NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
298cd8eaa2
kumquat-buildroot/package/strongswan/Config.in
Gustavo Zacarias 3b27e6b2ee strongswan: security bump to version 5.2.2 
Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-06 21:19:51 +01:00

131 lines
3.0 KiB
Plaintext
Raw Blame History

comment "strongswan needs a toolchain w/ threads"
depends on BR2_USE_MMU
depends on !BR2_TOOLCHAIN_HAS_THREADS
menuconfig BR2_PACKAGE_STRONGSWAN
bool "strongswan"
depends on BR2_USE_MMU # fork()
depends on BR2_TOOLCHAIN_HAS_THREADS
help
strongSwan is an OpenSource IPsec implementation for the
Linux operating system. It is based on the discontinued
FreeS/WAN project and the X.509 patch.
The focus is on:
- simplicity of configuration
- strong encryption and authentication methods
- powerful IPsec policies supporting large and complex VPN networks
strongSwan provide many plugins. Only a few are presented here.
http://www.strongswan.org/
if BR2_PACKAGE_STRONGSWAN
comment "kernel-netlink and socket-default options need a toolchain w/ IPv6"
depends on !BR2_INET_IPV6
choice
prompt "Cryptographic backend"
default BR2_PACKAGE_STRONGSWAN_GMP
config BR2_PACKAGE_STRONGSWAN_OPENSSL
bool "OpenSSL"
select BR2_PACKAGE_OPENSSL
config BR2_PACKAGE_STRONGSWAN_GCRYPT
bool "libgcrypt"
select BR2_PACKAGE_LIBGCRYPT
config BR2_PACKAGE_STRONGSWAN_GMP
bool "GNU MP (libgmp)"
select BR2_PACKAGE_GMP
endchoice
config BR2_PACKAGE_STRONGSWAN_AF_ALG
bool "Enable AF_ALG crypto interface to Linux Crypto API"
config BR2_PACKAGE_STRONGSWAN_CURL
bool "Enable CURL fetcher plugin to fetch files via libcurl"
select BR2_PACKAGE_LIBCURL
config BR2_PACKAGE_STRONGSWAN_CHARON
bool "Enable the IKEv1/IKEv2 keying daemon charon"
default y
if BR2_PACKAGE_STRONGSWAN_CHARON
config BR2_PACKAGE_STRONGSWAN_TNCCS_11
bool "Enable TNCCS 1.1 protocol module"
select BR2_PACKAGE_LIBXML2
config BR2_PACKAGE_STRONGSWAN_TNCCS_20
bool "Enable TNCCS 2.0 protocol module"
config BR2_PACKAGE_STRONGSWAN_TNCCS_DYNAMIC
bool "Enable dynamic TNCCS protocol discovery module"
config BR2_PACKAGE_STRONGSWAN_EAP
bool "Enable EAP protocols"
help
Enable various EAP protocols:
- mschapv2
- tls
- ttls
- peap
- sim
- sim-file
- aka
- aka-3gpp2
- simaka-sql
- simaka-pseudonym
- simaka-reauth
- identity
- md5
- gtc
- tnc
- dynamic
- radius
if BR2_PACKAGE_STRONGSWAN_EAP
config BR2_PACKAGE_STRONGSWAN_EAP_SIM_PCSC
bool "Enable EAP-SIM smart card backend"
depends on !BR2_STATIC_LIBS # pcsc-lite
select BR2_PACKAGE_PCSC_LITE
endif
config BR2_PACKAGE_STRONGSWAN_UNITY
bool "Enables Cisco Unity extension plugin"
config BR2_PACKAGE_STRONGSWAN_STROKE
bool "Enable charons stroke configuration backend"
default y
config BR2_PACKAGE_STRONGSWAN_SQL
bool "Enable SQL database configuration backend"
depends on BR2_PACKAGE_SQLITE || BR2_PACKAGE_MYSQL
endif
config BR2_PACKAGE_STRONGSWAN_PKI
bool "Enable pki certificate utility"
default y
config BR2_PACKAGE_STRONGSWAN_SCEP
bool "Enable SCEP client tool"
config BR2_PACKAGE_STRONGSWAN_SCRIPTS
bool "Enable additional utilities (found in scripts directory)"
depends on BR2_PACKAGE_STRONGSWAN_CHARON
default y
config BR2_PACKAGE_STRONGSWAN_VICI
bool "Enable vici/swanctl"
depends on BR2_PACKAGE_STRONGSWAN_CHARON
default y
endif
Reference in New Issue View Git Blame Copy Permalink