From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 03 Jan 2023 12:09:12 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1pCfAP-000MGg-IC for lore@lore.pengutronix.de; Tue, 03 Jan 2023 12:09:12 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1pCfAN-0004Kj-18; Tue, 03 Jan 2023 12:09:11 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pCf9h-0002Qi-Eq; Tue, 03 Jan 2023 12:08:29 +0100 Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1pCf9g-003YAl-R9; Tue, 03 Jan 2023 12:08:28 +0100 Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1pCf9f-009Llg-PC; Tue, 03 Jan 2023 12:08:27 +0100 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Tue, 3 Jan 2023 12:08:27 +0100 Message-Id: <20230103110827.2228581-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221215091123.31935-1-lapeddk@gmail.com> References: <20221215091123.31935-1-lapeddk@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [ptxdist] [APPLIED] strongswan: version bump 5.9.6 -> 5.9.8 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Lars Pedersen Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as 596d5a957df41125c71b32201184e5f81754548f. Michael [sent from post-receive hook] On Tue, 03 Jan 2023 12:08:27 +0100, Lars Pedersen wrote: > Configure options: > > * Disabled pki (--disable-pki) > * Removed install tree /usr/bin since it was only used by pki > * scepclient deprecated and removed > * Disabled AddressSanitizer (--disable-asan) > * New --with-python-sys-prefix unspecified for GNU default values > * New --with-python_prefix unspecified for GNU default values > * New --with-python_exec_prefix unspecified for GNU default values > * Disabled extended compiler warnings (--disable-warnings) because of > compile error: (OSELAS.Toolchain-2021.07.0) > > cmac.c: In function 'derive_key': > cmac.c:236:36: error: writing 1 byte into a region of size 0 > [-Werror=stringop-overflow=] > 236 | rb.ptr[rb.len - 1] = 0x87; > | ~~~~~~~~~~~~~~~~~~~^~~~~~ > cc1: all warnings being treated as errors > > Plugins: > > * Fixed missing plugin targetinstall of libstrongswan-acert.so > * Enabled mgf1 since swanctl and starting strongswan gave following > error: > > plugin 'mgf1': failed to load - mgf1_plugin_create not found and no > plugin file available > > Signed-off-by: Lars Pedersen > Message-Id: <20221215091123.31935-1-lapeddk@gmail.com> > Signed-off-by: Michael Olbrich > > diff --git a/rules/strongswan.make b/rules/strongswan.make > index 07a7ade73748..5f4e840dc6d7 100644 > --- a/rules/strongswan.make > +++ b/rules/strongswan.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan > # > # Paths and names > # > -STRONGSWAN_VERSION := 5.9.6 > -STRONGSWAN_MD5 := 0eeb13eda09fb34e9ab5e2bfcfab1211 > +STRONGSWAN_VERSION := 5.9.8 > +STRONGSWAN_MD5 := f46b0d3e7aed88824650d0721c887443 > STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) > STRONGSWAN_SUFFIX := tar.bz2 > STRONGSWAN_URL := https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) > @@ -54,7 +54,7 @@ STRONGSWAN_CONF_OPT := \ > --enable-hmac \ > --disable-md4 \ > --disable-md5 \ > - --disable-mgf1 \ > + --enable-mgf1 \ > --disable-newhope \ > --enable-nonce \ > --disable-ntru \ > @@ -193,8 +193,7 @@ STRONGSWAN_CONF_OPT := \ > --disable-medcli \ > --disable-medsrv \ > --disable-nm \ > - --enable-pki \ > - --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \ > + --disable-pki \ > --enable-scripts \ > --disable-svc \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \ > @@ -224,6 +223,8 @@ STRONGSWAN_CONF_OPT := \ > --enable-kdf \ > --enable-dependency-tracking \ > --enable-shared \ > + --disable-warnings \ > + --disable-asan \ > --$(call ptx/endis, PTXCONF_GLOBAL_SELINUX)-selinux \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \ > --with-ipseclibdir=/usr/lib \ > @@ -236,6 +237,7 @@ STRONGSWAN_LDFLAGS := -Wl,-rpath,/usr/lib/plugins > # ---------------------------------------------------------------------------- > > STRONGSWAN_PLUGINS := \ > + libstrongswan-acert.so \ > libstrongswan-aes.so \ > libstrongswan-attr.so \ > libstrongswan-cmac.so \ > @@ -247,6 +249,7 @@ STRONGSWAN_PLUGINS := \ > libstrongswan-hmac.so \ > libstrongswan-kdf.so \ > libstrongswan-kernel-netlink.so \ > + libstrongswan-mgf1.so \ > libstrongswan-nonce.so \ > libstrongswan-pem.so \ > libstrongswan-pgp.so \ > @@ -292,7 +295,6 @@ $(STATEDIR)/strongswan.targetinstall: > > @$(call install_alternative, strongswan, 0, 0, 0644, /etc/strongswan.conf) > > - @$(call install_tree, strongswan, 0, 0, -, /usr/bin) > @$(call install_tree, strongswan, 0, 0, -, /usr/libexec) > @$(call install_tree, strongswan, 0, 0, -, /usr/sbin) >