[arch-commits] Commit in strongswan/repos/community-x86_64 (7 files)

Christian Rebischke shibumi at archlinux.org
Sat May 26 14:11:59 UTC 2018


    Date: Saturday, May 26, 2018 @ 14:11:58
  Author: shibumi
Revision: 330094

archrelease: copy trunk to community-x86_64

Added:
  strongswan/repos/community-x86_64/PKGBUILD
    (from rev 330093, strongswan/trunk/PKGBUILD)
  strongswan/repos/community-x86_64/configure_ac.patch
    (from rev 330093, strongswan/trunk/configure_ac.patch)
  strongswan/repos/community-x86_64/cve_2018_5388.patch
    (from rev 330093, strongswan/trunk/cve_2018_5388.patch)
  strongswan/repos/community-x86_64/stdint.patch
    (from rev 330093, strongswan/trunk/stdint.patch)
Deleted:
  strongswan/repos/community-x86_64/PKGBUILD
  strongswan/repos/community-x86_64/configure_ac.patch
  strongswan/repos/community-x86_64/stdint.patch

---------------------+
 PKGBUILD            |  195 +++++++++++++++++++++++++-------------------------
 configure_ac.patch  |   32 ++++----
 cve_2018_5388.patch |   25 ++++++
 stdint.patch        |   22 ++---
 4 files changed, 151 insertions(+), 123 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2018-05-26 14:11:50 UTC (rev 330093)
+++ PKGBUILD	2018-05-26 14:11:58 UTC (rev 330094)
@@ -1,96 +0,0 @@
-# Maintainer : Christian Rebischke <Chris.Rebischke at archlinux.org>
-# Contributor: dkorzhevin <dkorzhevin at gmail dot com>
-# Contributor: Thermi <noel [at] familie-kuntze dot de>
-# Contributor: nikicat <develniks at gmail dot com>
-# Contributor: danilo <gezuru at gmail dot com>
-# Contributor: Jason Begley <jayray at digitalgoat dot com>
-# Contributor: Ray Kohler <ataraxia937 at gmail dot com>
-# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com>
-# Contributor: 458italia <svenskaparadox [at] gmail dot com>
-# Contributor: Thermi <noel [at] familie-kuntze dot com>
-
-pkgname=strongswan
-pkgver=5.6.2
-pkgrel=1
-pkgdesc="open source IPsec implementation"
-url='http://www.strongswan.org'
-license=("GPL2")
-arch=('x86_64')
-makedepends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd'
-'systemd' 'pam' 'libnm-glib' 'python' 'ruby' 'mariadb' 'python-setuptools')
-depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd' 'pam')
-optdepends=('libnm-glib: for networkmanager support'
-            'mariadb: MySQL support'
-            'ruby: Ruby support'
-            'python: Python support'
-            'openldap: LDAP support')
-backup=(
-    etc/ipsec.conf
-    etc/ipsec.secrets
-    etc/swanctl/swanctl.conf
-    etc/strongswan.conf
-    etc/strongswan.d/{charon-logging.conf,charon.conf,pki.conf,pool.conf,scepclient.conf,starter.conf,swanctl.conf}
-    etc/strongswan.d/charon/{aesni.conf,attr-sql.conf,attr.conf,bliss.conf,chapoly.conf,cmac.conf,connmark.conf,\
-constraints.conf,curl.conf,des.conf,dhcp.conf,dnskey.conf,eap-aka-3gpp2.conf,eap-aka.conf,\
