strongswan-5.3.2-1: updating version

author: Omar Vega Ramos <ovruni@gnu.org.pe> 2015-07-07 17:01:40 -0500
committer: Omar Vega Ramos <ovruni@gnu.org.pe> 2015-07-07 17:01:40 -0500
commit: 2d8d34c87fff47ed554f5c972d2e768c8b165906 (patch)
tree: e61564cb92a3f5be29b0a6fb076d09bd0f425cba /pcr/strongswan
parent: ee0b2a7c3e03672bbdf03d3c1a92b97c2dc3e2ae (diff)
2 files changed, 24 insertions, 67 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG
deleted file mode 100644
index a798a08c4..000000000
--- a/pcr/strongswan/CHANGELOG
+++ /dev/null
@@ -1,20 +0,0 @@
-strongswan-5.0.4
-----------------
-
-- Fixed a security vulnerability in the openssl plugin which was reported by
-  Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
-  Before the fix, if the openssl plugin's ECDSA signature verification was used,
-  due to a misinterpretation of the error code returned by the OpenSSL
-  ECDSA_verify() function, an empty or zeroed signature was accepted as a
-  legitimate one.
-
-- The handling of a couple of other non-security relevant openssl return codes
-  was fixed as well.
-
-- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
-  TCG TNC IF-MAP 2.1 interface.
-
-- The charon.initiator_only option causes charon to ignore IKE initiation
-  requests.
-
-- The openssl plugin can now use the openssl-fips library.
diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD
index 71bd4cfb4..7e93b8c6e 100644
--- a/pcr/strongswan/PKGBUILD
+++ b/pcr/strongswan/PKGBUILD
@@ -1,59 +1,35 @@
-## Contributor: nikicat <develniks at gmail dot com>
-# Contributor: danilo <gezuru at gmail dot com>
-# Contributor: Jason Begley <jayray at digitalgoat dot com>
-# Contributor: Ray Kohler <ataraxia937 at gmail dot com>
-# Contributor: Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com>
-# Contributor: 458italia <svenskaparadox [at] gmail dot com>
-# Contributor: Thermi <noel [at] familie-kuntze dot com>
-# Former maintainer: dkorzhevin <dkorzhevin at gmail dot com>
-# Maintainer: Thermi <noel [at] familie-kuntze dot com>
+## Contributor (Arch): nikicat <develniks at gmail dot com>
+# Contributor (Arch): danilo <gezuru at gmail dot com>
+# Contributor (Arch): Jason Begley <jayray at digitalgoat dot com>
+# Contributor (Arch): Ray Kohler <ataraxia937 at gmail dot com>
+# Contributor (Arch): Daniel Riedemann <daniel.riedemann [at] googlemail [dot] com>
+# Contributor (Arch): 458italia <svenskaparadox [at] gmail dot com>
+# Contributor (Arch): Thermi <noel [at] familie-kuntze dot com>
+# Former maintainer (Arch): dkorzhevin <dkorzhevin at gmail dot com>
+# Maintainer (Arch): Thermi <noel [at] familie-kuntze dot com>
+# Maintainer: Omar Vega Ramos <ovruni@gnu.org.pe>
 
 pkgname=strongswan
-pkgver=5.2.2
-pkgrel=2
-pkgdesc="IPsec-based VPN Solution"
+pkgver=5.3.2
+pkgrel=1
+pkgdesc="open source IPsec implementation"
 url='http://www.strongswan.org'
 license=("GPL")
-arch=('i686' 'x86_64' 'mips64el')
-depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite')
-makedepends=('ldns' 'unbound' 'networkmanager' 'libnm-glib')
-optdepends=('unbound: dns resolver plugin'
-            'networkmanager: nm backend')
+arch=('i686' 'x86_64')
+depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite' 'systemd')
 conflicts=('openswan')
 options=(!libtool)
 backup=(etc/ipsec.conf etc/strongswan.conf)
-validpgpkeys=('948F158A4E76A27BF3D07532DF42C170B34DBA77')
 
