aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-07-16 13:07:22 +0300
committerTimo Teräs <timo.teras@iki.fi>2015-07-16 13:10:00 +0300
commite048450980dfeb8d73df4ba109e14d90d47d2c30 (patch)
tree5fec5e8a9f4cf8d7ea7b006a835cd4943ea6009d /main/strongswan
parent43c0e0d4713cebf43d2ceffe22b0a48c8b204613 (diff)
downloadaports-e048450980dfeb8d73df4ba109e14d90d47d2c30.tar.bz2
aports-e048450980dfeb8d73df4ba109e14d90d47d2c30.tar.xz
main/strongswan: cherry-pick netlink buffer size fixes from upstream
and rename the patches so that we have groups for upstream cherry-picks, patches we want to upstream, and locally carried patches.
Diffstat (limited to 'main/strongswan')
-rw-r--r--main/strongswan/0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch31
-rw-r--r--main/strongswan/0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch59
-rw-r--r--main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch (renamed from main/strongswan/0001-charon-add-optional-source-and-remote-overrides-for-.patch)0
-rw-r--r--main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch (renamed from main/strongswan/0002-vici-send-certificates-for-ike-sa-events.patch)0
-rw-r--r--main/strongswan/1003-vici-add-support-rekeying-events-and-individual-sa-s.patch (renamed from main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch)0
-rw-r--r--main/strongswan/1004-vici-support-asynchronous-initiation.patch (renamed from main/strongswan/0004-vici-support-asynchronous-initiation.patch)0
-rw-r--r--main/strongswan/2001-support-gre-key-in-ikev1.patch (renamed from main/strongswan/1000-support-gre-key-in-ikev1.patch)0
-rw-r--r--main/strongswan/APKBUILD50
8 files changed, 119 insertions, 21 deletions
diff --git a/main/strongswan/0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch b/main/strongswan/0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
new file mode 100644
index 000000000..a7c02749f
--- /dev/null
+++ b/main/strongswan/0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
@@ -0,0 +1,31 @@
+From e0e3b6d92b37ba6633a9cd7f0ed2bd3ce56fdcc0 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Thu, 16 Jul 2015 11:43:44 +0200
+Subject: [PATCH] kernel-netlink: Actually verify if the netlink message
+ exceeds the buffer size
+
+It might equal it and that's fine. With MSG_TRUNC we get the actual
+message size and can only report an error if we haven't received the
+complete message.
+---
+ src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+index b0e3103..809d0f4 100644
+--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+@@ -185,8 +185,8 @@ static ssize_t read_msg(private_netlink_socket_t *this,
+ return -1;
+ }
+ }
+- len = recv(this->socket, buf, buflen, block ? 0 : MSG_DONTWAIT);
+- if (len == buflen)
++ len = recv(this->socket, buf, buflen, (block ? 0 : MSG_DONTWAIT)|MSG_TRUNC);
++ if (len > buflen)
+ {
+ DBG1(DBG_KNL, "netlink response exceeds buffer size");
+ return 0;
+--
+2.4.5
+
diff --git a/main/strongswan/0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch b/main/strongswan/0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
new file mode 100644
index 000000000..0bd694782
--- /dev/null
+++ b/main/strongswan/0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
@@ -0,0 +1,59 @@
+From 7e40d9705de5e94ff64684573c573deb97950b5e Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Thu, 16 Jul 2015 11:50:22 +0200
+Subject: [PATCH] kernel-netlink: Use the PAGE_SIZE as default for the netlink
+ receive buffer
+
+The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to
+the PAGE_SIZE if it is lower than 8192 or to that value otherwise.
+
+In some cases (e.g. for dump messages) the kernel might use up to 16k
+for messages, which might require increasing this value.
+---
+ conf/plugins/kernel-netlink.opt | 2 +-
+ src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/conf/plugins/kernel-netlink.opt b/conf/plugins/kernel-netlink.opt
+index 4338a5f..6adefd8 100644
+--- a/conf/plugins/kernel-netlink.opt
++++ b/conf/plugins/kernel-netlink.opt
+@@ -1,4 +1,4 @@
+-charon.plugins.kernel-netlink.buflen = 4096
++charon.plugins.kernel-netlink.buflen = <min(PAGE_SIZE, 8192)>
+ Buffer size for received Netlink messages.