-eap-gtc.conf,eap-identity.conf,eap-md5.conf,eap-mschapv2.conf,eap-radius.conf,eap-sim-file.conf,\
-eap-sim.conf,eap-simaka-pseudonym.conf,eap-simaka-reauth.conf,eap-tls.conf,ext-auth.conf,farp.conf,\
-fips-prf.conf,forecast.conf,gmp.conf,ha.conf,hmac.conf,kernel-netlink.conf,md5.conf,mgf1.conf,nonce.conf,newhope.conf,ntru.conf,openssl.conf,\
-pem.conf,pgp.conf,pkcs1.conf,pkcs12.conf,pkcs7.conf,pkcs8.conf,pubkey.conf,random.conf,rc2.conf,resolve.conf,\
-revocation.conf,sha1.conf,sha2.conf,sha3.conf,socket-default.conf,sql.conf,sqlite.conf,sshkey.conf,stroke.conf,updown.conf,\
-vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf,curve25519.conf,bypass-lan.conf}
-)
-
-source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2"
-    "https://download.strongswan.org/strongswan-${pkgver}.tar.bz2.sig"
-    'configure_ac.patch'
-    )
-
-validpgpkeys=("948F158A4E76A27BF3D07532DF42C170B34DBA77")
-
-sha512sums=('cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92c961772aafd3e55cfcfa84516204a15561389d373f78140f05607b248c52'
-            'SKIP'
-            '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74')
-
-# We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
-# would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
-# add --enable-libipsec and --enable-kernel-libipsec
-prepare() {
-    cd "${srcdir}/${pkgname}-${pkgver}"
-    patch -p1 -l < "${srcdir}/configure_ac.patch"
-    autoreconf
-}
-
-build() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-
-  ./configure --prefix=/usr \
-        --sbindir=/usr/bin \
-        --sysconfdir=/etc \
-        --libexecdir=/usr/lib \
-        --with-ipsecdir=/usr/lib/strongswan \
-        --with-nm-ca-dir=/etc/ssl/certs \
-        --enable-integrity-test \
-        --enable-sqlite \
-        --enable-openssl --enable-curl \
-        --enable-sql --enable-attr-sql \
-        --enable-farp --enable-dhcp \
-        --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym \
-        --enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5 \
-        --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
-        --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
-        --enable-ha --enable-vici --enable-swanctl --enable-systemd --enable-ext-auth \
-        --enable-mysql --enable-ldap --enable-cmd --enable-forecast --enable-connmark \
-        --enable-aesni --enable-eap-ttls --enable-radattr --enable-xauth-pam --enable-xauth-noauth \
-        --enable-eap-dynamic --enable-eap-peap --enable-eap-tls --enable-chapoly --enable-unity \
-        --with-capabilities=libcap --enable-newhope --enable-ntru --enable-mgf1 --enable-sha3 \
-        --enable-bliss --enable-dnscert \
-        --enable-nm --enable-agent --enable-bypass-lan \
-        --enable-ruby-gems --enable-python-eggs
-  make
-}
-
-package() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-  make DESTDIR="${pkgdir}" install
-}
-

Copied: strongswan/repos/community-x86_64/PKGBUILD (from rev 330093, strongswan/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2018-05-26 14:11:58 UTC (rev 330094)
@@ -0,0 +1,99 @@
+# Maintainer : Christian Rebischke <Chris.Rebischke at archlinux.org>
+# Contributor: dkorzhevin <dkorzhevin at gmail dot com>
+# Contributor: Thermi <noel [at] familie-kuntze dot de>
+# Contributor: nikicat <develniks at gmail dot com>
+# Contributor: danilo <gezuru at gmail dot com>
+# Contributor: Jason Begley <jayray at digitalgoat dot com>
+# Contributor: Ray Kohler <ataraxia937 at gmail dot com>
+# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com>
+# Contributor: 458italia <svenskaparadox [at] gmail dot com>
+# Contributor: Thermi <noel [at] familie-kuntze dot com>
+
+pkgname=strongswan
+pkgver=5.6.2
+pkgrel=2
+pkgdesc="open source IPsec implementation"
+url='http://www.strongswan.org'
+license=("GPL2")
+arch=('x86_64')
+makedepends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd'
+'systemd' 'pam' 'libnm-glib' 'python' 'ruby' 'mariadb' 'python-setuptools')
+depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'libcap' 'libsystemd' 'pam')
+optdepends=('libnm-glib: for networkmanager support'
+            'mariadb: MySQL support'
+            'ruby: Ruby support'
+            'python: Python support'
+            'openldap: LDAP support')
+backup=(
+    etc/ipsec.conf
+    etc/ipsec.secrets
+    etc/swanctl/swanctl.conf
+    etc/strongswan.conf
+    etc/strongswan.d/{charon-logging.conf,charon.conf,pki.conf,pool.conf,scepclient.conf,starter.conf,swanctl.conf}
+    etc/strongswan.d/charon/{aesni.conf,attr-sql.conf,attr.conf,bliss.conf,chapoly.conf,cmac.conf,connmark.conf,\
+constraints.conf,curl.conf,des.conf,dhcp.conf,dnskey.conf,eap-aka-3gpp2.conf,eap-aka.conf,\
+eap-gtc.conf,eap-identity.conf,eap-md5.conf,eap-mschapv2.conf,eap-radius.conf,eap-sim-file.conf,\
+eap-sim.conf,eap-simaka-pseudonym.conf,eap-simaka-reauth.conf,eap-tls.conf,ext-auth.conf,farp.conf,\
+fips-prf.conf,forecast.conf,gmp.conf,ha.conf,hmac.conf,kernel-netlink.conf,md5.conf,mgf1.conf,nonce.conf,newhope.conf,ntru.conf,openssl.conf,\
+pem.conf,pgp.conf,pkcs1.conf,pkcs12.conf,pkcs7.conf,pkcs8.conf,pubkey.conf,random.conf,rc2.conf,resolve.conf,\
+revocation.conf,sha1.conf,sha2.conf,sha3.conf,socket-default.conf,sql.conf,sqlite.conf,sshkey.conf,stroke.conf,updown.conf,\
+vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf,curve25519.conf,bypass-lan.conf}
+)
+
+source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2"
+    "https://download.strongswan.org/strongswan-${pkgver}.tar.bz2.sig"
+    'configure_ac.patch'
+    'cve_2018_5388.patch'
+    )
+
+validpgpkeys=("948F158A4E76A27BF3D07532DF42C170B34DBA77")
+
+sha512sums=('cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92c961772aafd3e55cfcfa84516204a15561389d373f78140f05607b248c52'
+            'SKIP'
+            '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74'
+            '77cfce88de2cb72d69c93f80f607a2f95cfedac45b40c8e9d60e22df07f0a37a617797e0cfa1b6132eb7a748ec694b6621e0e1ee0e80300431efc1a516713fcf')
+
+# We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
+# would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
+# add --enable-libipsec and --enable-kernel-libipsec
+prepare() {
+    cd "${srcdir}/${pkgname}-${pkgver}"
+    patch -p1 -l < "${srcdir}/configure_ac.patch"
+    patch -p1 -l < "${srcdir}/cve_2018_5388.patch"
+    autoreconf
+}
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+
+  ./configure --prefix=/usr \
+        --sbindir=/usr/bin \
+        --sysconfdir=/etc \
+        --libexecdir=/usr/lib \
+        --with-ipsecdir=/usr/lib/strongswan \
+        --with-nm-ca-dir=/etc/ssl/certs \
+        --enable-integrity-test \
+        --enable-sqlite \
+        --enable-openssl --enable-curl \
+        --enable-sql --enable-attr-sql \
+        --enable-farp --enable-dhcp \
+        --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym \
+        --enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5 \
+        --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
+        --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
+        --enable-ha --enable-vici --enable-swanctl --enable-systemd --enable-ext-auth \
+        --enable-mysql --enable-ldap --enable-cmd --enable-forecast --enable-connmark \
+        --enable-aesni --enable-eap-ttls --enable-radattr --enable-xauth-pam --enable-xauth-noauth \
+        --enable-eap-dynamic --enable-eap-peap --enable-eap-tls --enable-chapoly --enable-unity \
+        --with-capabilities=libcap --enable-newhope --enable-ntru --enable-mgf1 --enable-sha3 \
+        --enable-bliss --enable-dnscert \
+        --enable-nm --enable-agent --enable-bypass-lan \
+        --enable-ruby-gems --enable-python-eggs
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make DESTDIR="${pkgdir}" install
+}
+

