* [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2
@ 2015-01-06 10:35 Gustavo Zacarias
2015-01-06 10:35 ` [Buildroot] [PATCH 2/2] package/strongswan: add tools option deprecation notice Gustavo Zacarias
2015-01-06 20:49 ` [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2 Thomas Petazzoni
0 siblings, 2 replies; 3+ messages in thread
From: Gustavo Zacarias @ 2015-01-06 10:35 UTC (permalink / raw)
To: buildroot
Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/strongswan/Config.in | 16 ++++++++++++----
package/strongswan/strongswan.hash | 2 ++
package/strongswan/strongswan.mk | 9 ++++++---
3 files changed, 20 insertions(+), 7 deletions(-)
create mode 100644 package/strongswan/strongswan.hash
diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 3b0f47f..23131dc 100644
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -110,13 +110,21 @@ config BR2_PACKAGE_STRONGSWAN_SQL
endif
-config BR2_PACKAGE_STRONGSWAN_TOOLS
- bool "Enable additional utilities (openac, scepclient and pki)"
+config BR2_PACKAGE_STRONGSWAN_PKI
+ bool "Enable pki certificate utility"
default y
+config BR2_PACKAGE_STRONGSWAN_SCEP
+ bool "Enable SCEP client tool"
+
config BR2_PACKAGE_STRONGSWAN_SCRIPTS
- bool "Enable additional utilities (found in directory scripts)"
- depends on BR2_PACKAGE_STRONGSWAN_CHARON || BR2_PACKAGE_STRONGSWAN_TOOLS
+ bool "Enable additional utilities (found in scripts directory)"
+ depends on BR2_PACKAGE_STRONGSWAN_CHARON
+ default y
+
+config BR2_PACKAGE_STRONGSWAN_VICI
+ bool "Enable vici/swanctl"
+ depends on BR2_PACKAGE_STRONGSWAN_CHARON
default y
endif
diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash
new file mode 100644
index 0000000..6073b36
--- /dev/null
+++ b/package/strongswan/strongswan.hash
@@ -0,0 +1,2 @@
+# From http://download.strongswan.org/strongswan-5.2.2.tar.bz2.md5
+md5 7ee1a33060b2bde35be0f6d78a1d26d0 strongswan-5.2.2.tar.bz2
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index bb1d268..2d23383 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -4,7 +4,7 @@
#
################################################################################
-STRONGSWAN_VERSION = 5.1.3
+STRONGSWAN_VERSION = 5.2.2
STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
STRONGSWAN_SITE = http://download.strongswan.org
STRONGSWAN_LICENSE = GPLv2+
@@ -28,8 +28,11 @@ STRONGSWAN_CONF_OPTS +=
--enable-unity=$(if $(BR2_PACKAGE_STRONGSWAN_UNITY),yes,no) \
--enable-stroke=$(if $(BR2_PACKAGE_STRONGSWAN_STROKE),yes,no) \
--enable-sql=$(if $(BR2_PACKAGE_STRONGSWAN_SQL),yes,no) \
- --enable-tools=$(if $(BR2_PACKAGE_STRONGSWAN_TOOLS),yes,no) \
- --enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)
+ --enable-pki=$(if $(BR2_PACKAGE_STRONGSWAN_PKI),yes,no) \
+ --enable-scepclient=$(if $(BR2_PACKAGE_STRONGSWAN_SCEP),yes,no) \
+ --enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no) \
+ --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \
+ --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)
ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
STRONGSWAN_CONF_OPTS += \
--
2.0.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 2/2] package/strongswan: add tools option deprecation notice
2015-01-06 10:35 [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2 Gustavo Zacarias
@ 2015-01-06 10:35 ` Gustavo Zacarias
2015-01-06 20:49 ` [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2 Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Gustavo Zacarias @ 2015-01-06 10:35 UTC (permalink / raw)
To: buildroot
It's now a split option with pki and scep, with some other tools being
deprecated upstream so select both when tools was selected to get as
close as possible.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
Config.in.legacy | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/Config.in.legacy b/Config.in.legacy
index de2c0ba..69608c7 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -102,6 +102,16 @@ endif
comment "Legacy options removed in 2015.02"
+config BR2_PACKAGE_STRONGSWAN_TOOLS
+ bool "strongswan option has been removed"
+ select BR2_LEGACY
+ select BR2_PACKAGE_STRONGSWAN_PKI
+ select BR2_PACKAGE_STRONGSWAN_SCEP
+ help
+ The tools option has been removed upstream and the different tools
+ have been split between the pki and scep options, with others
+ deprecated.
+
config BR2_PACKAGE_XBMC_ADDON_XVDR
bool "xbmc options have been renamed"
select BR2_LEGACY
--
2.0.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2
2015-01-06 10:35 [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2 Gustavo Zacarias
2015-01-06 10:35 ` [Buildroot] [PATCH 2/2] package/strongswan: add tools option deprecation notice Gustavo Zacarias
@ 2015-01-06 20:49 ` Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2015-01-06 20:49 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Tue, 6 Jan 2015 07:35:40 -0300, Gustavo Zacarias wrote:
> Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
> IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.
>
> Also add hash file.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/strongswan/Config.in | 16 ++++++++++++----
> package/strongswan/strongswan.hash | 2 ++
> package/strongswan/strongswan.mk | 9 ++++++---
> 3 files changed, 20 insertions(+), 7 deletions(-)
> create mode 100644 package/strongswan/strongswan.hash
Both patches applied, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-01-06 20:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-06 10:35 [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2 Gustavo Zacarias
2015-01-06 10:35 ` [Buildroot] [PATCH 2/2] package/strongswan: add tools option deprecation notice Gustavo Zacarias
2015-01-06 20:49 ` [Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2 Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox