diff options
-rw-r--r-- | pcr/strongswan/CHANGELOG | 20 | ||||
-rw-r--r-- | pcr/strongswan/PKGBUILD | 71 |
2 files changed, 24 insertions, 67 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG deleted file mode 100644 index a798a08c4..000000000 --- a/pcr/strongswan/CHANGELOG +++ /dev/null @@ -1,20 +0,0 @@ -strongswan-5.0.4 ----------------- - -- Fixed a security vulnerability in the openssl plugin which was reported by - Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. - Before the fix, if the openssl plugin's ECDSA signature verification was used, - due to a misinterpretation of the error code returned by the OpenSSL - ECDSA_verify() function, an empty or zeroed signature was accepted as a - legitimate one. - -- The handling of a couple of other non-security relevant openssl return codes - was fixed as well. - -- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its - TCG TNC IF-MAP 2.1 interface. - -- The charon.initiator_only option causes charon to ignore IKE initiation - requests. - -- The openssl plugin can now use the openssl-fips library. diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD index 71bd4cfb4..7e93b8c6e 100644 --- a/pcr/strongswan/PKGBUILD +++ b/pcr/strongswan/PKGBUILD @@ -1,59 +1,35 @@ -## Contributor: nikicat <develniks at gmail dot com> -# Contributor: danilo <gezuru at gmail dot com> -# Contributor: Jason Begley <jayray at digitalgoat dot com> -# Contributor: Ray Kohler <ataraxia937 at gmail dot com> -# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com> -# Contributor: 458italia <svenskaparadox [at] gmail dot com> -# Contributor: Thermi <noel [at] familie-kuntze dot com> -# Former maintainer: dkorzhevin <dkorzhevin at gmail dot com> -# Maintainer: Thermi <noel [at] familie-kuntze dot com> +## Contributor (Arch): nikicat <develniks at gmail dot com> +# Contributor (Arch): danilo <gezuru at gmail dot com> +# Contributor (Arch): Jason Begley <jayray at digitalgoat dot com> +# Contributor (Arch): Ray Kohler <ataraxia937 at gmail dot com> +# Contributor (Arch): Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com> +# Contributor (Arch): 458italia <svenskaparadox [at] gmail dot com> +# Contributor (Arch): Thermi <noel [at] familie-kuntze dot com> +# Former maintainer (Arch): dkorzhevin <dkorzhevin at gmail dot com> +# Maintainer (Arch): Thermi <noel [at] familie-kuntze dot com> +# Maintainer: Omar Vega Ramos <ovruni@gnu.org.pe> pkgname=strongswan -pkgver=5.2.2 -pkgrel=2 -pkgdesc="IPsec-based VPN Solution" +pkgver=5.3.2 +pkgrel=1 +pkgdesc="open source IPsec implementation" url='http://www.strongswan.org' license=("GPL") -arch=('i686' 'x86_64' 'mips64el') -depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite') -makedepends=('ldns' 'unbound' 'networkmanager' 'libnm-glib') -optdepends=('unbound: dns resolver plugin' - 'networkmanager: nm backend') +arch=('i686' 'x86_64') +depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'systemd') conflicts=('openswan') options=(!libtool) backup=(etc/ipsec.conf etc/strongswan.conf) -validpgpkeys=('948F158A4E76A27BF3D07532DF42C170B34DBA77') -source=( - http://download.strongswan.org/strongswan-${pkgver}.tar.bz2{,.sig} - # needed because of #814 - configure.patch::https://wiki.strongswan.org/attachments/download/586/configure.patch - # needed because of #819 - invalid-proto-id.patch::https://wiki.strongswan.org/attachments/download/578/0001-ikev1-Set-protocol-ID-and-SPIs-in-INITIAL-CONTACT-no.patch - # needed for charon-systemd.user and charon-systemd.group support (see #887) - charon-systemd.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/f3c8332220f5be450199b909d4823cc1627bf47d/diff?format=diff - charon-systemd-load.patch::'http://git.strongswan.org/?p=strongswan.git;a=patch;h=d2f4345b0361d57e54e7cdd3ae2abfba20429f1f' - missing-semicolon.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/9c3c41f29bf5772626abde71f52c57c05e59fa94/diff/src/charon-systemd/charon-systemd.c?format=diff -) -sha256sums=('cf2fbfdf200a5eced796f00dc11fea67ce477d38c54d5f073ac6c51618b172f4' - 'SKIP' - '75f372ee1ed650100aad3e42871485710d00a764725849b1cd4b4d46946ad7bf' - '50fc25bd151ecc9d617f699e5b7436c5aef57fdc92dc5bf2728b3d36173e8b27' - '2e147333056bb0e22e18f3b3e59b8b923d06855f23d8f6c9125391069e164c6d' - '36c5382ea1e8c24f9ef3aeddd7b9a2bae7daed4f67df76ce7f60064decdd7c3e' - '5d4f3b4f6525a36159d983c428c647656ca34f49fa9a8433792a3ae3c1a221d7') +source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2") + +# md5 is broken. We use sha256 now. Alternatively, we could check the signature of the file, but that +# doesn't yield any more security and just increases the work users initially have to invest. +sha256sums=('a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225') # We don't build libipsec because it would get loaded before kernel-netlink and netkey, which # would case processing to be handled in user space. Also, the plugin is experimental. If you need it, # add --enable-libipsec and --enable-kernel-libipsec -prepare() { - cd ${srcdir}/strongswan-${pkgver} - patch -p1 < ${srcdir}/invalid-proto-id.patch - patch -p1 < ${srcdir}/charon-systemd.patch - patch -p1 < ${srcdir}/charon-systemd-load.patch - patch -p1 < ${srcdir}/missing-semicolon.patch - patch -p0 < ${srcdir}/configure.patch -} build() { cd ${srcdir}/${pkgname}-${pkgver} @@ -62,9 +38,7 @@ build() { --sbindir=/usr/bin \ --sysconfdir=/etc \ --libexecdir=/usr/lib \ - --disable-static \ --with-ipsecdir=/usr/lib/strongswan \ - --with-systemdsystemunitdir=/usr/lib/systemd/system \ --enable-sqlite \ --enable-openssl --enable-curl \ --enable-sql --enable-attr-sql \ @@ -74,7 +48,9 @@ build() { --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \ --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \ --enable-ha --enable-vici --enable-swanctl --enable-systemd --enable-ext-auth \ - --disable-mysql --disable-ldap -enable-cmd --enable-nm + --disable-mysql --disable-ldap -enable-cmd --enable-forecast --enable-connmark \ + --enable-aesni +# --enable-ruby-gems --enable-python-eggs make } @@ -82,3 +58,4 @@ package() { cd "${srcdir}/${pkgname}-${pkgver}" make DESTDIR=${pkgdir} install } + |