strongswan: security bump to version 5.2.2

Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-06 07:35:40 -03:00 · 2015-01-06 07:35:40 -03:00 · 3b27e6b2ee
commit 3b27e6b2ee
parent 715a529a9c
3 changed files with 20 additions and 7 deletions
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@ -110,13 +110,21 @@ config BR2_PACKAGE_STRONGSWAN_SQL

 endif

-config BR2_PACKAGE_STRONGSWAN_TOOLS
-	bool "Enable additional utilities (openac, scepclient and pki)"
+config BR2_PACKAGE_STRONGSWAN_PKI
+	bool "Enable pki certificate utility"
 	default y

+config BR2_PACKAGE_STRONGSWAN_SCEP
+	bool "Enable SCEP client tool"
+
 config BR2_PACKAGE_STRONGSWAN_SCRIPTS
-	bool "Enable additional utilities (found in directory scripts)"
-	depends on BR2_PACKAGE_STRONGSWAN_CHARON || BR2_PACKAGE_STRONGSWAN_TOOLS
+	bool "Enable additional utilities (found in scripts directory)"
+	depends on BR2_PACKAGE_STRONGSWAN_CHARON
+	default y
+
+config BR2_PACKAGE_STRONGSWAN_VICI
+	bool "Enable vici/swanctl"
+	depends on BR2_PACKAGE_STRONGSWAN_CHARON
 	default y

 endif
--- a/package/strongswan/strongswan.hash
+++ b/package/strongswan/strongswan.hash
@ -0,0 +1,2 @@
+# From http://download.strongswan.org/strongswan-5.2.2.tar.bz2.md5
+md5	7ee1a33060b2bde35be0f6d78a1d26d0	strongswan-5.2.2.tar.bz2
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-STRONGSWAN_VERSION = 5.1.3
+STRONGSWAN_VERSION = 5.2.2
 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
 STRONGSWAN_SITE = http://download.strongswan.org
 STRONGSWAN_LICENSE = GPLv2+
@ -28,8 +28,11 @@ STRONGSWAN_CONF_OPTS +=
 	--enable-unity=$(if $(BR2_PACKAGE_STRONGSWAN_UNITY),yes,no)                  \
 	--enable-stroke=$(if $(BR2_PACKAGE_STRONGSWAN_STROKE),yes,no)                \
 	--enable-sql=$(if $(BR2_PACKAGE_STRONGSWAN_SQL),yes,no)                      \
-	--enable-tools=$(if $(BR2_PACKAGE_STRONGSWAN_TOOLS),yes,no)                  \
-	--enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)
+	--enable-pki=$(if $(BR2_PACKAGE_STRONGSWAN_PKI),yes,no)                      \
+	--enable-scepclient=$(if $(BR2_PACKAGE_STRONGSWAN_SCEP),yes,no)              \
+	--enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)              \
+	--enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)                    \
+	--enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)

 ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
 STRONGSWAN_CONF_OPTS +=               \