mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Michael Olbrich <m.olbrich@pengutronix.de>
To: Lars Pedersen <lapeddk@gmail.com>
Cc: ptxdist@pengutronix.de
Subject: Re: [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8
Date: Fri, 9 Dec 2022 09:00:05 +0100	[thread overview]
Message-ID: <Y5LrBWy5A1pvMoly@pengutronix.de> (raw)
In-Reply-To: <20221205085644.221422-2-lapeddk@gmail.com>

On Mon, Dec 05, 2022 at 09:56:44AM +0100, Lars Pedersen wrote:
> Configure options:
> 
> * scepclient deprecated and removed
> * Disabled AddressSanitizer (--disable-asan)
> * New --with-python-sys-prefix unspecified for GNU default values
> * New --with-python_prefix unspecified for GNU default values
> * New --with-python_exec_prefix unspecified for GNU default values
> * Disabled extended compiler warnings (--disable-warnings) because of
>   compile error: (OSELAS.Toolchain-2021.07.0)
> 
>   cmac.c: In function 'derive_key':
>   cmac.c:236:36: error: writing 1 byte into a region of size 0
>   [-Werror=stringop-overflow=]
>   236 |                 rb.ptr[rb.len - 1] = 0x87;
>       |                 ~~~~~~~~~~~~~~~~~~~^~~~~~
>   cc1: all warnings being treated as errors
> 
> Plugins:
> 
> * Fixed missing plugin targetinstall of libstrongswan-acert.so
> * Enabled mgf1 since swanctl and starting strongswan gave following
>   error:
> 
> plugin 'mgf1': failed to load - mgf1_plugin_create not found and no
> plugin file available

My sanity checker complains that /usr/bin/pki (installed by this package)
uses libtls.so.0 which is not in the rootfs. That's also provided by this
package, so it needs to be installed as well (or don't install pki, I have
no idea it it's needed).

Michael

> Signed-off-by: Lars Pedersen <lapeddk@gmail.com>
> ---
>  rules/strongswan.make | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/rules/strongswan.make b/rules/strongswan.make
> index 07a7ade73..f8e8236a5 100644
> --- a/rules/strongswan.make
> +++ b/rules/strongswan.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan
>  #
>  # Paths and names
>  #
> -STRONGSWAN_VERSION	:= 5.9.6
> -STRONGSWAN_MD5		:= 0eeb13eda09fb34e9ab5e2bfcfab1211
> +STRONGSWAN_VERSION	:= 5.9.8
> +STRONGSWAN_MD5		:= f46b0d3e7aed88824650d0721c887443
>  STRONGSWAN		:= strongswan-$(STRONGSWAN_VERSION)
>  STRONGSWAN_SUFFIX	:= tar.bz2
>  STRONGSWAN_URL		:= https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX)
> @@ -54,7 +54,7 @@ STRONGSWAN_CONF_OPT	:= \
>  	--enable-hmac \
>  	--disable-md4 \
>  	--disable-md5 \
> -	--disable-mgf1 \
> +	--enable-mgf1 \
>  	--disable-newhope \
>  	--enable-nonce \
>  	--disable-ntru \
> @@ -194,7 +194,6 @@ STRONGSWAN_CONF_OPT	:= \
>  	--disable-medsrv \
>  	--disable-nm \
>  	--enable-pki \
> -	--$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \
>  	--enable-scripts \
>  	--disable-svc \
>  	--$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \
> @@ -224,6 +223,8 @@ STRONGSWAN_CONF_OPT	:= \
>  	--enable-kdf \
>  	--enable-dependency-tracking \
>  	--enable-shared \
> +	--disable-warnings \
> +	--disable-asan \
>  	--$(call ptx/endis, PTXCONF_GLOBAL_SELINUX)-selinux \
>  	--$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \
>  	--with-ipseclibdir=/usr/lib \
> @@ -236,6 +237,7 @@ STRONGSWAN_LDFLAGS	:= -Wl,-rpath,/usr/lib/plugins
>  # ----------------------------------------------------------------------------
>  
>  STRONGSWAN_PLUGINS := \
> +	libstrongswan-acert.so \
>  	libstrongswan-aes.so \
>  	libstrongswan-attr.so \
>  	libstrongswan-cmac.so \
> @@ -247,6 +249,7 @@ STRONGSWAN_PLUGINS := \
>  	libstrongswan-hmac.so \
>  	libstrongswan-kdf.so \
>  	libstrongswan-kernel-netlink.so \
> +	libstrongswan-mgf1.so \
>  	libstrongswan-nonce.so \
>  	libstrongswan-pem.so \
>  	libstrongswan-pgp.so \
> -- 
> 2.38.1
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



  reply	other threads:[~2022-12-09  8:00 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-05  8:56 [ptxdist] [PATCH 1/2] strongswan: Always install strongswan.d dir Lars Pedersen
2022-12-05  8:56 ` [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8 Lars Pedersen
2022-12-09  8:00   ` Michael Olbrich [this message]
2022-12-15  7:34 ` [ptxdist] [APPLIED] strongswan: Always install strongswan.d dir Michael Olbrich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y5LrBWy5A1pvMoly@pengutronix.de \
    --to=m.olbrich@pengutronix.de \
    --cc=lapeddk@gmail.com \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox