aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-06-11 10:21:13 +0300
committerTimo Teräs <timo.teras@iki.fi>2015-06-11 10:21:37 +0300
commit52207fc1f01e9e371e339a1e7d4ba03f335e666a (patch)
treeda56b24f368d6ae7f75c494328810790d10fdd7e /main/strongswan
parent38b1d68577858507f8b3e503deb1076fd38b86fc (diff)
downloadaports-52207fc1f01e9e371e339a1e7d4ba03f335e666a.tar.bz2
aports-52207fc1f01e9e371e339a1e7d4ba03f335e666a.tar.xz
main/strongswan: security upgrade to 5.3.2 (CVE-2015-4171)
This also removes the GRE key patch -- it was incomplete and does not fully fix the issues.
Diffstat (limited to 'main/strongswan')
-rw-r--r--main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch36
-rw-r--r--main/strongswan/APKBUILD16
2 files changed, 6 insertions, 46 deletions
diff --git a/main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch b/main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
deleted file mode 100644
index 9d0247b8f..000000000
--- a/main/strongswan/0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 9645c87adbfcbfba2ace8a51a5df31448512112c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
-Date: Fri, 5 Jun 2015 10:19:38 +0300
-Subject: [PATCH] kernel-netlink: ignore ports for gre protocol
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Netlink supports matching a grekey from using the port data. But
-charon does not handle grekey negotiation currently, so just ignore
-them for now.
-
-Signed-off-by: Timo Teräs <timo.teras@iki.fi>
----
- src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
-index f22e07d..5ce6b32 100644
---- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
-+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
-@@ -754,6 +754,11 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
- sel.sport = htons(port & 0xff);
- sel.dport = htons(port >> 8);
- }
-+ else if (sel.proto == IPPROTO_GRE)
-+ {
-+ sel.sport = sel.dport = 0;
-+ sel.sport_mask = sel.dport_mask = 0;
-+ }
- sel.ifindex = 0;
- sel.user = 0;
-
---
-2.4.2
-
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 52d844e98..448490f57 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -1,9 +1,9 @@
# Contributor: Jesse Young <jlyo@jlyo.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=strongswan
-pkgver=5.3.1
+pkgver=5.3.2
_pkgver=${pkgver//_rc/rc}
-pkgrel=2
+pkgrel=0
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -14,13 +14,12 @@ depends="iproute2 openssl"
depends_dev="sqlite-dev openssl-dev curl-dev gmp-dev libcap-dev"
makedepends="$depends_dev linux-headers"
install="$pkgname.pre-install"
-subpackages="$pkgname-doc"
+subpackages="$pkgname-doc $pkgname-dbg"
source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
0001-charon-add-optional-source-and-remote-overrides-for-.patch
0002-vici-send-certificates-for-ike-sa-events.patch
0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
0004-vici-support-asynchronous-initiation.patch
- 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
strongswan.initd
charon.initd"
@@ -103,27 +102,24 @@ package() {
rm "$pkgdir"/usr/lib/ipsec/*.la || return 1
}
-md5sums="66f258901a3d6c271da1a0c7fb3e5013 strongswan-5.3.1.tar.bz2
+md5sums="fab014be1477ef4ebf9a765e10f8802c strongswan-5.3.2.tar.bz2
e553c5e9a895a2d95b1cbc33407d64a0 0001-charon-add-optional-source-and-remote-overrides-for-.patch
8bea05feac6f4e90c4973b2459864437 0002-vici-send-certificates-for-ike-sa-events.patch
125c4e648f73b0dbdaa741ac13ed6d87 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
f65811bd1ae6e7f98cf9d76928a0aa03 0004-vici-support-asynchronous-initiation.patch
-8616a8800d40662176214df4749d6780 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd
7962a720ebef6892d80a3cbdab72c204 charon.initd"
-sha256sums="83fa7b004e65356ff5bb755d9d0e03901d578a99e90b6328a350a4335a32f6de strongswan-5.3.1.tar.bz2
+sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2
a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 0001-charon-add-optional-source-and-remote-overrides-for-.patch
c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 0002-vici-send-certificates-for-ike-sa-events.patch
4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 0004-vici-support-asynchronous-initiation.patch
-3c2e91b6bdf051ecba3c2c9c5575b617998eb471a4b570c9c5c4e59505599439 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd
97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd"
-sha512sums="b789c18de1fa6663d8140c4173c2fe9b668e7741098340aad439e7346d4542df702f59760d1886d82d68c070ebde3121b5b29ccdab031876399d0d5d771f1381 strongswan-5.3.1.tar.bz2
+sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2
682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a 0001-charon-add-optional-source-and-remote-overrides-for-.patch
ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 0002-vici-send-certificates-for-ike-sa-events.patch
2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 0004-vici-support-asynchronous-initiation.patch
-e93856948afbb331c4faa32a008e2948088107b45585d52d67b40aaa819e76246096fc4e71d30ef9b7f41f7e5b41bf58b804569e313c1cb8b0e2e29f6391580e 0005-kernel-netlink-ignore-ports-for-gre-protocol.patch
b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd
6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd"