13 Commits

Author SHA1 Message Date
Chris Patterson 1dbb1ff9b1 strongswan: install strongswan-swanctl systemd service by default.
Matches start-on-boot behaviour of current strongswan.service.

Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-01-05 12:43:33 -05:00
Chris Patterson 7d46b08775 strongswan: add configure patch fix for systemd
Fixes strongswan configure script for systemd >= 209,
where it merged libsystemd-journal and libsystemd-daemon
into libsystemd.

Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-01-05 12:43:33 -05:00
Chris Patterson cfaff72a02 strongswan: add additional PACKAGECONFIG flags
- Add aesni, charon, gmp, openssl, scep, stroke, swanctl, and
  systemd-charon.
- Organize the packageconfig list alphabetically.
- Update the default PACKAGECONFIG to match current defaults.
- If swanctl is enabled, use strongswan-swanctl.service instead of
  strongswan.service.

Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-01-05 12:43:33 -05:00
Roy Li b6d299ce9d strongswan: upgrade to 5.3.2
5.3.2 includes the fixes for CVE-2015-3991 and CVE-2015-4171

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-08-06 15:44:09 -04:00
Joe MacDonald 8980f0d2a2 meta-networking: standardize SECTION values
SECTION has been used inconsistently throughout the recipes in this layer.
Convert them to all use the same convention.

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-06-05 20:42:25 -04:00
Roy Li 031e1027a6 strongswan: upgrade to 5.3.0
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2015-05-13 09:51:27 -04:00
Armin Kuster d6afd2bdb6 strongswan: update package to 5.2.1
see https://wiki.strongswan.org/projects/strongswan/wiki/Changelog52

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-12-09 11:34:42 +01:00
Jackie Huang 778ddba701 strongswan: uprev to version 5.2.0
* removed two patches which were already integrated in 5.2.0:
  strongswan-4.3.3-5.1.1_asn1_unwrap.patch
  strongswan-5.0.0-5.1.2_reject_child_sa.patch

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-08-21 21:35:07 +02:00
Yue Tao 18bea20781 strongswan: Security Advisory - strongswan - CVE-2014-2891
strongSwan before 5.1.2 allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon crash) via a crafted
ID_DER_ASN1_DN ID payload.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-08-05 16:23:58 -04:00
Richard Purdie 36d57b9234 recipes: add missing pkgconfig class inherits
* These recipes all use pkg-config in some way but were missing
  dependencies on the tool, this patch adds them.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2014-06-21 13:06:13 +02:00
Yue Tao 6938319b32 strongswan: Security Advisory - strongswan - CVE-2014-2338
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass
authentication by rekeying an IKE_SA during (1) initiation or (2)
re-authentication, which triggers the IKE_SA state to be set to
established.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2338

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
2014-05-09 10:18:40 -04:00
Jackie Huang 238093bf8c strongswan: update verion to 5.1.1
* Add a patch to fix the function parameter.
* Add PACKAGECONFIG for optional packages instead of explicitly
  disable, and set sqlite and curl as default.
* Remove the split package strongswan-plugins.
* Add configure option --without-lib-prefix so it doesn't
  search for libraries in includedir and libdir to avoid QA error.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
2014-03-14 08:51:45 -04:00
Paul Eggleton e6867fa026 strongswan: move to meta-networking
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
2013-04-29 14:02:39 -04:00