-source=(
-	http://download.strongswan.org/strongswan-${pkgver}.tar.bz2{,.sig}
-	# needed because of #814
-	configure.patch::https://wiki.strongswan.org/attachments/download/586/configure.patch
-	# needed because of #819
-	invalid-proto-id.patch::https://wiki.strongswan.org/attachments/download/578/0001-ikev1-Set-protocol-ID-and-SPIs-in-INITIAL-CONTACT-no.patch
-  # needed for charon-systemd.user and charon-systemd.group support (see #887)    
-	charon-systemd.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/f3c8332220f5be450199b909d4823cc1627bf47d/diff?format=diff
-	charon-systemd-load.patch::'http://git.strongswan.org/?p=strongswan.git;a=patch;h=d2f4345b0361d57e54e7cdd3ae2abfba20429f1f'
-	missing-semicolon.patch::https://wiki.strongswan.org/projects/strongswan/repository/revisions/9c3c41f29bf5772626abde71f52c57c05e59fa94/diff/src/charon-systemd/charon-systemd.c?format=diff
-)
-sha256sums=('cf2fbfdf200a5eced796f00dc11fea67ce477d38c54d5f073ac6c51618b172f4'
-            'SKIP'
-            '75f372ee1ed650100aad3e42871485710d00a764725849b1cd4b4d46946ad7bf'
-            '50fc25bd151ecc9d617f699e5b7436c5aef57fdc92dc5bf2728b3d36173e8b27'
-            '2e147333056bb0e22e18f3b3e59b8b923d06855f23d8f6c9125391069e164c6d'
-            '36c5382ea1e8c24f9ef3aeddd7b9a2bae7daed4f67df76ce7f60064decdd7c3e'
-            '5d4f3b4f6525a36159d983c428c647656ca34f49fa9a8433792a3ae3c1a221d7')
+source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2")
+
+# md5 is broken. We use sha256 now. Alternatively, we could check the signature of the file, but that
+# doesn't yield any more security and just increases the work users initially have to invest.
+sha256sums=('a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225')
 
 # We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
 # would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
 # add --enable-libipsec and --enable-kernel-libipsec
-prepare() {
-  cd ${srcdir}/strongswan-${pkgver}
-  patch -p1 < ${srcdir}/invalid-proto-id.patch
-  patch -p1 < ${srcdir}/charon-systemd.patch
-  patch -p1 < ${srcdir}/charon-systemd-load.patch
-  patch -p1 < ${srcdir}/missing-semicolon.patch
-  patch -p0 < ${srcdir}/configure.patch
-}
 
 build() {
   cd ${srcdir}/${pkgname}-${pkgver}
@@ -62,9 +38,7 @@ build() {
         --sbindir=/usr/bin \
         --sysconfdir=/etc \
         --libexecdir=/usr/lib \
-        --disable-static \
         --with-ipsecdir=/usr/lib/strongswan \
-        --with-systemdsystemunitdir=/usr/lib/systemd/system \
         --enable-sqlite \
         --enable-openssl --enable-curl \
         --enable-sql --enable-attr-sql \
@@ -74,7 +48,9 @@ build() {
         --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
         --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
         --enable-ha --enable-vici --enable-swanctl --enable-systemd --enable-ext-auth \
-        --disable-mysql --disable-ldap -enable-cmd --enable-nm
+        --disable-mysql --disable-ldap -enable-cmd --enable-forecast --enable-connmark \
+	--enable-aesni
+#	--enable-ruby-gems --enable-python-eggs
   make
 }
 
@@ -82,3 +58,4 @@ package() {
   cd "${srcdir}/${pkgname}-${pkgver}"
   make DESTDIR=${pkgdir} install
 }
+
author	Omar Vega Ramos <ovruni@gnu.org.pe>	2015-07-07 17:01:40 -0500
committer	Omar Vega Ramos <ovruni@gnu.org.pe>	2015-07-07 17:01:40 -0500
commit	2d8d34c87fff47ed554f5c972d2e768c8b165906 (patch)
tree	e61564cb92a3f5be29b0a6fb076d09bd0f425cba /pcr/strongswan
parent	ee0b2a7c3e03672bbdf03d3c1a92b97c2dc3e2ae (diff)