main/strongswan: upgrade to 5.6.1

author: Timo Teräs <timo.teras@iki.fi> 2017-11-20 10:59:23 +0200
committer: Timo Teräs <timo.teras@iki.fi> 2017-11-20 10:59:23 +0200
commit: 55d837ff63b1988f535913dafd0f97b0407fa8bc (patch)
tree: b462cb7fd59f49255531b49925472dad20afcae1 /main/strongswan
parent: 9fa7f345ca1508f3e910f6bc79477343441d1391 (diff)
download: aports-55d837ff63b1988f535913dafd0f97b0407fa8bc.tar.bz2
aports-55d837ff63b1988f535913dafd0f97b0407fa8bc.tar.xz
2 files changed, 62 insertions, 60 deletions
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 059f7fdf36..86dc647690 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -1,9 +1,9 @@
 # Contributor: Jesse Young <jlyo@jlyo.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=strongswan
-pkgver=5.6.0
+pkgver=5.6.1
 _pkgver=${pkgver//_rc/rc}
-pkgrel=1
+pkgrel=0
 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
 url="https://www.strongswan.org/"
 arch="all"
@@ -116,11 +116,11 @@ package() {
 	install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon"
 }
 
-sha512sums="9362069a01c3642e62864d88fdb409a3c7514bf7c92cbe36e552c6a80915119cf5bb91c39592aab2d15b562684a0628a764e4fa7636d3b5fd2ebaf165c0ce649  strongswan-5.6.0.tar.bz2
+sha512sums="e4bdcf434739cf18544e18635c0b2e34c8b39e9c6c7a7cab31972bae6b1922da324f47c333fc478fa6177f58a2e59c438c48420c74086da1c0555e9a9361834e  strongswan-5.6.1.tar.bz2
 768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
 df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4  1001-charon-add-optional-source-and-remote-overrides-for-.patch
 0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b  1002-vici-send-certificates-for-ike-sa-events.patch
 d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc  1003-vici-add-support-for-individual-sa-state-changes.patch
-8cc4e28a07c4f206d7838a20cd1fdab7cd82bc19a3916ed65f1c5acf6acecd7ea54f582f7b2f164aded96e49fdc2db5ace70f426a93fcc08f29d658c79069ad4  libressl.patch
+75c5f1c8558efa9e863490be7c675ea7c56baa102d1cef192ca90d40dc2c9abfaff664c6d76a2a88d2ee4212a8b0106666cafe2a8e753532aabe6eb798382773  libressl.patch
 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1  charon.initd"
diff --git a/main/strongswan/libressl.patch b/main/strongswan/libressl.patch
index 9973b20cee..69e81c8cdb 100644
--- a/main/strongswan/libressl.patch
+++ b/main/strongswan/libressl.patch
@@ -1,17 +1,18 @@
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c	2016-06-30 17:20:10.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_crl.c	2016-11-07 09:43:34.386040269 +0200
-@@ -46,7 +46,7 @@
+diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
+index 88f7a67c2..08838878f 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
++++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
+@@ -49,7 +49,7 @@
  #include <collections/enumerator.h>
  #include <credentials/certificates/x509.h>
  
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
+ static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) {
  	if (psig) { *psig = crl->signature; }
  	if (palg) { *palg = crl->sig_alg; }
-@@ -281,7 +281,7 @@
- 		return FALSE;
+@@ -321,7 +321,7 @@ METHOD(certificate_t, issued_by, bool,
+ 		}
  	}
  	/* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */
 -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -19,18 +20,10 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_crl.c s
  	tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl);
  #else
  	tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
-@@ -524,7 +524,7 @@
- 
- 	X509_CRL_get0_signature(NULL, &alg, this->crl);
- 	X509_ALGOR_get0(&oid, NULL, NULL, alg);
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (!chunk_equals(
- 			openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm),
- 			openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm)))
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c	2016-06-30 17:20:10.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c	2016-11-07 09:43:49.292891861 +0200
+diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+index 8e9c1183f..3b8810175 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
 @@ -27,7 +27,7 @@
  #include <utils/debug.h>
  
@@ -40,9 +33,10 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_diffie_
  OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key)
  OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g)
  #define DH_set_length(dh, len) ({ (dh)->length = len; 1; })
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c	2016-10-08 15:17:09.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c	2016-11-07 09:43:54.582957491 +0200
+diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+index 364190758..6cfb5457e 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
++++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
 @@ -28,7 +28,7 @@
  #include <openssl/ecdsa.h>
  #include <openssl/x509.h>
@@ -52,9 +46,10 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_priv
  OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
  #endif
  
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c	2016-06-30 17:20:10.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c	2016-11-07 09:43:58.653007980 +0200
+diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+index faa940839..ca1cdfd3b 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
++++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
 @@ -27,7 +27,7 @@
  #include <openssl/ecdsa.h>
  #include <openssl/x509.h>
@@ -64,10 +59,11 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_ec_publ
  OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s)
  #endif
  
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c	2016-06-30 17:20:10.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_hmac.c	2016-11-07 09:44:46.043595875 +0200
-@@ -70,7 +70,7 @@
+diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c
+index 16e707116..e6647bbab 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_hmac.c
++++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c
+@@ -70,7 +70,7 @@ struct private_mac_t {
  	 */
  	HMAC_CTX *hmac;
  