Deleted: configure_ac.patch
===================================================================
--- configure_ac.patch	2018-05-26 14:11:50 UTC (rev 330093)
+++ configure_ac.patch	2018-05-26 14:11:58 UTC (rev 330094)
@@ -1,16 +0,0 @@
---- a/configure.ac      2016-03-22 09:36:03.000000000 +0100
-+++ b/configure.ac      2016-03-26 18:35:44.697586161 +0100
-@@ -946,10 +946,10 @@
-        PKG_CHECK_MODULES(systemd, [libsystemd >= 209],
-                [AC_SUBST(systemd_CFLAGS)
-                 AC_SUBST(systemd_LIBS)],
--               [PKG_CHECK_MODULES(systemd_daemon, [libsystemd-daemon])
-+               [PKG_CHECK_MODULES(systemd_daemon, [libsystemd])
-                 AC_SUBST(systemd_daemon_CFLAGS)
-                 AC_SUBST(systemd_daemon_LIBS)
--                PKG_CHECK_MODULES(systemd_journal, [libsystemd-journal])
-+                PKG_CHECK_MODULES(systemd_journal, [libsystemd])
-                 AC_SUBST(systemd_journal_CFLAGS)
-                 AC_SUBST(systemd_journal_LIBS)]
-        )
-

Copied: strongswan/repos/community-x86_64/configure_ac.patch (from rev 330093, strongswan/trunk/configure_ac.patch)
===================================================================
--- configure_ac.patch	                        (rev 0)
+++ configure_ac.patch	2018-05-26 14:11:58 UTC (rev 330094)
@@ -0,0 +1,16 @@
+--- a/configure.ac      2016-03-22 09:36:03.000000000 +0100
++++ b/configure.ac      2016-03-26 18:35:44.697586161 +0100
+@@ -946,10 +946,10 @@
+        PKG_CHECK_MODULES(systemd, [libsystemd >= 209],
+                [AC_SUBST(systemd_CFLAGS)
+                 AC_SUBST(systemd_LIBS)],
+-               [PKG_CHECK_MODULES(systemd_daemon, [libsystemd-daemon])
++               [PKG_CHECK_MODULES(systemd_daemon, [libsystemd])
+                 AC_SUBST(systemd_daemon_CFLAGS)
+                 AC_SUBST(systemd_daemon_LIBS)
+-                PKG_CHECK_MODULES(systemd_journal, [libsystemd-journal])
++                PKG_CHECK_MODULES(systemd_journal, [libsystemd])
+                 AC_SUBST(systemd_journal_CFLAGS)
+                 AC_SUBST(systemd_journal_LIBS)]
+        )
+

Copied: strongswan/repos/community-x86_64/cve_2018_5388.patch (from rev 330093, strongswan/trunk/cve_2018_5388.patch)
===================================================================
--- cve_2018_5388.patch	                        (rev 0)
+++ cve_2018_5388.patch	2018-05-26 14:11:58 UTC (rev 330094)
@@ -0,0 +1,25 @@
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Tue, 13 Mar 2018 17:54:08 +0000 (+0100)
+Subject: stroke: Ensure a minimum message length
+X-Git-Tag: 5.6.3dr1~28
+X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=0acd1ab4
+
+stroke: Ensure a minimum message length
+---
+
+diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
+index c568440..1e7f210 100644
+--- a/src/libcharon/plugins/stroke/stroke_socket.c
++++ b/src/libcharon/plugins/stroke/stroke_socket.c
+@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
+ 		}
+ 		return FALSE;
+ 	}
++	if (len < offsetof(stroke_msg_t, buffer))
++	{
++		DBG1(DBG_CFG, "invalid stroke message length %d", len);
++		return FALSE;
++	}
+ 
+ 	/* read message (we need an additional byte to terminate the buffer) */
+ 	msg = malloc(len + 1);

Deleted: stdint.patch
===================================================================
--- stdint.patch	2018-05-26 14:11:50 UTC (rev 330093)
+++ stdint.patch	2018-05-26 14:11:58 UTC (rev 330094)
@@ -1,11 +0,0 @@
---- strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h    2017-08-14 02:48:41.000000000 -0400
-+++ strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h    2017-09-12 01:15:29.690527667 -0400
-@@ -14,6 +14,8 @@
-  * for more details.
-  */
-
-+#include <stdint.h> /* for uintptr_t */
-+
- /**
-  * @defgroup memory_i memory
-  * @{ @ingroup utils_i

Copied: strongswan/repos/community-x86_64/stdint.patch (from rev 330093, strongswan/trunk/stdint.patch)
===================================================================
--- stdint.patch	                        (rev 0)
+++ stdint.patch	2018-05-26 14:11:58 UTC (rev 330094)
@@ -0,0 +1,11 @@
+--- strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h    2017-08-14 02:48:41.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h    2017-09-12 01:15:29.690527667 -0400
+@@ -14,6 +14,8 @@
+  * for more details.
+  */
+
++#include <stdint.h> /* for uintptr_t */
++
+ /**
+  * @defgroup memory_i memory
+  * @{ @ingroup utils_i



More information about the arch-commits mailing list