| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WARNING:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
Hunk #1 succeeded at 192 (offset 50 lines).
Hunk #2 succeeded at 255 with fuzz 1 (offset 58 lines).
checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
Hunk #1 succeeded at 43 (offset -1 lines).
checking file src/libstrongswan/plugins/openssl/openssl_plugin.c
Hunk #1 succeeded at 609 (offset 221 lines).
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
|
|
|
|
|
|
| |
1.Upgrade strongswan from 5.5.3 to 5.6.2.
2.Modify fix-funtion-parameter.patch, since the data has been changed.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* The default DH group curve25519 depends on
an optional plugin ${PN}-plugin-curve25519,
add it to RDEPENDS to avoid below error:
root@test:~# ipsec up host-lan
initiating IKE_SA host-lan[1] to 192.168.7.2
configured DH group CURVE_25519 not supported
tried to checkin and delete nonexisting IKE_SA
establishing connection 'host-lan' failed
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
| |
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
strongSwan offers a plugin mechanism therefore it should not be
mandatory to install all of them when installing the package. Each
plugin is now a self-contained package with the library and its
configuration.
To remain compatible with the current configuration, a default set of
plugins has been selected as RDEPENDS of the main package. This default
list is based on the default strongSwan list minus some plugins enabled
via PACKAGECONFIG
(see https://wiki.strongswan.org/projects/strongswan/PluginList).
Signed-off-by: David Vincent <freesilicon@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
| |
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
| |
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
| |
Upgrade strongswan from 5.3.2 to 5.5.0.
Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
| |
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
Matches start-on-boot behaviour of current strongswan.service.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
| |
Fixes strongswan configure script for systemd >= 209,
where it merged libsystemd-journal and libsystemd-daemon
into libsystemd.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add aesni, charon, gmp, openssl, scep, stroke, swanctl, and
systemd-charon.
- Organize the packageconfig list alphabetically.
- Update the default PACKAGECONFIG to match current defaults.
- If swanctl is enabled, use strongswan-swanctl.service instead of
strongswan.service.
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
| |
5.3.2 includes the fixes for CVE-2015-3991 and CVE-2015-4171
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
| |
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
| |
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
| |
see https://wiki.strongswan.org/projects/strongswan/wiki/Changelog52
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
| |
* removed two patches which were already integrated in 5.2.0:
strongswan-4.3.3-5.1.1_asn1_unwrap.patch
strongswan-5.0.0-5.1.2_reject_child_sa.patch
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
strongSwan before 5.1.2 allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon crash) via a crafted
ID_DER_ASN1_DN ID payload.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
| |
* These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass
authentication by rekeying an IKE_SA during (1) initiation or (2)
re-authentication, which triggers the IKE_SA state to be set to
established.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2338
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add a patch to fix the function parameter.
* Add PACKAGECONFIG for optional packages instead of explicitly
disable, and set sqlite and curl as default.
* Remove the split package strongswan-plugins.
* Add configure option --without-lib-prefix so it doesn't
search for libraries in includedir and libdir to avoid QA error.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|