64 Commits

Author SHA1 Message Date
Yi Zhao 3af965c90e strongswan: upgrade 5.9.13 -> 5.9.14
ChangeLog:
https://github.com/strongswan/strongswan/releases/tag/5.9.14

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-03-26 08:37:19 -07:00
Wang Mingyu 5be2e20157 strongswan: upgrade 5.9.12 -> 5.9.13
Changelog:
- Fixes a regression with handling OCSP error responses and adds a new
  option to specify the length of nonces in OCSP requests.  Also adds some
  other improvements for OCSP handling and fuzzers for OCSP
  requests/responses.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-12-18 22:17:23 -08:00
Wang Mingyu 077489fda8 strongswan: upgrade 5.9.11 -> 5.9.12
Changelog:
==========
- Fixed a vulnerability in charon-tkm related to processing DH public values
  that can lead to a buffer overflow and potentially remote code execution.
- The new `pki --ocsp` command produces OCSP responses based on certificate
  status information provided by plugins.
- The cert-enroll script handles the initial enrollment of an X.509 host
  certificate with a PKI server via the EST or SCEP protocols.
- The --priv argument for charon-cmd allows using any type of private key.
- Support for nameConstraints of type iPAddress has been added (the openssl
  plugin previously didn't support nameConstraints at all).
- SANs of type uniformResourceIdentifier can now be encoded in certificates.
- Password-less PKCS#12 and PKCS#8 files are supported.
- A new global option allows preventing peers from authenticating with trusted
  end-entity certificates (i.e. local certificates).
- ECDSA public keys that encode curve parameters explicitly are now rejected by
  all plugins that support ECDSA.
- charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can
  also use the name in connection.interface-name.
- The resolve plugin tries to maintain the order of installed DNS servers.
- The kernel-libipsec plugin always installs routes even if no address is found
  in the local traffic selectors.
- Increased the default receive buffer size for Netlink sockets to 8 MiB and
  simplified its configuration.
- Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of
  always generating a hash of the subjectPublicKey.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
  timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
  unrelated traffic selectors.
- Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT,
  instead callbacks are always invoked even if only errors are signaled.
- Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when
  handling invalid messages.
- Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs.
- Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if
  CHILD_SA is not found during rekeying.
- The testing environment is now based on Debian 12 (bookworm), by default.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-21 22:44:40 -08:00
Wang Mingyu 4c8b3a91c6 strongswan: upgrade 5.9.10 -> 5.9.11
Changelog:
==========
- A deadlock in the vici plugin has been fixed that could get triggered when
  multiple connections were initiated/terminated concurrently and control-log
  events were raised by the watcher_t component.
- CRLs have to be signed by a certificate that has the cRLSign keyUsage bit
  encoded (even if it's a CA), or a CA certificate without keyUsage extension.
- Optional CA labels in EST server URIs are supported by `pki --est/estca`.
- CMS-style signatures in PKCS#7 containers are supported by the pkcs7 and
  openssl plugins, which allows verifying RSA-PSS and ECDSA signatures.
- Fixed a regression in the server implementation of EAP-TLS with TLS 1.2 or
  earlier that was introduced with 5.9.10.
- Ensure the TLS handshake is complete in the EAP-TLS client with TLS <= 1.2.
- kernel-libipsec can process raw ESP packets on Linux (disabled by default) and
  gained support for trap policies.
- The dhcp plugin uses an alternate method to determine the source address
  for unicast DHCP requests that's not affected by interface filtering.
- Certificate and trust chain selection as initiator has been improved in case
  the local trust chain is incomplete and an unrelated certreq is received.
- ECDSA and EdDSA keys in IPSECKEY RRs are supported by the ipseckey plugin.
- To bypass tunnel mode SAs/policies, the kernel-wfp plugin installs bypass
  policies also on the FWPM_SUBLAYER_IPSEC_TUNNEL sublayer.
- Stale OCSP responses are now replace in-place in the certificate cache.
- Fixed parsing of SCEP server capabilities by `pki --scep/scepca`.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-06-19 10:24:49 -07:00
Petr Gotthard d5b57d8505 strongswan: add PACKAGECONFIG for the NetworkManager module
Disabled by default. When enabled, a package 'strongswan-nm' gets created.
The package naming follows Debian/Ubuntu.

Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-05-11 11:28:34 -07:00
Yi Zhao 4e453dae3b strongswan: 5.9.9 -> 5.9.10
Changelog:
https://github.com/strongswan/strongswan/releases/tag/5.9.10

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-03-06 08:41:13 -08:00
Yi Zhao 6cca42d726 strongswan: upgrade 5.9.8 -> 5.9.9
Changelog:
https://github.com/strongswan/strongswan/releases/tag/5.9.9

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-01-11 08:37:58 -08:00
Yi Zhao b6be90d70b strongswan: upgrade 5.9.7 -> 5.9.8
ChangeLog:
https://github.com/strongswan/strongswan/releases/tag/5.9.8

* Drop PACKAGECONFIG[scep] as scepclient has been removed.
* Add plugin-gcm to RDEPENDS as gcm plugin has been added to the default
  plugins.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-10-08 11:36:57 -07:00
Yi Zhao 42f8c22fcf strongswan: upgrade 5.9.6 -> 5.9.7
ChangeLog:
https://github.com/strongswan/strongswan/releases/tag/5.9.7

* Drop backport patch 0001-enum-Fix-compiler-warning.patch.
* Update RDEPENDS to fix strongswan startup failures:
    plugin 'mgf1': failed to load - mgf1_plugin_create not found and no plugin file available
    plugin 'fips-prf': failed to load - fips_prf_plugin_create not found and no plugin file available
    plugin 'kdf': failed to load - kdf_plugin_create not found and no plugin file available
    plugin 'drbg': failed to load - drbg_plugin_create not found and no plugin file available

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-08-06 09:40:09 -07:00
Yi Zhao 689e8422b8 strongswan: upgrade 5.9.5 -> 5.9.6
* Drop backport patch 0001-openssl-Don-t-unload-providers.patch

* Backport a patch to fix the build error:
src/libstrongswan/utils/enum.c: In function 'enum_flags_to_string':
src/libstrongswan/utils/enum.c:100:9: error: format not a string literal and no format arguments [-Werror=format-security]
  100 |         if (snprintf(buf, len, e->names[0]) >= len)
      |         ^~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-07-02 11:37:03 -04:00
Yi Zhao fe149bbb36 strongswan: 5.9.4 -> 5.9.5
* Backport a patch to fix the segfault with swanctl:

  $ /usr/sbin/charon-systemd &
  $ /usr/sbin/swanctl --load-all --noprompt
  no files found matching '/etc/swanctl/conf.d/*.conf'
  no authorities found, 0 unloaded
  no pools found, 0 unloaded
  no connections found, 0 unloaded
  Segmentation fault

* Drop fix-funtion-parameter.patch and
  0001-memory.h-Include-stdint.h-for-uintptr_t.patch as the issues have
  been fixed upstream.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-30 18:25:51 -07:00
Khem Raj 7d8a0e840d recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Martin Jansa 856902b8c0 Fix DeprecationWarning about regexps
* fixes:
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:125: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:126: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:128: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:129: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:130: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-graphics/ttf-fonts/ttf-mplus_027.bb:18: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio-paranoia_10.2+2.0.1.bb:21: DeprecationWarning: invalid escape sequence \.
meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio_2.1.0.bb:28: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1342: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \-
oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1344: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1345: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1348: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1350: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1353: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1355: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1358: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1360: DeprecationWarning: invalid escape sequence \.
oe-core/meta/classes/package.bbclass:1365: DeprecationWarning: invalid escape sequence \.

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-02-21 18:12:04 -08:00
Armin Kuster cddbbeeb7c strongswan: remove redundant DEPENDS
drop openssl and gmp from DEPENDS, covered in PACKAGECONFIG

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:19:00 -08:00
Armin Kuster f1af0f3690 strongswan: add integrity options
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:18:55 -08:00
Armin Kuster 0b75181350 strongswan: add tpm PACKAGECONFIG
migrate meta-tpm strongswan tweaks to meta-networking

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:18:49 -08:00
Armin Kuster 2b733d2a70 strongswan: provide PACKAGECONFIG for cureve25519
Not everyone wants this to be installed by default. Enable to remove
cureve25519 is someone wants to.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-12-27 14:18:40 -08:00
Yi Zhao 799dc735f8 strongswan: add required kernel modules to RRECOMMENDS
Strongswan failed to startup because there is no kernel module named
ipsec. Add basic kernel modules required by strongswan per [1].

