Commit Graph

9 Commits

Author SHA1 Message Date
Gustavo Zacarias
90af4f16c5 strongswan: add security patches
Security patches to fix CVE-2013-5018, CVE-2013-6075 and CVE-2013-6076.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-11-01 15:27:55 +01:00
Thomas De Schampheleire
66bb10b7b0 Config.in files: unify comments of toolchain option dependencies
This patch lines up the comments in Config.in files that clarify which
toolchain options the package depends on.

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-14 22:45:57 +02:00
Thomas Petazzoni
eb53a09fd5 strongswan: fix build failure when host == target architecture
The strongswan configure.in uses the AC_LIB_PREFIX macro, which adds
--with-lib-prefix and --without-lib-prefix options, and which, by
default assumes that adding ${prefix}/lib to LDFLAGS and
${prefix}/include to CPPFLAGS is a good idea. Obviously, when
cross-compiling, it is definitely not a good idea.

In the specific case of strongswan, the result is that when testing if
the backtrace() function was available, the small C program was being
built and linked with -L/usr/lib. So when the host architecture and
target architecture are identical, it may find the backtrace()
function in the host C library, without looking at the target C
library:

configure:16457: /home/test/outputs/a637f916962b6136dd6dd4f4b9ff4e1cab568ef3/output/host/usr/bin/x86_64-unknown-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -pipe -Os  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -L/usr/lib conftest.c  >&5
/home/test/outputs/a637f916962b6136dd6dd4f4b9ff4e1cab568ef3/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-unknown-linux-uclibc/4.6.3/../../../../x86_64-unknown-linux-uclibc/bin/ld: warning: libc.so.0, needed by /home/test/outputs/a637f916962b6136dd6dd4f4b9ff4e1cab568ef3/output/host/opt/ext-toolchain/bin/../lib/gcc/x86_64-unknown-linux-uclibc/4.6.3/../../../../x86_64-unknown-linux-uclibc/lib/../lib64/libgcc_s.so, may conflict with libc.so.6

Passing --without-lib-prefix prevents this default behavior from
happening, and no stupid value is added to CPPFLAGS or LDFLAGS.

Fixes:

  http://autobuild.buildroot.net/results/a637f916962b6136dd6dd4f4b9ff4e1cab568ef3/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-08-30 14:10:50 +02:00
Jérôme Pouiller
a737dfccd5 strongswan: fix typo in tnccs_20 dependencies
It looks like there is a typing error in dependencies of tnccs_20 in strongswan
configure script. Add a patch to solve it.

Resolve issues detected here:
    http://autobuild.buildroot.net/results/b069e304c42660e7f7eba0b358f95dbaf879df64
    http://autobuild.buildroot.net/results/7355ddbaa213f4fcfd1b6d37b25bed1aab525723

Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Tested-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-08-22 23:04:59 +02:00
Thomas De Schampheleire
e7c8b81b8c strongswan: fix build error 'no rule to make target libtls.la'
In some strongswan configurations, an implicit dependency could be missing.
This commit patches strongswan to force this dependency when needed.

Fixes several autobuild failures, like:
http://autobuild.buildroot.net/results/643f5b33973d5b12ffe6d84254bf3be9ed81d0ad/
http://autobuild.buildroot.net/results/24bcdcb83119e416c92458fa9ff2f5269957a743/

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-08-10 10:16:52 +02:00
Thomas De Schampheleire
14d9fc4c74 strongswan: needs host-pkgconf
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Tested-by: Jérôme Pouiller <jezz@sysmic.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-08-10 10:14:48 +02:00
Gustavo Zacarias
e4cdd6c3c2 strongswan: scripts need charon or tools
Fixes:
http://autobuild.buildroot.net/results/007/007e75362cbe4693e36d5a7ab96c539d1f3b00fc/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-07-31 18:02:58 +02:00
Gustavo Zacarias
ddbae62124 strongswan: security bump to version 5.0.4
Fixes CVE-2013-2944.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-07-31 18:02:44 +02:00
Jérôme Pouiller
89719fce71 strongswan: new package
strongSwan is an OpenSource IPsec implementation for the Linux
operating system. It is based on the discontinued FreeS/WAN project
and the X.509 patch.

Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2013-07-29 23:53:24 +02:00