include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
-PKG_VERSION:=5.9.5
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=5.9.7
+PKG_RELEASE:=$(AUTORELEASE).1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
-PKG_HASH:=983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd
+PKG_HASH:=9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf
PKG_LICENSE:=GPL-2.0-or-later
PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting>
PKG_CPE_ID:=cpe:/a:strongswan:strongswan
updown \
vici \
whitelist \
+ wolfssl \
x509 \
xauth-eap \
xauth-generic \
MENU:=1
DEPENDS:= +libpthread +ip \
+kmod-crypto-authenc \
- +kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 \
- +kmod-ipt-ipsec +iptables-mod-ipsec
+ +kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6
endef
define Package/strongswan/config
+strongswan-mod-des \
+strongswan-mod-dhcp \
+strongswan-mod-dnskey \
+ +strongswan-mod-drbg \
+strongswan-mod-duplicheck \
+strongswan-mod-eap-identity \
+strongswan-mod-eap-md5 \
+strongswan-mod-gmp \
+strongswan-mod-ha \
+strongswan-mod-hmac \
+ +strongswan-mod-kdf \
+strongswan-mod-kernel-netlink \
+strongswan-mod-ldap \
+strongswan-mod-led \
+strongswan-mod-updown \
+strongswan-mod-vici \
+strongswan-mod-whitelist \
+ +strongswan-mod-wolfssl \
+strongswan-mod-x509 \
+strongswan-mod-xauth-eap \
+strongswan-mod-xauth-generic \
+strongswan-mod-fips-prf \
+strongswan-mod-gmp \
+strongswan-mod-hmac \
+ @(PACKAGE_strongswan-mod-kdf||PACKAGE_strongswan-mod-openssl||PACKAGE_strongswan-mod-wolfssl) \
+strongswan-mod-kernel-netlink \
+strongswan-mod-md5 \
+ +strongswan-mod-mgf1 \
+strongswan-mod-nonce \
+strongswan-mod-pem \
+strongswan-mod-pgp \
+strongswan-mod-des \
+strongswan-mod-gmpdh \
+strongswan-mod-hmac \
+ @(PACKAGE_strongswan-mod-kdf||PACKAGE_strongswan-mod-openssl||PACKAGE_strongswan-mod-wolfssl) \
+strongswan-mod-kernel-netlink \
+strongswan-mod-md5 \
+ +strongswan-mod-mgf1 \
+strongswan-mod-nonce \
+strongswan-mod-pubkey \
+strongswan-mod-random \
+strongswan-mod-aes \
+strongswan-mod-gmp \
+strongswan-mod-hmac \
+ @(PACKAGE_strongswan-mod-kdf||PACKAGE_strongswan-mod-openssl||PACKAGE_strongswan-mod-wolfssl) \
+strongswan-mod-kernel-netlink \
+ +strongswan-mod-mgf1 \
+strongswan-mod-nonce \
+strongswan-mod-pubkey \
+strongswan-mod-random \
--disable-scripts \
--disable-static \
--disable-fast \
+ --enable-mgf1 \
--enable-mediation \
--with-systemdsystemunitdir=no \
$(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \
) \
ac_cv_search___atomic_load=no
-EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
-
define Package/strongswan/conffiles
/etc/strongswan.conf
/etc/strongswan.d/
$(eval $(call BuildPlugin,bliss,BLISS crypto,+strongswan-libnttfft +strongswan-mod-mgf1 +strongswan-mod-hmac))
$(eval $(call BuildPlugin,blowfish,Blowfish crypto,))
$(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,))
-$(eval $(call BuildPlugin,chapoly,ChaCha20-Poly1305 AEAD crypto,))
+$(eval $(call BuildPlugin,chapoly,ChaCha20-Poly1305 AEAD crypto,+kmod-crypto-chacha20poly1305))
$(eval $(call BuildPlugin,cmac,CMAC crypto,))
-$(eval $(call BuildPlugin,connmark,netfilter connection marking,))
+$(eval $(call BuildPlugin,connmark,netfilter connection marking,+libip4tc))
$(eval $(call BuildPlugin,constraints,advanced X509 constraint checking,))
$(eval $(call BuildPlugin,coupling,IKEv2 plugin to couple peer certificates permanently to authentication,))
$(eval $(call BuildPlugin,ctr,Counter Mode wrapper crypto,))
$(eval $(call BuildPlugin,des,DES crypto,))
$(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,))
$(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
+$(eval $(call BuildPlugin,drbg,Deterministic random bit generator,,))
$(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,))
$(eval $(call BuildPlugin,eap-identity,EAP identity helper,))
$(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,))
$(eval $(call BuildPlugin,eap-tls,EAP TLS auth,+strongswan-libtls))
$(eval $(call BuildPlugin,farp,fake arp respsonses,))
$(eval $(call BuildPlugin,fips-prf,FIPS PRF crypto,+strongswan-mod-sha1))
-$(eval $(call BuildPlugin,forecast,forward multi/broadcast traffic,+kmod-ipt-conntrack-extra))
+$(eval $(call BuildPlugin,forecast,forward multi/broadcast traffic,+libip4tc +kmod-ipt-conntrack-extra))
$(eval $(call BuildPlugin,gcm,GCM AEAD wrapper crypto,))
$(eval $(call BuildPlugin,gcrypt,libgcrypt,+PACKAGE_strongswan-mod-gcrypt:libgcrypt))
$(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
$(eval $(call BuildPlugin,gmpdh,DH-Groups; no libgmp dep,))
$(eval $(call BuildPlugin,ha,high availability cluster,))
$(eval $(call BuildPlugin,hmac,HMAC crypto,))
+$(eval $(call BuildPlugin,kdf,KDF/PRF+,))
$(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,))
$(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
$(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))
$(eval $(call BuildPlugin,test-vectors,crypto test vectors,))
$(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci))
$(eval $(call BuildPlugin,unity,Cisco Unity extension,))
-$(eval $(call BuildPlugin,updown,updown firewall,))
+$(eval $(call BuildPlugin,updown,updown firewall,+iptables +IPV6:ip6tables +iptables-mod-ipsec +kmod-ipt-ipsec))
$(eval $(call BuildPlugin,vici,Versatile IKE Configuration Interface,))
$(eval $(call BuildPlugin,whitelist,peer identity whitelisting,))
+$(eval $(call BuildPlugin,wolfssl,WolfSSL crypto,+PACKAGE_strongswan-mod-wolfssl:libwolfssl))
$(eval $(call BuildPlugin,x509,x509 certificate,))
$(eval $(call BuildPlugin,xauth-eap,EAP XAuth backend,))
$(eval $(call BuildPlugin,xauth-generic,generic XAuth backend,))