Date: Monday, October 1, 2018 @ 20:35:24 Author: anthraxx Revision: 388921
archrelease: copy trunk to community-x86_64 Added: strongswan/repos/community-x86_64/PKGBUILD (from rev 388920, strongswan/trunk/PKGBUILD) strongswan/repos/community-x86_64/configure_ac.patch (from rev 388920, strongswan/trunk/configure_ac.patch) Deleted: strongswan/repos/community-x86_64/PKGBUILD strongswan/repos/community-x86_64/configure_ac.patch strongswan/repos/community-x86_64/cve_2018_5388.patch strongswan/repos/community-x86_64/stdint.patch ---------------------+ PKGBUILD | 229 ++++++++++++++++++++++++++++---------------------- configure_ac.patch | 32 +++--- cve_2018_5388.patch | 25 ----- stdint.patch | 11 -- 4 files changed, 148 insertions(+), 149 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2018-10-01 20:35:12 UTC (rev 388920) +++ PKGBUILD 2018-10-01 20:35:24 UTC (rev 388921) @@ -1,97 +0,0 @@ -# Maintainer : Christian Rebischke <chris.rebisc...@archlinux.org> -# Contributor: dkorzhevin <dkorzhevin at gmail dot com> -# Contributor: Thermi <noel [at] familie-kuntze dot de> -# Contributor: nikicat <develniks at gmail dot com> -# Contributor: danilo <gezuru at gmail dot com> -# Contributor: Jason Begley <jayray at digitalgoat dot com> -# Contributor: Ray Kohler <ataraxia937 at gmail dot com> -# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com> -# Contributor: 458italia <svenskaparadox [at] gmail dot com> -# Contributor: Thermi <noel [at] familie-kuntze dot com> - -pkgname=strongswan -pkgver=5.7.0 -pkgrel=1 -pkgdesc="open source IPsec implementation" -url='http://www.strongswan.org' -license=("GPL2") -arch=('x86_64') -makedepends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd' -'systemd' 'pam' 'libnm-glib' 'python' 'ruby' 'mariadb' 'python-setuptools') -depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd' 'pam') -optdepends=('libnm-glib: for networkmanager support' - 'mariadb: MySQL support' - 'ruby: Ruby support' - 'python: Python support' - 'openldap: LDAP support') -backup=( - etc/ipsec.conf - etc/ipsec.secrets - etc/swanctl/swanctl.conf - etc/strongswan.conf - etc/strongswan.d/{charon-logging.conf,charon.conf,pki.conf,pool.conf,scepclient.conf,starter.conf,swanctl.conf} - etc/strongswan.d/charon/{aesni.conf,attr-sql.conf,attr.conf,bliss.conf,chapoly.conf,cmac.conf,connmark.conf,\ -constraints.conf,curl.conf,des.conf,dhcp.conf,dnskey.conf,eap-aka-3gpp2.conf,eap-aka.conf,\ -eap-gtc.conf,eap-identity.conf,eap-md5.conf,eap-mschapv2.conf,eap-radius.conf,eap-sim-file.conf,\ -eap-sim.conf,eap-simaka-pseudonym.conf,eap-simaka-reauth.conf,eap-tls.conf,ext-auth.conf,farp.conf,\ -fips-prf.conf,forecast.conf,gmp.conf,ha.conf,hmac.conf,kernel-netlink.conf,md5.conf,mgf1.conf,nonce.conf,newhope.conf,ntru.conf,openssl.conf,\ -pem.conf,pgp.conf,pkcs1.conf,pkcs12.conf,pkcs7.conf,pkcs8.conf,pubkey.conf,random.conf,rc2.conf,resolve.conf,\ -revocation.conf,sha1.conf,sha2.conf,sha3.conf,socket-default.conf,sql.conf,sqlite.conf,sshkey.conf,stroke.conf,updown.conf,\ -vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf,curve25519.conf,bypass-lan.conf} -) - -source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2" - "https://download.strongswan.org/strongswan-${pkgver}.tar.bz2.sig" - 