diff options
author | Nicolás Reynolds <fauno@parabola.nu> | 2013-05-24 14:07:18 -0300 |
---|---|---|
committer | Nicolás Reynolds <fauno@parabola.nu> | 2013-05-24 14:07:18 -0300 |
commit | 3bb2d69f78cc242bd1d314131e45a13dc6697bc2 (patch) | |
tree | 63be1b3f97dbe222ae6fb70b0cfd203db0e52341 /pcr/strongswan | |
parent | 8febad754f500027e10af865b0f9f0f5bbc38b3e (diff) |
IPSec implementations
Diffstat (limited to 'pcr/strongswan')
-rw-r--r-- | pcr/strongswan/CHANGELOG | 20 | ||||
-rw-r--r-- | pcr/strongswan/PKGBUILD | 34 |
2 files changed, 40 insertions, 14 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG new file mode 100644 index 000000000..a798a08c4 --- /dev/null +++ b/pcr/strongswan/CHANGELOG @@ -0,0 +1,20 @@ +strongswan-5.0.4 +---------------- + +- Fixed a security vulnerability in the openssl plugin which was reported by + Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. + Before the fix, if the openssl plugin's ECDSA signature verification was used, + due to a misinterpretation of the error code returned by the OpenSSL + ECDSA_verify() function, an empty or zeroed signature was accepted as a + legitimate one. + +- The handling of a couple of other non-security relevant openssl return codes + was fixed as well. + +- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its + TCG TNC IF-MAP 2.1 interface. + +- The charon.initiator_only option causes charon to ignore IKE initiation + requests. + +- The openssl plugin can now use the openssl-fips library. diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD index ed603e5c2..975e7a21f 100644 --- a/pcr/strongswan/PKGBUILD +++ b/pcr/strongswan/PKGBUILD @@ -7,24 +7,27 @@ # Maintainer: dkorzhevin <dkorzhevin at gmail dot com> pkgname=strongswan -pkgver=5.0.1 -pkgrel=2 +pkgver=5.0.4 +pkgrel=5 pkgdesc="open source IPsec implementation" url='http://www.strongswan.org' license=("GPL") -arch=('i686' 'x86_64' 'mips64el') -depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite3') +arch=('i686' 'x86_64') +depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite') conflicts=('openswan') options=(!libtool) backup=(etc/ipsec.conf etc/strongswan.conf) source=(http://download.strongswan.org/${pkgname}-${pkgver}.tar.bz2 strongswan.rc::https://gist.github.com/raw/3106703/96d2ce9683f1e33ef14c679880ddc298e9673508/strongswan.rc) -md5sums=('58fdeb49f133139a58f4d8adafc69a16' +changelog='CHANGELOG' +md5sums=('0ab0397b44b197febfd0f89148344035' 'cf815adef48a1ffee34517380c731277') - build() { - cd ${srcdir}/${pkgname}-${pkgver} || return 1 + cd ${srcdir}/${pkgname}-${pkgver} - ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --with-ipsecdir=/usr/lib/strongswan \ + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --libexecdir=/usr/lib \ + --with-ipsecdir=/usr/lib/strongswan \ --enable-sqlite \ --enable-openssl --enable-curl \ --enable-sql --enable-attr-sql \ @@ -34,12 +37,15 @@ build() { --enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \ --enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \ --enable-ha \ - --disable-mysql --disable-ldap || return 1 + --disable-mysql --disable-ldap - make || return 1 - make DESTDIR=${pkgdir} install || return 1 + make +} - install -d ${pkgdir}/etc/rc.d || return 1 - ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec || return 1 - install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan || return 1 +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR=${pkgdir} install + install -d ${pkgdir}/etc/rc.d + ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec + install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan } |