Home Explore Help
Register Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

strongswan: security bump to version 5.2.2

Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Gustavo Zacarias 10 years ago
parent
715a529a9c
commit
3b27e6b2ee
3 changed files with 20 additions and 7 deletions
Split View Show Diff Stats
  1. 12 4
      package/strongswan/Config.in
  2. 2 0
      package/strongswan/strongswan.hash
  3. 6 3
      package/strongswan/strongswan.mk

+ 12 - 4
package/strongswan/Config.in
View File 

@@ -110,13 +110,21 @@ config BR2_PACKAGE_STRONGSWAN_SQL
 
 
 endif
 
 
-config BR2_PACKAGE_STRONGSWAN_TOOLS
 
-	bool "Enable additional utilities (openac, scepclient and pki)"
 
+config BR2_PACKAGE_STRONGSWAN_PKI
 
+	bool "Enable pki certificate utility"
 
 	default y
 
 
+config BR2_PACKAGE_STRONGSWAN_SCEP
 
+	bool "Enable SCEP client tool"
 
+
 
 config BR2_PACKAGE_STRONGSWAN_SCRIPTS
 
-	bool "Enable additional utilities (found in directory scripts)"
 
-	depends on BR2_PACKAGE_STRONGSWAN_CHARON || BR2_PACKAGE_STRONGSWAN_TOOLS
 
+	bool "Enable additional utilities (found in scripts directory)"
 
+	depends on BR2_PACKAGE_STRONGSWAN_CHARON
 
+	default y
 
+
 
+config BR2_PACKAGE_STRONGSWAN_VICI
 
+	bool "Enable vici/swanctl"
 
+	depends on BR2_PACKAGE_STRONGSWAN_CHARON
 
 	default y
 
 
 endif

+ 2 - 0
package/strongswan/strongswan.hash
View File 

@@ -0,0 +1,2 @@
 
+# From http://download.strongswan.org/strongswan-5.2.2.tar.bz2.md5
 
+md5	7ee1a33060b2bde35be0f6d78a1d26d0	strongswan-5.2.2.tar.bz2

+ 6 - 3
package/strongswan/strongswan.mk
View File 

@@ -4,7 +4,7 @@
 
 #
 
 ################################################################################
 
 
-STRONGSWAN_VERSION = 5.1.3
 
+STRONGSWAN_VERSION = 5.2.2
 
 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
 
 STRONGSWAN_SITE = http://download.strongswan.org
 
 STRONGSWAN_LICENSE = GPLv2+
 
@@ -28,8 +28,11 @@ STRONGSWAN_CONF_OPTS +=
 
 	--enable-unity=$(if $(BR2_PACKAGE_STRONGSWAN_UNITY),yes,no)                  \
 
 	--enable-stroke=$(if $(BR2_PACKAGE_STRONGSWAN_STROKE),yes,no)                \
 
 	--enable-sql=$(if $(BR2_PACKAGE_STRONGSWAN_SQL),yes,no)                      \
 
-	--enable-tools=$(if $(BR2_PACKAGE_STRONGSWAN_TOOLS),yes,no)                  \
 
-	--enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)
 
+	--enable-pki=$(if $(BR2_PACKAGE_STRONGSWAN_PKI),yes,no)                      \
 
+	--enable-scepclient=$(if $(BR2_PACKAGE_STRONGSWAN_SCEP),yes,no)              \
 
+	--enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)              \
 
+	--enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)                    \
 
+	--enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)
 
 
 ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
 
 STRONGSWAN_CONF_OPTS +=               \