Philip Prindeville
b014ae3f86
strongswan: Backport upstream fix for RNG definition conflict
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2024-04-03 21:34:36 -06:00
Philip Prindeville
509d1ecca7
strongswan: drop unneeded sleep patch
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2024-03-27 20:17:40 -06:00
Philip Prindeville
b20950a515
strongswan: backport upstream MUSL fix for farp_spoofer.c
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2024-03-27 20:17:40 -06:00
Philip Prindeville
04c1d688de
strongswan: backport upstream MUSL fix for pf_handler.c
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2024-03-27 20:17:40 -06:00
Philip Prindeville
544abeb36a
strongswan: simplify MUSL patch
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2024-03-27 20:17:40 -06:00
Philip Prindeville
a90d387e86
strongswan: Update to 5.9.14
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2024-03-27 20:17:40 -06:00
Philip Prindeville
ed30ca0f38
strongswan: Update to 5.9.12
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-26 21:44:52 -07:00
Philip Prindeville
7cf43fabe2
strongswan: Update to 5.9.10
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-03-12 18:32:43 -06:00
Philip Prindeville
ae0a8072d6
strongswan: Update to 5.9.9
...
Add patch to remove definition of RNG leaking in from wolfssl.h.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-03-12 13:54:32 -06:00
Philip Prindeville
32f5f60563
strongswan: Update to 5.9.8
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2022-11-08 15:13:03 -07:00
Philip Prindeville
dd9f2849a4
strongswan: Update to 5.9.7
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2022-08-08 10:30:08 -06:00
Philip Prindeville
9e585b0688
strongswan: Update to 5.9.6
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2022-05-02 13:11:12 -06:00
Philip Prindeville
2b00697f08
strongswan: Update to 5.9.5
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2022-02-01 23:24:46 -08:00
Philip Prindeville
f7d11c9a1c
strongswan: Bump to 5.9.4
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-10-28 13:04:40 -06:00
Noel Kuntze
6c3d30c0cb
strongswan: update to version 5.9.3
...
Signed-off-by: Noel Kuntze <noel.kuntze@thermi.consulting>
2021-07-18 04:30:35 +02:00
Philip Prindeville
e44b2665e7
Merge pull request #6924 from derekyerger/strongswan-lattice-sha3
...
strongswan: add more crypto plugins
2021-04-08 22:26:56 -06:00
Philip Prindeville
ae3d5aa73e
strongswan: bump to 5.9.2
...
Retire weak algorithms like MD5 and 3DES.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-04-05 14:58:54 -07:00
Derek Yerger
4c1fc7e311
strongswan: add more crypto plugins
...
Adds modules for BLISS signature scheme, NTRU and New Hope key
exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD,
ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE
XOF, and the Number Theoretic Transform library.
Signed-off-by: Derek Yerger <derek@altdevs.net>
2021-04-05 14:31:49 -05:00
Philip Prindeville
a72780a9c2
strongswan: force PIC on all builds
...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2021-04-05 07:31:40 -10:00
Stijn Tintel
35ef427185
strongswan: bump to 5.9.0
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-09-02 23:20:33 +03:00
Stijn Tintel
d1e31481ec
strongswan: bump to 5.8.4
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-08 06:02:32 +03:00
Stijn Tintel
f68f23f094
strongswan: bump to 5.8.2
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-01-17 00:53:36 +02:00
Stijn Tintel
6bcfacca5e
strongswan: bump to 5.8.1
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-09-16 02:28:20 +03:00
Lucian Cristian
179175e27c
strongswan: update to 5.8.0
...
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-23 20:54:28 +03:00
Stijn Tintel
ce1a54563f
strongswan: bump to 5.7.2
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-01-02 14:00:32 +01:00
Stijn Tintel
c39f703bdd
strongswan: bump to 5.7.1
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-10-19 19:23:54 +03:00
Stijn Tintel
172ae80bc1
strongswan: bump to 5.7.0
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-10-07 14:39:04 +03:00
Magnus Kroken
fe973d181b
strongswan: backport upstream fixes for CVEs in gmp plugin
...
This fixes:
* CVE-2018-16151
* CVE-2018-16152
* CVE-2018-17540
Details:
https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-10-06 01:31:10 +02:00
Hans Dedecker
3bc3949e28
strongswan: refresh patches
...
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-13 14:38:51 +02:00
Hans Dedecker
d0ac611bf0
strongswan: fix OpenWrt hotplug script handling
...
Commit 6cd8fcabe
added ipsec hotplug script support by calling "exec
/sbin/hotplug-call ipsec".
Using the exec call breaks the insertion of iptables rules by the _updown.in
script as hotplug-call just replaces the current shell meaning the commands
following exec do not run since the shell is replaced and as a result lead to
connectivity issues.
