diff options
Diffstat (limited to 'meta-networking/recipes-support/strongswan')
-rw-r--r-- | meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch | 92 | ||||
-rw-r--r-- | meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb (renamed from meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb) | 18 |
2 files changed, 13 insertions, 97 deletions
diff --git a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch deleted file mode 100644 index 7da48cd2cf..0000000000 --- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@strongswan.org> -Date: Wed, 23 Feb 2022 17:29:02 +0100 -Subject: [PATCH] openssl: Don't unload providers - -There is a conflict between atexit() handlers registered by OpenSSL and -some executables (e.g. swanctl or pki) to deinitialize libstrongswan. -Because plugins are usually loaded after atexit() has been called, the -handler registered by OpenSSL will run before our handler. So when the -latter destroys the plugins it's a bad idea to try to access any OpenSSL -objects as they might already be invalid. - -Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.") -Closes strongswan/strongswan#921 - -Upstream-Status: Backport -[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524] - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - .../plugins/openssl/openssl_plugin.c | 27 +++---------------- - 1 file changed, 3 insertions(+), 24 deletions(-) - -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 6b4923649..1491d5cf8 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -16,7 +16,6 @@ - - #include <library.h> - #include <utils/debug.h> --#include <collections/array.h> - #include <threading/thread.h> - #include <threading/mutex.h> - #include <threading/thread_value.h> -@@ -74,13 +73,6 @@ struct private_openssl_plugin_t { - * public functions - */ - openssl_plugin_t public; -- --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- /** -- * Loaded providers -- */ -- array_t *providers; --#endif - }; - - /** -@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int, - METHOD(plugin_t, destroy, void, - private_openssl_plugin_t *this) - { --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- OSSL_PROVIDER *provider; -- while (array_remove(this->providers, ARRAY_TAIL, &provider)) -- { -- OSSL_PROVIDER_unload(provider); -- } -- array_destroy(this->providers); --#endif /* OPENSSL_VERSION_NUMBER */ -- - /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we - * can't call it as we couldn't re-initialize the library (as required by the - * unit tests and the Android app) */ -@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create() - DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider"); - return NULL; - } -- array_insert_create(&this->providers, ARRAY_TAIL, fips); - /* explicitly load the base provider containing encoding functions */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "base")); -+ OSSL_PROVIDER_load(NULL, "base"); - } - else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy", - TRUE, lib->ns)) - { - /* load the legacy provider for algorithms like MD4, DES, BF etc. */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "legacy")); -+ OSSL_PROVIDER_load(NULL, "legacy"); - /* explicitly load the default provider, as mentioned by crypto(7) */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "default")); -+ OSSL_PROVIDER_load(NULL, "default"); - } - ossl_provider_names_t data = {}; - OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data); --- -2.25.1 - diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb index cfb7b41fa4..2e2da8274b 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.14.bb @@ -8,11 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "flex-native flex bison-native" DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" -SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ - file://0001-openssl-Don-t-unload-providers.patch \ - " +SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ + " -SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd" +SRC_URI[sha256sum] = "728027ddda4cb34c67c4cec97d3ddb8c274edfbabdaeecf7e74693b54fc33678" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" @@ -39,8 +38,8 @@ PACKAGECONFIG[eap-mschapv2] = "--enable-eap-mschapv2,--disable-eap-mschapv2,,${P PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp" PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap" PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql" +PACKAGECONFIG[nm] = "--enable-nm,--disable-nm,networkmanager,${PN}-nm" PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl" -PACKAGECONFIG[scep] = "--enable-scepclient,--disable-scepclient," PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup" PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite" PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke" @@ -103,6 +102,10 @@ ALLOW_EMPTY:${PN}-imcvs = "1" FILES:${PN}-imcvs = "${libdir}/ipsec/imcvs/*.so" FILES:${PN}-imcvs-dbg += "${libdir}/ipsec/imcvs/.debug" +PACKAGES =+ "${PN}-nm ${PN}-nm-dbg" +FILES:${PN}-nm = "${libexecdir}/ipsec/charon-nm ${datadir}/dbus-1/system.d/nm-strongswan-service.conf" +FILES:${PN}-nm-dbg = "${libexecdir}/ipsec/.debug/charon-nm" + PACKAGES_DYNAMIC += "^${PN}-plugin-.*$" NOAUTOPACKAGEDEBUG = "1" @@ -147,9 +150,14 @@ RDEPENDS:${PN} += "\ ${PN}-plugin-constraints \ ${PN}-plugin-des \ ${PN}-plugin-dnskey \ + ${PN}-plugin-drbg \ + ${PN}-plugin-fips-prf \ + ${PN}-plugin-gcm \ ${PN}-plugin-hmac \ + ${PN}-plugin-kdf \ ${PN}-plugin-kernel-netlink \ ${PN}-plugin-md5 \ + ${PN}-plugin-mgf1 \ ${PN}-plugin-nonce \ ${PN}-plugin-pem \ ${PN}-plugin-pgp \ |