Merge pull request #19128 from pprindeville/strongswan-update-5.9.7

strongswan: Update to 5.9.7

net/strongswan/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
-PKG_VERSION:=5.9.6
+PKG_VERSION:=5.9.7
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
-PKG_HASH:=91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7
+PKG_HASH:=9e64a2ba62efeac81abff1d962522404ebc6ed6c0d352a23ab7c0b2c639e3fcf
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting>
 PKG_CPE_ID:=cpe:/a:strongswan:strongswan
@@ -171,6 +171,7 @@ $(call Package/strongswan/Default)
 	+strongswan-mod-des \
 	+strongswan-mod-dhcp \
 	+strongswan-mod-dnskey \
+	+strongswan-mod-drbg \
 	+strongswan-mod-duplicheck \
 	+strongswan-mod-eap-identity \
 	+strongswan-mod-eap-md5 \
@@ -185,6 +186,7 @@ $(call Package/strongswan/Default)
 	+strongswan-mod-gmp \
 	+strongswan-mod-ha \
 	+strongswan-mod-hmac \
+	+strongswan-mod-kdf \
 	+strongswan-mod-kernel-netlink \
 	+strongswan-mod-ldap \
 	+strongswan-mod-led \
@@ -465,6 +467,7 @@ CONFIGURE_ARGS+= \
 	--disable-scripts \
 	--disable-static \
 	--disable-fast \
+	--enable-mgf1 \
 	--enable-mediation \
 	--with-systemdsystemunitdir=no \
 	$(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \
@@ -681,6 +684,7 @@ $(eval $(call BuildPlugin,curve25519,Curve25519 Diffie-Hellman,))
 $(eval $(call BuildPlugin,des,DES crypto,))
 $(eval $(call BuildPlugin,dhcp,DHCP based attribute provider,))
 $(eval $(call BuildPlugin,dnskey,DNS RR key decoding,))
+$(eval $(call BuildPlugin,drbg,Deterministic random bit generator,,))
 $(eval $(call BuildPlugin,duplicheck,advanced duplicate checking,))
 $(eval $(call BuildPlugin,eap-identity,EAP identity helper,))
 $(eval $(call BuildPlugin,eap-md5,EAP MD5 (CHAP) EAP auth,))
@@ -696,6 +700,7 @@ $(eval $(call BuildPlugin,gmp,libgmp,+PACKAGE_strongswan-mod-gmp:libgmp))
 $(eval $(call BuildPlugin,gmpdh,DH-Groups; no libgmp dep,))
 $(eval $(call BuildPlugin,ha,high availability cluster,))
 $(eval $(call BuildPlugin,hmac,HMAC crypto,))
+$(eval $(call BuildPlugin,kdf,KDF/PRF+,))
 $(eval $(call BuildPlugin,kernel-libipsec,libipsec kernel interface,))
 $(eval $(call BuildPlugin,kernel-netlink,netlink kernel interface,))
 $(eval $(call BuildPlugin,ldap,LDAP,+PACKAGE_strongswan-mod-ldap:libopenldap))

net/strongswan/patches/010-enum-Fix-compiler-warnings.patch

@@ -1,19 +0,0 @@
-commit d23c0ea81e630af3cfda89aeeb52146c0c84c960
-Author: Tobias Brunner <tobias@strongswan.org>
-Date:   Mon May 2 09:31:49 2022 +0200
-
-    enum: Fix compiler warning
-    
-    Closes strongswan/strongswan#1025
-
---- a/src/libstrongswan/utils/enum.c
-+++ b/src/libstrongswan/utils/enum.c
-@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *
- 		return buf;
- 	}
- 
--	if (snprintf(buf, len, e->names[0]) >= len)
-+	if (snprintf(buf, len, "%s", e->names[0]) >= len)
- 	{
- 		return NULL;
- 	}

net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch

@@ -16,7 +16,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
 
 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
 +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
-@@ -40,6 +40,7 @@
+@@ -41,6 +41,7 @@
   */
  
  #define _GNU_SOURCE
@@ -37,7 +37,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
  #include <linux/netlink.h>
 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
 +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
-@@ -39,6 +39,8 @@
+@@ -37,6 +37,8 @@
   * THE SOFTWARE.
   */
  
@@ -48,7 +48,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
  #include <linux/rtnetlink.h>
 --- a/src/libstrongswan/library.h
 +++ b/src/libstrongswan/library.h
-@@ -119,6 +119,7 @@
+@@ -120,6 +120,7 @@
  #include "utils/leak_detective.h"
  #include "plugins/plugin_loader.h"
  #include "settings/settings.h"
@@ -99,7 +99,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
 +#undef encrypt
 --- a/src/libstrongswan/plugins/bliss/bliss_huffman.c
 +++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c
-@@ -17,6 +17,8 @@
+@@ -18,6 +18,8 @@
  #include "bliss_param_set.h"
  