Fix this by removing the exec command in front of /sbin/hotplug-call.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-13 14:37:53 +02:00
Florian Eckert
6cd8fcabe6
strongswan: add openwrt hotplug script handling
...
Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt
"/sbin/hotplug-call". So other packages could also install their scripts
in "/etc/hotplug.d/ipsec".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-07-16 11:34:57 +02:00
Stijn Tintel
960006be50
strongswan: bump to 5.5.3
...
Fixes CVE-2017-9022, CVE-2017-9023.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-05-30 15:14:04 +02:00
Stijn Tintel
18b076ab93
strongswan: bump to 5.5.2
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-04-26 23:31:27 +02:00
Hans Dedecker
8b69c86664
strongswan: Fix compile error due to __kernel_nlink_t being re-defined
...
Patch 101-musl-fixes defines __kernel_nlink_t as void; but using
a pre-3.6.11 kernel on an arm cortex defines __kernel_nlink_t as
unsigned short using uclibc
Fix the compile issue by not redefining __kernel_nlink_t
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-11-09 11:32:54 +01:00
Hans Dedecker
fbbab2e7a7
strongswan: Include musl.h after _GNU_SOURCE define
...
musl.h was included before _GNU_SOURCE in 101-musl-fixes patch
leading to compilation issue on gcc (RTLD_DEFAULT not being
defined in dlfcn.h due to __USE_GNU not being set).
As described in the feature test macro man page feature macro
can be defined in the source code but need to be defined before
including any headers.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-11-02 13:44:43 +01:00
Stijn Tintel
1138d6fee0
strongswan: bump to 5.5.0 ( #2976 )
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-07-18 17:33:46 +02:00
Stijn Tintel
108197ddcf
strongswan: bump to 5.4.0
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-07-06 19:54:40 +02:00
Stijn Tintel
475be1df93
strongswan: add forecast plugin
...
Closes #1868 .
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-07-06 19:54:40 +02:00
Stijn Tintel
06cf48b15e
strongswan: fix alignment in connmark plugin
...
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-07-06 19:54:40 +02:00
Stijn Tintel
064d166efd
strongswan: run sleep with integer argument
...
The default busybox config used by OpenWrt does not enable floating
point number support for the sleep applet. This can cause an error when
stopping or restarting strongswan:
sleep: invalid number '0.1'
Replace the float with an integer to fix this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-07-06 19:54:40 +02:00
Steven Barth
393a788cc0
strongswan: bump to 5.3.5
...
Signed-off-by: Steven Barth <steven@midlink.org>
2016-01-20 14:45:46 +01:00
Stijn Tintel
f3d1722bb2
strongswan: add upstream patch for bug in 5.3.4
...
See https://wiki.strongswan.org/issues/1213
Removed the changes to charon-xpc.c because they didn't apply and are
only used on OS X anyway.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2015-11-28 12:38:40 -05:00
brainsucker-na
f705b3c0bf
strongswan: gmpdh plugin, package and strongswan-isakmp metapackage
...
gmpdh plugin implements DH Groups (same as normal GMP plugin), but links to GMP statically and is stripped of all RSA based stuff. Binary size for plugin is ~20kbytes with no dependency on libgmp (200+ kbytes after squash), easilly fitting into flash space restricted devices.
strongswan-isakmp metapackage defines a minimal set of strongswan plugins (including gmpdh) for ISAKMP / IKEv1 PSK tunnels. Will fit even 4mb routers (like tplink wr841n) with disabled IPv6 support and packages (so its a trade - IPv6 or ipsec tunnels).
Signed-of-by: Mikalai Miadzvedz <brainsucker.na@gmail.com>
2015-11-19 00:45:41 +03:00
Steven Barth
c665325f8c
strongswan: add more exceptions to musl-fixes
...
Signed-off-by: Steven Barth <steven@midlink.org>
2015-06-23 18:41:11 +02:00
Steven Barth
9bf0217f2f
strongswan: refresh musl compatibility fixes
...
Signed-off-by: Steven Barth <steven@midlink.org>
2015-06-22 12:24:19 +02:00
Steven Barth
2865b5aa09
strongswan: fix musl builds, reenable lost modules
...
Signed-off-by: Steven Barth <steven@midlink.org>
2015-06-19 18:38:44 +02:00
Steven Barth
41222e6c1a
strongswan: bump to 5.3.0
...
Signed-off-by: Steven Barth <steven@midlink.org>
2015-04-06 12:23:27 +02:00
Steven Barth
7e68031372
strongswan: fix IKEv1 support
...
Signed-off-by: Steven Barth <steven@midlink.org>
2015-03-09 13:40:29 +01:00
Steven Barth
bd52d64fdb
strongswan: import, update, adopt
...
Signed-off-by: Steven Barth <steven@midlink.org>
2014-08-17 10:11:02 +02:00