3 files changed, 33 insertions, 94 deletions
diff --git a/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
new file mode 100644
index 0000000000..e730fe1cd0
--- /dev/null
+++ b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
@@ -0,0 +1,31 @@
+From d23c0ea81e630af3cfda89aeeb52146c0c84c960 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 2 May 2022 09:31:49 +0200
+Subject: [PATCH] enum: Fix compiler warning
+Closes strongswan/strongswan#1025
+Upstream-Status: Backport
+[https://github.com/strongswan/strongswan/commit/d23c0ea81e630af3cfda89aeeb52146c0c84c960]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/libstrongswan/utils/enum.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c
+index 79da450f0c..1e77489f6f 100644
+--- a/src/libstrongswan/utils/enum.c
+++ b/src/libstrongswan/utils/enum.c
+@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *e, u_int val, char *buf, size_t len)
+                return buf;
+        }
+ 
+-       if (snprintf(buf, len, e->names[0]) >= len)
+       if (snprintf(buf, len, "%s", e->names[0]) >= len)
+        {
+                return NULL;
+        }
+-- 
+2.25.1
diff --git a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
deleted file mode 100644
index 7da48cd2cf..0000000000
--- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Wed, 23 Feb 2022 17:29:02 +0100
-Subject: [PATCH] openssl: Don't unload providers
-There is a conflict between atexit() handlers registered by OpenSSL and
-some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
-Because plugins are usually loaded after atexit() has been called, the
-handler registered by OpenSSL will run before our handler.  So when the
-latter destroys the plugins it's a bad idea to try to access any OpenSSL
-objects as they might already be invalid.
-Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
-Closes strongswan/strongswan#921
-Upstream-Status: Backport
-[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- .../plugins/openssl/openssl_plugin.c          | 27 +++----------------
- 1 file changed, 3 insertions(+), 24 deletions(-)
-diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-index 6b4923649..1491d5cf8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
-@@ -16,7 +16,6 @@
- 
- #include <library.h>
- #include <utils/debug.h>
-#include <collections/array.h>
- #include <threading/thread.h>
- #include <threading/mutex.h>
- #include <threading/thread_value.h>
-@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
-         * public functions
-         */
-        openssl_plugin_t public;
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-       /**
-        * Loaded providers
-        */
-       array_t *providers;
-#endif
- };
- 
- /**
-@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
- METHOD(plugin_t, destroy, void,
-        private_openssl_plugin_t *this)
- {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-       OSSL_PROVIDER *provider;
-       while (array_remove(this->providers, ARRAY_TAIL, &provider))
-       {
-               OSSL_PROVIDER_unload(provider);
-       }
-       array_destroy(this->providers);
-#endif /* OPENSSL_VERSION_NUMBER */
-
- /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
-  * can't call it as we couldn't re-initialize the library (as required by the
-  * unit tests and the Android app) */
-@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
-                        DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
-                        return NULL;
-                }
-               array_insert_create(&this->providers, ARRAY_TAIL, fips);
-                /* explicitly load the base provider containing encoding functions */
-               array_insert_create(&this->providers, ARRAY_TAIL,
-                                                       OSSL_PROVIDER_load(NULL, "base"));
-+               OSSL_PROVIDER_load(NULL, "base");
-        }
-        else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
-                                                                         TRUE, lib->ns))
-        {
-                /* load the legacy provider for algorithms like MD4, DES, BF etc. */
-               array_insert_create(&this->providers, ARRAY_TAIL,
-                                                       OSSL_PROVIDER_load(NULL, "legacy"));
-+               OSSL_PROVIDER_load(NULL, "legacy");
-                /* explicitly load the default provider, as mentioned by crypto(7) */
-               array_insert_create(&this->providers, ARRAY_TAIL,
-                                                       OSSL_PROVIDER_load(NULL, "default"));
-+               OSSL_PROVIDER_load(NULL, "default");
-        }
-        ossl_provider_names_t data = {};
-        OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
-- 
-2.25.1
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
index cfb7b41fa4..1b82dceac2 100644
--- a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
@@ -9,10 +9,10 @@ DEPENDS = "flex-native flex bison-native"
 DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '  tpm2-tss', '', d)}"
 SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
-           file://0001-openssl-Don-t-unload-providers.patch \
+           file://0001-enum-Fix-compiler-warning.patch \
           "
-SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"
+SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
 UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"

diff --git a/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch new file mode 100644 index 0000000000..e730fe1cd0 --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
@@ -0,0 +1,31 @@
		1	From d23c0ea81e630af3cfda89aeeb52146c0c84c960 Mon Sep 17 00:00:00 2001
		2	From: Tobias Brunner <tobias@strongswan.org>
		3	Date: Mon, 2 May 2022 09:31:49 +0200
		4	Subject: [PATCH] enum: Fix compiler warning
		5
		6	Closes strongswan/strongswan#1025
		7
		8	Upstream-Status: Backport
		9	[https://github.com/strongswan/strongswan/commit/d23c0ea81e630af3cfda89aeeb52146c0c84c960]
		10
		11	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		12	---
		13	src/libstrongswan/utils/enum.c \| 2 +-
		14	1 file changed, 1 insertion(+), 1 deletion(-)
		15
		16	diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c
		17	index 79da450f0c..1e77489f6f 100644
		18	--- a/src/libstrongswan/utils/enum.c
		19	+++ b/src/libstrongswan/utils/enum.c
		20	@@ -97,7 +97,7 @@ char enum_flags_to_string(enum_name_t e, u_int val, char *buf, size_t len)
		21	return buf;
		22	}
		23
		24	- if (snprintf(buf, len, e->names[0]) >= len)
		25	+ if (snprintf(buf, len, "%s", e->names[0]) >= len)
		26	{
		27	return NULL;
		28	}
		29	--
		30	2.25.1
		31


diff --git a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch deleted file mode 100644 index 7da48cd2cf..0000000000 --- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch +++ /dev/null
@@ -1,92 +0,0 @@
1	From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
2	From: Tobias Brunner <tobias@strongswan.org>
3	Date: Wed, 23 Feb 2022 17:29:02 +0100
4	Subject: [PATCH] openssl: Don't unload providers
5
6	There is a conflict between atexit() handlers registered by OpenSSL and
7	some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
8	Because plugins are usually loaded after atexit() has been called, the
9	handler registered by OpenSSL will run before our handler. So when the
10	latter destroys the plugins it's a bad idea to try to access any OpenSSL
11	objects as they might already be invalid.
12
13	Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
14	Closes strongswan/strongswan#921
15
16	Upstream-Status: Backport
17	[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
18
19	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
20	---
21	.../plugins/openssl/openssl_plugin.c \| 27 +++----------------
22	1 file changed, 3 insertions(+), 24 deletions(-)
23
24	diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
25	index 6b4923649..1491d5cf8 100644
26	--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
27	+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
28	@@ -16,7 +16,6 @@
29
30	#include <library.h>
31	#include <utils/debug.h>
32	-#include <collections/array.h>
33	#include <threading/thread.h>
34	#include <threading/mutex.h>
35	#include <threading/thread_value.h>
36	@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
37	* public functions
38	*/
39	openssl_plugin_t public;
40	-
41	-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
42	- /**
43	- * Loaded providers
44	- */
45	- array_t *providers;
46	-#endif
47	};
48
49	/**
50	@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
51	METHOD(plugin_t, destroy, void,
52	private_openssl_plugin_t *this)
53	{
54	-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
55	- OSSL_PROVIDER *provider;
56	- while (array_remove(this->providers, ARRAY_TAIL, &provider))
57	- {
58	- OSSL_PROVIDER_unload(provider);
59	- }
60	- array_destroy(this->providers);
61	-#endif /* OPENSSL_VERSION_NUMBER */
62	-
63	/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
64	* can't call it as we couldn't re-initialize the library (as required by the
65	* unit tests and the Android app) */
66	@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
67	DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
68	return NULL;
69	}
70	- array_insert_create(&this->providers, ARRAY_TAIL, fips);
71	/* explicitly load the base provider containing encoding functions */
72	- array_insert_create(&this->providers, ARRAY_TAIL,
73	- OSSL_PROVIDER_load(NULL, "base"));
74	+ OSSL_PROVIDER_load(NULL, "base");
75	}
76	else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
77	TRUE, lib->ns))
78	{
79	/* load the legacy provider for algorithms like MD4, DES, BF etc. */
80	- array_insert_create(&this->providers, ARRAY_TAIL,
81	- OSSL_PROVIDER_load(NULL, "legacy"));
82	+ OSSL_PROVIDER_load(NULL, "legacy");
83	/* explicitly load the default provider, as mentioned by crypto(7) */
84	- array_insert_create(&this->providers, ARRAY_TAIL,
85	- OSSL_PROVIDER_load(NULL, "default"));
86	+ OSSL_PROVIDER_load(NULL, "default");
87	}
88	ossl_provider_names_t data = {};
89	OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
90	--
91	2.25.1
92


diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb index cfb7b41fa4..1b82dceac2 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
@@ -9,10 +9,10 @@ DEPENDS = "flex-native flex bison-native"
9	DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}"	9	DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}"
10		10
11	SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \	11	SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
12	file://0001-openssl-Don-t-unload-providers.patch \	12	file://0001-enum-Fix-compiler-warning.patch \
13	"	13	"
14		14
15	SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"	15	SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
16		16
17	UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"	17	UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"
18		18