diff options
Diffstat (limited to 'main')
8 files changed, 119 insertions, 21 deletions
diff --git a/main/strongswan/0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch b/main/strongswan/0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch new file mode 100644 index 0000000000..a7c02749f6 --- /dev/null +++ b/main/strongswan/0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch @@ -0,0 +1,31 @@ +From e0e3b6d92b37ba6633a9cd7f0ed2bd3ce56fdcc0 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Thu, 16 Jul 2015 11:43:44 +0200 +Subject: [PATCH] kernel-netlink: Actually verify if the netlink message + exceeds the buffer size + +It might equal it and that's fine. With MSG_TRUNC we get the actual +message size and can only report an error if we haven't received the +complete message. +--- + src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +index b0e3103..809d0f4 100644 +--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c ++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +@@ -185,8 +185,8 @@ static ssize_t read_msg(private_netlink_socket_t *this, + return -1; + } + } +- len = recv(this->socket, buf, buflen, block ? 0 : MSG_DONTWAIT); +- if (len == buflen) ++ len = recv(this->socket, buf, buflen, (block ? 0 : MSG_DONTWAIT)|MSG_TRUNC); ++ if (len > buflen) + { + DBG1(DBG_KNL, "netlink response exceeds buffer size"); + return 0; +-- +2.4.5 + diff --git a/main/strongswan/0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch b/main/strongswan/0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch new file mode 100644 index 0000000000..0bd694782f --- /dev/null +++ b/main/strongswan/0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch @@ -0,0 +1,59 @@ +From 7e40d9705de5e94ff64684573c573deb97950b5e Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Thu, 16 Jul 2015 11:50:22 +0200 +Subject: [PATCH] kernel-netlink: Use the PAGE_SIZE as default for the netlink + receive buffer + +The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to +the PAGE_SIZE if it is lower than 8192 or to that value otherwise. + +In some cases (e.g. for dump messages) the kernel might use up to 16k +for messages, which might require increasing this value. +--- + conf/plugins/kernel-netlink.opt | 2 +- + src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c | 12 +++++++++++- + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt +index 4338a5f..6adefd8 100644 +--- a/conf/plugins/kernel-netlink.opt ++++ b/conf/plugins/kernel-netlink.opt +@@ -1,4 +1,4 @@ +-charon.plugins.kernel-netlink.buflen = 4096 ++charon.plugins.kernel-netlink.buflen = <min(PAGE_SIZE, 8192)> + Buffer size for received Netlink messages. + + charon.plugins.kernel-netlink.fwmark = +diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +index 809d0f4..ddb2254 100644 +--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c ++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c +@@ -571,7 +571,7 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, + .protocol = protocol, + .names = names, + .buflen = lib->settings->get_int(lib->settings, +- "%s.plugins.kernel-netlink.buflen", 4096, lib->ns), ++ "%s.plugins.kernel-netlink.buflen", 0, lib->ns), + .timeout = lib->settings->get_int(lib->settings, + "%s.plugins.kernel-netlink.timeout", 0, lib->ns), + .retries = lib->settings->get_int(lib->settings, +@@ -582,6 +582,16 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, + .parallel = parallel, + ); + ++ if (!this->buflen) ++ { ++ long pagesize = sysconf(_SC_PAGESIZE); ++ if (pagesize == -1) ++ { ++ pagesize = 4096; ++ } ++ /* base this on NLMSG_GOODSIZE */ ++ this->buflen = min(pagesize, 8192); ++ } + if (this->socket == -1) + { + DBG1(DBG_KNL, "unable to create netlink socket"); +-- +2.4.5 + diff --git a/main/strongswan/0001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch index 9bd1030d8a..9bd1030d8a 100644 --- a/main/strongswan/0001-charon-add-optional-source-and-remote-overrides-for-.patch +++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch diff --git a/main/strongswan/0002-vici-send-certificates-for-ike-sa-events.patch b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch index 2769dff243..2769dff243 100644 --- a/main/strongswan/0002-vici-send-certificates-for-ike-sa-events.patch +++ b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch diff --git a/main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch b/main/strongswan/1003-vici-add-support-rekeying-events-and-individual-sa-s.patch index 635e75fee5..635e75fee5 100644 --- a/main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch +++ b/main/strongswan/1003-vici-add-support-rekeying-events-and-individual-sa-s.patch diff --git a/main/strongswan/0004-vici-support-asynchronous-initiation.patch b/main/strongswan/1004-vici-support-asynchronous-initiation.patch index eefda89fd5..eefda89fd5 100644 --- a/main/strongswan/0004-vici-support-asynchronous-initiation.patch +++ b/main/strongswan/1004-vici-support-asynchronous-initiation.patch diff --git a/main/strongswan/1000-support-gre-key-in-ikev1.patch b/main/strongswan/2001-support-gre-key-in-ikev1.patch index 72cdd8b825..72cdd8b825 100644 --- a/main/strongswan/1000-support-gre-key-in-ikev1.patch +++ b/main/strongswan/2001-support-gre-key-in-ikev1.patch diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index f3a5493b30..0de3ab8e86 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.3.2 _pkgver=${pkgver//_rc/rc} -pkgrel=2 +pkgrel=3 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="http://www.strongswan.org/" arch="all" @@ -16,11 +16,13 @@ makedepends="$depends_dev linux-headers" install="$pkgname.pre-install" subpackages="$pkgname-doc $pkgname-dbg" source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 - 0001-charon-add-optional-source-and-remote-overrides-for-.patch - 0002-vici-send-certificates-for-ike-sa-events.patch - 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch - 0004-vici-support-asynchronous-initiation.patch - 1000-support-gre-key-in-ikev1.patch + 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch + 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch + 1001-charon-add-optional-source-and-remote-overrides-for-.patch + 1002-vici-send-certificates-for-ike-sa-events.patch + 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch + 1004-vici-support-asynchronous-initiation.patch + 2001-support-gre-key-in-ikev1.patch strongswan.initd charon.initd" @@ -104,26 +106,32 @@ package() { } md5sums="fab014be1477ef4ebf9a765e10f8802c strongswan-5.3.2.tar.bz2 -e553c5e9a895a2d95b1cbc33407d64a0 0001-charon-add-optional-source-and-remote-overrides-for-.patch -8bea05feac6f4e90c4973b2459864437 0002-vici-send-certificates-for-ike-sa-events.patch -125c4e648f73b0dbdaa741ac13ed6d87 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch -f65811bd1ae6e7f98cf9d76928a0aa03 0004-vici-support-asynchronous-initiation.patch -b9f874287c35cce075b761087c28ab50 1000-support-gre-key-in-ikev1.patch +eb8d38dbf918e5f3adfd55f8ace7aeb1 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch +53982788f8ab0962193f695da30a8a94 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch +e553c5e9a895a2d95b1cbc33407d64a0 1001-charon-add-optional-source-and-remote-overrides-for-.patch +8bea05feac6f4e90c4973b2459864437 1002-vici-send-certificates-for-ike-sa-events.patch +125c4e648f73b0dbdaa741ac13ed6d87 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch +f65811bd1ae6e7f98cf9d76928a0aa03 1004-vici-support-asynchronous-initiation.patch +b9f874287c35cce075b761087c28ab50 2001-support-gre-key-in-ikev1.patch 85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd 7962a720ebef6892d80a3cbdab72c204 charon.initd" sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2 -a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 0001-charon-add-optional-source-and-remote-overrides-for-.patch -c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 0002-vici-send-certificates-for-ike-sa-events.patch -4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch -42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 0004-vici-support-asynchronous-initiation.patch -ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 1000-support-gre-key-in-ikev1.patch +bce611d5f3d773589c6a751aec7fbaab39c8926134cab6fe2d5586639244bdc0 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch +4e1f76a76278c7621ca860156c25dfda90a7d9010b6426a9fd7c74c190166043 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch +a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 1001-charon-add-optional-source-and-remote-overrides-for-.patch +c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 1002-vici-send-certificates-for-ike-sa-events.patch +4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch +42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 1004-vici-support-asynchronous-initiation.patch +ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 2001-support-gre-key-in-ikev1.patch ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd 97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd" sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2 -682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a 0001-charon-add-optional-source-and-remote-overrides-for-.patch -ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 0002-vici-send-certificates-for-ike-sa-events.patch -2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch -39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 0004-vici-support-asynchronous-initiation.patch -723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 1000-support-gre-key-in-ikev1.patch +5ec6fd6160a55d7313f8dd3315a353d426f98ea57d167e73e97bff25ca175d2848f7ea0956cb2ec9cbca24f2be1dc0c1b1d123ee947f64baa6dfc712d04e77e1 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch +ee5dc2d2c719895e69d9a0324b48d43b4b86122eb8848143db7a4a629e79d594deeb4a000a429c85a31552358e9e1e2a7de8a1917c6ebb075a77281f074e0740 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch +682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a 1001-charon-add-optional-source-and-remote-overrides-for-.patch +ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 1002-vici-send-certificates-for-ike-sa-events.patch +2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch +39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 1004-vici-support-asynchronous-initiation.patch +723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 2001-support-gre-key-in-ikev1.patch b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd 6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd" |