From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 15 Dec 2022 10:12:21 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1p5kHt-004Whc-16 for lore@lore.pengutronix.de; Thu, 15 Dec 2022 10:12:21 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1p5kHs-0006h9-6O; Thu, 15 Dec 2022 10:12:20 +0100 Received: from mail-lj1-x22b.google.com ([2a00:1450:4864:20::22b]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1p5kHg-0006h0-8s for ptxdist@pengutronix.de; Thu, 15 Dec 2022 10:12:09 +0100 Received: by mail-lj1-x22b.google.com with SMTP id f20so9289281lja.4 for ; Thu, 15 Dec 2022 01:12:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=TJ2oMZ+dI7HFv+HBVs3S8xwZg9Fc3WWIctxUEotSFx0=; b=NWIREkuP1oWrMP0jDyvwxD8q/Qh5iDwJ8/r3CACjQOlEymbDjBkKeRYzkelCn28klH wEwSTEWWCmI2vdA3qqKbs05G/dwMnWa4Yo5rWzkHw/EDzcvp+QBuuw+y782yWZwSHQ/Z Jic8CSsTmSXGJGPXLWDbssRnt2RR9gOEvmUYRKjKH3AwtUxDsAkSFyT0FUII7wf6dR2w 45zdiz6dHxH403Xi2eT1ktxtiiTDQsHSC0txft7WxgxnOig31CkoSUt3g89hw52nCEGB COOfXIGeNg63XjPDb81NjkpDS2OFW3aT4OIedXWRyeClN05IOKFrj/stN4O8C/pRwxFG c92w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TJ2oMZ+dI7HFv+HBVs3S8xwZg9Fc3WWIctxUEotSFx0=; b=S7H+6Iv3f0iUigoQHhoRdHcBeREKvcxvDeelCYL4Z4OEAkxbVb3k9xFiqIWqmKnr9i Tg+WXWT0TJB8og1TbafsNufC355B3UD7b2UZ106BQ/mEy0jE/jFK/ij9H7ZYb3IP/s4t +PVVvzwC4hWWYjVU+Mfup8zPT4sT1STL+yJM+HweCSWfPLirIMreJ0UQG71eEZFQRRTF 3spk5q3p0BQN4Jj7rff2x9o0iTuez2Cz/Oa3t7mdef5Xm03EXN8Twynm4bv5E4Wni7iI 8ZU9vvcZPyUWLwf4PWDc3dabpBM7OL7XHQmpuCqglAMpfyCoPuPEzkm+RavwIHpia5FQ nQJQ== X-Gm-Message-State: ANoB5pmI2TEhK3tgH7jdUrHufx8IpYR/A4s34fQkTvGhoP9ZiL1oz4PE dBvoiUmf1MUAJyaycEaWINWEwiiX8J0= X-Google-Smtp-Source: AA0mqf4nmWx30CVU+TU7pQ9Yt3oha7OwcLqqGfB9/TPZkIH02ZN0pVTjblBwHa2Ss+yK34P22kdYeA== X-Received: by 2002:a05:651c:508:b0:279:76ad:74d1 with SMTP id o8-20020a05651c050800b0027976ad74d1mr8928516ljp.31.1671095527071; Thu, 15 Dec 2022 01:12:07 -0800 (PST) Received: from laped.devtools.kamstrup.dk ([185.181.22.18]) by smtp.googlemail.com with ESMTPSA id i18-20020a2ea372000000b002773ac59697sm335710ljn.0.2022.12.15.01.12.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Dec 2022 01:12:06 -0800 (PST) From: Lars Pedersen To: ptxdist@pengutronix.de Date: Thu, 15 Dec 2022 10:11:23 +0100 Message-Id: <20221215091123.31935-1-lapeddk@gmail.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.2 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH v2] strongswan: version bump 5.9.6 -> 5.9.8 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Lars Pedersen Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Configure options: * Disabled pki (--disable-pki) * Removed install tree /usr/bin since it was only used by pki * scepclient deprecated and removed * Disabled AddressSanitizer (--disable-asan) * New --with-python-sys-prefix unspecified for GNU default values * New --with-python_prefix unspecified for GNU default values * New --with-python_exec_prefix unspecified for GNU default values * Disabled extended compiler warnings (--disable-warnings) because of compile error: (OSELAS.Toolchain-2021.07.0) cmac.c: In function 'derive_key': cmac.c:236:36: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] 236 | rb.ptr[rb.len - 1] = 0x87; | ~~~~~~~~~~~~~~~~~~~^~~~~~ cc1: all warnings being treated as errors Plugins: * Fixed missing plugin targetinstall of libstrongswan-acert.so * Enabled mgf1 since swanctl and starting strongswan gave following error: plugin 'mgf1': failed to load - mgf1_plugin_create not found and no plugin file available Signed-off-by: Lars Pedersen --- v2 changes: * Removed pki since it wasn't used (Not included in Fedora 37 too) rules/strongswan.make | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/rules/strongswan.make b/rules/strongswan.make index 07a7ade73..5f4e840dc 100644 --- a/rules/strongswan.make +++ b/rules/strongswan.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan # # Paths and names # -STRONGSWAN_VERSION := 5.9.6 -STRONGSWAN_MD5 := 0eeb13eda09fb34e9ab5e2bfcfab1211 +STRONGSWAN_VERSION := 5.9.8 +STRONGSWAN_MD5 := f46b0d3e7aed88824650d0721c887443 STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) STRONGSWAN_SUFFIX := tar.bz2 STRONGSWAN_URL := https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) @@ -54,7 +54,7 @@ STRONGSWAN_CONF_OPT := \ --enable-hmac \ --disable-md4 \ --disable-md5 \ - --disable-mgf1 \ + --enable-mgf1 \ --disable-newhope \ --enable-nonce \ --disable-ntru \ @@ -193,8 +193,7 @@ STRONGSWAN_CONF_OPT := \ --disable-medcli \ --disable-medsrv \ --disable-nm \ - --enable-pki \ - --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \ + --disable-pki \ --enable-scripts \ --disable-svc \ --$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \ @@ -224,6 +223,8 @@ STRONGSWAN_CONF_OPT := \ --enable-kdf \ --enable-dependency-tracking \ --enable-shared \ + --disable-warnings \ + --disable-asan \ --$(call ptx/endis, PTXCONF_GLOBAL_SELINUX)-selinux \ --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \ --with-ipseclibdir=/usr/lib \ @@ -236,6 +237,7 @@ STRONGSWAN_LDFLAGS := -Wl,-rpath,/usr/lib/plugins # ---------------------------------------------------------------------------- STRONGSWAN_PLUGINS := \ + libstrongswan-acert.so \ libstrongswan-aes.so \ libstrongswan-attr.so \ libstrongswan-cmac.so \ @@ -247,6 +249,7 @@ STRONGSWAN_PLUGINS := \ libstrongswan-hmac.so \ libstrongswan-kdf.so \ libstrongswan-kernel-netlink.so \ + libstrongswan-mgf1.so \ libstrongswan-nonce.so \ libstrongswan-pem.so \ libstrongswan-pgp.so \ @@ -292,7 +295,6 @@ $(STATEDIR)/strongswan.targetinstall: @$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf) - @$(call install_tree, strongswan, 0, 0, -, /usr/bin) @$(call install_tree, strongswan, 0, 0, -, /usr/libexec) @$(call install_tree, strongswan, 0, 0, -, /usr/sbin) -- 2.38.1