strongswan: Update to 5.5.0

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index f51cc3a9cd55c224189d62acd2b869453de00e26..f81a9c861a296f80aa4dc59f51e767e24a166187 100644 (file)
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -40,7 +40,6 @@ etc/strongswan.d/charon/kernel-netlink.conf
 etc/strongswan.d/charon/md5.conf
 etc/strongswan.d/charon/nonce.conf
 etc/strongswan.d/charon/openssl.conf
-#etc/strongswan.d/charon/padlock.conf
 etc/strongswan.d/charon/pem.conf
 etc/strongswan.d/charon/pgp.conf
 etc/strongswan.d/charon/pkcs1.conf
@@ -58,6 +57,7 @@ etc/strongswan.d/charon/socket-default.conf
 etc/strongswan.d/charon/sshkey.conf
 etc/strongswan.d/charon/stroke.conf
 etc/strongswan.d/charon/updown.conf
+etc/strongswan.d/charon/vici.conf
 etc/strongswan.d/charon/x509.conf
 etc/strongswan.d/charon/xauth-eap.conf
 etc/strongswan.d/charon/xauth-generic.conf
@@ -66,6 +66,21 @@ etc/strongswan.d/charon/xcbc.conf
 etc/strongswan.d/pki.conf
 etc/strongswan.d/scepclient.conf
 etc/strongswan.d/starter.conf
+etc/strongswan.d/swanctl.conf
+#etc/swanctl
+etc/swanctl/bliss
+etc/swanctl/ecdsa
+etc/swanctl/pkcs12
+etc/swanctl/pkcs8
+etc/swanctl/pubkey
+etc/swanctl/rsa
+etc/swanctl/swanctl.conf
+etc/swanctl/x509
+etc/swanctl/x509aa
+etc/swanctl/x509ac
+etc/swanctl/x509ca
+etc/swanctl/x509crl
+etc/swanctl/x509ocsp
 usr/bin/pki
 #usr/lib/ipsec
 #usr/lib/ipsec/libcharon.a
@@ -73,11 +88,6 @@ usr/bin/pki
 usr/lib/ipsec/libcharon.so
 usr/lib/ipsec/libcharon.so.0
 usr/lib/ipsec/libcharon.so.0.0.0
-#usr/lib/ipsec/libhydra.a
-#usr/lib/ipsec/libhydra.la
-usr/lib/ipsec/libhydra.so
-usr/lib/ipsec/libhydra.so.0
-usr/lib/ipsec/libhydra.so.0.0.0
 #usr/lib/ipsec/libradius.a
 #usr/lib/ipsec/libradius.la
 usr/lib/ipsec/libradius.so
@@ -93,6 +103,11 @@ usr/lib/ipsec/libstrongswan.so.0.0.0
 usr/lib/ipsec/libtls.so
 usr/lib/ipsec/libtls.so.0
 usr/lib/ipsec/libtls.so.0.0.0
+#usr/lib/ipsec/libvici.a
+#usr/lib/ipsec/libvici.la
+usr/lib/ipsec/libvici.so
+usr/lib/ipsec/libvici.so.0
+usr/lib/ipsec/libvici.so.0.0.0
 #usr/lib/ipsec/plugins
 usr/lib/ipsec/plugins/libstrongswan-aes.so
 usr/lib/ipsec/plugins/libstrongswan-attr.so
@@ -101,8 +116,8 @@ usr/lib/ipsec/plugins/libstrongswan-cmac.so
 usr/lib/ipsec/plugins/libstrongswan-constraints.so
 usr/lib/ipsec/plugins/libstrongswan-ctr.so
 usr/lib/ipsec/plugins/libstrongswan-curl.so
-usr/lib/ipsec/plugins/libstrongswan-dhcp.so
 usr/lib/ipsec/plugins/libstrongswan-des.so
+usr/lib/ipsec/plugins/libstrongswan-dhcp.so
 usr/lib/ipsec/plugins/libstrongswan-dnskey.so
 usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
 usr/lib/ipsec/plugins/libstrongswan-eap-mschapv2.so
@@ -120,7 +135,6 @@ usr/lib/ipsec/plugins/libstrongswan-kernel-netlink.so
 usr/lib/ipsec/plugins/libstrongswan-md5.so
 usr/lib/ipsec/plugins/libstrongswan-nonce.so
 usr/lib/ipsec/plugins/libstrongswan-openssl.so
-#usr/lib/ipsec/plugins/libstrongswan-padlock.so
 usr/lib/ipsec/plugins/libstrongswan-pem.so
 usr/lib/ipsec/plugins/libstrongswan-pgp.so
 usr/lib/ipsec/plugins/libstrongswan-pkcs1.so
@@ -130,7 +144,6 @@ usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
 usr/lib/ipsec/plugins/libstrongswan-pubkey.so
 usr/lib/ipsec/plugins/libstrongswan-random.so
 usr/lib/ipsec/plugins/libstrongswan-rc2.so
-#usr/lib/ipsec/plugins/libstrongswan-rdrand.so
 usr/lib/ipsec/plugins/libstrongswan-resolve.so
 usr/lib/ipsec/plugins/libstrongswan-revocation.so
 usr/lib/ipsec/plugins/libstrongswan-sha1.so
@@ -139,6 +152,7 @@ usr/lib/ipsec/plugins/libstrongswan-socket-default.so
 usr/lib/ipsec/plugins/libstrongswan-sshkey.so
 usr/lib/ipsec/plugins/libstrongswan-stroke.so
 usr/lib/ipsec/plugins/libstrongswan-updown.so
+usr/lib/ipsec/plugins/libstrongswan-vici.so
 usr/lib/ipsec/plugins/libstrongswan-x509.so
 usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
 usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so
@@ -152,6 +166,7 @@ usr/libexec/ipsec/scepclient
 usr/libexec/ipsec/starter
 usr/libexec/ipsec/stroke
 usr/sbin/ipsec
+usr/sbin/swanctl
 #usr/share/man/man1/pki---acert.1
 #usr/share/man/man1/pki---dn.1
 #usr/share/man/man1/pki---gen.1
@@ -168,10 +183,10 @@ usr/sbin/ipsec
 #usr/share/man/man5/ipsec.conf.5
 #usr/share/man/man5/ipsec.secrets.5
 #usr/share/man/man5/strongswan.conf.5
-#usr/share/man/man8/_updown.8
+#usr/share/man/man5/swanctl.conf.5
 #usr/share/man/man8/ipsec.8
-#usr/share/man/man8/openac.8
 #usr/share/man/man8/scepclient.8
+#usr/share/man/man8/swanctl.8
 #usr/share/strongswan
 #usr/share/strongswan/templates
 #usr/share/strongswan/templates/config
@@ -202,7 +217,6 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/plugins/md5.conf
 #usr/share/strongswan/templates/config/plugins/nonce.conf
 #usr/share/strongswan/templates/config/plugins/openssl.conf
-#usr/share/strongswan/templates/config/plugins/padlock.conf
 #usr/share/strongswan/templates/config/plugins/pem.conf
 #usr/share/strongswan/templates/config/plugins/pgp.conf
 #usr/share/strongswan/templates/config/plugins/pkcs1.conf
@@ -220,6 +234,7 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/plugins/sshkey.conf
 #usr/share/strongswan/templates/config/plugins/stroke.conf
 #usr/share/strongswan/templates/config/plugins/updown.conf
+#usr/share/strongswan/templates/config/plugins/vici.conf
 #usr/share/strongswan/templates/config/plugins/x509.conf
 #usr/share/strongswan/templates/config/plugins/xauth-eap.conf
 #usr/share/strongswan/templates/config/plugins/xauth-generic.conf
@@ -232,3 +247,4 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/strongswan.d/pki.conf
 #usr/share/strongswan/templates/config/strongswan.d/scepclient.conf
 #usr/share/strongswan/templates/config/strongswan.d/starter.conf
+#usr/share/strongswan/templates/config/strongswan.d/swanctl.conf

