openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-21 19:14:30 +04:00
Code Issues Packages Projects Releases Wiki Activity

strongswan: bump to 6.0.1

Browse Source 
mod-bliss and libnttfft are dropped.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit is contained in:
Philip Prindeville
2025-05-25 11:48:11 -06:00
committed by Hannu Nyman
parent cfdcddece4
commit b4cd95e202
11 changed files with 18 additions and 401 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
net/strongswan/Makefile
View File

@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
PKG_VERSION:=5.9.14
PKG_RELEASE:=9
PKG_VERSION:=6.0.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
PKG_HASH:=728027ddda4cb34c67c4cec97d3ddb8c274edfbabdaeecf7e74693b54fc33678
PKG_HASH:=212368cbc674fed31f3292210303fff06da8b90acad2d1387375ed855e6879c4
PKG_LICENSE:=GPL-2.0-or-later
PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting>
PKG_CPE_ID:=cpe:/a:strongswan:strongswan
@@ -25,7 +25,6 @@ PKG_MOD_AVAILABLE:= \
agent \
attr \
attr-sql \
bliss \
blowfish \
ccm \
chapoly \
@@ -62,12 +61,11 @@ PKG_MOD_AVAILABLE:= \
ldap \
led \
load-tester \
lookip \
md4 \
md5 \
mgf1 \
mysql \
newhope \
ntru \
openssl \
pem \
pgp \
@@ -160,14 +158,12 @@ $(call Package/strongswan/Default)
+strongswan-charon \
+strongswan-charon-cmd \
+strongswan-ipsec \
+strongswan-libnttfft \
+strongswan-mod-addrblock \
+strongswan-mod-aes \
+strongswan-mod-af-alg \
+strongswan-mod-agent \
+strongswan-mod-attr \
+strongswan-mod-attr-sql \
+strongswan-mod-bliss \
+strongswan-mod-blowfish \
+strongswan-mod-ccm \
+strongswan-mod-chapoly \
@@ -202,12 +198,11 @@ $(call Package/strongswan/Default)
+strongswan-mod-ldap \
+strongswan-mod-led \
+strongswan-mod-load-tester \
+strongswan-mod-lookip \
+strongswan-mod-md4 \
+strongswan-mod-md5 \
+strongswan-mod-mgf1 \
+strongswan-mod-mysql \
+strongswan-mod-newhope \
+strongswan-mod-ntru \
+strongswan-mod-openssl \
+strongswan-mod-pem \
+strongswan-mod-pgp \
@@ -386,17 +381,6 @@ $(call Package/strongswan/description/Default)
This package contains the ipsec utility.
endef
define Package/strongswan-libnttfft
$(call Package/strongswan/Default)
TITLE+= nttfft library
DEPENDS:= strongswan
endef
define Package/strongswan-libnttfft/description
$(call Package/strongswan/description/Default)
This package contains the Number Theoretic Transforms library.
endef
define Package/strongswan-pki
$(call Package/strongswan/Default)
TITLE+= PKI tool
@@ -475,6 +459,7 @@ CONFIGURE_ARGS+= \
--enable-mediation \
--with-systemdsystemunitdir=no \
$(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \
$(if $(CONFIG_PACKAGE_strongswan-mod-gmpdh),--enable-gmpdh,) \
$(if $(CONFIG_PACKAGE_strongswan-pki),--enable-pki,--disable-pki) \
--with-random-device=/dev/random \
--with-urandom-device=/dev/urandom \
@@ -565,11 +550,6 @@ opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || {
}
endef
define Package/strongswan-libnttfft/install
$(INSTALL_DIR) $(1)/usr/lib/ipsec
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libnttfft.so.* $(1)/usr/lib/ipsec/
endef
define Package/strongswan-pki/install
$(INSTALL_DIR) $(1)/etc/strongswan.d
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/
@@ -584,7 +564,7 @@ endef
define Package/strongswan-swanctl/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc/swanctl/{bliss,conf.d,ecdsa,pkcs{12,8},private,pubkey,rsa}
$(INSTALL_DIR) $(1)/etc/swanctl/{conf.d,ecdsa,pkcs{12,8},private,pubkey,rsa}
$(INSTALL_DIR) $(1)/etc/swanctl/x509{,aa,ac,ca,crl,ocsp}
$(CP) $(PKG_INSTALL_DIR)/etc/swanctl/swanctl.conf $(1)/etc/swanctl/
echo "include /var/swanctl/swanctl.conf" >> $(1)/etc/swanctl/swanctl.conf
@@ -664,7 +644,6 @@ $(eval $(call BuildPackage,strongswan-isakmp))
$(eval $(call BuildPackage,strongswan-charon))
$(eval $(call BuildPackage,strongswan-charon-cmd))
$(eval $(call BuildPackage,strongswan-ipsec))
$(eval $(call BuildPackage,strongswan-libnttfft))
$(eval $(call BuildPackage,strongswan-pki))
$(eval $(call BuildPackage,strongswan-swanctl))
$(eval $(call BuildPackage,strongswan-gencerts))
@@ -675,7 +654,6 @@ $(eval $(call BuildPlugin,af-alg,AF_ALG crypto interface to Linux Crypto API,+km
$(eval $(call BuildPlugin,agent,SSH agent signing,))
$(eval $(call BuildPlugin,attr,file based config,))
$(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-charon))
$(eval $(call BuildPlugin,bliss,BLISS crypto,+strongswan-libnttfft +strongswan-mod-mgf1 +strongswan-mod-hmac))
$(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
$(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,))
$(eval $(call BuildPlugin,chapoly,ChaCha20-Poly1305 AEAD crypto,+kmod-crypto-chacha20poly1305))
@@ -712,12 +690,11 @@ $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
$(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))
$(eval $(call BuildPlugin,led,LED blink on IKE activity,))
$(eval $(call BuildPlugin,load-tester,load testing,))
$(eval $(call BuildPlugin,lookip,enable fast virtual IP lookup and notification,))
$(eval $(call BuildPlugin,md4,MD4 crypto,))
$(eval $(call BuildPlugin,md5,MD5 crypto,))
$(eval $(call BuildPlugin,mgf1,MGF1 crypto,))
$(eval $(call BuildPlugin,mysql,MySQL database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-mysql:libmysqlclient-r))
$(eval $(call BuildPlugin,newhope,New Hope crypto,+strongswan-libnttfft +strongswan-mod-chapoly +strongswan-mod-sha3))
$(eval $(call BuildPlugin,ntru,NTRU crypto,+strongswan-mod-mgf1))
$(eval $(call BuildPlugin,openssl,OpenSSL crypto,+PACKAGE_strongswan-mod-openssl:libopenssl))
$(eval $(call BuildPlugin,pem,PEM decoding,))
$(eval $(call BuildPlugin,pgp,PGP key decoding,))

