#
-# Copyright (C) 2012-2013 OpenWrt.org
+# Copyright (C) 2012-2014 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
-PKG_VERSION:=5.0.4
+PKG_VERSION:=5.1.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
-PKG_MD5SUM:=0ab0397b44b197febfd0f89148344035
+PKG_MD5SUM:=e3af3d493d22286be3cd794533a8966a
PKG_MOD_AVAILABLE:= \
addrblock \
ha \
hmac \
kernel-klips \
+ kernel-libipsec \
kernel-netlink \
kernel-pfkey \
+ kernel-pfroute \
ldap \
led \
load-tester \
x509 \
xauth-eap \
xauth-generic \
- xcbc \
+ xcbc
PKG_CONFIG_DEPENDS:= \
CONFIG_STRONGSWAN_DEVICE_RANDOM \
define Package/strongswan-full/description
$(call Package/strongswan/description/Default)
This meta-package contains dependencies for all of the strongswan plugins
- except kernel-klips, kernel-pfkey, socket-dynamic and which are
- ommitted in favor of the kernel-netlink and socket-default plugins.
+ except kernel-klips, kernel-libipsec, kernel-pfkey, kernel-pfroute,
+ socket-dynamic and which are ommitted in favor of the kernel-netlink and
+ socket-default plugins.
endef
define Package/strongswan-utils/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/pki $(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/lib/ipsec
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,pki,scepclient} $(1)/usr/lib/ipsec/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{openac,scepclient} $(1)/usr/lib/ipsec/
endef
define Plugin/duplicheck/install
$(eval $(call BuildPlugin,ha,high availability cluster,))
$(eval $(call BuildPlugin,hmac,HMAC crypto,))
$(eval $(call BuildPlugin,kernel-klips,KLIPS kernel interface,))
+$(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,))
$(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
$(eval $(call BuildPlugin,kernel-pfkey,PK_KEY kernel interface,))
+$(eval $(call BuildPlugin,kernel-pfroute,PF_ROUTE kernel interface,))
$(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))
$(eval $(call BuildPlugin,led,LED blink on IKE activity,))
$(eval $(call BuildPlugin,load-tester,load testing,))
+++ /dev/null
-From: Martin Willi <martin@revosec.ch>
-Date: Fri, 3 May 2013 12:17:37 +0000 (+0200)
-Subject: In memwipe_check(), don't put magic on stack when calling do_magic()
-X-Git-Url: http://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=9312fbc7
-
-In memwipe_check(), don't put magic on stack when calling do_magic()
-
-Otherwise the magic might be on the stack while checking it.
----
-
---- a/src/libstrongswan/library.c
-+++ b/src/libstrongswan/library.c
-@@ -154,7 +154,7 @@ static bool equals(char *a, char *b)
- * Write magic to memory, and try to clear it with memwipe()
- */
- __attribute__((noinline))
--static void do_magic(int magic, int **stack)
-+static void do_magic(int *magic, int **stack)
- {
- int buf[32], i;
-
-@@ -162,7 +162,7 @@ static void do_magic(int magic, int **st
- *stack = &i;
- for (i = 0; i < countof(buf); i++)
- {
-- buf[i] = magic;
-+ buf[i] = *magic;
- }
- /* passing buf to dbg should make sure the compiler can't optimize out buf.
- * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
-@@ -177,7 +177,7 @@ static bool check_memwipe()
- {
- int magic = 0xCAFEBABE, *ptr, *deeper, i, stackdir = 1;
-
-- do_magic(magic, &deeper);
-+ do_magic(&magic, &deeper);
-
- ptr = &magic;
- if (deeper < ptr)
--- /dev/null
+--- a/src/starter/netkey.c
++++ b/src/starter/netkey.c
+@@ -31,7 +31,7 @@ bool starter_netkey_init(void)
+ /* af_key module makes the netkey proc interface visible */
+ if (stat(PROC_MODULES, &stb) == 0)
+ {
+- ignore_result(system("modprobe -qv af_key"));
++ ignore_result(system("modprobe af_key 2>&1 >/dev/null"));
+ }
+
+ /* now test again */
+@@ -45,11 +45,11 @@ bool starter_netkey_init(void)
+ /* make sure that all required IPsec modules are loaded */
+ if (stat(PROC_MODULES, &stb) == 0)
+ {
+- ignore_result(system("modprobe -qv ah4"));
+- ignore_result(system("modprobe -qv esp4"));
+- ignore_result(system("modprobe -qv ipcomp"));
+- ignore_result(system("modprobe -qv xfrm4_tunnel"));
+- ignore_result(system("modprobe -qv xfrm_user"));
++ ignore_result(system("modprobe ah4 2>&1 >/dev/null"));
++ ignore_result(system("modprobe esp4 2>&1 >/dev/null"));
++ ignore_result(system("modprobe ipcomp 2>&1 >/dev/null"));
++ ignore_result(system("modprobe xfrm4_tunnel 2>&1 >/dev/null"));
++ ignore_result(system("modprobe xfrm_user 2>&1 >/dev/null"));
+ }
+
+ DBG2(DBG_APP, "found netkey IPsec stack");
+++ /dev/null
---- a/src/starter/netkey.c
-+++ b/src/starter/netkey.c
-@@ -31,7 +31,7 @@ bool starter_netkey_init(void)
- /* af_key module makes the netkey proc interface visible */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- ignore_result(system("modprobe -qv af_key"));
-+ ignore_result(system("insmod -qv af_key"));
- }
-
- /* now test again */
-@@ -45,11 +45,11 @@ bool starter_netkey_init(void)
- /* make sure that all required IPsec modules are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
-- ignore_result(system("modprobe -qv ah4"));
-- ignore_result(system("modprobe -qv esp4"));
-- ignore_result(system("modprobe -qv ipcomp"));
-- ignore_result(system("modprobe -qv xfrm4_tunnel"));
-- ignore_result(system("modprobe -qv xfrm_user"));
-+ ignore_result(system("insmod -qv ah4"));
-+ ignore_result(system("insmod -qv esp4"));
-+ ignore_result(system("insmod -qv ipcomp"));
-+ ignore_result(system("insmod -qv xfrm4_tunnel"));
-+ ignore_result(system("insmod -qv xfrm_user"));
- }
-
- DBG2(DBG_APP, "found netkey IPsec stack");