[1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules,

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-11 08:31:56 -08:00
Yi Zhao cb08584d8c strongswan: upgrade 5.9.3 -> 5.9.4
Add openssl PACKAGECONFIG back as the openssl 3.0 compatibility issue
has been fixed.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-10-19 09:23:08 -07:00
Alexander Kanavin 38303c7063 strongswan: disable openssl PACKAGECONFIG
Until upstream addresses openssl 3.x compatibility issues.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-10-14 07:16:58 -07:00
Martin Jansa c61dc077bb Convert to new override syntax
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2021-08-03 10:21:25 -07:00
zangrc 67b26428a6 strongswan: upgrade 5.9.2 -> 5.9.3
- Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin.

- Added AES_CCM and SHA-3 signature support to openssl plugin.

- The x509 and openssl plugins now consider the authorityKeyIdentifier, if
  available, before verifying signatures, which avoids unnecessary signature
  verifications after a CA key rollover if both certificates are loaded.

- The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which
  previously depended on a version check.

- charon-nm now supports using SANs as client identities, not only full DNs.

- charon-tkm now handles IKE encryption.

- A MOBIKE update is sent again if a a change in the NAT mappings is detected
  but the endpoints stay the same.

- Converted most of the test case scenarios to the vici interface

Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-07-13 09:39:15 -07:00
Joe Hershberger 90c04acced strongswan: Make PACKAGECONFIG a default value
Change from a weak default to a default in the definition of the PACKAGECONFIG.

In https://github.com/flihp/meta-measured/blob/master/networking-layer/recipes-support/strongswan/strongswan_5.%25.bbappend the PACKAGECONFIG is appended to, so if the definition is weak here, the variable will be empty when the bbappend attempts to add to it.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-04-17 07:43:11 -07:00
zangrc dc516cbeb7 strongswan: upgrade 5.9.1 -> 5.9.2
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-03-04 09:04:24 -08:00
zangrc 9a77c8d8f0 strongswan: upgrade 5.8.4 -> 5.9.1
0001-Remove-obsolete-setting-regarding-the-Standard-Outpu.patch
Removed since this is included in 5.9.1

Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-23 07:09:33 -08:00
Nick Rosbrook 4cdd651960 strongswan: remove ldap from default PACKAGECONFIG
Since ldap is not a standard DISTRO_FEATURE, leave it disabled by default.

Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-10 08:15:56 -08:00
Nick Rosbrook b570072902 strongswan: do not use deprecated stroke and starter by default
The swanctl and vici configuration of strongswan is preferred, as the stroke
plugin used with starter is deprecated. As a reasonable default, add swanctl
to PACKAGECONFIG by default, and remove stroke. When systemd is in DISTRO_FEATURES,
add systemd-charon to PACKAGECONFIG, and add charon when systemd is not in
DISTRO_FEATURES.

While here, make sure strongswan-starter.service is only installed when
charon is enabled. The current unconditional installation of
strongswan-starter.service can break systems which install strongswan.service
for use with swanctl.

Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-10 08:15:56 -08:00
Nick Rosbrook b6e1480592 strongswan: add some PACKAGECONFIG options for EAP
Add options for eap-identity and eap-mschapv2 plugins.

Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-11-06 21:26:27 -08:00
Mingli Yu e61b73e6d3 strongswan: Remove obsolete setting regarding the Standard Output
The Standard output type "syslog" is obsolete, causing a warning since systemd
version 246 [1].

Please consider using "journal" or "journal+console"

[1] https://github.com/systemd/systemd/blob/master/NEWS#L202

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-09-23 19:45:53 -07:00
Wang Mingyu 0ca71a2623 strongswan: upgrade 5.8.2 -> 5.8.4
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-03-31 18:57:40 -07:00
Wang Mingyu b2aa53852e strongswan: upgrade 5.8.1 -> 5.8.2
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-01-03 13:56:01 -08:00
Callaghan, Dan 699cd1602e strongswan: add a PACKAGECONFIG for libbfd stack traces
Strongswan installs a signal handler for SIGSEGV, SIGILL, and SIGBUS
which attempts to print a stack trace of the crash. For producing line
numbers in the stack trace, it can use libbfd from binutils, or
libunwind, or else it falls back to a slower method using
/usr/bin/addr2line.

Currently the addr2line method is unlikely to actually work, since there
is no RDEPENDS to pull that command into the image.

This patch adds a PACKAGECONFIG to enable the libbfd-based stack traces,
which is likely the best alternative since binutils is already required
for building everything, and it will be faster than the addr2line method
(which requires addr2line and libbfd anyway).

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-17 05:53:25 -07:00
Callaghan, Dan b08e503eb7 strongswan: install dev headers
These are needed for other packages which want to link against
libstrongswan or other libraries included with Strongswan.
By default, no headers are installed.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-10-04 19:11:55 -07:00
Khem Raj 3061ead8cf strongswan: Fix do_patch fuzz
Refresh the patch to apply cleanly

Fixes

Applying patch 0001-memory.h-Include-stdint.h-for-uintptr_t.patch
patching file src/libstrongswan/utils/utils/memory.h
Hunk #1 succeeded at 26 with fuzz 2 (offset 4 lines).

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-07 12:54:43 -07:00
Yuan Chao af6d79843b strongswan: upgrade 5.8.0 -> 5.8.1
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-09-02 20:39:01 -07:00
Yi Zhao 8d119c80fb strongswan: upgrade 5.7.1 -> 5.8.0
Rename systemd service units since it uses strongswan-starter.service
for the legacy unit and strongswan.service for the modern one.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-06-25 14:21:48 -07:00
André Draszik 24af1f974c meta-networking: remove True option to getVar calls (again)
A couple have still been missed in the past despite multiple
attempts at doing so (or simply have re-appeared?).

Search & replace made using the following command:
    sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \
        -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \
             | cut -d':' -f1 \
             | sort -u)

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2019-01-13 10:28:01 -08:00
Qi.Chen@windriver.com 3e6226f85c strongswan: upgrade to 5.7.1
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-10-16 23:27:55 -07:00
Yi Zhao d490ac28fe strongswan: upgrade 5.6.2 -> 5.6.3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-07-03 17:42:25 -07:00
Yi Zhao ee0d27dfec strongswan: add UPSTREAM_CHECK_REGEX
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2018-05-30 12:33:57 -07:00
Armin Kuster aa7b7cd364 strongswan: refresh patches
WARNING:
Some of the context lines in patches were ignored. This can lead to incorrectly applied patches.
The context lines in the patches can be updated with devtool:

    devtool modify <recipe>
    devtool finish --force-patch-refresh <recipe> <layer_path>

Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
Hunk #1 succeeded at 192 (offset 50 lines).
Hunk #2 succeeded at 255 with fuzz 1 (offset 58 lines).
checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
Hunk #1 succeeded at 43 (offset -1 lines).
checking file src/libstrongswan/plugins/openssl/openssl_plugin.c
Hunk #1 succeeded at 609 (offset 221 lines).

Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-04-13 12:43:40 -07:00
Huang Qiyu fd77663ea9 strongswan: 5.5.3 -> 5.6.2
1.Upgrade strongswan from 5.5.3 to 5.6.2.
2.Modify fix-funtion-parameter.patch, since the data has been changed.

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2018-04-09 12:32:07 -04:00
Mingli Yu ea97f6b7db strongswan: add ${PN}-plugin-curve25519 to RDEPENDS
* The default DH group curve25519 depends on
  an optional plugin ${PN}-plugin-curve25519,
  add it to RDEPENDS to avoid below error:

  root@test:~# ipsec up host-lan
  initiating IKE_SA host-lan[1] to 192.168.7.2
  configured DH group CURVE_25519 not supported
  tried to checkin and delete nonexisting IKE_SA
  establishing connection 'host-lan' failed

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2018-02-05 10:40:18 -05:00
Khem Raj 5b805b4597 strongswan: Include stdint.h for uintptr_t
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-09-08 16:38:07 -04:00
fan.xin fd2c2ee0a4 strongswan: 5.5.1 -> 5.5.3
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-06-28 10:29:20 -04:00
David Vincent 57d3b5c5c8 strongswan: Split plugins
strongSwan offers a plugin mechanism therefore it should not be
mandatory to install all of them when installing the package. Each
plugin is now a self-contained package with the library and its
configuration.

To remain compatible with the current configuration, a default set of
plugins has been selected as RDEPENDS of the main package. This default
list is based on the default strongSwan list minus some plugins enabled
via PACKAGECONFIG
(see https://wiki.strongswan.org/projects/strongswan/PluginList).

Signed-off-by: David Vincent <freesilicon@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2017-04-27 12:02:13 -04:00
Peter Kjellerstedt 0c31f55bcf Make use of the new bb.utils.filter() function
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-03-07 13:30:26 +01:00
Oleksandr Kravchuk 0e84e385b7 strongswan: update to 5.5.1
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-01-19 09:25:44 +01:00
Oleksandr Kravchuk c0e27d549e strongswan: delete obsolete patches
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2017-01-19 09:25:44 +01:00
Wang Xin 365fd1eda2 strongswan: 5.3.2 -> 5.5.0
Upgrade strongswan from 5.3.2 to 5.5.0.

Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2016-09-12 10:43:37 -04:00