From: Gustavo Zacarias Date: Tue, 6 Jan 2015 10:35:40 +0000 (-0300) Subject: strongswan: security bump to version 5.2.2 X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=3b27e6b2ee7efa761d4415940723297d8a30042f;p=buildroot.git strongswan: security bump to version 5.2.2 Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. Also add hash file. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni --- diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in index 3b0f47f459..23131dc1b2 100644 --- a/package/strongswan/Config.in +++ b/package/strongswan/Config.in @@ -110,13 +110,21 @@ config BR2_PACKAGE_STRONGSWAN_SQL endif -config BR2_PACKAGE_STRONGSWAN_TOOLS - bool "Enable additional utilities (openac, scepclient and pki)" +config BR2_PACKAGE_STRONGSWAN_PKI + bool "Enable pki certificate utility" default y +config BR2_PACKAGE_STRONGSWAN_SCEP + bool "Enable SCEP client tool" + config BR2_PACKAGE_STRONGSWAN_SCRIPTS - bool "Enable additional utilities (found in directory scripts)" - depends on BR2_PACKAGE_STRONGSWAN_CHARON || BR2_PACKAGE_STRONGSWAN_TOOLS + bool "Enable additional utilities (found in scripts directory)" + depends on BR2_PACKAGE_STRONGSWAN_CHARON + default y + +config BR2_PACKAGE_STRONGSWAN_VICI + bool "Enable vici/swanctl" + depends on BR2_PACKAGE_STRONGSWAN_CHARON default y endif diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash new file mode 100644 index 0000000000..6073b3656e --- /dev/null +++ b/package/strongswan/strongswan.hash @@ -0,0 +1,2 @@ +# From http://download.strongswan.org/strongswan-5.2.2.tar.bz2.md5 +md5 7ee1a33060b2bde35be0f6d78a1d26d0 strongswan-5.2.2.tar.bz2 diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk index bb1d2683d2..2d2338321e 100644 --- a/package/strongswan/strongswan.mk +++ b/package/strongswan/strongswan.mk @@ -4,7 +4,7 @@ # ################################################################################ -STRONGSWAN_VERSION = 5.1.3 +STRONGSWAN_VERSION = 5.2.2 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2 STRONGSWAN_SITE = http://download.strongswan.org STRONGSWAN_LICENSE = GPLv2+ @@ -28,8 +28,11 @@ STRONGSWAN_CONF_OPTS += --enable-unity=$(if $(BR2_PACKAGE_STRONGSWAN_UNITY),yes,no) \ --enable-stroke=$(if $(BR2_PACKAGE_STRONGSWAN_STROKE),yes,no) \ --enable-sql=$(if $(BR2_PACKAGE_STRONGSWAN_SQL),yes,no) \ - --enable-tools=$(if $(BR2_PACKAGE_STRONGSWAN_TOOLS),yes,no) \ - --enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no) + --enable-pki=$(if $(BR2_PACKAGE_STRONGSWAN_PKI),yes,no) \ + --enable-scepclient=$(if $(BR2_PACKAGE_STRONGSWAN_SCEP),yes,no) \ + --enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no) \ + --enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) \ + --enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no) ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y) STRONGSWAN_CONF_OPTS += \