strongswan: security bump to version 5.2.2

Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 3b0f47f459648dd0a56626cd1214ca2e7345c9f7..23131dc1b27e270e245ef5842081e52cb21cdd2e 100644 (file)
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -110,13 +110,21 @@ config BR2_PACKAGE_STRONGSWAN_SQL
 
 endif
 
-config BR2_PACKAGE_STRONGSWAN_TOOLS
-       bool "Enable additional utilities (openac, scepclient and pki)"
+config BR2_PACKAGE_STRONGSWAN_PKI
+       bool "Enable pki certificate utility"
        default y
 
+config BR2_PACKAGE_STRONGSWAN_SCEP
+       bool "Enable SCEP client tool"
+
 config BR2_PACKAGE_STRONGSWAN_SCRIPTS
-       bool "Enable additional utilities (found in directory scripts)"
-       depends on BR2_PACKAGE_STRONGSWAN_CHARON || BR2_PACKAGE_STRONGSWAN_TOOLS
+       bool "Enable additional utilities (found in scripts directory)"
+       depends on BR2_PACKAGE_STRONGSWAN_CHARON
+       default y
+
+config BR2_PACKAGE_STRONGSWAN_VICI
+       bool "Enable vici/swanctl"
+       depends on BR2_PACKAGE_STRONGSWAN_CHARON
        default y
 
 endif

diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash
new file mode 100644 (file)
index 0000000..6073b36
--- /dev/null
+++ b/package/strongswan/strongswan.hash
@@ -0,0 +1,2 @@
+# From http://download.strongswan.org/strongswan-5.2.2.tar.bz2.md5
+md5    7ee1a33060b2bde35be0f6d78a1d26d0        strongswan-5.2.2.tar.bz2

diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index bb1d2683d25932e33b82ba70cd6e540845da02e5..2d2338321eddf14f9d6c6329ffe81c602140767e 100644 (file)
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-STRONGSWAN_VERSION = 5.1.3
+STRONGSWAN_VERSION = 5.2.2
 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
 STRONGSWAN_SITE = http://download.strongswan.org
 STRONGSWAN_LICENSE = GPLv2+
@@ -28,8 +28,11 @@ STRONGSWAN_CONF_OPTS +=
        --enable-unity=$(if $(BR2_PACKAGE_STRONGSWAN_UNITY),yes,no)                  \
        --enable-stroke=$(if $(BR2_PACKAGE_STRONGSWAN_STROKE),yes,no)                \
        --enable-sql=$(if $(BR2_PACKAGE_STRONGSWAN_SQL),yes,no)                      \
-       --enable-tools=$(if $(BR2_PACKAGE_STRONGSWAN_TOOLS),yes,no)                  \
-       --enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)
+       --enable-pki=$(if $(BR2_PACKAGE_STRONGSWAN_PKI),yes,no)                      \
+       --enable-scepclient=$(if $(BR2_PACKAGE_STRONGSWAN_SCEP),yes,no)              \
+       --enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)              \
+       --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)                    \
+       --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)
 
 ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
 STRONGSWAN_CONF_OPTS +=               \