main/strongswan: upgrade to 5.6.3

Add secfixes comments and sanitize patches. Fixes #8954 #8928
author: prspkt <prspkt@protonmail.com> 2018-05-30 19:26:02 +0000
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2018-06-01 14:50:42 +0000
commit: f48354faeaa48613ec150ba912a378e92d8fd969 (patch)
tree: cc5efbe92540f8437171997de69e126d31c57986 /main
parent: 010840ca3bcee6754b05730d36e91c75d78953d9 (diff)
download: aports-f48354faeaa48613ec150ba912a378e92d8fd969.tar.bz2
aports-f48354faeaa48613ec150ba912a378e92d8fd969.tar.xz
5 files changed, 36 insertions, 33 deletions
diff --git a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
index 1d13f7dab2..cc14dab02d 100644
--- a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+++ b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
@@ -13,7 +13,7 @@ diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager
 index ce44207..37d49da 100644
 --- a/src/libcharon/sa/ike_sa_manager.c
 +++ b/src/libcharon/sa/ike_sa_manager.c
-@@ -1401,48 +1401,51 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1419,48 +1419,51 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
  
  	DBG2(DBG_MGR, "checkout IKE_SA by config");
  
diff --git a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
index 823a8e16b7..d9aea3c4d2 100644
--- a/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
+++ b/main/strongswan/1001-charon-add-optional-source-and-remote-overrides-for-.patch
@@ -46,7 +46,7 @@ diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
 index 571c0edba..e7922cf4d 100644
 --- a/src/charon-nm/nm/nm_service.c
 +++ b/src/charon-nm/nm/nm_service.c
-@@ -580,7 +580,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
+@@ 6220,7 +622,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
  	 * Prepare IKE_SA
  	 */
  	ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
@@ -105,7 +105,7 @@ index 8e7816b39..7d7b3bcbc 100644
  	 * unique ID, used for various methods
  	 */
  	uint32_t id;
-@@ -405,9 +437,14 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -409,9 +441,14 @@ METHOD(job_t, initiate_execute, job_requeue_t,
  	ike_sa_t *ike_sa;
  	interface_listener_t *listener = &job->listener;
  	peer_cfg_t *peer_cfg = listener->peer_cfg;
@@ -121,7 +121,7 @@ index 8e7816b39..7d7b3bcbc 100644
  	if (!ike_sa)
  	{
  		listener->child_cfg->destroy(listener->child_cfg);
-@@ -416,6 +453,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -420,6 +457,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
  		listener_done(listener);
  		return JOB_REQUEUE_NONE;
  	}
@@ -129,7 +129,7 @@ index 8e7816b39..7d7b3bcbc 100644
  	listener->lock->lock(listener->lock);
  	listener->ike_sa = ike_sa;
  	listener->lock->unlock(listener->lock);
-@@ -488,6 +526,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
+@@ -492,6 +530,7 @@ METHOD(job_t, initiate_execute, job_requeue_t,
  
  METHOD(controller_t, initiate, status_t,
  	private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
@@ -137,7 +137,7 @@ index 8e7816b39..7d7b3bcbc 100644
  	controller_cb_t callback, void *param, u_int timeout, bool limits)
  {
  	interface_job_t *job;
-@@ -510,6 +549,8 @@ METHOD(controller_t, initiate, status_t,
+@@ -514,6 +553,8 @@ METHOD(controller_t, initiate, status_t,
  			.status = FAILED,
  			.child_cfg = child_cfg,
  			.peer_cfg = peer_cfg,
@@ -194,7 +194,7 @@ diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vi
 index 12497ec5e..ba954e5cb 100644
 --- a/src/libcharon/plugins/vici/vici_config.c
 +++ b/src/libcharon/plugins/vici/vici_config.c
-@@ -1911,7 +1911,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
+@@ -1978,7 +1978,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg,
  			DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg));
  			charon->controller->initiate(charon->controller,
  					peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg),
@@ -331,7 +331,7 @@ diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager
 index 3ee233c1f..def2a6f1b 100644
 --- a/src/libcharon/sa/ike_sa_manager.c
 +++ b/src/libcharon/sa/ike_sa_manager.c
-@@ -16,6 +16,28 @@
+@@ -17,6 +17,28 @@
   * for more details.
   */
  