58
net/strongswan/patches/0001-pf-handler-Fix-build-with-musl-C-library.patch
View File

@@ -1,58 +0,0 @@
commit f5b1ca4ef60bc4fca91f0d1e852ef8447d23c99a
Author: Tobias Brunner <tobias@strongswan.org>
Date: Fri Mar 22 09:57:07 2024 +0100
pf-handler: Fix build with musl C library
musl's headers define a lot of networking structs. For some, the
definition in the Linux UAPI headers is then suppressed by e.g.
__UAPI_DEF_ETHHDR.
Since we included musl's net/ethernet.h, which includes netinet/if_ether.h
that defines `struct ethhdr` (and the above constant), **after** we
include linux/if_ether.h, there was a compilation error because the
struct was defined multiple times.
However, simply moving that include doesn't fix the problem because for
ARP-specific structs the Linux headers don't provide __UAPI_DEF* checks.
So instead of directly including the linux/ headers, we include those
provided by the C library. For glibc these usually just include the
Linux headers, but for musl this allows them to define the struct
directly. We also need to move if.h and add packet.h, which define
other structs (or include headers that do so) that we use.
Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS")
--- a/src/libcharon/network/pf_handler.c
+++ b/src/libcharon/network/pf_handler.c
@@ -20,23 +20,23 @@
#include <library.h>
#include <unistd.h>
+#include <errno.h>
+#include <net/ethernet.h>
+#include <net/if.h>
+#include <sys/ioctl.h>
#if !defined(__APPLE__) && !defined(__FreeBSD__)
-#include <linux/if_arp.h>
-#include <linux/if_ether.h>
+#include <net/if_arp.h>
+#include <netinet/if_ether.h>
+#include <netpacket/packet.h>
#include <linux/filter.h>
#else
#include <fcntl.h>
#include <ifaddrs.h>
#include <net/bpf.h>
-#include <net/if.h>
#include <net/if_dl.h>
#endif /* !defined(__APPLE__) && !defined(__FreeBSD__) */
-#include <errno.h>
-#include <net/ethernet.h>
-#include <sys/ioctl.h>
-
#if !defined(__APPLE__) && !defined(__FreeBSD__)
/**

37
net/strongswan/patches/0002-farp_spoofer-Fix-build-with-musl-C-library.patch
View File

