Attachment 163192 Details for Bug 204597 – Update security/strongSwan 5.3.3 to 5.3.4

[patch] Update security/strongSwan 5.3.3 to 5.3.4

strongswan-5.3.4-update.diff (text/plain), 5.23 KB, created by Francois ten Krooden on 2015-11-16 13:37:52 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Francois ten Krooden

Created: 2015-11-16 13:37:52 UTC

Size: 5.23 KB

patch

obsolete

>Index: Makefile
>===================================================================
>--- Makefile	(revision 401757)
>+++ Makefile	(working copy)
>@@ -2,8 +2,7 @@
> # $FreeBSD$
> 
> PORTNAME=	strongswan
>-PORTVERSION=	5.3.3
>-PORTREVISION=	2
>+PORTVERSION=	5.3.4
> CATEGORIES=	security
> MASTER_SITES=	http://download.strongswan.org/ \
> 		http://download2.strongswan.org/
>Index: distinfo
>===================================================================
>--- distinfo	(revision 401757)
>+++ distinfo	(working copy)
>@@ -1,2 +1,2 @@
>-SHA256 (strongswan-5.3.3.tar.bz2) = 39d2e8f572a57a77dda8dd8bdaf2ee47ad3cefeb86bbb840d594aa75f00f33e2
>-SIZE (strongswan-5.3.3.tar.bz2) = 4423437
>+SHA256 (strongswan-5.3.4.tar.bz2) = 938ad1f7b612e039f1d32333f4865160be70f9fb3c207a31127d0168116459aa
>+SIZE (strongswan-5.3.4.tar.bz2) = 4418300
>Index: files/patch-backport-04f22cdabc.diff
>===================================================================
>--- files/patch-backport-04f22cdabc.diff	(revision 401757)
>+++ files/patch-backport-04f22cdabc.diff	(working copy)
>@@ -1,67 +0,0 @@
>-From 04f22cdabc1c97d38692f95392429839f0fa90d1 Mon Sep 17 00:00:00 2001
>-From: Tobias Brunner <tobias@strongswan.org>
>-Date: Mon, 9 Nov 2015 11:39:54 +0100
>-Subject: [PATCH] vici: Add NAT information when listing IKE_SAs
>-
>-The `nat-local` and `nat-remote` keys contain information on the NAT
>-status of the local and remote IKE endpoints, respectively.  If a
>-responder did not detect a NAT but is configured to fake a NAT situation
>-this is indicated by `nat-fake` (if an initiator fakes a NAT situation
>-`nat-local` is set).  If any NAT is detected or faked `nat-any` is set.
>-
>-Closes strongswan/strongswan#16.
>----
>- src/libcharon/plugins/vici/README.md    |  4 ++++
>- src/libcharon/plugins/vici/vici_query.c | 17 +++++++++++++++++
>- 2 files changed, 21 insertions(+)
>-
>-diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
>-index e20e8ab..51a17e2 100644
>---- src/libcharon/plugins/vici/README.md
>-+++ src/libcharon/plugins/vici/README.md
>-@@ -587,6 +587,10 @@ command.
>- 			initiator = <yes, if initiator of IKE_SA>
>- 			initiator-spi = <hex encoded initiator SPI / cookie>
>- 			responder-spi = <hex encoded responder SPI / cookie>
>-+			nat-local = <yes, if local endpoint is behind a NAT>
>-+			nat-remote = <yes, if remote endpoint is behind a NAT>
>-+			nat-fake = <yes, if NAT situation has been faked as responder>
>-+			nat-any = <yes, if any endpoint is behind a NAT (also if faked)>
>- 			encr-alg = <IKE encryption algorithm string>
>- 			encr-keysize = <key size for encr-alg, if applicable>
>- 			integ-alg = <IKE integrity algorithm string>
>-diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
>-index 98d264f..265a17e 100644
>---- src/libcharon/plugins/vici/vici_query.c
>-+++ src/libcharon/plugins/vici/vici_query.c
>-@@ -222,6 +222,18 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b,
>- }
>- 
>- /**
>-+ * Add an IKE_SA condition to the given builder
>-+ */
>-+static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa,
>-+						  char *key, ike_condition_t cond)
>-+{
>-+	if (ike_sa->has_condition(ike_sa, cond))
>-+	{
>-+		b->add_kv(b, key, "yes");
>-+	}
>-+}
>-+
>-+/**
>-  * List details of an IKE_SA
>-  */
>- static void list_ike(private_vici_query_t *this, vici_builder_t *b,
>-@@ -265,6 +277,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
>- 	b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id));
>- 	b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id));
>- 
>-+	add_condition(b, ike_sa, "nat-local", COND_NAT_HERE);
>-+	add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE);
>-+	add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE);
>-+	add_condition(b, ike_sa, "nat-any", COND_NAT_ANY);
>-+
>- 	proposal = ike_sa->get_proposal(ike_sa);
>- 	if (proposal)
>- 	{
>Index: files/patch-backport-dff2d05bb9.diff
>===================================================================
>--- files/patch-backport-dff2d05bb9.diff	(revision 401757)
>+++ files/patch-backport-dff2d05bb9.diff	(working copy)
>@@ -1,27 +0,0 @@
>-From dff2d05bb9bec684b3b2efdafc9a47219550bbe1 Mon Sep 17 00:00:00 2001
>-From: Renato Botelho <garga@FreeBSD.org>
>-Date: Fri, 6 Nov 2015 17:07:38 -0200
>-Subject: [PATCH] kernel-pfkey: Enable ENCR_AES_CTR when it's available
>-
>-Obtained-from:	pfSense
>-Sponsored-by:	Rubicon Communications (Netgate)
>-Closes strongswan/strongswan#17.
>----
>- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 4 +++-
>- 1 file changed, 3 insertions(+), 1 deletion(-)
>-
>-diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
>-index 5027e17..0df6fb5 100644
>---- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
>-+++ src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
>-@@ -843,7 +843,9 @@ static kernel_algorithm_t encryption_algs[] = {
>- /*	{ENCR_DES_IV32,				0							}, */
>- 	{ENCR_NULL,					SADB_EALG_NULL				},
>- 	{ENCR_AES_CBC,				SADB_X_EALG_AESCBC			},
>--/*	{ENCR_AES_CTR,				SADB_X_EALG_AESCTR			}, */
>-+#ifdef SADB_X_EALG_AESCTR
>-+	{ENCR_AES_CTR,				SADB_X_EALG_AESCTR			},
>-+#endif
>- /*  {ENCR_AES_CCM_ICV8,			SADB_X_EALG_AES_CCM_ICV8	}, */
>- /*	{ENCR_AES_CCM_ICV12,		SADB_X_EALG_AES_CCM_ICV12	}, */
>- /*	{ENCR_AES_CCM_ICV16,		SADB_X_EALG_AES_CCM_ICV16	}, */

Actions: View | Diff

Attachments on bug 204597: 163192 | 163193