From b4cd95e202e410390b828075999e71c27b837250 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sun, 25 May 2025 11:48:11 -0600 Subject: [PATCH] strongswan: bump to 6.0.1 mod-bliss and libnttfft are dropped. Signed-off-by: Philip Prindeville --- net/strongswan/Makefile | 39 +++-------- ...andler-Fix-build-with-musl-C-library.patch | 58 ---------------- ...poofer-Fix-build-with-musl-C-library.patch | 37 ----------- .../patches/0003-undef-wolfssl-RNG.patch | 39 ----------- ...t-loopback-interfaces-as-packet-sour.patch | 28 -------- ...ctly-bind-packet-socket-to-an-interf.patch | 63 ------------------ ...to-bind-the-receive-socket-to-a-diff.patch | 66 ------------------- ...ilding-with-musl-on-openwrt-taken-ve.patch | 21 ------ ...m-patch-from-openwrt-package-sources.patch | 29 -------- ...t-implements-gmp-DH-functions-in-an-.patch | 20 +++--- .../patches/0905-wolfssl-parse_error.patch | 19 ------ 11 files changed, 18 insertions(+), 401 deletions(-) delete mode 100644 net/strongswan/patches/0001-pf-handler-Fix-build-with-musl-C-library.patch delete mode 100644 net/strongswan/patches/0002-farp_spoofer-Fix-build-with-musl-C-library.patch delete mode 100644 net/strongswan/patches/0003-undef-wolfssl-RNG.patch delete mode 100644 net/strongswan/patches/0005-pf-handler-Accept-loopback-interfaces-as-packet-sour.patch delete mode 100644 net/strongswan/patches/0006-pf-handler-Correctly-bind-packet-socket-to-an-interf.patch delete mode 100644 net/strongswan/patches/0007-dhcp-Add-option-to-bind-the-receive-socket-to-a-diff.patch delete mode 100644 net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch delete mode 100644 net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch delete mode 100644 net/strongswan/patches/0905-wolfssl-parse_error.patch diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index d69626d87d..ecdac4d918 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=strongswan -PKG_VERSION:=5.9.14 -PKG_RELEASE:=9 +PKG_VERSION:=6.0.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ -PKG_HASH:=728027ddda4cb34c67c4cec97d3ddb8c274edfbabdaeecf7e74693b54fc33678 +PKG_HASH:=212368cbc674fed31f3292210303fff06da8b90acad2d1387375ed855e6879c4 PKG_LICENSE:=GPL-2.0-or-later PKG_MAINTAINER:=Philip Prindeville , Noel Kuntze PKG_CPE_ID:=cpe:/a:strongswan:strongswan @@ -25,7 +25,6 @@ PKG_MOD_AVAILABLE:= \ agent \ attr \ attr-sql \ - bliss \ blowfish \ ccm \ chapoly \ @@ -62,12 +61,11 @@ PKG_MOD_AVAILABLE:= \ ldap \ led \ load-tester \ + lookip \ md4 \ md5 \ mgf1 \ mysql \ - newhope \ - ntru \ openssl \ pem \ pgp \ @@ -160,14 +158,12 @@ $(call Package/strongswan/Default) +strongswan-charon \ +strongswan-charon-cmd \ +strongswan-ipsec \ - +strongswan-libnttfft \ +strongswan-mod-addrblock \ +strongswan-mod-aes \ +strongswan-mod-af-alg \ +strongswan-mod-agent \ +strongswan-mod-attr \ +strongswan-mod-attr-sql \ - +strongswan-mod-bliss \ +strongswan-mod-blowfish \ +strongswan-mod-ccm \ +strongswan-mod-chapoly \ @@ -202,12 +198,11 @@ $(call Package/strongswan/Default) +strongswan-mod-ldap \ +strongswan-mod-led \ +strongswan-mod-load-tester \ + +strongswan-mod-lookip \ +strongswan-mod-md4 \ +strongswan-mod-md5 \ +strongswan-mod-mgf1 \ +strongswan-mod-mysql \ - +strongswan-mod-newhope \ - +strongswan-mod-ntru \ +strongswan-mod-openssl \ +strongswan-mod-pem \ +strongswan-mod-pgp \ @@ -386,17 +381,6 @@ $(call Package/strongswan/description/Default) This package contains the ipsec utility. endef -define Package/strongswan-libnttfft -$(call Package/strongswan/Default) - TITLE+= nttfft library - DEPENDS:= strongswan -endef - -define Package/strongswan-libnttfft/description -$(call Package/strongswan/description/Default) - This package contains the Number Theoretic Transforms library. -endef - define Package/strongswan-pki $(call Package/strongswan/Default) TITLE+= PKI tool @@ -475,6 +459,7 @@ CONFIGURE_ARGS+= \ --enable-mediation \ --with-systemdsystemunitdir=no \ $(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \ + $(if $(CONFIG_PACKAGE_strongswan-mod-gmpdh),--enable-gmpdh,) \ $(if $(CONFIG_PACKAGE_strongswan-pki),--enable-pki,--disable-pki) \ --with-random-device=/dev/random \ --with-urandom-device=/dev/urandom \ @@ -565,11 +550,6 @@ opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || { } endef -define Package/strongswan-libnttfft/install - $(INSTALL_DIR) $(1)/usr/lib/ipsec - $(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libnttfft.so.