@@ -360,7 +360,7 @@ index 3ee233c1f..def2a6f1b 100644
  #include <string.h>
  #include <inttypes.h>
  
-@@ -1390,7 +1412,8 @@ out:
+@@ -1408,7 +1430,8 @@ out:
  }
  
  METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
@@ -370,7 +370,7 @@ index 3ee233c1f..def2a6f1b 100644
  {
  	enumerator_t *enumerator;
  	entry_t *entry;
-@@ -1399,7 +1422,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1417,7 +1440,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
  	ike_cfg_t *current_ike;
  	u_int segment;
  
@@ -389,7 +389,7 @@ index 3ee233c1f..def2a6f1b 100644
  
  	if (this->reuse_ikesa || peer_cfg->get_ike_version(peer_cfg) == IKEV1)
  	{
-@@ -1416,6 +1449,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1434,6 +1457,16 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
  				entry->condvar->signal(entry->condvar);
  				continue;
  			}
@@ -406,7 +406,7 @@ index 3ee233c1f..def2a6f1b 100644
  			current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa);
  			if (current_peer && current_peer->equals(current_peer, peer_cfg))
  			{
-@@ -1447,6 +1490,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
+@@ -1465,6 +1508,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*,
  			return NULL;
  		}
  		ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE);
@@ -450,7 +450,7 @@ diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
 index 40a0682f2..ea79d95ae 100644
 --- a/src/libcharon/sa/trap_manager.c
 +++ b/src/libcharon/sa/trap_manager.c
-@@ -399,7 +399,7 @@ METHOD(trap_manager_t, acquire, void,
+@@ -421,7 +421,7 @@ METHOD(trap_manager_t, acquire, void,
  	peer_cfg_t *peer;
  	child_cfg_t *child;
  	ike_sa_t *ike_sa;
@@ -459,7 +459,7 @@ index 40a0682f2..ea79d95ae 100644
  	bool wildcard, ignore = FALSE;
  
  	this->lock->read_lock(this->lock);
-@@ -475,36 +475,27 @@ METHOD(trap_manager_t, acquire, void,
+@@ -497,36 +497,27 @@ METHOD(trap_manager_t, acquire, void,
  	this->lock->unlock(this->lock);
  
  	if (wildcard)
diff --git a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
index 34d9b44d61..94814e13da 100644
--- a/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
+++ b/main/strongswan/1002-vici-send-certificates-for-ike-sa-events.patch
@@ -15,7 +15,7 @@ diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vic
 index c0f4e2de9..309a11c03 100644
 --- a/src/libcharon/plugins/vici/vici_query.c
 +++ b/src/libcharon/plugins/vici/vici_query.c
-@@ -305,7 +305,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b,
+@@ -337,7 +337,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b,
   * List details of an IKE_SA
   */
  static void list_ike(private_vici_query_t *this, vici_builder_t *b,
@@ -24,7 +24,7 @@ index c0f4e2de9..309a11c03 100644
  {
  	time_t t;
  	ike_sa_id_t *id;
-@@ -313,6 +313,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
+@@ -345,6 +345,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
  	proposal_t *proposal;
  	uint16_t alg, ks;
  	host_t *host;
@@ -33,7 +33,7 @@ index c0f4e2de9..309a11c03 100644
  
  	b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa));
  	b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa));
-@@ -322,11 +324,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
+@@ -354,11 +356,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
  	b->add_kv(b, "local-host", "%H", host);
  	b->add_kv(b, "local-port", "%d", host->get_port(host));
  	b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa));
@@ -77,7 +77,7 @@ index c0f4e2de9..309a11c03 100644
  
  	eap = ike_sa->get_other_eap_id(ike_sa);
  
-@@ -444,7 +478,7 @@ CALLBACK(list_sas, vici_message_t*,
+@@ -476,7 +510,7 @@ CALLBACK(list_sas, vici_message_t*,
  		b = vici_builder_create();
  		b->begin_section(b, ike_sa->get_name(ike_sa));
  