@@ -1,37 +0,0 @@
commit 540881627fe8083207f9a2cfd01b931164c7ef4e
Author: Tobias Brunner <tobias@strongswan.org>
Date: Fri Mar 22 10:42:34 2024 +0100
farp: Fix build with musl C library
Same issue as described in the previous commit.
Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS")
--- a/src/libcharon/plugins/farp/farp_spoofer.c
+++ b/src/libcharon/plugins/farp/farp_spoofer.c
@@ -20,12 +20,14 @@
#include <errno.h>
#include <unistd.h>
+#include <net/ethernet.h>
#include <sys/ioctl.h>
#if !defined(__APPLE__) && !defined(__FreeBSD__)
#include <sys/socket.h>
-#include <linux/if_arp.h>
-#include <linux/if_ether.h>
+#include <net/if_arp.h>
+#include <netinet/if_ether.h>
+#include <netpacket/packet.h>
#include <linux/filter.h>
#else
#include <net/bpf.h>
@@ -33,7 +35,6 @@
#include <net/if_dl.h>
#endif /* !defined(__APPLE__) && !defined(__FreeBSD__) */
-#include <net/ethernet.h>
#include <daemon.h>
#include <threading/thread.h>
#include <processing/jobs/callback_job.h>

39
net/strongswan/patches/0003-undef-wolfssl-RNG.patch
View File

@@ -1,39 +0,0 @@
commit 5226561a77efc94b53d708a855df267b11f53b83
Author: Philip Prindeville <philipp@redfish-solutions.com>
Date: Wed Mar 27 17:41:18 2024 -0600
wolfssl: avoid RNG redefinition
There are definitions of RNG in <wolfcrypt/settings.h> and
<wolfcrypt/random.h> that play havoc with the literal RNG being
used in the expansions of _PLUGIN_FEATURE_RNG() => __PLUGIN_FEATURE()
in <plugins/plugin_feature.h> when ##-concatenated to build the
enum FEATURE_RNG.
<plugins/plugin_feature.h> must always be included before
<woldssl/ssl.h>, and RNG must be undefined before any plugins are
declared.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_common.h
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_common.h
@@ -80,7 +80,4 @@ typedef union {
#undef PARSE_ERROR
-/* Eliminate macro conflicts */
-#undef RNG
-
#endif /* WOLFSSL_PLUGIN_COMMON_H_ */
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
@@ -47,6 +47,8 @@
#include <wolfssl/ssl.h>
+#undef RNG
+
#ifndef FIPS_MODE
#define FIPS_MODE 0
#endif

28
net/strongswan/patches/0005-pf-handler-Accept-loopback-interfaces-as-packet-sour.patch
View File

@@ -1,28 +0,0 @@
From abbf9d28b0032cf80b79bcacea3146a60800a6dd Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 27 Jan 2025 09:40:56 +0100
Subject: [PATCH 1/3] pf-handler: Accept loopback interfaces as packet source
In some setups the responses from the DHCP server are sent via lo, which
does not have an address of type `ARPHRD_ETHER` (the address length is
the same, though, just all zeros, by default). Note that the dhcp plugin
doesn't actually care for the MAC address or interface details, that's
only used by the farp plugin.
Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS")
---
src/libcharon/network/pf_handler.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/src/libcharon/network/pf_handler.c
+++ b/src/libcharon/network/pf_handler.c
@@ -176,7 +176,8 @@ static cached_iface_t *find_interface(pr
if (ioctl(fd, SIOCGIFNAME, &req) == 0 &&
ioctl(fd, SIOCGIFHWADDR, &req) == 0 &&
- req.ifr_hwaddr.sa_family == ARPHRD_ETHER)
+ (req.ifr_hwaddr.sa_family == ARPHRD_ETHER ||
+ req.ifr_hwaddr.sa_family == ARPHRD_LOOPBACK))
{
idx = find_least_used_cache_entry(this);

63
net/strongswan/patches/0006-pf-handler-Correctly-bind-packet-socket-to-an-interf.patch
View File