+
+ charon.plugins.kernel-netlink.fwmark =
+diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+index 809d0f4..ddb2254 100644
+--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
++++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_shared.c
+@@ -571,7 +571,7 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
+ .protocol = protocol,
+ .names = names,
+ .buflen = lib->settings->get_int(lib->settings,
+- "%s.plugins.kernel-netlink.buflen", 4096, lib->ns),
++ "%s.plugins.kernel-netlink.buflen", 0, lib->ns),
+ .timeout = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.timeout", 0, lib->ns),
+ .retries = lib->settings->get_int(lib->settings,
+@@ -582,6 +582,16 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
+ .parallel = parallel,
+ );
+
++ if (!this->buflen)
++ {
++ long pagesize = sysconf(_SC_PAGESIZE);
++ if (pagesize == -1)
++ {
++ pagesize = 4096;
++ }
++ /* base this on NLMSG_GOODSIZE */
++ this->buflen = min(pagesize, 8192);
++ }
+ if (this->socket == -1)
+ {
+ DBG1(DBG_KNL, "unable to create netlink socket");
+--
+2.4.5
+
diff --git a/main/strongswan/0001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
index 9bd1030d8..9bd1030d8 100644
--- a/main/strongswan/0001-charon-add-optional-source-and-remote-overrides-for-.patch
+++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
diff --git a/main/strongswan/0002-vici-send-certificates-for-ike-sa-events.patch b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
index 2769dff24..2769dff24 100644
--- a/main/strongswan/0002-vici-send-certificates-for-ike-sa-events.patch
+++ b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
diff --git a/main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch b/main/strongswan/1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
index 635e75fee..635e75fee 100644
--- a/main/strongswan/0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
+++ b/main/strongswan/1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
diff --git a/main/strongswan/0004-vici-support-asynchronous-initiation.patch b/main/strongswan/1004-vici-support-asynchronous-initiation.patch
index eefda89fd..eefda89fd 100644
--- a/main/strongswan/0004-vici-support-asynchronous-initiation.patch
+++ b/main/strongswan/1004-vici-support-asynchronous-initiation.patch
diff --git a/main/strongswan/1000-support-gre-key-in-ikev1.patch b/main/strongswan/2001-support-gre-key-in-ikev1.patch
index 72cdd8b82..72cdd8b82 100644
--- a/main/strongswan/1000-support-gre-key-in-ikev1.patch
+++ b/main/strongswan/2001-support-gre-key-in-ikev1.patch
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index f3a5493b3..0de3ab8e8 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.3.2
_pkgver=${pkgver//_rc/rc}
-pkgrel=2
+pkgrel=3
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="http://www.strongswan.org/"
arch="all"
@@ -16,11 +16,13 @@ makedepends="$depends_dev linux-headers"
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg"
source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
- 0001-charon-add-optional-source-and-remote-overrides-for-.patch
- 0002-vici-send-certificates-for-ike-sa-events.patch
- 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
- 0004-vici-support-asynchronous-initiation.patch
- 1000-support-gre-key-in-ikev1.patch
+ 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
+ 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+ 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+ 1002-vici-send-certificates-for-ike-sa-events.patch
+ 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
+ 1004-vici-support-asynchronous-initiation.patch
+ 2001-support-gre-key-in-ikev1.patch
strongswan.initd
charon.initd"
@@ -104,26 +106,32 @@ package() {
}
md5sums="fab014be1477ef4ebf9a765e10f8802c strongswan-5.3.2.tar.bz2
-e553c5e9a895a2d95b1cbc33407d64a0 0001-charon-add-optional-source-and-remote-overrides-for-.patch
-8bea05feac6f4e90c4973b2459864437 0002-vici-send-certificates-for-ike-sa-events.patch
-125c4e648f73b0dbdaa741ac13ed6d87 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
-f65811bd1ae6e7f98cf9d76928a0aa03 0004-vici-support-asynchronous-initiation.patch
-b9f874287c35cce075b761087c28ab50 1000-support-gre-key-in-ikev1.patch
+eb8d38dbf918e5f3adfd55f8ace7aeb1 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
+53982788f8ab0962193f695da30a8a94 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+e553c5e9a895a2d95b1cbc33407d64a0 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+8bea05feac6f4e90c4973b2459864437 1002-vici-send-certificates-for-ike-sa-events.patch
+125c4e648f73b0dbdaa741ac13ed6d87 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
+f65811bd1ae6e7f98cf9d76928a0aa03 1004-vici-support-asynchronous-initiation.patch
+b9f874287c35cce075b761087c28ab50 2001-support-gre-key-in-ikev1.patch
85ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd
7962a720ebef6892d80a3cbdab72c204 charon.initd"
sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2
-a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 0001-charon-add-optional-source-and-remote-overrides-for-.patch
-c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 0002-vici-send-certificates-for-ike-sa-events.patch
-4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
-42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 0004-vici-support-asynchronous-initiation.patch
-ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 1000-support-gre-key-in-ikev1.patch
+bce611d5f3d773589c6a751aec7fbaab39c8926134cab6fe2d5586639244bdc0 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
+4e1f76a76278c7621ca860156c25dfda90a7d9010b6426a9fd7c74c190166043 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 1002-vici-send-certificates-for-ike-sa-events.patch
+4e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
+42171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 1004-vici-support-asynchronous-initiation.patch
+ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 2001-support-gre-key-in-ikev1.patch
ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd
97b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd"
sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2
-682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a 0001-charon-add-optional-source-and-remote-overrides-for-.patch
-ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 0002-vici-send-certificates-for-ike-sa-events.patch
-2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
-39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 0004-vici-support-asynchronous-initiation.patch
-723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 1000-support-gre-key-in-ikev1.patch
+5ec6fd6160a55d7313f8dd3315a353d426f98ea57d167e73e97bff25ca175d2848f7ea0956cb2ec9cbca24f2be1dc0c1b1d123ee947f64baa6dfc712d04e77e1 0001-kernel-netlink-Actually-verify-if-the-netlink-messag.patch
+ee5dc2d2c719895e69d9a0324b48d43b4b86122eb8848143db7a4a629e79d594deeb4a000a429c85a31552358e9e1e2a7de8a1917c6ebb075a77281f074e0740 0002-kernel-netlink-Use-the-PAGE_SIZE-as-default-for-the-.patch
+682c768e82c6b8e48680ab73db49eb3a462b90ee317c943a42a82812d171a19da27ff4139bff0fc9af7b228cdcef44a75b86979f4b1b3af0bbc9698e4329fb4a 1001-charon-add-optional-source-and-remote-overrides-for-.patch
+ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 1002-vici-send-certificates-for-ike-sa-events.patch
+2e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 1003-vici-add-support-rekeying-events-and-individual-sa-s.patch
+39e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 1004-vici-support-asynchronous-initiation.patch
+723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 2001-support-gre-key-in-ikev1.patch
b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd
6f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd"