summaryrefslogtreecommitdiff
path: root/pcr/strongswan
diff options
context:
space:
mode:
authorNicolás Reynolds <fauno@parabola.nu>2013-05-24 14:07:18 -0300
committerNicolás Reynolds <fauno@parabola.nu>2013-05-24 14:07:18 -0300
commit3bb2d69f78cc242bd1d314131e45a13dc6697bc2 (patch)
tree63be1b3f97dbe222ae6fb70b0cfd203db0e52341 /pcr/strongswan
parent8febad754f500027e10af865b0f9f0f5bbc38b3e (diff)
IPSec implementations
Diffstat (limited to 'pcr/strongswan')
-rw-r--r--pcr/strongswan/CHANGELOG20
-rw-r--r--pcr/strongswan/PKGBUILD34
2 files changed, 40 insertions, 14 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG
new file mode 100644
index 000000000..a798a08c4
--- /dev/null
+++ b/pcr/strongswan/CHANGELOG
@@ -0,0 +1,20 @@
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+ Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+ Before the fix, if the openssl plugin's ECDSA signature verification was used,
+ due to a misinterpretation of the error code returned by the OpenSSL
+ ECDSA_verify() function, an empty or zeroed signature was accepted as a
+ legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+ was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+ TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+ requests.
+
+- The openssl plugin can now use the openssl-fips library.
diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD
index ed603e5c2..975e7a21f 100644
--- a/pcr/strongswan/PKGBUILD
+++ b/pcr/strongswan/PKGBUILD
@@ -7,24 +7,27 @@
# Maintainer: dkorzhevin <dkorzhevin at gmail dot com>
pkgname=strongswan
-pkgver=5.0.1
-pkgrel=2
+pkgver=5.0.4
+pkgrel=5
pkgdesc="open source IPsec implementation"
url='http://www.strongswan.org'
license=("GPL")
-arch=('i686' 'x86_64' 'mips64el')
-depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite3')
+arch=('i686' 'x86_64')
+depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite')
conflicts=('openswan')
options=(!libtool)
backup=(etc/ipsec.conf etc/strongswan.conf)
source=(http://download.strongswan.org/${pkgname}-${pkgver}.tar.bz2 strongswan.rc::https://gist.github.com/raw/3106703/96d2ce9683f1e33ef14c679880ddc298e9673508/strongswan.rc)
-md5sums=('58fdeb49f133139a58f4d8adafc69a16'
+changelog='CHANGELOG'
+md5sums=('0ab0397b44b197febfd0f89148344035'
'cf815adef48a1ffee34517380c731277')
-
build() {
- cd ${srcdir}/${pkgname}-${pkgver} || return 1
+ cd ${srcdir}/${pkgname}-${pkgver}
- ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --with-ipsecdir=/usr/lib/strongswan \
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --libexecdir=/usr/lib \
+ --with-ipsecdir=/usr/lib/strongswan \
--enable-sqlite \
--enable-openssl --enable-curl \
--enable-sql --enable-attr-sql \
@@ -34,12 +37,15 @@ build() {
--enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
--enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
--enable-ha \
- --disable-mysql --disable-ldap || return 1
+ --disable-mysql --disable-ldap
- make || return 1
- make DESTDIR=${pkgdir} install || return 1
+ make
+}
- install -d ${pkgdir}/etc/rc.d || return 1
- ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec || return 1
- install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan || return 1
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR=${pkgdir} install
+ install -d ${pkgdir}/etc/rc.d
+ ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec
+ install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan
}