'configure_ac.patch' - ) - -validpgpkeys=("948F158A4E76A27BF3D07532DF42C170B34DBA77") - -sha512sums=('811bfa79aa2b17fcf298c45a2b4109cf4235286e90c4def3e09022ed94c7fa481fc25b8d5054529e4ff4e33011ce6f6ba9874595d16c1a8fe13ef924c4ec6395' - 'SKIP' - '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74') - -# We don't build libipsec because it would get loaded before kernel-netlink and netkey, which -# would case processing to be handled in user space. Also, the plugin is experimental. If you need it, -# add --enable-libipsec and --enable-kernel-libipsec -prepare() { - cd "${srcdir}/${pkgname}-${pkgver}" - patch -p1 -l < "${srcdir}/configure_ac.patch" - autoreconf -} - -build() { - cd "${srcdir}/${pkgname}-${pkgver}" - - ./configure --prefix=/usr \ - --sbindir=/usr/bin \ - --sysconfdir=/etc \ - --libexecdir=/usr/lib \ - --with-ipsecdir=/usr/lib/strongswan \ - --with-nm-ca-dir=/etc/ssl/certs \ - --enable-integrity-test \ - --enable-sqlite \ - --enable-pkcs11 \ - --enable-openssl --enable-curl \ - --enable-sql --enable-attr-sql \ - --enable-farp --enable-dhcp \ - --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym \ - --enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5 \ - --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \ - --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \ - --enable-ha --enable-vici --enable-swanctl --enable-systemd --enable-ext-auth \ - --enable-mysql --enable-ldap --enable-cmd --enable-forecast --enable-connmark \ - --enable-aesni --enable-eap-ttls --enable-radattr --enable-xauth-pam --enable-xauth-noauth \ - --enable-eap-dynamic --enable-eap-peap --enable-eap-tls --enable-chapoly --enable-unity \ - --with-capabilities=libcap --enable-newhope --enable-ntru --enable-mgf1 --enable-sha3 \ - --enable-bliss --enable-dnscert \ - --enable-nm --enable-agent --enable-bypass-lan \ - --enable-ruby-gems --enable-python-eggs - make -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install -} - Copied: strongswan/repos/community-x86_64/PKGBUILD (from rev 388920, strongswan/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2018-10-01 20:35:24 UTC (rev 388921) @@ -0,0 +1,132 @@ +# Maintainer : Christian Rebischke <chris.rebisc...@archlinux.org> +# Contributor: dkorzhevin <dkorzhevin at gmail dot com> +# Contributor: Thermi <noel [at] familie-kuntze dot de> +# Contributor: nikicat <develniks at gmail dot com> +# Contributor: danilo <gezuru at gmail dot com> +# Contributor: Jason Begley <jayray at digitalgoat dot com> +# Contributor: Ray Kohler <ataraxia937 at gmail dot com> +# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com> +# Contributor: 458italia <svenskaparadox [at] gmail dot com> +# Contributor: Thermi <noel [at] familie-kuntze dot com> + +pkgname=strongswan +pkgver=5.7.1 +pkgrel=1 +pkgdesc='Open source IPsec implementation' +url='https://www.strongswan.org' +license=('GPL2') +arch=('x86_64') +makedepends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd' + 'systemd' 'pam' 'libnm-glib' 'python' 'ruby' 'mariadb' 'python-setuptools') +depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd' 'pam') +optdepends=('libnm-glib: for networkmanager support' + 'mariadb: MySQL support' + 'ruby: Ruby support' + 'python: Python support' + 'openldap: LDAP support') +# TODO: move to package() and use find +backup=( + etc/ipsec.conf + etc/ipsec.secrets + etc/swanctl/swanctl.conf + etc/strongswan.conf + etc/strongswan.d/{charon-logging.conf,charon.conf,pki.conf,pool.conf,scepclient.conf,starter.conf,swanctl.conf} + etc/strongswan.d/charon/{aesni.conf,attr-sql.conf,attr.conf,bliss.conf,chapoly.conf,cmac.conf,connmark.conf,\ +constraints.conf,curl.conf,des.conf,dhcp.conf,dnskey.conf,eap-aka-3gpp2.conf,eap-aka.conf,\ +eap-gtc.conf,eap-identity.conf,eap-md5.conf,eap-mschapv2.conf,eap-radius.conf,eap-sim-file.conf,\ +eap-sim.conf,eap-simaka-pseudonym.conf,eap-simaka-reauth.conf,eap-tls.conf,ext-auth.conf,farp.conf,\ +fips-prf.conf,forecast.conf,gmp.conf,ha.conf,hmac.conf,kernel-netlink.conf,md5.conf,mgf1.conf,nonce.conf,newhope.conf,ntru.conf,openssl.conf,\ +pem.conf,pgp.conf,pkcs1.conf,pkcs12.conf,pkcs7.conf,pkcs8.conf,pubkey.conf,random.conf,rc2.conf,resolve.conf,\ +revocation.conf,sha1.conf,sha2.conf,sha3.conf,socket-default.conf,sql.conf,sqlite.conf,sshkey.conf,stroke.conf,updown.conf,\ +vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf,curve25519.conf,bypass-lan.conf} +) + +source=(https://download.strongswan.org/strongswan-${pkgver}.tar.bz2{,.sig} + configure_ac.patch) + +validpgpkeys=("948F158A4E76A27BF3D07532DF42C170B34DBA77") + +sha512sums=('43102814434bee7c27a5956be59099cc4ffb9bb5b0d6382ce4c6a80d1d82ed6639f698f5f5544b9ca563554a344638c953525b0e2d39bc6b71b19055c80e07fc' + 'SKIP' + '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74') + +# We don't build libipsec because it would get loaded before kernel-netlink and netkey, which +# would case processing to be handled in user space. Also, the plugin is experimental. If you need it, +# add --enable-libipsec and --enable-kernel-libipsec +prepare() { + cd ${pkgname}-${pkgver} + patch -p1 -l < "${srcdir}/configure_ac.patch" + autoreconf -fiv +} + +build() { + cd ${pkgname}-${pkgver} + + ./configure --prefix=/usr \ + --sbindir=/usr/bin \ + --sysconfdir=/etc \ + --libexecdir=/usr/lib \ + --with-ipsecdir=/usr/lib/strongswan \ + --with-nm-ca-dir=/etc/ssl/certs \ + --enable-integrity-test \ + --enable-sqlite \ + --enable-pkcs11 \ + --enable-openssl \ + --enable-curl \ + --enable-sql \ + --enable-attr-sql \ + --enable-farp \ + --enable-dhcp \ + --enable-eap-sim \ + --enable-eap-sim-file \ + --enable-eap-simaka-pseudonym \ + --enable-eap-simaka-reauth \ + --enable-eap-identity \ + --enable-eap-md5 \ + --enable-eap-gtc \ + --enable-eap-aka \ + --enable-eap-aka-3gpp2 \ + --enable-eap-mschapv2 \ + --enable-eap-radius \ + --enable-xauth-eap \ + --enable-ha \ + --enable-vici \ + --enable-swanctl \ + --enable-systemd \ + --enable-ext-auth \ + --enable-mysql \ + --enable-ldap \ + --enable-cmd \ + --enable-forecast \ + --enable-connmark \ + --enable-aesni \ + --enable-eap-ttls \ + --enable-radattr \ + --enable-xauth-pam \ + --enable-xauth-noauth \ + --enable-eap-dynamic \ + --enable-eap-peap \ + --enable-eap-tls \ + --enable-chapoly \ + --enable-unity \ + --with-capabilities=libcap \ + --enable-newhope \ + --enable-ntru \ + --enable-mgf1 \ + --enable-sha3 \ + --enable-bliss \ + --enable-dnscert \ + --enable-nm \ + --enable-agent \ + --enable-bypass-lan \ + --enable-ruby-gems \ + --enable-python-eggs + make +} + +package() { + cd ${pkgname}-${pkgver} + make DESTDIR="${pkgdir}" install +} + +# vim: ts=2 sw=2 et: Deleted: configure_ac.patch =================================================================== --- configure_ac.patch 2018-10-01 20:35:12 UTC (rev 388920) +++ configure_ac.patch 2018-10-01 20:35:24 UTC (rev 388921) @@ -1,16 +0,0 @@ ---- a/configure.ac 2016-03-22 09:36:03.000000000 +0100 -+++ b/configure.ac 2016-03-26 18:35:44.697586161 +0100 -@@ -946,10 +946,10 @@ - PKG_CHECK_MODULES(systemd, [libsystemd >= 209], - [AC_SUBST(systemd_CFLAGS) - AC_SUBST(systemd_LIBS)], -- [PKG_CHECK_MODULES(systemd_daemon, [libsystemd-daemon]) -+ [PKG_CHECK_MODULES(systemd_daemon, [libsystemd]) - AC_SUBST(systemd_daemon_CFLAGS) - AC_SUBST(systemd_daemon_LIBS) -- PKG_CHECK_MODULES(systemd_journal, [libsystemd-journal]) -+ PKG_CHECK_MODULES(systemd_journal, [libsystemd]) - AC_SUBST(systemd_journal_CFLAGS) - AC_SUBST(systemd_journal_LIBS)] - ) - Copied: strongswan/repos/community-x86_64/configure_ac.patch (from rev 388920, strongswan/trunk/configure_ac.patch) =================================================================== --- configure_ac.patch (rev 0) +++ configure_ac.patch 2018-10-01 20:35:24 UTC (rev 388921) @@ -0,0 +1,16 @@ +--- a/configure.ac 2016-03-22 09:36:03.000000000 +0100 ++++ b/configure.ac 2016-03-26 18:35:44.697586161 +0100 +@@ -946,10 +946,10 @@ + PKG_CHECK_MODULES(systemd, [libsystemd >= 209], + [AC_SUBST(systemd_CFLAGS) + AC_SUBST(systemd_LIBS)], +- [PKG_CHECK_MODULES(systemd_daemon, [libsystemd-daemon]) ++ [PKG_CHECK_MODULES(systemd_daemon, [libsystemd]) + AC_SUBST(systemd_daemon_CFLAGS) + AC_SUBST(systemd_daemon_LIBS) +- PKG_CHECK_MODULES(systemd_journal, [libsystemd-journal]) ++ PKG_CHECK_MODULES(systemd_journal, [libsystemd]) + AC_SUBST(systemd_journal_CFLAGS) + AC_SUBST(systemd_journal_LIBS)] + ) + Deleted: cve_2018_5388.patch =================================================================== --- cve_2018_5388.patch 2018-10-01 20:35:12 UTC (rev 388920) +++ cve_2018_5388.patch 2018-10-01 20:35:24 UTC (rev 388921) @@ -1,25 +0,0 @@ -From: Tobias Brunner <tob...@strongswan.org> -Date: Tue, 13 Mar 2018 17:54:08 +0000 (+0100) -Subject: stroke: Ensure a minimum message length -X-Git-Tag: 5.6.3dr1~28 -X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=0acd1ab4 - -stroke: Ensure a minimum message length ---- - -diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c -index c568440..1e7f210 100644 ---- a/src/libcharon/plugins/stroke/stroke_socket.c -+++ b/src/libcharon/plugins/stroke/stroke_socket.c -@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream) - } - return FALSE; - } -+ if (len < offsetof(stroke_msg_t, buffer)) -+ { -+ DBG1(DBG_CFG, "invalid stroke message length %d", len); -+ return FALSE; -+ } - - /* read message (we need an additional byte to terminate the buffer) */ - msg = malloc(len + 1); Deleted: stdint.patch =================================================================== --- stdint.patch 2018-10-01 20:35:12 UTC (rev 388920) +++ stdint.patch 2018-10-01 20:35:24 UTC (rev 388921) @@ -1,11 +0,0 @@ ---- strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h 2017-08-14 02:48:41.000000000 -0400 -+++ strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h 2017-09-12 01:15:29.690527667 -0400 -@@ -14,6 +14,8 @@ - * for more details. - */ - -+#include <stdint.h> /* for uintptr_t */ -+ - /** - * @defgroup memory_i memory - * @{ @ingroup utils_i