  #include <library.h>

net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch

@@ -9,7 +9,7 @@ Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources
 
 --- a/src/libcharon/plugins/uci/uci_parser.c
 +++ b/src/libcharon/plugins/uci/uci_parser.c
-@@ -75,7 +75,7 @@ METHOD(enumerator_t, section_enumerator_
+@@ -76,7 +76,7 @@ METHOD(enumerator_t, section_enumerator_
  		if (uci_lookup(this->ctx, &element, this->package,
  					   this->current->name, "name") == UCI_OK)
  		{	/* use "name" attribute as config name if available ... */
@@ -18,7 +18,7 @@ Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources
  		}
  		else
  		{	/* ... or the section name becomes config name */
-@@ -90,7 +90,7 @@ METHOD(enumerator_t, section_enumerator_
+@@ -91,7 +91,7 @@ METHOD(enumerator_t, section_enumerator_
  		if (value && uci_lookup(this->ctx, &element, this->package,
  						  this->current->name, this->keywords[i]) == UCI_OK)
  		{

net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch

@@ -18,7 +18,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
 
 --- a/configure.ac
 +++ b/configure.ac
-@@ -146,6 +146,7 @@ ARG_DISBL_SET([fips-prf],       [disable
+@@ -147,6 +147,7 @@ ARG_DISBL_SET([fips-prf],       [disable
  ARG_ENABL_SET([gcm],            [enables the GCM AEAD wrapper crypto plugin.])
  ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
  ARG_DISBL_SET([gmp],            [disable GNU MP (libgmp) based crypto implementation plugin.])
@@ -26,7 +26,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
  ARG_DISBL_SET([curve25519],     [disable Curve25519 Diffie-Hellman plugin.])
  ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
  ARG_DISBL_SET([kdf],            [disable KDF (prf+) implementation plugin.])
-@@ -1496,6 +1497,7 @@ ADD_PLUGIN([pkcs8],                [s ch
+@@ -1542,6 +1543,7 @@ ADD_PLUGIN([pkcs8],                [s ch
  ADD_PLUGIN([af-alg],               [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
  ADD_PLUGIN([fips-prf],             [s charon nm cmd])
  ADD_PLUGIN([gmp],                  [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
@@ -34,7 +34,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
  ADD_PLUGIN([curve25519],           [s charon pki scripts nm cmd])
  ADD_PLUGIN([agent],                [s charon nm cmd])
  ADD_PLUGIN([keychain],             [s charon cmd])
-@@ -1639,6 +1641,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
+@@ -1685,6 +1687,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
  AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
  AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
  AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
@@ -42,7 +42,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
  AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue)
  AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
  AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
-@@ -1918,6 +1921,7 @@ AC_CONFIG_FILES([
+@@ -1964,6 +1967,7 @@ AC_CONFIG_FILES([
  	src/libstrongswan/plugins/mgf1/Makefile
  	src/libstrongswan/plugins/fips_prf/Makefile
  	src/libstrongswan/plugins/gmp/Makefile
@@ -135,31 +135,31 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
 +{
 +	static plugin_feature_t f[] = {
 +		/* DH groups */
-+		PLUGIN_REGISTER(DH, gmp_diffie_hellman_create),
-+			PLUGIN_PROVIDE(DH, MODP_2048_BIT),
++		PLUGIN_REGISTER(KE, gmp_diffie_hellman_create),
++			PLUGIN_PROVIDE(KE, MODP_2048_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_2048_224),
++			PLUGIN_PROVIDE(KE, MODP_2048_224),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_2048_256),
++			PLUGIN_PROVIDE(KE, MODP_2048_256),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_1536_BIT),
++			PLUGIN_PROVIDE(KE, MODP_1536_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_3072_BIT),
++			PLUGIN_PROVIDE(KE, MODP_3072_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_4096_BIT),
++			PLUGIN_PROVIDE(KE, MODP_4096_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_6144_BIT),
++			PLUGIN_PROVIDE(KE, MODP_6144_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_8192_BIT),
++			PLUGIN_PROVIDE(KE, MODP_8192_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_1024_BIT),
++			PLUGIN_PROVIDE(KE, MODP_1024_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_1024_160),
++			PLUGIN_PROVIDE(KE, MODP_1024_160),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+			PLUGIN_PROVIDE(DH, MODP_768_BIT),
++			PLUGIN_PROVIDE(KE, MODP_768_BIT),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
-+		PLUGIN_REGISTER(DH, gmp_diffie_hellman_create_custom),
-+			PLUGIN_PROVIDE(DH, MODP_CUSTOM),
++		PLUGIN_REGISTER(KE, gmp_diffie_hellman_create_custom),
++			PLUGIN_PROVIDE(KE, MODP_CUSTOM),
 +				PLUGIN_DEPENDS(RNG, RNG_STRONG),
 +	};
 +	*features = f;