* $(1)/usr/lib/ipsec/ -endef - define Package/strongswan-pki/install $(INSTALL_DIR) $(1)/etc/strongswan.d $(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/pki.conf $(1)/etc/strongswan.d/ @@ -584,7 +564,7 @@ endef define Package/strongswan-swanctl/install $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_DIR) $(1)/etc/swanctl/{bliss,conf.d,ecdsa,pkcs{12,8},private,pubkey,rsa} + $(INSTALL_DIR) $(1)/etc/swanctl/{conf.d,ecdsa,pkcs{12,8},private,pubkey,rsa} $(INSTALL_DIR) $(1)/etc/swanctl/x509{,aa,ac,ca,crl,ocsp} $(CP) $(PKG_INSTALL_DIR)/etc/swanctl/swanctl.conf $(1)/etc/swanctl/ echo "include /var/swanctl/swanctl.conf" >> $(1)/etc/swanctl/swanctl.conf @@ -664,7 +644,6 @@ $(eval $(call BuildPackage,strongswan-isakmp)) $(eval $(call BuildPackage,strongswan-charon)) $(eval $(call BuildPackage,strongswan-charon-cmd)) $(eval $(call BuildPackage,strongswan-ipsec)) -$(eval $(call BuildPackage,strongswan-libnttfft)) $(eval $(call BuildPackage,strongswan-pki)) $(eval $(call BuildPackage,strongswan-swanctl)) $(eval $(call BuildPackage,strongswan-gencerts)) @@ -675,7 +654,6 @@ $(eval $(call BuildPlugin,af-alg,AF_ALG crypto interface to Linux Crypto API,+km $(eval $(call BuildPlugin,agent,SSH agent signing,)) $(eval $(call BuildPlugin,attr,file based config,)) $(eval $(call BuildPlugin,attr-sql,SQL based config,+strongswan-charon)) -$(eval $(call BuildPlugin,bliss,BLISS crypto,+strongswan-libnttfft +strongswan-mod-mgf1 +strongswan-mod-hmac)) $(eval $(call BuildPlugin,blowfish,Blowfish crypto,)) $(eval $(call BuildPlugin,ccm,CCM AEAD wrapper crypto,)) $(eval $(call BuildPlugin,chapoly,ChaCha20-Poly1305 AEAD crypto,+kmod-crypto-chacha20poly1305)) @@ -712,12 +690,11 @@ $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,)) $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap)) $(eval $(call BuildPlugin,led,LED blink on IKE activity,)) $(eval $(call BuildPlugin,load-tester,load testing,)) +$(eval $(call BuildPlugin,lookip,enable fast virtual IP lookup and notification,)) $(eval $(call BuildPlugin,md4,MD4 crypto,)) $(eval $(call BuildPlugin,md5,MD5 crypto,)) $(eval $(call BuildPlugin,mgf1,MGF1 crypto,)) $(eval $(call BuildPlugin,mysql,MySQL database interface,+strongswan-mod-sql +PACKAGE_strongswan-mod-mysql:libmysqlclient-r)) -$(eval $(call BuildPlugin,newhope,New Hope crypto,+strongswan-libnttfft +strongswan-mod-chapoly +strongswan-mod-sha3)) -$(eval $(call BuildPlugin,ntru,NTRU crypto,+strongswan-mod-mgf1)) $(eval $(call BuildPlugin,openssl,OpenSSL crypto,+PACKAGE_strongswan-mod-openssl:libopenssl)) $(eval $(call BuildPlugin,pem,PEM decoding,)) $(eval $(call BuildPlugin,pgp,PGP key decoding,)) diff --git a/net/strongswan/patches/0001-pf-handler-Fix-build-with-musl-C-library.patch b/net/strongswan/patches/0001-pf-handler-Fix-build-with-musl-C-library.patch deleted file mode 100644 index f8de285b23..0000000000 --- a/net/strongswan/patches/0001-pf-handler-Fix-build-with-musl-C-library.patch +++ /dev/null @@ -1,58 +0,0 @@ -commit f5b1ca4ef60bc4fca91f0d1e852ef8447d23c99a -Author: Tobias Brunner -Date: Fri Mar 22 09:57:07 2024 +0100 - - pf-handler: Fix build with musl C library - - musl's headers define a lot of networking structs. For some, the - definition in the Linux UAPI headers is then suppressed by e.g. - __UAPI_DEF_ETHHDR. - - Since we included musl's net/ethernet.h, which includes netinet/if_ether.h - that defines `struct ethhdr` (and the above constant), **after** we - include linux/if_ether.h, there was a compilation error because