@@ -76,7 +72,7 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c
  	/**
  	 * Static context for OpenSSL < 1.1.0
  	 */
-@@ -140,7 +140,7 @@
+@@ -140,7 +140,7 @@ METHOD(mac_t, get_mac_size, size_t,
  METHOD(mac_t, destroy, void,
  	private_mac_t *this)
  {
@@ -85,7 +81,7 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c
  	HMAC_CTX_free(this->hmac);
  #else
  	HMAC_CTX_cleanup(&this->hmac_ctx);
-@@ -178,7 +178,7 @@
+@@ -178,7 +178,7 @@ static mac_t *hmac_create(hash_algorithm_t algo)
  		return NULL;
  	}
  
@@ -94,9 +90,10 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_hmac.c
  	this->hmac = HMAC_CTX_new();
  #else
  	HMAC_CTX_init(&this->hmac_ctx);
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c	2016-07-08 11:57:18.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_pkcs7.c	2016-11-07 09:44:58.337081716 +0200
+diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
+index f94767cf5..155e7faa5 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
++++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
 @@ -29,7 +29,7 @@
  
  #include <openssl/cms.h>
@@ -106,10 +103,11 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
  #define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; })
  #endif
  
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2016-10-08 15:17:09.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_plugin.c	2016-11-07 09:45:31.187489232 +0200
-@@ -68,7 +68,7 @@
+diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
+index 8b0a7c5c7..4f1170088 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
++++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
+@@ -68,7 +68,7 @@ struct private_openssl_plugin_t {
  /**
   * OpenSSL is thread-safe since 1.1.0
   */
@@ -118,7 +116,7 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.
  
  /**
   * Array of static mutexs, with CRYPTO_num_locks() mutex
-@@ -568,7 +568,7 @@
+@@ -718,7 +718,7 @@ METHOD(plugin_t, destroy, void,
  /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
   * can't call it as we couldn't re-initialize the library (as required by the
   * unit tests and the Android app) */
@@ -127,7 +125,7 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.
  #ifndef OPENSSL_IS_BORINGSSL
  	CONF_modules_free();
  	OBJ_cleanup();
-@@ -623,7 +623,7 @@
+@@ -773,7 +773,7 @@ plugin_t *openssl_plugin_create()
  		},
  	);
  
@@ -136,10 +134,11 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.
  	/* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
  	 * as we couldn't initialize the library again afterwards */
  	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c	2016-10-08 15:17:09.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c	2016-11-07 09:45:57.407814497 +0200
-@@ -36,7 +36,7 @@
+diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+index 401a51a0b..f4c06367c 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
++++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+@@ -35,7 +35,7 @@
   */
  #define PUBLIC_EXPONENT 0x10001
  
@@ -148,10 +147,11 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_pri
  OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
  OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
  OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c	2016-09-27 11:40:31.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c	2016-11-07 09:46:02.771214366 +0200
-@@ -28,7 +28,7 @@
+diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+index 20bf30ae9..e4a68edad 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
++++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+@@ -30,7 +30,7 @@
  #include <openssl/rsa.h>
  #include <openssl/x509.h>
  
@@ -160,9 +160,10 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_rsa_pub
  OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
  #endif
  
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c	2016-06-30 17:20:10.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_util.c	2016-11-07 09:46:15.918044119 +0200
+diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
+index 6580e1c7d..03cf0585d 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_util.c
++++ b/src/libstrongswan/plugins/openssl/openssl_util.c
 @@ -23,7 +23,7 @@
  #include <openssl/x509.h>
  
@@ -172,9 +173,10 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_util.c
  #define OBJ_get0_data(o) ((o)->data)
  #define OBJ_length(o) ((o)->length)
  #endif
-diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c
---- strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c	2016-06-30 17:20:10.000000000 +0300
-+++ strongswan-5.5.1/src/libstrongswan/plugins/openssl/openssl_x509.c	2016-11-07 09:46:51.818489485 +0200
+diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
+index 60c08770b..3eeaaf9ed 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
++++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
 @@ -61,7 +61,7 @@
  #endif
  
@@ -184,7 +186,7 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c
  static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) {
  	if (psig) { *psig = x->signature; }
  	if (palg) { *palg = x->sig_alg; }
-@@ -69,7 +69,7 @@
+@@ -69,7 +69,7 @@ static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg
  #endif
  
  /* added with 1.1.0 when X509 etc. was made opaque */
@@ -193,7 +195,7 @@ diff -ru strongswan-5.5.1.orig/src/libstrongswan/plugins/openssl/openssl_x509.c
  #define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; })
  #define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; })
  #define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; })
-@@ -434,7 +434,7 @@
+@@ -421,7 +421,7 @@ METHOD(certificate_t, issued_by, bool,
  		return FALSE;
  	}
  	/* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */
author	Timo Teräs <timo.teras@iki.fi>	2017-11-20 10:59:23 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2017-11-20 10:59:23 +0200
commit	55d837ff63b1988f535913dafd0f97b0407fa8bc (patch)
tree	b462cb7fd59f49255531b49925472dad20afcae1 /main/strongswan
parent	9fa7f345ca1508f3e910f6bc79477343441d1391 (diff)
download	aports-55d837ff63b1988f535913dafd0f97b0407fa8bc.tar.bz2 aports-55d837ff63b1988f535913dafd0f97b0407fa8bc.tar.xz