Merge branch 'master' of ssh://gparabola/srv/git/abslibre

3 files changed, 38 insertions, 57 deletions

diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG
new file mode 100644
index 000000000..a798a08c4
--- /dev/null
+++ b/pcr/strongswan/CHANGELOG
@@ -0,0 +1,20 @@
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+  Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+  Before the fix, if the openssl plugin's ECDSA signature verification was used,
+  due to a misinterpretation of the error code returned by the OpenSSL
+  ECDSA_verify() function, an empty or zeroed signature was accepted as a
+  legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+  was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+  TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+  requests.
+
+- The openssl plugin can now use the openssl-fips library.
diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD
index ed603e5c2..c6ace77c4 100644
--- a/pcr/strongswan/PKGBUILD
+++ b/pcr/strongswan/PKGBUILD
@@ -7,24 +7,28 @@
 # Maintainer: dkorzhevin <dkorzhevin at gmail dot com>
 
 pkgname=strongswan
-pkgver=5.0.1
-pkgrel=2
+pkgver=5.0.4
+pkgrel=6
 pkgdesc="open source IPsec implementation"
 url='http://www.strongswan.org'
 license=("GPL")
-arch=('i686' 'x86_64' 'mips64el')
-depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite3')
+arch=('i686' 'x86_64')
+depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite')
 conflicts=('openswan')
 options=(!libtool)
 backup=(etc/ipsec.conf etc/strongswan.conf)
 source=(http://download.strongswan.org/${pkgname}-${pkgver}.tar.bz2 strongswan.rc::https://gist.github.com/raw/3106703/96d2ce9683f1e33ef14c679880ddc298e9673508/strongswan.rc)
-md5sums=('58fdeb49f133139a58f4d8adafc69a16'
+changelog='CHANGELOG'
+md5sums=('0ab0397b44b197febfd0f89148344035'
          'cf815adef48a1ffee34517380c731277')
-
 build() {
-  cd ${srcdir}/${pkgname}-${pkgver} || return 1
+  cd ${srcdir}/${pkgname}-${pkgver}
 
-  ./configure   --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --with-ipsecdir=/usr/lib/strongswan \
+  ./configure --prefix=/usr \
+        --sbindir=/usr/bin \
+        --sysconfdir=/etc \
+        --libexecdir=/usr/lib \
+        --with-ipsecdir=/usr/lib/strongswan \
         --enable-sqlite \
         --enable-openssl --enable-curl \
         --enable-sql --enable-attr-sql \
@@ -34,12 +38,12 @@ build() {
         --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
         --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
         --enable-ha \
-        --disable-mysql --disable-ldap || return 1
+        --disable-mysql --disable-ldap
 
-  make || return 1
-  make DESTDIR=${pkgdir} install || return 1
+  make
+}
 
-  install -d ${pkgdir}/etc/rc.d || return 1
-  ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec || return 1
-  install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan || return 1
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make DESTDIR=${pkgdir} install
 }
diff --git a/pcr/strongswan/strongswan.rc b/pcr/strongswan/strongswan.rc
deleted file mode 100644
index 58c99c092..000000000
--- a/pcr/strongswan/strongswan.rc
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/bin/bash
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-
-case "$1" in
-  start)
-    stat_busy "Starting strongSwan IPsec"
-    /usr/sbin/ipsec start
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      stat_done
-      add_daemon strongswan
-    fi
-    ;;
-  stop)
-    stat_busy "Stopping strongSwan IPsec"
-    /usr/sbin/ipsec stop
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      stat_done
-      rm_daemon strongswan
-    fi
-    ;;
-  restart)
-    stat_busy "Restarting strongSwan IPsec"
-    /usr/sbin/ipsec restart
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      stat_done
-      add_daemon strongswan
-    fi
-    ;;
-  status)
-    /usr/sbin/ipsec status
-    ;;
-  *)
-    echo "usage: $0 {start|stop|restart|status}"  
-esac
-