@@ -86,7 +86,7 @@ index c0f4e2de9..309a11c03 100644
  
  		b->begin_section(b, "child-sas");
  		csas = ike_sa->create_child_sa_enumerator(ike_sa);
-@@ -1448,7 +1482,7 @@ METHOD(listener_t, ike_updown, bool,
+@@ -1624,7 +1658,7 @@ METHOD(listener_t, ike_updown, bool,
  	}
  
  	b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -95,7 +95,7 @@ index c0f4e2de9..309a11c03 100644
  	b->end_section(b);
  
  	this->dispatcher->raise_event(this->dispatcher,
-@@ -1473,10 +1507,10 @@ METHOD(listener_t, ike_rekey, bool,
+@@ -1649,10 +1683,10 @@ METHOD(listener_t, ike_rekey, bool,
  	b = vici_builder_create();
  	b->begin_section(b, old->get_name(old));
  	b->begin_section(b, "old");
@@ -108,7 +108,7 @@ index c0f4e2de9..309a11c03 100644
  	b->end_section(b);
  	b->end_section(b);
  
-@@ -1506,7 +1540,7 @@ METHOD(listener_t, child_updown, bool,
+@@ -1682,7 +1716,7 @@ METHOD(listener_t, child_updown, bool,
  	}
  
  	b->begin_section(b, ike_sa->get_name(ike_sa));
@@ -117,7 +117,7 @@ index c0f4e2de9..309a11c03 100644
  	b->begin_section(b, "child-sas");
  
  	b->begin_section(b, child_sa->get_name(child_sa));
-@@ -1538,7 +1572,7 @@ METHOD(listener_t, child_rekey, bool,
+@@ -1714,7 +1748,7 @@ METHOD(listener_t, child_rekey, bool,
  	b = vici_builder_create();
  
  	b->begin_section(b, ike_sa->get_name(ike_sa));
diff --git a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
index 0475ab1dcf..06dc121e86 100644
--- a/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
+++ b/main/strongswan/1003-vici-add-support-for-individual-sa-state-changes.patch
@@ -17,7 +17,7 @@ diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vic
 index 309a11c03..83a5daaa7 100644
 --- a/src/libcharon/plugins/vici/vici_query.c
 +++ b/src/libcharon/plugins/vici/vici_query.c
-@@ -1450,8 +1450,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
+@@ -1624,8 +1624,16 @@ static void manage_commands(private_vici_query_t *this, bool reg)
  	this->dispatcher->manage_event(this->dispatcher, "list-cert", reg);
  	this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg);
  	this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg);
@@ -34,7 +34,7 @@ index 309a11c03..83a5daaa7 100644
  	manage_command(this, "list-sas", list_sas, reg);
  	manage_command(this, "list-policies", list_policies, reg);
  	manage_command(this, "list-conns", list_conns, reg);
-@@ -1520,6 +1528,45 @@ METHOD(listener_t, ike_rekey, bool,
+@@ -1696,6 +1704,45 @@ METHOD(listener_t, ike_rekey, bool,
  	return TRUE;
  }
  
@@ -80,7 +80,7 @@ index 309a11c03..83a5daaa7 100644
  METHOD(listener_t, child_updown, bool,
  	private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up)
  {
-@@ -1595,6 +1642,62 @@ METHOD(listener_t, child_rekey, bool,
+@@ -1771,6 +1818,62 @@ METHOD(listener_t, child_rekey, bool,
  	return TRUE;
  }
  
@@ -143,7 +143,7 @@ index 309a11c03..83a5daaa7 100644
  METHOD(vici_query_t, destroy, void,
  	private_vici_query_t *this)
  {
-@@ -1614,8 +1717,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
+@@ -1790,8 +1893,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher)
  			.listener = {
  				.ike_updown = _ike_updown,
  				.ike_rekey = _ike_rekey,
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 542e6d38f8..096568c6ff 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -1,9 +1,9 @@
 # Contributor: Jesse Young <jlyo@jlyo.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=strongswan
-pkgver=5.6.2
+pkgver=5.6.3
 _pkgver=${pkgver//_rc/rc}
-pkgrel=1
+pkgrel=0
 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
 url="https://www.strongswan.org/"
 arch="all"
@@ -28,6 +28,9 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
 builddir="$srcdir/$pkgname-$_pkgver"
 