diff --git a/lfs/strongswan b/lfs/strongswan
index c6d655bb24208091af5f9c767dfe74e12d104b40..17c1a01cf4fd352cac90ee260987b2b29ddd18f0 100644 (file)
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.3.5
+VER        = 5.5.0
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = a2f9ea185f27e7f8413d4cd2ee61efe4
+$(DL_FILE)_MD5 = a96fa7eb6c62b40143dadb064b6bd586
 
 install : $(TARGET)
 
@@ -79,7 +79,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
        cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
-       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch
 
        cd $(DIR_APP) && ./configure \
                --prefix="/usr" \

diff --git a/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch b/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch
deleted file mode 100644 (file)
index 27b6f06..0000000
--- a/src/patches/strongswan-child-rekey-Suppress-updown-event-when-deleting-redundant-CHILD_SAs.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 0e32cbc0bc8fce3319491db360fb23b16561ec58 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Tue, 15 Dec 2015 17:15:32 +0100
-Subject: [PATCH] child-rekey: Suppress updown event when deleting redundant
- CHILD_SAs
-
-When handling a rekey collision we might have to delete an already
-installed redundant CHILD_SA (or expect the other peer to do so).  We don't
-want to trigger updown events for these as we don't during rekeying.
-
-Instead of setting the state to CHILD_REKEYING we could maybe use
-CHILD_REKEYED, which we currently only use for IKEv1, and set it for
-all CHILD_SAs we delete or expect the other peer to delete.  Would need
-a small change in child-delete too.  Or we could introduce a new state.
-
- #853.
----
- src/libcharon/sa/ikev2/tasks/child_rekey.c |   11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
-index c7a8a13..6f0c2b2 100644
---- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
-+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
-@@ -279,11 +279,15 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
-                       /* don't touch child other created, it has already been deleted */
-                       if (!this->other_child_destroyed)
-                       {
--                              /* disable close action for the redundand child */
-+                              /* disable close action and updown event for redundant child */
-                               child_sa = other->child_create->get_child(other->child_create);
-                               if (child_sa)
-                               {
-                                       child_sa->set_close_action(child_sa, ACTION_NONE);
-+                                      if (child_sa->get_state(child_sa) != CHILD_REKEYING)
-+                                      {
-+                                              child_sa->set_state(child_sa, CHILD_REKEYING);
-+                                      }
-                               }
-                       }
-               }
-@@ -372,6 +376,11 @@ METHOD(task_t, process_i, status_t,
-       {
-               return SUCCESS;
-       }
-+      /* disable updown event for redundant CHILD_SA */
-+      if (to_delete->get_state(to_delete) != CHILD_REKEYING)
-+      {
-+              to_delete->set_state(to_delete, CHILD_REKEYING);
-+      }
-       spi = to_delete->get_spi(to_delete, TRUE);
-       protocol = to_delete->get_protocol(to_delete);
- 
--- 
-1.7.9.5
-