@@ -1,63 +0,0 @@
From 00d8c36d6fdf9e8ee99b9f92a64e7e81dbfa4432 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 30 Jan 2025 14:40:33 +0100
Subject: [PATCH 2/3] pf-handler: Correctly bind packet socket to an interface
Binding such sockets via SO_BINDTODEVICE does not work at all. Instead,
bind() has to be used, as described in the packet(7) man page.
---
src/libcharon/network/pf_handler.c | 31 +++++++++++++++++++++++++++---
1 file changed, 28 insertions(+), 3 deletions(-)
--- a/src/libcharon/network/pf_handler.c
+++ b/src/libcharon/network/pf_handler.c
@@ -227,6 +227,30 @@ METHOD(pf_handler_t, destroy, void,
}
/**
+ * Bind the given packet socket to the a named device
+ */
+static bool bind_packet_socket_to_device(int fd, char *iface)
+{
+ struct sockaddr_ll addr = {
+ .sll_family = AF_PACKET,
+ .sll_ifindex = if_nametoindex(iface),
+ };
+
+ if (!addr.sll_ifindex)
+ {
+ DBG1(DBG_CFG, "unable to bind socket to '%s': not found", iface);
+ return FALSE;
+ }
+ if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == -1)
+ {
+ DBG1(DBG_CFG, "binding socket to '%s' failed: %s",
+ iface, strerror(errno));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
* Setup capturing via AF_PACKET socket
*/
static bool setup_internal(private_pf_handler_t *this, char *iface,
@@ -248,14 +272,15 @@ static bool setup_internal(private_pf_ha
this->name, strerror(errno));
return FALSE;
}
- if (iface && !bind_to_device(this->receive, iface))
+ if (iface && iface[0] && !bind_packet_socket_to_device(this->receive, iface))
{
return FALSE;
}
lib->watcher->add(lib->watcher, this->receive, WATCHER_READ,
receive_packet, this);
- DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d",
- this->name, protocol, this->receive);
+ DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d bound "
+ "to %s", this->name, protocol, this->receive,
+ iface && iface[0] ? iface : "no interface");
return TRUE;
}

66
net/strongswan/patches/0007-dhcp-Add-option-to-bind-the-receive-socket-to-a-diff.patch
View File

@@ -1,66 +0,0 @@
From a50ed3006e8152eb2cf20e9f92f088ecc18081b0 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 29 Jan 2025 17:23:31 +0100
Subject: [PATCH 3/3] dhcp: Add option to bind the receive socket to a
different interface
This can be useful if the DHCP server runs on the same server. On Linux,
the response is then sent via `lo`, so packets won't be received if both
sockets are bound to e.g. a bridge interface.
---
conf/plugins/dhcp.opt | 10 ++++++++++
src/libcharon/plugins/dhcp/dhcp_socket.c | 13 ++++++++-----
2 files changed, 18 insertions(+), 5 deletions(-)
--- a/conf/plugins/dhcp.opt
+++ b/conf/plugins/dhcp.opt
@@ -36,3 +36,13 @@ charon.plugins.dhcp.interface
Interface name the plugin uses for address allocation. The default is to
bind to any (0.0.0.0) and let the system decide which way to route the
packets to the DHCP server.
+
+charon.plugins.dhcp.interface_receive = charon.plugins.dhcp.interface
+ Interface name the plugin uses to bind its receive socket.
+
+ Interface name the plugin uses to bind its receive socket. The default is
+ to use the same interface as the send socket. Set it to the empty string
+ to avoid binding the receive socket to any interface while the send socket
+ is bound to one. If the server runs on the same host and the send socket is
+ bound to an interface, it might be necessary to set this to `lo` or the
+ empty string.
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -716,7 +716,7 @@ dhcp_socket_t *dhcp_socket_create()
},
};
socklen_t addr_len;
- char *iface;
+ char *iface, *iface_receive;
int on = 1, rcvbuf = 0;
#if !defined(__APPLE__) && !defined(__FreeBSD__)
@@ -809,8 +809,11 @@ dhcp_socket_t *dhcp_socket_create()
this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
"%s.plugins.dhcp.server", "255.255.255.255",
lib->ns), DHCP_SERVER_PORT);
- iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface",
- NULL, lib->ns);
+ iface = lib->settings->get_str(lib->settings,
+ "%s.plugins.dhcp.interface", NULL, lib->ns);
+ iface_receive = lib->settings->get_str(lib->settings,
+ "%s.plugins.dhcp.interface_receive", NULL,
+ lib->ns) ?: iface;
if (!this->dst)
{
DBG1(DBG_CFG, "configured DHCP server address invalid");
@@ -873,8 +876,8 @@ dhcp_socket_t *dhcp_socket_create()
return NULL;
}
- this->pf_handler = pf_handler_create("DHCP", iface, receive_dhcp, this,
- &dhcp_filter);
+ this->pf_handler = pf_handler_create("DHCP", iface_receive, receive_dhcp,
+ this, &dhcp_filter);
if (!this->pf_handler)
{
destroy(this);

21
net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch
View File

@@ -1,21 +0,0 @@
From 27a54379cf3c48ff63c02a4a9f023297bba60d45 Mon Sep 17 00:00:00 2001
From: Noel Kuntze <noel.kuntze@thermi.consulting>
Date: Mon, 12 Jul 2021 01:29:43 +0200
Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
verbatim from openwrt package sources)
---
.../plugins/bliss/bliss_huffman.c | 2 +
1 files changed, 2 insertions(+)
--- a/src/libstrongswan/plugins/bliss/bliss_huffman.c
+++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c
@@ -18,6 +18,8 @@
#include "bliss_param_set.h"
#include <library.h>
+#undef fprintf
+#undef printf
#include <stdio.h>
#include <math.h>

29
net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch
View File

@@ -1,29 +0,0 @@
From 81be4fa54760aa4fed53c6d93da443f57a66f262 Mon Sep 17 00:00:00 2001
From: Noel Kuntze <noel.kuntze@thermi.consulting>
Date: Mon, 12 Jul 2021 01:30:32 +0200
Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources
---
src/libcharon/plugins/uci/uci_parser.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/libcharon/plugins/uci/uci_parser.c
+++ b/src/libcharon/plugins/uci/uci_parser.c
@@ -76,7 +76,7 @@ METHOD(enumerator_t, section_enumerator_
if (uci_lookup(this->ctx, &element, this->package,
this->current->name, "name") == UCI_OK)
{ /* use "name" attribute as config name if available ... */
- *value = uci_to_option(element)->value;
+ *value = uci_to_option(element)->v.string;
}
else
{ /* ... or the section name becomes config name */
@@ -91,7 +91,7 @@ METHOD(enumerator_t, section_enumerator_
if (value && uci_lookup(this->ctx, &element, this->package,
this->current->name, this->keywords[i]) == UCI_OK)
{
- *value = uci_to_option(element)->value;
+ *value = uci_to_option(element)->v.string;
}
}

20
net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch
View File

@@ -18,15 +18,15 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
--- a/configure.ac
+++ b/configure.ac
@@ -147,6 +147,7 @@ ARG_DISBL_SET([fips-prf], [disable
ARG_DISBL_SET([gcm], [disable the GCM AEAD wrapper crypto plugin.])
@@ -145,6 +145,7 @@ ARG_ENABL_SET([fips-prf], [enable
ARG_ENABL_SET([gcm], [enable the GCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.])
+ARG_DISBL_SET([gmpdh], [disable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.])
ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.])
ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
ARG_ENABL_SET([gmp], [enable GNU MP (libgmp) based crypto implementation plugin.])
+ARG_ENABL_SET([gmpdh], [enable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.])
ARG_ENABL_SET([curve25519], [enable Curve25519 Diffie-Hellman plugin.])
ARG_ENABL_SET([hmac], [enable HMAC crypto implementation plugin.])
ARG_DISBL_SET([kdf], [disable KDF (prf+) implementation plugin.])
@@ -1574,6 +1575,7 @@ ADD_PLUGIN([pkcs8], [s ch
@@ -1581,6 +1582,7 @@ ADD_PLUGIN([pkcs8], [s ch
ADD_PLUGIN([af-alg], [s charon pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd])
ADD_PLUGIN([gmp], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz])
@@ -34,7 +34,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd])
ADD_PLUGIN([agent], [s charon nm cmd])
ADD_PLUGIN([keychain], [s charon cmd])
@@ -1716,6 +1718,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
@@ -1721,6 +1723,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
@@ -42,7 +42,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue)
AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
@@ -1997,6 +2000,7 @@ AC_CONFIG_FILES([
@@ -1999,6 +2002,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/mgf1/Makefile
src/libstrongswan/plugins/fips_prf/Makefile
src/libstrongswan/plugins/gmp/Makefile
@@ -52,7 +52,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
src/libstrongswan/plugins/aesni/Makefile
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -357,6 +357,13 @@ if MONOLITHIC
@@ -361,6 +361,13 @@ if MONOLITHIC
endif
endif

19
net/strongswan/patches/0905-wolfssl-parse_error.patch
View File

@@ -1,19 +0,0 @@
From 60336ceecbd1cda73aa26dd44cfdaf2e31a046e1 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 4 Oct 2024 11:23:28 +0200
Subject: [PATCH] wolfssl: Don't undef PARSE_ERROR as headers included later
might refer to it
---
src/libstrongswan/plugins/wolfssl/wolfssl_common.h | 2 --
1 file changed, 2 deletions(-)
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_common.h
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_common.h
@@ -78,6 +78,4 @@ typedef union {
} wolfssl_ed_key;
#endif /* HAVE_ED25519 || HAVE_ED448 */
-#undef PARSE_ERROR
-
#endif /* WOLFSSL_PLUGIN_COMMON_H_ */