the - struct was defined multiple times. - - However, simply moving that include doesn't fix the problem because for - ARP-specific structs the Linux headers don't provide __UAPI_DEF* checks. - So instead of directly including the linux/ headers, we include those - provided by the C library. For glibc these usually just include the - Linux headers, but for musl this allows them to define the struct - directly. We also need to move if.h and add packet.h, which define - other structs (or include headers that do so) that we use. - - Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS") - ---- a/src/libcharon/network/pf_handler.c -+++ b/src/libcharon/network/pf_handler.c -@@ -20,23 +20,23 @@ - - #include - #include -+#include -+#include -+#include -+#include - - #if !defined(__APPLE__) && !defined(__FreeBSD__) --#include --#include -+#include -+#include -+#include - #include - #else - #include - #include - #include --#include - #include - #endif /* !defined(__APPLE__) && !defined(__FreeBSD__) */ - --#include --#include --#include -- - #if !defined(__APPLE__) && !defined(__FreeBSD__) - - /** diff --git a/net/strongswan/patches/0002-farp_spoofer-Fix-build-with-musl-C-library.patch b/net/strongswan/patches/0002-farp_spoofer-Fix-build-with-musl-C-library.patch deleted file mode 100644 index 3328c0e8de..0000000000 --- a/net/strongswan/patches/0002-farp_spoofer-Fix-build-with-musl-C-library.patch +++ /dev/null @@ -1,37 +0,0 @@ -commit 540881627fe8083207f9a2cfd01b931164c7ef4e -Author: Tobias Brunner -Date: Fri Mar 22 10:42:34 2024 +0100 - - farp: Fix build with musl C library - - Same issue as described in the previous commit. - - Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS") - ---- a/src/libcharon/plugins/farp/farp_spoofer.c -+++ b/src/libcharon/plugins/farp/farp_spoofer.c -@@ -20,12 +20,14 @@ - - #include - #include -+#include - #include - - #if !defined(__APPLE__) && !defined(__FreeBSD__) - #include --#include --#include -+#include -+#include -+#include - #include - #else - #include -@@ -33,7 +35,6 @@ - #include - #endif /* !defined(__APPLE__) && !defined(__FreeBSD__) */ - --#include - #include - #include - #include diff --git a/net/strongswan/patches/0003-undef-wolfssl-RNG.patch b/net/strongswan/patches/0003-undef-wolfssl-RNG.patch deleted file mode 100644 index 8f28c0fe80..0000000000 --- a/net/strongswan/patches/0003-undef-wolfssl-RNG.patch +++ /dev/null @@ -1,39 +0,0 @@ -commit 5226561a77efc94b53d708a855df267b11f53b83 -Author: Philip Prindeville -Date: Wed Mar 27 17:41:18 2024 -0600 - - wolfssl: avoid RNG redefinition - - There are definitions of RNG in and - that play havoc with the literal RNG being - used in the expansions of _PLUGIN_FEATURE_RNG() => __PLUGIN_FEATURE() - in when ##-concatenated to build the - enum FEATURE_RNG. - - must always be included before - , and RNG must be undefined before any plugins are - declared. - - Signed-off-by: Philip Prindeville - ---- a/src/libstrongswan/plugins/wolfssl/wolfssl_common.h -+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_common.h -@@ -80,7 +80,4 @@ typedef union { - - #undef PARSE_ERROR - --/* Eliminate macro conflicts */ --#undef RNG -- - #endif /* WOLFSSL_PLUGIN_COMMON_H_ */ ---- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c -+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c -@@ -47,6 +47,8 @@ - - #include - -+#undef RNG -+ - #ifndef FIPS_MODE - #define FIPS_MODE 0 - #endif diff --git a/net/strongswan/patches/0005-pf-handler-Accept-loopback-interfaces-as-packet-sour.patch b/net/strongswan/patches/0005-pf-handler-Accept-loopback-interfaces-as-packet-sour.patch deleted file mode 100644 index 5c8731d862..0000000000 --- a/net/strongswan/patches/0005-pf-handler-Accept-loopback-interfaces-as-packet-sour.patch +++ /dev/null @@ -1,28 +0,0 @@ -From abbf9d28b0032cf80b79bcacea3146a60800a6dd Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Mon, 27 Jan 2025 09:40:56 +0100 -Subject: [PATCH 1/3] pf-handler: Accept loopback interfaces as packet source - -In some setups the responses from the DHCP server are sent via lo, which -does not have an address of type `ARPHRD_ETHER` (the address length is -the same, though, just all zeros, by default). Note that the dhcp plugin -doesn't actually care for the MAC address or interface details, that's -only used by the farp plugin. - -Fixes: 187c72d1afdc ("dhcp: Port the plugin to FreeBSD/macOS") ---- - src/libcharon/network/pf_handler.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/src/libcharon/network/pf_handler.c -+++ b/src/libcharon/network/pf_handler.c -@@ -176,7 +176,8 @@ static cached_iface_t *find_interface(pr - - if (ioctl(fd, SIOCGIFNAME, &req) == 0 && - ioctl(fd, SIOCGIFHWADDR, &req) == 0 && -- req.ifr_hwaddr.sa_family == ARPHRD_ETHER) -+ (req.ifr_hwaddr.sa_family == ARPHRD_ETHER || -+ req.ifr_hwaddr.sa_family == ARPHRD_LOOPBACK)) - { - idx = find_least_used_cache_entry(this); - diff --git a/net/strongswan/patches/0006-pf-handler-Correctly-bind-packet-socket-to-an-interf.patch b/net/strongswan/patches/0006-pf-handler-Correctly-bind-packet-socket-to-an-interf.patch deleted file mode 100644 index 89f6a68b2e..0000000000 --- a/net/strongswan/patches/0006-pf-handler-Correctly-bind-packet-socket-to-an-interf.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 00d8c36d6fdf9e8ee99b9f92a64e7e81dbfa4432 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Thu, 30 Jan 2025 14:40:33 +0100 -Subject: [PATCH 2/3] pf-handler: Correctly bind packet socket to an interface - -Binding such sockets via SO_BINDTODEVICE does not work at all. Instead, -bind() has to be used, as described in the packet(7) man page. ---- - src/libcharon/network/pf_handler.c | 31 +++++++++++++++++++++++++++--- - 1 file changed, 28 insertions(+), 3 deletions(-) - ---- a/src/libcharon/network/pf_handler.c -+++ b/src/libcharon/network/pf_handler.c -@@ -227,6 +227,30 @@ METHOD(pf_handler_t, destroy, void, - } - - /** -+ * Bind the given packet socket to the a named device -+ */ -+static bool bind_packet_socket_to_device(int fd, char *iface) -+{ -+ struct sockaddr_ll addr = { -+ .sll_family = AF_PACKET, -+ .sll_ifindex = if_nametoindex(iface), -+ }; -+ -+ if (!addr.sll_ifindex) -+ { -+ DBG1(DBG_CFG, "unable to bind socket to '%s': not found", iface); -+ return FALSE; -+ } -+ if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == -1) -+ { -+ DBG1(DBG_CFG, "binding socket to '%s' failed: %s", -+ iface, strerror(errno)); -+ return FALSE; -+ } -+ return TRUE; -+} -+ -+/** - * Setup capturing via AF_PACKET socket - */ - static bool setup_internal(private_pf_handler_t *this, char *iface, -@@ -248,14 +272,15 @@ static bool setup_internal(private_pf_ha - this->name, strerror(errno)); - return FALSE; - } -- if (iface && !bind_to_device(this->receive, iface)) -+ if (iface && iface[0] && !bind_packet_socket_to_device(this->receive, iface)) - { - return FALSE; - } - lib->watcher->add(lib->watcher, this->receive, WATCHER_READ, - receive_packet, this); -- DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d", -- this->name, protocol, this->receive); -+ DBG2(DBG_NET, "listening for %s (protocol=0x%04x) requests on fd=%d bound " -+ "to %s", this->name, protocol, this->receive, -+ iface && iface[0] ? iface : "no interface"); - return TRUE; - } - diff --git a/net/strongswan/patches/0007-dhcp-Add-option-to-bind-the-receive-socket-to-a-diff.patch b/net/strongswan/patches/0007-dhcp-Add-option-to-bind-the-receive-socket-to-a-diff.patch deleted file mode 100644 index bb3319ac50..0000000000 --- a/net/strongswan/patches/0007-dhcp-Add-option-to-bind-the-receive-socket-to-a-diff.patch +++ /dev/null @@ -1,66 +0,0 @@ -From a50ed3006e8152eb2cf20e9f92f088ecc18081b0 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Wed, 29 Jan 2025 17:23:31 +0100 -Subject: [PATCH 3/3] dhcp: Add option to bind the receive socket to a - different interface - -This can be useful if the DHCP server runs on the same server. On Linux, -the response is then sent via `lo`, so packets won't be received if both -sockets are bound to e.g. a bridge interface. ---- - conf/plugins/dhcp.opt | 10 ++++++++++ - src/libcharon/plugins/dhcp/dhcp_socket.c | 13 ++++++++----- - 2 files changed, 18 insertions(+), 5 deletions(-) - ---- a/conf/plugins/dhcp.opt -+++ b/conf/plugins/dhcp.opt -@@ -36,3 +36,13 @@ charon.plugins.dhcp.interface - Interface name the plugin uses for address allocation. The default is to - bind to any (0.0.0.0) and let the system decide which way to route the - packets to the DHCP server. -+ -+charon.plugins.dhcp.interface_receive = charon.plugins.dhcp.interface -+ Interface name the plugin uses to bind its receive socket. -+ -+ Interface name the plugin uses to bind its receive socket. The default is -+ to use the same interface as the send socket. Set it to the empty string -+ to avoid binding the receive socket to any interface while the send socket -+ is bound to one. If the server runs on the same host and the send socket is -+ bound to an interface, it might be necessary to set this to `lo` or the -+ empty string. ---- a/src/libcharon/plugins/dhcp/dhcp_socket.c -+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c -@@ -716,7 +716,7 @@ dhcp_socket_t *dhcp_socket_create() - }, - }; - socklen_t addr_len; -- char *iface; -+ char *iface, *iface_receive; - int on = 1, rcvbuf = 0; - - #if !defined(__APPLE__) && !defined(__FreeBSD__) -@@ -809,8 +809,11 @@ dhcp_socket_t *dhcp_socket_create() - this->dst = host_create_from_string(lib->settings->get_str(lib->settings, - "%s.plugins.dhcp.server", "255.255.255.255", - lib->ns), DHCP_SERVER_PORT); -- iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface", -- NULL, lib->ns); -+ iface = lib->settings->get_str(lib->settings, -+ "%s.plugins.dhcp.interface", NULL, lib->ns); -+ iface_receive = lib->settings->get_str(lib->settings, -+ "%s.plugins.dhcp.interface_receive", NULL, -+ lib->ns) ?: iface; - if (!this->dst) - { - DBG1(DBG_CFG, "configured DHCP server address invalid"); -@@ -873,8 +876,8 @@ dhcp_socket_t *dhcp_socket_create() - return NULL; - } - -- this->pf_handler = pf_handler_create("DHCP", iface, receive_dhcp, this, -- &dhcp_filter); -+ this->pf_handler = pf_handler_create("DHCP", iface_receive, receive_dhcp, -+ this, &dhcp_filter); - if (!this->pf_handler) - { - destroy(this); diff --git a/net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch b/net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch deleted file mode 100644 index a19ee26c69..0000000000 --- a/net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 27a54379cf3c48ff63c02a4a9f023297bba60d45 Mon Sep 17 00:00:00 2001 -From: Noel Kuntze -Date: Mon, 12 Jul 2021 01:29:43 +0200 -Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken - verbatim from openwrt package sources) - ---- - .../plugins/bliss/bliss_huffman.c | 2 + - 1 files changed, 2 insertions(+) - ---- a/src/libstrongswan/plugins/bliss/bliss_huffman.c -+++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c -@@ -18,6 +18,8 @@ - #include "bliss_param_set.h" - - #include -+#undef fprintf -+#undef printf - - #include - #include diff --git a/net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch b/net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch deleted file mode 100644 index f4d00f28fd..0000000000 --- a/net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 81be4fa54760aa4fed53c6d93da443f57a66f262 Mon Sep 17 00:00:00 2001 -From: Noel Kuntze -Date: Mon, 12 Jul 2021 01:30:32 +0200 -Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources - ---- - src/libcharon/plugins/uci/uci_parser.