summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOmar Vega Ramos <ovruni@gnu.org.pe>2015-07-07 17:01:40 -0500
committerOmar Vega Ramos <ovruni@gnu.org.pe>2015-07-07 17:01:40 -0500
commit2d8d34c87fff47ed554f5c972d2e768c8b165906 (patch)
treee61564cb92a3f5be29b0a6fb076d09bd0f425cba
parentee0b2a7c3e03672bbdf03d3c1a92b97c2dc3e2ae (diff)
downloadabslibre-2d8d34c87fff47ed554f5c972d2e768c8b165906.tar.gz
abslibre-2d8d34c87fff47ed554f5c972d2e768c8b165906.tar.bz2
abslibre-2d8d34c87fff47ed554f5c972d2e768c8b165906.zip
strongswan-5.3.2-1: updating version
-rw-r--r--pcr/strongswan/CHANGELOG20
-rw-r--r--pcr/strongswan/PKGBUILD71
2 files changed, 24 insertions, 67 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG
deleted file mode 100644
index a798a08c4..000000000
--- a/pcr/strongswan/CHANGELOG
+++ /dev/null
@@ -1,20 +0,0 @@
-strongswan-5.0.4
-----------------
-
-- Fixed a security vulnerability in the openssl plugin which was reported by
- Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
- Before the fix, if the openssl plugin's ECDSA signature verification was used,
- due to a misinterpretation of the error code returned by the OpenSSL
- ECDSA_verify() function, an empty or zeroed signature was accepted as a
- legitimate one.
-
-- The handling of a couple of other non-security relevant openssl return codes
- was fixed as well.
-
-- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
- TCG TNC IF-MAP 2.1 interface.
-
-- The charon.initiator_only option causes charon to ignore IKE initiation
- requests.
-
-- The openssl plugin can now use the openssl-fips library.
diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD
index 71bd4cfb4..7e93b8c6e 100644
--- a/pcr/strongswan/PKGBUILD
+++ b/pcr/strongswan/PKGBUILD
@@ -1,59 +1,35 @@
-## Contributor: nikicat <develniks at gmail dot com>
-# Contributor: danilo <gezuru at gmail dot com>
-# Contributor: Jason Begley <jayray at digitalgoat dot com>
-# Contributor: Ray Kohler <ataraxia937 at gmail dot com>
-# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com>
-# Contributor: 458italia <svenskaparadox [at] gmail dot com>
-# Contributor: Thermi <noel [at] familie-kuntze dot com>
-# Former maintainer: dkorzhevin <dkorzhevin at gmail dot com>
-# Maintainer: Thermi <noel [at] familie-kuntze dot com>
+## Contributor (Arch): nikicat <develniks at gmail dot com>
+# Contributor (Arch): danilo <gezuru at gmail dot com>
+# Contributor (Arch): Jason Begley <jayray at digitalgoat dot com>
+# Contributor (Arch): Ray Kohler <ataraxia937 at gmail dot com>
+# Contributor (Arch): Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com>
+# Contributor (Arch): 458italia <svenskaparadox [at] gmail dot com>
+# Contributor (Arch): Thermi <noel [at] familie-kuntze dot com>
+# Former maintainer (Arch): dkorzhevin <dkorzhevin at gmail dot com>
+# Maintainer (Arch): Thermi <noel [at] familie-kuntze dot com>
+# Maintainer: Omar Vega Ramos <ovruni@gnu.org.pe>
pkgname=strongswan
-pkgver=5.2.2
-pkgrel=2
-pkgdesc="IPsec-based VPN Solution"
+pkgver=5.3.2
+pkgrel=1
+pkgdesc="open source IPsec implementation"
url='http://www.strongswan.org'
license=("GPL")
-arch=('i686' 'x86_64' 'mips64el')
-depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite')
-makedepends=('ldns' 'unbound' 'networkmanager' 'libnm-glib')
-optdepends=('unbound: dns resolver plugin'
- 'networkmanager: nm backend')
+arch=('i686' 'x86_64')
+depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'systemd')
conflicts=('openswan')
options=(!libtool)
backup=(etc/ipsec.conf etc/strongswan.conf)
-validpgpkeys=('948F158A4E76A27BF3D07532DF42C170B34DBA77')
-source=(
- http://download.strongswan.org/strongswan-${pkgver}.tar.bz2{,.sig}
- # needed because of #814
- configure.patch::https://wiki.strongswan.org/attachments/download/586/configure.patch
- # needed because of #819
- invalid-proto-id.patch::https://wiki.strongswan.org/attachments/download/578/0001-ikev1-Set-protocol-ID-and-SPIs-in-INITIAL-CONTACT-no.patch
- # needed for charon-systemd.user and charon-systemd.group support (see #887)
- charon-systemd.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/f3c8332220f5be450199b909d4823cc1627bf47d/diff?format=diff
- charon-systemd-load.patch::'http://git.strongswan.org/?p=strongswan.git;a=patch;h=d2f4345b0361d57e54e7cdd3ae2abfba20429f1f'
- missing-semicolon.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/9c3c41f29bf5772626abde71f52c57c05e59fa94/diff/src/charon-systemd/charon-systemd.c?format=diff
-)
-sha256sums=('cf2fbfdf200a5eced796f00dc11fea67ce477d38c54d5f073ac6c51618b172f4'
- 'SKIP'
- '75f372ee1ed650100aad3e42871485710d00a764725849b1cd4b4d46946ad7bf'
- '50fc25bd151ecc9d617f699e5b7436c5aef57fdc92dc5bf2728b3d36173e8b27'
- '2e147333056bb0e22e18f3b3e59b8b923d06855f23d8f6c9125391069e164c6d'
- '36c5382ea1e8c24f9ef3aeddd7b9a2bae7daed4f67df76ce7f60064decdd7c3e'
- '5d4f3b4f6525a36159d983c428c647656ca34f49fa9a8433792a3ae3c1a221d7')
+source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2")
+
+# md5 is broken. We use sha256 now. Alternatively, we could check the signature of the file, but that
+# doesn't yield any more security and just increases the work users initially have to invest.
+sha256sums=('a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225')
# We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
# would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
# add --enable-libipsec and --enable-kernel-libipsec
-prepare() {
- cd ${srcdir}/strongswan-${pkgver}
- patch -p1 < ${srcdir}/invalid-proto-id.patch
- patch -p1 < ${srcdir}/charon-systemd.patch
- patch -p1 < ${srcdir}/charon-systemd-load.patch
- patch -p1 < ${srcdir}/missing-semicolon.patch
- patch -p0 < ${srcdir}/configure.patch
-}
build() {
cd ${srcdir}/${pkgname}-${pkgver}
@@ -62,9 +38,7 @@ build() {
--sbindir=/usr/bin \
--sysconfdir=/etc \
--libexecdir=/usr/lib \
- --disable-static \
--with-ipsecdir=/usr/lib/strongswan \
- --with-systemdsystemunitdir=/usr/lib/systemd/system \
--enable-sqlite \
--enable-openssl --enable-curl \
--enable-sql --enable-attr-sql \
@@ -74,7 +48,9 @@ build() {
--enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
--enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
--enable-ha --enable-vici --enable-swanctl --enable-systemd --enable-ext-auth \
- --disable-mysql --disable-ldap -enable-cmd --enable-nm
+ --disable-mysql --disable-ldap -enable-cmd --enable-forecast --enable-connmark \
+ --enable-aesni
+# --enable-ruby-gems --enable-python-eggs
make
}
@@ -82,3 +58,4 @@ package() {
cd "${srcdir}/${pkgname}-${pkgver}"
make DESTDIR=${pkgdir} install
}
+