Skip to content
Snippets Groups Projects
Commit 02c51183 authored by J0WI's avatar J0WI Committed by Kevin Daudt
Browse files

community/libreswan: security upgrade to 4.6

parent 0112743b
No related branches found
No related tags found
1 merge request!32458[3.15] community/libreswan: security upgrade to 4.6
Pipeline #120436 passed
# Contributor: Will Sinatra <wpsinatra@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libreswan
pkgver=4.4
pkgrel=1
pkgver=4.6
pkgrel=0
pkgdesc="IPsec implementation for Linux"
url="https://libreswan.org"
url="https://libreswan.org/"
arch="all"
license="GPL-2.0-or-later"
depends="nss-tools iproute2"
provides="openswan"
options="!check" # no testsuite
makedepends="bison flex coreutils bash xmlto
gmp-dev linux-pam-dev nss-dev unbound-dev libcap-ng-dev
curl-dev nspr-dev bsd-compat-headers ldns-dev
"
subpackages="$pkgname-doc $pkgname-openrc"
source="https://download.libreswan.org/libreswan-$pkgver.tar.gz
fix-includes.patch
nss_compat.patch
Makefile.inc.local"
# secfixes:
# 4.6-r0:
# - CVE-2022-23094
# 3.32-r0:
# - CVE-2020-1763
# 3.29-r0:
......@@ -30,26 +31,25 @@ source="https://download.libreswan.org/libreswan-$pkgver.tar.gz
build() {
cp $srcdir/Makefile.inc.local $builddir
make WERROR_CFLAGS="" \
INC_RCDEFAULT=/etc/init.d \
INC_USRLOCAL=/usr \
INITDIR_DEFAULT=/etc/init.d \
PREFIX=/usr \
FINALBINDIR=/usr/libexec/ipsec \
FINALLIBEXECDIR=/usr/libexec/ipsec \
programs
}
package() {
make INC_MANDIR=share/man \
INC_RCDEFAULT=/etc/init.d \
INC_USRLOCAL=/usr \
make FINALMANDIR=share/man \
INITDIR_DEFAULT=/etc/init.d \
PREFIX=/usr \
DESTDIR="$pkgdir" \
INSTCONFFLAGS=-m644 \
FINALBINDIR=/usr/libexec/ipsec \
FINALLIBEXECDIR=/usr/libexec/ipsec \
install
}
sha512sums="
108b2ac7a36454c48ce448a83ddd81e72d7fbb7cf8b042116d9bd31f195cdab4ccd6311d72af7ab4cc6d054df50d30a6bfc50b56fe7cbfd35d54a68804a6678b libreswan-4.4.tar.gz
60e1560cb6716b2a281b73893582d7d0b5e17c729c22aebd448927c365efca3589a3e6bb926c03e8fba460d98d36203aa544cc3da2df4f8f804a7ba7bd31ea1c fix-includes.patch
4729de7d7c4157104574b2d6a86ae399ca92898269e4a6e0363a8ce464351b0e1011137895f5e17df23a60049bad564644cd94216e10fe426897f3fdea347328 nss_compat.patch
c1c3efd7665dee6caaf08cb5aa50fcd37c299acad4b62648284fdb04edd50ba8fc8d33a9fb210edaf2312697f8cd251f33a6b16587eb2cfefd1269b4482dd499 libreswan-4.6.tar.gz
36415fae9b6674d66b7728fbc1df4bb3c4fcb16f0bbe88ead1f23e553bb51a9deb288a8659a0050a3fb1e14c3dbb8fb8524e9ef48fb6842dc94b11b758349c58 Makefile.inc.local
"
--- a/include/fd.h
+++ b/include/fd.h
@@ -25,7 +25,7 @@
#define FD_H
#include <stdbool.h>
-#include <stdlib.h> /* for ssize_t */
+#include <sys/types.h> /* for ssize_t */
#include "where.h"
#2020/9/23 Patch is upstream, but not officially released. Should be released in libreswan 3.33+
#Description: Force NSS compatibility to allow libreswan to properly autonegotiate IKE encryption
--- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
+++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
@@ -16,6 +16,8 @@
#include <stdio.h>
#include <stdlib.h>
+#define NSS_PKCS11_2_0_COMPAT 1
+
#include "lswlog.h"
#include "lswnss.h"
#include "prmem.h"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment