage_command(this, "list-policies", list_policies, reg); manage_command(this, "list-conns", list_conns, reg); -@@ -1520,6 +1528,45 @@ METHOD(listener_t, ike_rekey, bool, +@@ -1696,6 +1704,45 @@ METHOD(listener_t, ike_rekey, bool, return TRUE; } @@ -80,7 +80,7 @@ index 309a11c03..83a5daaa7 100644 METHOD(listener_t, child_updown, bool, private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) { -@@ -1595,6 +1642,62 @@ METHOD(listener_t, child_rekey, bool, +@@ -1771,6 +1818,62 @@ METHOD(listener_t, child_rekey, bool, return TRUE; } @@ -143,7 +143,7 @@ index 309a11c03..83a5daaa7 100644 METHOD(vici_query_t, destroy, void, private_vici_query_t *this) { -@@ -1614,8 +1717,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher) +@@ -1790,8 +1893,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher) .listener = { .ike_updown = _ike_updown, .ike_rekey = _ike_rekey, diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 542e6d38f8..096568c6ff 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -1,9 +1,9 @@ # Contributor: Jesse Young <jlyo@jlyo.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=strongswan -pkgver=5.6.2 +pkgver=5.6.3 _pkgver=${pkgver//_rc/rc} -pkgrel=1 +pkgrel=0 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="https://www.strongswan.org/" arch="all" @@ -28,6 +28,9 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 builddir="$srcdir/$pkgname-$_pkgver" # secfixes: +# 5.6.3-r0: +# - CVE-2018-5388 +# - CVE-2018-10811 # 5.5.3-r0: # - CVE-2017-9022 # - CVE-2017-9023 @@ -115,10 +118,10 @@ package() { install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon" } -sha512sums="cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92c961772aafd3e55cfcfa84516204a15561389d373f78140f05607b248c52 strongswan-5.6.2.tar.bz2 -768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch -df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4 1001-charon-add-optional-source-and-remote-overrides-for-.patch -0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b 1002-vici-send-certificates-for-ike-sa-events.patch -d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc 1003-vici-add-support-for-individual-sa-state-changes.patch +sha512sums="080402640952b1a08e95bfe9c7f33c6a7dd01ac401b5e7e2e78257c0f2bf0a4d6078141232ac62abfacef892c493f6824948b3165d54d72b4e436ed564fd2609 strongswan-5.6.3.tar.bz2 +193d845e2751c23d98cdf84134c7803f2e412197669c6d6c1c9974041608d154b85594ed3d9ffb923ca22a4d5926c7f2373787ddc7da47b52019e284a1d13211 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch +21db8f153f535ef13cc7c9c011f9b90b8c794e0072bd93fda6a0a56dc00d32d04e186b1a72a87a85613b7e511eed5cb96623abf0721c67dd5c96446db969a185 1001-charon-add-optional-source-and-remote-overrides-for-.patch +f7d98fb99b4855e8bfbb7369292c170536b1987e717feeda71f64ab71b35538e7d462609a773c6a6ed08c8e6ee7a186df12e1ea7d64b9dac0b17d4c7af17dab3 1002-vici-send-certificates-for-ike-sa-events.patch +a4235cd07e17ad3441dc391ded11ee9f4debdffa1e8218809731e73a545ca6fcdc0bb87239d41b1102b0b6719a4d31d43758972d2193ebe298b275285de2ce54 1003-vici-add-support-for-individual-sa-state-changes.patch 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd" |