[Buildroot] [PATCH 1/2] strongswan: security bump to version 5.2.2

Tue Jan 6 10:35:40 UTC 2015

Fixes CVE-2014-9221 - denial-of-service vulnerability triggered by an
IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025.

Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
 package/strongswan/Config.in       | 16 ++++++++++++----
 package/strongswan/strongswan.hash |  2 ++
 package/strongswan/strongswan.mk   |  9 ++++++---
 3 files changed, 20 insertions(+), 7 deletions(-)
 create mode 100644 package/strongswan/strongswan.hash

diff --git a/package/strongswan/Config.in b/package/strongswan/Config.in
index 3b0f47f..23131dc 100644
--- a/package/strongswan/Config.in
+++ b/package/strongswan/Config.in
@@ -110,13 +110,21 @@ config BR2_PACKAGE_STRONGSWAN_SQL
 
 endif
 
-config BR2_PACKAGE_STRONGSWAN_TOOLS
-	bool "Enable additional utilities (openac, scepclient and pki)"
+config BR2_PACKAGE_STRONGSWAN_PKI
+	bool "Enable pki certificate utility"
 	default y
 
+config BR2_PACKAGE_STRONGSWAN_SCEP
+	bool "Enable SCEP client tool"
+
 config BR2_PACKAGE_STRONGSWAN_SCRIPTS
-	bool "Enable additional utilities (found in directory scripts)"
-	depends on BR2_PACKAGE_STRONGSWAN_CHARON || BR2_PACKAGE_STRONGSWAN_TOOLS
+	bool "Enable additional utilities (found in scripts directory)"
+	depends on BR2_PACKAGE_STRONGSWAN_CHARON
+	default y
+
+config BR2_PACKAGE_STRONGSWAN_VICI
+	bool "Enable vici/swanctl"
+	depends on BR2_PACKAGE_STRONGSWAN_CHARON
 	default y
 
 endif
diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash
new file mode 100644
index 0000000..6073b36
--- /dev/null
+++ b/package/strongswan/strongswan.hash
@@ -0,0 +1,2 @@
+# From http://download.strongswan.org/strongswan-5.2.2.tar.bz2.md5
+md5	7ee1a33060b2bde35be0f6d78a1d26d0	strongswan-5.2.2.tar.bz2
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index bb1d268..2d23383 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-STRONGSWAN_VERSION = 5.1.3
+STRONGSWAN_VERSION = 5.2.2
 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
 STRONGSWAN_SITE = http://download.strongswan.org
 STRONGSWAN_LICENSE = GPLv2+
@@ -28,8 +28,11 @@ STRONGSWAN_CONF_OPTS +=
 	--enable-unity=$(if $(BR2_PACKAGE_STRONGSWAN_UNITY),yes,no)                  \
 	--enable-stroke=$(if $(BR2_PACKAGE_STRONGSWAN_STROKE),yes,no)                \
 	--enable-sql=$(if $(BR2_PACKAGE_STRONGSWAN_SQL),yes,no)                      \
-	--enable-tools=$(if $(BR2_PACKAGE_STRONGSWAN_TOOLS),yes,no)                  \
-	--enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)
+	--enable-pki=$(if $(BR2_PACKAGE_STRONGSWAN_PKI),yes,no)                      \
+	--enable-scepclient=$(if $(BR2_PACKAGE_STRONGSWAN_SCEP),yes,no)              \
+	--enable-scripts=$(if $(BR2_PACKAGE_STRONGSWAN_SCRIPTS),yes,no)              \
+	--enable-vici=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)                    \
+	--enable-swanctl=$(if $(BR2_PACKAGE_STRONGSWAN_VICI),yes,no)
 
 ifeq ($(BR2_PACKAGE_STRONGSWAN_EAP),y)
 STRONGSWAN_CONF_OPTS +=               \
-- 
2.0.5