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/src/libcharon/plugins/uci/uci_parser.c -+++ b/src/libcharon/plugins/uci/uci_parser.c -@@ -76,7 +76,7 @@ METHOD(enumerator_t, section_enumerator_ - if (uci_lookup(this->ctx, &element, this->package, - this->current->name, "name") == UCI_OK) - { /* use "name" attribute as config name if available ... */ -- *value = uci_to_option(element)->value; -+ *value = uci_to_option(element)->v.string; - } - else - { /* ... or the section name becomes config name */ -@@ -91,7 +91,7 @@ METHOD(enumerator_t, section_enumerator_ - if (value && uci_lookup(this->ctx, &element, this->package, - this->current->name, this->keywords[i]) == UCI_OK) - { -- *value = uci_to_option(element)->value; -+ *value = uci_to_option(element)->v.string; - } - } - diff --git a/net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch b/net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch index 8aa72b3509..fccb82fc41 100644 --- a/net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch +++ b/net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch @@ -18,15 +18,15 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an --- a/configure.ac +++ b/configure.ac -@@ -147,6 +147,7 @@ ARG_DISBL_SET([fips-prf], [disable - ARG_DISBL_SET([gcm], [disable the GCM AEAD wrapper crypto plugin.]) +@@ -145,6 +145,7 @@ ARG_ENABL_SET([fips-prf], [enable + ARG_ENABL_SET([gcm], [enable the GCM AEAD wrapper crypto plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) - ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.]) -+ARG_DISBL_SET([gmpdh], [disable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.]) - ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.]) - ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) + ARG_ENABL_SET([gmp], [enable GNU MP (libgmp) based crypto implementation plugin.]) ++ARG_ENABL_SET([gmpdh], [enable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.]) + ARG_ENABL_SET([curve25519], [enable Curve25519 Diffie-Hellman plugin.]) + ARG_ENABL_SET([hmac], [enable HMAC crypto implementation plugin.]) ARG_DISBL_SET([kdf], [disable KDF (prf+) implementation plugin.]) -@@ -1574,6 +1575,7 @@ ADD_PLUGIN([pkcs8], [s ch +@@ -1581,6 +1582,7 @@ ADD_PLUGIN([pkcs8], [s ch ADD_PLUGIN([af-alg], [s charon pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([fips-prf], [s charon nm cmd]) ADD_PLUGIN([gmp], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz]) @@ -34,7 +34,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd]) ADD_PLUGIN([agent], [s charon nm cmd]) ADD_PLUGIN([keychain], [s charon cmd]) -@@ -1716,6 +1718,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x +@@ -1721,6 +1723,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue) AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue) AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue) @@ -42,7 +42,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue) AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue) AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue) -@@ -1997,6 +2000,7 @@ AC_CONFIG_FILES([ +@@ -1999,6 +2002,7 @@ AC_CONFIG_FILES([ src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile @@ -52,7 +52,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an src/libstrongswan/plugins/aesni/Makefile --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am -@@ -357,6 +357,13 @@ if MONOLITHIC +@@ -361,6 +361,13 @@ if MONOLITHIC endif endif diff --git a/net/strongswan/patches/0905-wolfssl-parse_error.patch b/net/strongswan/patches/0905-wolfssl-parse_error.patch deleted file mode 100644 index a56cfe56ae..0000000000 --- a/net/strongswan/patches/0905-wolfssl-parse_error.patch +++ /dev/null @@ -1,19 +0,0 @@ -From 60336ceecbd1cda73aa26dd44cfdaf2e31a046e1 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Fri, 4 Oct 2024 11:23:28 +0200 -Subject: [PATCH] wolfssl: Don't undef PARSE_ERROR as headers included later - might refer to it - ---- - src/libstrongswan/plugins/wolfssl/wolfssl_common.h | 2 -- - 1 file changed, 2 deletions(-) - ---- a/src/libstrongswan/plugins/wolfssl/wolfssl_common.h -+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_common.h -@@ -78,6 +78,4 @@ typedef union { - } wolfssl_ed_key; - #endif /* HAVE_ED25519 || HAVE_ED448 */ - --#undef PARSE_ERROR -- - #endif /* WOLFSSL_PLUGIN_COMMON_H_ */