 # secfixes:
+#   5.6.3-r0:
+#     - CVE-2018-5388
+#     - CVE-2018-10811
 #   5.5.3-r0:
 #     - CVE-2017-9022
 #     - CVE-2017-9023
@@ -115,10 +118,10 @@ package() {
 	install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon"
 }
 
-sha512sums="cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92c961772aafd3e55cfcfa84516204a15561389d373f78140f05607b248c52  strongswan-5.6.2.tar.bz2
-768a144be4c84395bc28b91e509c8319521d68a9eae0a5d5ff96830bf8cf3154bce046d2128d1aba092bb5d3d2dceb35296c13778294f88a14c2267865766db1  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
-df5673107ea15dae28276b1cbc2a0d995d9a210c9c73ee478cb0f4eba0e3ef76856708119a5ebdf59637c2830ca8e30adf294d09e3eeef5514890d8ebc7c47b4  1001-charon-add-optional-source-and-remote-overrides-for-.patch
-0dd637cc6ee89646c05d0345757fbfb26f4c0e2103d8eaafeb248b98bcc972ce5171081b7da7c9b974c92abb3f452180271767fb997171ac08b73880650e566b  1002-vici-send-certificates-for-ike-sa-events.patch
-d92ec44ac03c3eabe7583c01b15c66c9286681f42cf1d6ced3e1096c27c174014e14112610d2e12c8ccf6c2d8c1a5242e10e2520d41995f8aac145bd603facfc  1003-vici-add-support-for-individual-sa-state-changes.patch
+sha512sums="080402640952b1a08e95bfe9c7f33c6a7dd01ac401b5e7e2e78257c0f2bf0a4d6078141232ac62abfacef892c493f6824948b3165d54d72b4e436ed564fd2609  strongswan-5.6.3.tar.bz2
+193d845e2751c23d98cdf84134c7803f2e412197669c6d6c1c9974041608d154b85594ed3d9ffb923ca22a4d5926c7f2373787ddc7da47b52019e284a1d13211  0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+21db8f153f535ef13cc7c9c011f9b90b8c794e0072bd93fda6a0a56dc00d32d04e186b1a72a87a85613b7e511eed5cb96623abf0721c67dd5c96446db969a185  1001-charon-add-optional-source-and-remote-overrides-for-.patch
+f7d98fb99b4855e8bfbb7369292c170536b1987e717feeda71f64ab71b35538e7d462609a773c6a6ed08c8e6ee7a186df12e1ea7d64b9dac0b17d4c7af17dab3  1002-vici-send-certificates-for-ike-sa-events.patch
+a4235cd07e17ad3441dc391ded11ee9f4debdffa1e8218809731e73a545ca6fcdc0bb87239d41b1102b0b6719a4d31d43758972d2193ebe298b275285de2ce54  1003-vici-add-support-for-individual-sa-state-changes.patch
 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
 1c44c801f66305c0331f76e580c0d60f1b7d5cd3cc371be55826b06c3899f542664628a912a7fb48626e34d864f72ca5dcd34b2f0d507c4f19c510d0047054c1  charon.initd"
author	prspkt <prspkt@protonmail.com>	2018-05-30 19:26:02 +0000
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2018-06-01 14:50:42 +0000
commit	f48354faeaa48613ec150ba912a378e92d8fd969 (patch)
tree	cc5efbe92540f8437171997de69e126d31c57986 /main
parent	010840ca3bcee6754b05730d36e91c75d78953d9 (diff)
download	aports-f48354faeaa48613ec150ba912a378e92d8fd969.tar.bz2 aports-f48354faeaa48613ec150ba912a378e92d8fd969.tar.xz