diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-07-11 12:50:12 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-07-11 12:50:12 +0300 |
| commit | 886516bd44a86fc635b1b3a9d2c9a501c75c32eb (patch) | |
| tree | 0c01778775744801f1ac00757275e2abea3f58a0 | |
| parent | c2ef898baa7acc8c7c5cca9c3a55ace9fca01c0c (diff) | |
| download | aports-886516bd44a86fc635b1b3a9d2c9a501c75c32eb.tar.bz2 aports-886516bd44a86fc635b1b3a9d2c9a501c75c32eb.tar.xz | |
main/strongswan: fix libressl compatibility
| -rw-r--r-- | main/strongswan/APKBUILD | 4 | ||||
| -rw-r--r-- | main/strongswan/libressl-fix.patch | 56 |
2 files changed, 59 insertions, 1 deletions
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 096568c6ff..bbb4447bbb 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.6.3 _pkgver=${pkgver//_rc/rc} -pkgrel=0 +pkgrel=1 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="https://www.strongswan.org/" arch="all" @@ -21,6 +21,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-for-individual-sa-state-changes.patch + libressl-fix.patch strongswan.initd charon.initd @@ -123,5 +124,6 @@ sha512sums="080402640952b1a08e95bfe9c7f33c6a7dd01ac401b5e7e2e78257c0f2bf0a4d6078 21db8f153f535ef13cc7c9c011f9b90b8c794e0072bd93fda6a0a56dc00d32d04e186b1a72a87a85613b7e511eed5cb96623abf0721c67dd5c96446db969a185 1001-charon-add-optional-source-and-remote-overrides-for-.patch f7d98fb99b4855e8bfbb7369292c170536b1987e717feeda71f64ab71b35538e7d462609a773c6a6ed08c8e6ee7a186df12e1ea7d64b9dac0b17d4c7af17dab3 1002-vici-send-certificates-for-ike-sa-events.patch a4235cd07e17ad3441dc391ded11ee9f4debdffa1e8218809731e73a545ca6fcdc0bb87239d41b1102b0b6719a4d31d43758972d2193ebe298b275285de2ce54 1003-vici-add-support-for-individual-sa-state-changes.patch +7e3164bf49c583d1908644e9dc8aee57e17021265ae8a0c8d44b6e6798b8af270a66708eeee05600c8d6a0dd3bd8ab6cf5d7b238464acab68bd7a668e8a4e379 libressl-fix.patch 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1 charon.initd" diff --git a/main/strongswan/libressl-fix.patch b/main/strongswan/libressl-fix.patch new file mode 100644 index 0000000000..a7074e0d92 --- /dev/null +++ b/main/strongswan/libressl-fix.patch @@ -0,0 +1,56 @@ +--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_crl.c ++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_crl.c +@@ -320,12 +320,7 @@ + return FALSE; + } + } +- /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L +- tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl); +-#else + tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl); +-#endif + X509_CRL_get0_signature(this->crl, &sig, NULL); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs, + openssl_asn1_str2chunk(sig)); +--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c ++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +@@ -39,8 +39,8 @@ + OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) + OPENSSL_KEY_FALLBACK(RSA, factors, p, q) + OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) +-#define BN_secure_new() BN_new() + #endif ++#define BN_secure_new() BN_new() + + typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t; + +--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_util.c ++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_util.c +@@ -22,11 +22,8 @@ + #include <openssl/evp.h> + #include <openssl/x509.h> + +-/* these were added with 1.1.0 when ASN1_OBJECT was made opaque */ +-#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define OBJ_get0_data(o) ((o)->data) + #define OBJ_length(o) ((o)->length) +-#endif + + /** + * Described in header. +--- strongswan-5.6.3/src/libstrongswan/plugins/openssl/openssl_x509.c ++++ strongswan-5.6.3.libressl/src/libstrongswan/plugins/openssl/openssl_x509.c +@@ -420,12 +420,7 @@ + { + return FALSE; + } +- /* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L +- tbs = openssl_i2chunk(re_X509_tbs, this->x509); +-#else + tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info); +-#endif + X509_get0_signature(&sig, NULL, this->x509); + valid = key->verify(key, this->scheme->scheme, this->scheme->params, tbs, + openssl_asn1_str2chunk(sig)); |