diff options
Diffstat (limited to 'meta-networking/recipes-support/strongswan')
| -rw-r--r-- | meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch | 22 | ||||
| -rw-r--r-- | meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch | 99 | ||||
| -rw-r--r-- | meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb (renamed from meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb) | 78 |
3 files changed, 63 insertions, 136 deletions
diff --git a/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch b/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch deleted file mode 100644 index 2d17507b17..0000000000 --- a/meta-networking/recipes-support/strongswan/files/0001-memory.h-Include-stdint.h-for-uintptr_t.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 33a53dc13fd924949a582109b45fedd8d0bed59b Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Tue, 27 Jun 2017 07:42:11 -0700 -Subject: [PATCH] memory.h: Include stdint.h for uintptr_t - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- - src/libstrongswan/utils/utils/memory.h | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/src/libstrongswan/utils/utils/memory.h -+++ b/src/libstrongswan/utils/utils/memory.h -@@ -26,6 +26,8 @@ - #include <string.h> - #endif - -+#include <stdint.h> -+ - /** - * Helper function that compares two binary blobs for equality - */ diff --git a/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch b/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch deleted file mode 100644 index 5945507bf1..0000000000 --- a/meta-networking/recipes-support/strongswan/files/fix-funtion-parameter.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 9f97479373f3fceedc471074b81486d77a49618d Mon Sep 17 00:00:00 2001 -From: "Roy.Li" <rongqing.li@windriver.com> -Date: Tue, 4 Mar 2014 14:38:42 +0800 -Subject: [PATCH] fix the function parameter - -Upstream-Status: Pending - -Original openssl_diffie_hellman_create has three parameters, but -it is reassigned a function pointer which has one parameter, and -is called with one parameter, which will lead to segment fault -on PPC, Now we simply correct the number of parameters. - - #0 0x484d4aa0 in __GI_raise (sig=6) - at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 - #1 0x484d9930 in __GI_abort () at abort.c:91 - #2 0x10002064 in segv_handler (signal=11) at charon.c:224 - #3 <signal handler called> - #4 0x48d89630 in openssl_diffie_hellman_create (group=MODP_1024_BIT, g=..., - p=<error reading variable: Cannot access memory at address 0x0>) - at openssl_diffie_hellman.c:143 - #5 0x482c54f8 in create_dh (this=0x11ac6e68, group=MODP_1024_BIT) - at crypto/crypto_factory.c:358 - #6 0x48375884 in create_dh (this=<optimized out>, group=<optimized out>) - at sa/keymat.c:132 - #7 0x483843b8 in process_payloads (this=0x51400a78, message=<optimized - out>) - at sa/tasks/ike_init.c:200 - #8 0x483844d0 in process_r (this=0x51400a78, message=0x51500778) - at sa/tasks/ike_init.c:319 - #9 0x48374c9c in process_request (message=0x51500778, this=0x51400d20) - at sa/task_manager.c:870 - #10 process_message (this=0x51400d20, msg=0x51500778) at - sa/task_manager.c:925 - #11 0x4836c378 in process_message (this=0x514005f0, message=0x51500778) - at sa/ike_sa.c:1317 - #12 0x48362270 in execute (this=0x515008d0) - at processing/jobs/process_message_job.c:74 - -Signed-off-by: Roy.Li <rongqing.li@windriver.com> - ---- - src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 8 +++++++- - src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h | 4 +++- - src/libstrongswan/plugins/openssl/openssl_plugin.c | 1 + - 3 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -index 8e9c118..a73b038 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c -@@ -192,7 +192,7 @@ METHOD(diffie_hellman_t, destroy, void, - /* - * Described in header. - */ --openssl_diffie_hellman_t *openssl_diffie_hellman_create( -+openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( - diffie_hellman_group_t group, ...) - { - private_openssl_diffie_hellman_t *this; -@@ -255,5 +255,11 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( - DBG2(DBG_LIB, "size of DH secret exponent: %d bits", BN_num_bits(privkey)); - return &this->public; - } -+openssl_diffie_hellman_t *openssl_diffie_hellman_create( diffie_hellman_group_t group) -+{ -+ chunk_t g; -+ chunk_t p; -+ openssl_diffie_hellman_create_custom(group, g, p); -+} - - #endif /* OPENSSL_NO_DH */ -diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h -index 5de5520..22586e0 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h -+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h -@@ -43,8 +43,10 @@ struct openssl_diffie_hellman_t { - * @param ... expects generator and prime as chunk_t if MODP_CUSTOM - * @return openssl_diffie_hellman_t object, NULL if not supported - */ --openssl_diffie_hellman_t *openssl_diffie_hellman_create( -+openssl_diffie_hellman_t *openssl_diffie_hellman_create_custom( - diffie_hellman_group_t group, ...); -+openssl_diffie_hellman_t *openssl_diffie_hellman_create( -+ diffie_hellman_group_t group); - - #endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/ - -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 8b0a7c5..114d575 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -609,6 +609,7 @@ METHOD(plugin_t, get_features, int, - PLUGIN_PROVIDE(DH, MODP_1024_BIT), - PLUGIN_PROVIDE(DH, MODP_1024_160), - PLUGIN_PROVIDE(DH, MODP_768_BIT), -+ PLUGIN_REGISTER(DH, openssl_diffie_hellman_create_custom), - PLUGIN_PROVIDE(DH, MODP_CUSTOM), - #endif - #ifndef OPENSSL_NO_RSA diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb index 45500df01c..2e2da8274b 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb @@ -3,16 +3,15 @@ Linux operating system." SUMMARY = "strongSwan is an OpenSource IPsec implementation" HOMEPAGE = "http://www.strongswan.org" SECTION = "net" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" -DEPENDS = "gmp openssl flex-native flex bison-native" +DEPENDS = "flex-native flex bison-native" +DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" -SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ - file://fix-funtion-parameter.patch \ - file://0001-memory.h-Include-stdint.h-for-uintptr_t.patch \ - " +SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + " -SRC_URI[sha256sum] = "45fdf1a4c2af086d8ff5b76fd7b21d3b6f0890f365f83bf4c9a75dda26887518" +SRC_URI[sha256sum] = "728027ddda4cb34c67c4cec97d3ddb8c274edfbabdaeecf7e74693b54fc33678" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" @@ -23,9 +22,13 @@ EXTRA_OECONF = " \ EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemdsystemunitdir=${systemd_unitdir}/system/', '--without-systemdsystemunitdir', d)}" -PACKAGECONFIG ?= "curl gmp openssl sqlite3 swanctl \ +PACKAGECONFIG ?= "curl gmp openssl sqlite3 swanctl curve25519\ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd-charon', 'charon', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imc imc-hcd imc-os imc-scanner imc-attestation', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'tnc-imv imv-hcd imv-os imv-scanner imv-attestation', '', d)} \ " + PACKAGECONFIG[aesni] = "--enable-aesni,--disable-aesni,,${PN}-plugin-aesni" PACKAGECONFIG[bfd] = "--enable-bfd-backtraces,--disable-bfd-backtraces,binutils" PACKAGECONFIG[charon] = "--enable-charon,--disable-charon," @@ -35,16 +38,47 @@ PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${P PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp" PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap" PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql" +PACKAGECONFIG[nm] = "--enable-nm,--disable-nm,networkmanager,${PN}-nm" PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl" -PACKAGECONFIG[scep] = "--enable-scepclient,--disable-scepclient," PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup" PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite" PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke" PACKAGECONFIG[swanctl] = "--enable-swanctl,--disable-swanctl,,libgcc" +PACKAGECONFIG[curve25519] = "--enable-curve25519,--disable-curve25519,, ${PN}-plugin-curve25519" # requires swanctl PACKAGECONFIG[systemd-charon] = "--enable-systemd,--disable-systemd,systemd," +# tpm needs meta-tpm layer +PACKAGECONFIG[tpm2] = "--enable-tpm,--disable-tpm,,${PN}-plugin-tpm" + + +# integraty configuration needs meta-integraty +#imc +PACKAGECONFIG[tnc-imc] = "--enable-tnc-imc,--disable-tnc-imc,, ${PN}-plugin-tnc-imc ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imc-test] = "--enable-imc-test,--disable-imc-test,," +PACKAGECONFIG[imc-scanner] = "--enable-imc-scanner,--disable-imc-scanner,," +PACKAGECONFIG[imc-os] = "--enable-imc-os,--disable-imc-os,," +PACKAGECONFIG[imc-attestation] = "--enable-imc-attestation,--disable-imc-attestation,," +PACKAGECONFIG[imc-swima] = "--enable-imc-swima, --disable-imc-swima, json-c," +PACKAGECONFIG[imc-hcd] = "--enable-imc-hcd, --disable-imc-hcd,," + +#imv set +PACKAGECONFIG[tnc-imv] = "--enable-tnc-imv,--disable-tnc-imv,, ${PN}-plugin-tnc-imv ${PN}-plugin-tnc-tnccs" +PACKAGECONFIG[imv-test] = "--enable-imv-test,--disable-imv-test,," +PACKAGECONFIG[imv-scanner] = "--enable-imv-scanner,--disable-imv-scanner,," +PACKAGECONFIG[imv-os] = "--enable-imv-os,--disable-imv-os,," +PACKAGECONFIG[imv-attestation] = "--enable-imv-attestation,--disable-imv-attestation,," +PACKAGECONFIG[imv-swima] = "--enable-imv-swima, --disable-imv-swima, json-c," +PACKAGECONFIG[imv-hcd] = "--enable-imv-hcd, --disable-imv-hcd,," + +PACKAGECONFIG[tnc-ifmap] = "--enable-tnc-ifmap,--disable-tnc-ifmap, libxml2, ${PN}-plugin-tnc-ifmap" +PACKAGECONFIG[tnc-pdp] = "--enable-tnc-pdp,--disable-tnc-pdp,, ${PN}-plugin-tnc-pdp" + +PACKAGECONFIG[tnccs-11] = "--enable-tnccs-11,--disable-tnccs-11,libxml2, ${PN}-plugin-tnccs-11" +PACKAGECONFIG[tnccs-20] = "--enable-tnccs-20,--disable-tnccs-20,, ${PN}-plugin-tnccs-20" +PACKAGECONFIG[tnccs-dynamic] = "--enable-tnccs-dynamic,--disable-tnccs-dynamic,,${PN}-plugin-tnccs-dynamic" + inherit autotools systemd pkgconfig RRECOMMENDS:${PN} = "kernel-module-ah4 \ @@ -62,6 +96,16 @@ CONFFILES:${PN} = "${sysconfdir}/*.conf ${sysconfdir}/ipsec.d/*.conf ${sysconfdi PACKAGES += "${PN}-plugins" ALLOW_EMPTY:${PN}-plugins = "1" +PACKAGE_BEFORE_PN = "${PN}-imcvs ${PN}-imcvs-dbg" +ALLOW_EMPTY:${PN}-imcvs = "1" + +FILES:${PN}-imcvs = "${libdir}/ipsec/imcvs/*.so" +FILES:${PN}-imcvs-dbg += "${libdir}/ipsec/imcvs/.debug" + +PACKAGES =+ "${PN}-nm ${PN}-nm-dbg" +FILES:${PN}-nm = "${libexecdir}/ipsec/charon-nm ${datadir}/dbus-1/system.d/nm-strongswan-service.conf" +FILES:${PN}-nm-dbg = "${libexecdir}/ipsec/.debug/charon-nm" + PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" NOAUTOPACKAGEDEBUG = "1" @@ -80,12 +124,12 @@ python split_strongswan_plugins () { else: d.setVar('CONFFILES:' + pkg, oldfiles + " " + newfile) - split_packages = do_split_packages(d, libdir, 'libstrongswan-(.*)\.so', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True) - do_split_packages(d, sysconfdir, '(.*)\.conf', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True, hook=add_plugin_conf) + split_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True) + do_split_packages(d, sysconfdir, r'(.*)\.conf', '${PN}-plugin-%s', 'strongSwan %s plugin', prepend=True, hook=add_plugin_conf) - split_dbg_packages = do_split_packages(d, dbglibdir, 'libstrongswan-(.*)\.so', '${PN}-plugin-%s-dbg', 'strongSwan %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') - split_dev_packages = do_split_packages(d, libdir, 'libstrongswan-(.*)\.la', '${PN}-plugin-%s-dev', 'strongSwan %s plugin - Development files', prepend=True, extra_depends='${PN}-dev') - split_staticdev_packages = do_split_packages(d, libdir, 'libstrongswan-(.*)\.a', '${PN}-plugin-%s-staticdev', 'strongSwan %s plugin - Development files (Static Libraries)', prepend=True, extra_depends='${PN}-staticdev') + split_dbg_packages = do_split_packages(d, dbglibdir, r'libstrongswan-(.*)\.so', '${PN}-plugin-%s-dbg', 'strongSwan %s plugin - Debugging files', prepend=True, extra_depends='${PN}-dbg') + split_dev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.la', '${PN}-plugin-%s-dev', 'strongSwan %s plugin - Development files', prepend=True, extra_depends='${PN}-dev') + split_staticdev_packages = do_split_packages(d, libdir, r'libstrongswan-(.*)\.a', '${PN}-plugin-%s-staticdev', 'strongSwan %s plugin - Development files (Static Libraries)', prepend=True, extra_depends='${PN}-staticdev') if split_packages: pn = d.getVar('PN') @@ -106,9 +150,14 @@ RDEPENDS:${PN} += "\ ${PN}-plugin-constraints \ ${PN}-plugin-des \ ${PN}-plugin-dnskey \ + ${PN}-plugin-drbg \ + ${PN}-plugin-fips-prf \ + ${PN}-plugin-gcm \ ${PN}-plugin-hmac \ + ${PN}-plugin-kdf \ ${PN}-plugin-kernel-netlink \ ${PN}-plugin-md5 \ + ${PN}-plugin-mgf1 \ ${PN}-plugin-nonce \ ${PN}-plugin-pem \ ${PN}-plugin-pgp \ @@ -130,7 +179,6 @@ RDEPENDS:${PN} += "\ ${PN}-plugin-x509 \ ${PN}-plugin-xauth-generic \ ${PN}-plugin-xcbc \ - ${PN}-plugin-curve25519 \ " RPROVIDES:${PN} += "${PN}-systemd" |