From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 09 Dec 2022 09:00:27 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1p3YJ0-00Fovc-Jr for lore@lore.pengutronix.de; Fri, 09 Dec 2022 09:00:27 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1p3YIz-0003fs-UL; Fri, 09 Dec 2022 09:00:25 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1p3YIj-0003fR-Uk; Fri, 09 Dec 2022 09:00:10 +0100 Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1p3YIi-003JVf-04; Fri, 09 Dec 2022 09:00:08 +0100 Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1p3YIf-00CnVi-Ms; Fri, 09 Dec 2022 09:00:05 +0100 Date: Fri, 9 Dec 2022 09:00:05 +0100 From: Michael Olbrich To: Lars Pedersen Message-ID: Mail-Followup-To: Lars Pedersen , ptxdist@pengutronix.de References: <20221205085644.221422-1-lapeddk@gmail.com> <20221205085644.221422-2-lapeddk@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221205085644.221422-2-lapeddk@gmail.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain Subject: Re: [ptxdist] [PATCH 2/2] strongswan: version bump 5.9.6 -> 5.9.8 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Mon, Dec 05, 2022 at 09:56:44AM +0100, Lars Pedersen wrote: > Configure options: > > * scepclient deprecated and removed > * Disabled AddressSanitizer (--disable-asan) > * New --with-python-sys-prefix unspecified for GNU default values > * New --with-python_prefix unspecified for GNU default values > * New --with-python_exec_prefix unspecified for GNU default values > * Disabled extended compiler warnings (--disable-warnings) because of > compile error: (OSELAS.Toolchain-2021.07.0) > > cmac.c: In function 'derive_key': > cmac.c:236:36: error: writing 1 byte into a region of size 0 > [-Werror=stringop-overflow=] > 236 | rb.ptr[rb.len - 1] = 0x87; > | ~~~~~~~~~~~~~~~~~~~^~~~~~ > cc1: all warnings being treated as errors > > Plugins: > > * Fixed missing plugin targetinstall of libstrongswan-acert.so > * Enabled mgf1 since swanctl and starting strongswan gave following > error: > > plugin 'mgf1': failed to load - mgf1_plugin_create not found and no > plugin file available My sanity checker complains that /usr/bin/pki (installed by this package) uses libtls.so.0 which is not in the rootfs. That's also provided by this package, so it needs to be installed as well (or don't install pki, I have no idea it it's needed). Michael > Signed-off-by: Lars Pedersen > --- > rules/strongswan.make | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/rules/strongswan.make b/rules/strongswan.make > index 07a7ade73..f8e8236a5 100644 > --- a/rules/strongswan.make > +++ b/rules/strongswan.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan > # > # Paths and names > # > -STRONGSWAN_VERSION := 5.9.6 > -STRONGSWAN_MD5 := 0eeb13eda09fb34e9ab5e2bfcfab1211 > +STRONGSWAN_VERSION := 5.9.8 > +STRONGSWAN_MD5 := f46b0d3e7aed88824650d0721c887443 > STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) > STRONGSWAN_SUFFIX := tar.bz2 > STRONGSWAN_URL := https://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) > @@ -54,7 +54,7 @@ STRONGSWAN_CONF_OPT := \ > --enable-hmac \ > --disable-md4 \ > --disable-md5 \ > - --disable-mgf1 \ > + --enable-mgf1 \ > --disable-newhope \ > --enable-nonce \ > --disable-ntru \ > @@ -194,7 +194,6 @@ STRONGSWAN_CONF_OPT := \ > --disable-medsrv \ > --disable-nm \ > --enable-pki \ > - --$(call ptx/disen, PTXCONF_STRONGSWAN_SWANCTL)-scepclient \ > --enable-scripts \ > --disable-svc \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_SYSTEMD_UNIT)-systemd \ > @@ -224,6 +223,8 @@ STRONGSWAN_CONF_OPT := \ > --enable-kdf \ > --enable-dependency-tracking \ > --enable-shared \ > + --disable-warnings \ > + --disable-asan \ > --$(call ptx/endis, PTXCONF_GLOBAL_SELINUX)-selinux \ > --$(call ptx/endis, PTXCONF_STRONGSWAN_SWANCTL)-swanctl \ > --with-ipseclibdir=/usr/lib \ > @@ -236,6 +237,7 @@ STRONGSWAN_LDFLAGS := -Wl,-rpath,/usr/lib/plugins > # ---------------------------------------------------------------------------- > > STRONGSWAN_PLUGINS := \ > + libstrongswan-acert.so \ > libstrongswan-aes.so \ > libstrongswan-attr.so \ > libstrongswan-cmac.so \ > @@ -247,6 +249,7 @@ STRONGSWAN_PLUGINS := \ > libstrongswan-hmac.so \ > libstrongswan-kdf.so \ > libstrongswan-kernel-netlink.so \ > + libstrongswan-mgf1.so \ > libstrongswan-nonce.so \ > libstrongswan-pem.so \ > libstrongswan-pgp.so \ > -- > 2.38.1 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |