diff options
| author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-02-18 01:56:34 +0000 |
|---|---|---|
| committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2014-02-18 01:56:34 +0000 |
| commit | 8185891e28635bdb83fdf4ba4391030912dae596 (patch) | |
| tree | 66a946535bdd228514750233b2cc99dd1866ff64 /pcr/strongswan | |
| parent | 60a11f87366fdfbd114cdc91ff813518858e5f8d (diff) | |
Tue Feb 18 01:56:27 UTC 2014
Diffstat (limited to 'pcr/strongswan')
| -rw-r--r-- | pcr/strongswan/CHANGELOG | 20 | ||||
| -rw-r--r-- | pcr/strongswan/PKGBUILD | 51 |
2 files changed, 71 insertions, 0 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG new file mode 100644 index 000000000..a798a08c4 --- /dev/null +++ b/pcr/strongswan/CHANGELOG @@ -0,0 +1,20 @@ +strongswan-5.0.4 +---------------- + +- Fixed a security vulnerability in the openssl plugin which was reported by + Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. + Before the fix, if the openssl plugin's ECDSA signature verification was used, + due to a misinterpretation of the error code returned by the OpenSSL + ECDSA_verify() function, an empty or zeroed signature was accepted as a + legitimate one. + +- The handling of a couple of other non-security relevant openssl return codes + was fixed as well. + +- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its + TCG TNC IF-MAP 2.1 interface. + +- The charon.initiator_only option causes charon to ignore IKE initiation + requests. + +- The openssl plugin can now use the openssl-fips library. diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD new file mode 100644 index 000000000..6a53609e9 --- /dev/null +++ b/pcr/strongswan/PKGBUILD @@ -0,0 +1,51 @@ +# Contributor: nikicat <develniks at gmail dot com> +# Contributor: danilo <gezuru at gmail dot com> +# Contributor: Jason Begley <jayray at digitalgoat dot com> +# Contributor: Ray Kohler <ataraxia937 at gmail dot com> +# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com> +# Contributor: 458italia <svenskaparadox [at] gmail dot com> +# Maintainer: dkorzhevin <dkorzhevin at gmail dot com> + +pkgname=strongswan +pkgver=5.1.0 +pkgrel=2 +pkgdesc="open source IPsec implementation" +url='http://www.strongswan.org' +license=("GPL") +arch=('i686' 'x86_64') +depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite') +conflicts=('openswan') +options=(!libtool) +backup=(etc/ipsec.conf etc/strongswan.conf) +source=(http://download.strongswan.org/${pkgname}-${pkgver}.tar.bz2 strongswan.rc::https://gist.github.com/raw/3106703/96d2ce9683f1e33ef14c679880ddc298e9673508/strongswan.rc) +changelog='CHANGELOG' +md5sums=('c1cd0a3ba9960f590cae28c8470800e8' + 'cf815adef48a1ffee34517380c731277') + +build() { + cd ${srcdir}/${pkgname}-${pkgver} + + ./configure --prefix=/usr \ + --sbindir=/usr/bin \ + --sysconfdir=/etc \ + --libexecdir=/usr/lib \ + --with-ipsecdir=/usr/lib/strongswan \ + --enable-sqlite \ + --enable-openssl --enable-curl \ + --enable-sql --enable-attr-sql \ + --enable-farp --enable-dhcp \ + --enable-eap-sim --enable-eap-sim-file --enable-eap-simaka-pseudonym \ + --enable-eap-simaka-reauth --enable-eap-identity --enable-eap-md5 \ + --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \ + --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \ + --enable-ha \ + --disable-mysql --disable-ldap \ + --enable-cmd + + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR=${pkgdir} install +} |