summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/strongswan
Commit message (Collapse)AuthorAgeFilesLines
* strongswan: upgrade 6.0.1 -> 6.0.2Wang Mingyu7 days4-240/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 0001-pki-Fix-signature-of-help-to-match-that-of-a-callbac.patch 0002-callback-job-Replace-return_false-in-constructors-wi.patch 0003-Cast-uses-of-return_-nop-and-enumerator_create_empty.patch removed since they're included in 6.0.2 Changelog: ============= - Support for per-CPU SAs (RFC 9611) has been added (Linux 6.13+). - Basic support for AGGFRAG mode (RFC 9347) has been added (Linux 6.14+). - POSIX regular expressions can be used to match remote identities. - Switching configs based on EAP-Identities is supported. Setting 'remote.eap_id' now always initiates an EAP-Identity exchange. - On Linux, sequence numbers from acquires are used when installing SAs. This allows handling narrowing properly. - During rekeying, the narrowed traffic selectors are now proposed instead of the configured ones. - The default AH/ESP proposals contain all supported key exchange methods plus 'none' to make PFS optional and accept proposals of older peers. - GRO for ESP in enabled for NAT-T UDP sockets, which can improve performance if the esp4|6_offload modules are loaded. - charon-nm sets the VPN connection as persistent, preventing NetworkManager from tearing down the connection if the network connectivity changes. - ML-KEM is supported via OpenSSL 3.5+. - The wolfssl plugin is now compatible to wolfSSL's FIPS module. - The libsoup plugin has been migrated to libsoup 3, libsoup 2 is not supported anymore. - The long defunct uci plugin has been removed. - Log messages by watcher_t are now logged in a separate log group ('wch'). Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: fix error with gcc-15mark.yang2025-04-194-2/+239
| | | | | | | | | | | | | * Backport 3 Patch: - 0001-pki-Fix-signature-of-help-to-match-that-of-a-callbac.patch - 0002-callback-job-Replace-return_false-in-constructors-wi.patch - 0003-Cast-uses-of-return_-nop-and-enumerator_create_empty.patch * To fix the error with gcc-15. - See more details: http://errors.yoctoproject.org/Errors/Details/851801 Signed-off-by: mark.yang <mark.yang@lge.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 6.0.0 -> 6.0.1Yi Zhao2025-03-211-1/+1
| | | | | | | | ChangeLog: https://github.com/strongswan/strongswan/releases/tag/6.0.1 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.14 -> 6.0.0Yi Zhao2024-12-261-13/+11
| | | | | | | | | | | | | | ChangeLog: https://github.com/strongswan/strongswan/releases/tag/6.0.0 The aes, curve25519, des, fips-prf, gmp, hmac, md5, pkcs12, rc2, sha1, sha2 plugins are not enabled by default[1]. Remove these plugins from RDEPENDS and add PACKAGECONFIG for them. [1] https://github.com/strongswan/strongswan/blob/6.0.0/NEWS#L38 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.13 -> 5.9.14Yi Zhao2024-03-261-1/+1
| | | | | | | | ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.14 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.12 -> 5.9.13Wang Mingyu2023-12-181-1/+1
| | | | | | | | | | | Changelog: - Fixes a regression with handling OCSP error responses and adds a new option to specify the length of nonces in OCSP requests. Also adds some other improvements for OCSP handling and fuzzers for OCSP requests/responses. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.11 -> 5.9.12Wang Mingyu2023-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - Fixed a vulnerability in charon-tkm related to processing DH public values that can lead to a buffer overflow and potentially remote code execution. - The new `pki --ocsp` command produces OCSP responses based on certificate status information provided by plugins. - The cert-enroll script handles the initial enrollment of an X.509 host certificate with a PKI server via the EST or SCEP protocols. - The --priv argument for charon-cmd allows using any type of private key. - Support for nameConstraints of type iPAddress has been added (the openssl plugin previously didn't support nameConstraints at all). - SANs of type uniformResourceIdentifier can now be encoded in certificates. - Password-less PKCS#12 and PKCS#8 files are supported. - A new global option allows preventing peers from authenticating with trusted end-entity certificates (i.e. local certificates). - ECDSA public keys that encode curve parameters explicitly are now rejected by all plugins that support ECDSA. - charon-nm now actually uses the XFRM interfaces added with 5.9.10, it can also use the name in connection.interface-name. - The resolve plugin tries to maintain the order of installed DNS servers. - The kernel-libipsec plugin always installs routes even if no address is found in the local traffic selectors. - Increased the default receive buffer size for Netlink sockets to 8 MiB and simplified its configuration. - Copy the issuer's subjectKeyIdentifier as authorityKeyIdentifier instead of always generating a hash of the subjectPublicKey. - Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors. - Fixed a possible infinite loop issue in watcher_t and removed WATCHER_EXCEPT, instead callbacks are always invoked even if only errors are signaled. - Fixed a regression in the IKE_SA_INIT tracking code added with 5.9.6 when handling invalid messages. - Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs. - Correctly encode SPI from REKEY_SA notify in CHILD_SA_NOT_FOUND notify if CHILD_SA is not found during rekeying. - The testing environment is now based on Debian 12 (bookworm), by default. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.10 -> 5.9.11Wang Mingyu2023-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== - A deadlock in the vici plugin has been fixed that could get triggered when multiple connections were initiated/terminated concurrently and control-log events were raised by the watcher_t component. - CRLs have to be signed by a certificate that has the cRLSign keyUsage bit encoded (even if it's a CA), or a CA certificate without keyUsage extension. - Optional CA labels in EST server URIs are supported by `pki --est/estca`. - CMS-style signatures in PKCS#7 containers are supported by the pkcs7 and openssl plugins, which allows verifying RSA-PSS and ECDSA signatures. - Fixed a regression in the server implementation of EAP-TLS with TLS 1.2 or earlier that was introduced with 5.9.10. - Ensure the TLS handshake is complete in the EAP-TLS client with TLS <= 1.2. - kernel-libipsec can process raw ESP packets on Linux (disabled by default) and gained support for trap policies. - The dhcp plugin uses an alternate method to determine the source address for unicast DHCP requests that's not affected by interface filtering. - Certificate and trust chain selection as initiator has been improved in case the local trust chain is incomplete and an unrelated certreq is received. - ECDSA and EdDSA keys in IPSECKEY RRs are supported by the ipseckey plugin. - To bypass tunnel mode SAs/policies, the kernel-wfp plugin installs bypass policies also on the FWPM_SUBLAYER_IPSEC_TUNNEL sublayer. - Stale OCSP responses are now replace in-place in the certificate cache. - Fixed parsing of SCEP server capabilities by `pki --scep/scepca`. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add PACKAGECONFIG for the NetworkManager modulePetr Gotthard2023-05-111-0/+5
| | | | | | | | Disabled by default. When enabled, a package 'strongswan-nm' gets created. The package naming follows Debian/Ubuntu. Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: 5.9.9 -> 5.9.10Yi Zhao2023-03-061-3/+3
| | | | | | | | Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.10 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.8 -> 5.9.9Yi Zhao2023-01-111-1/+1
| | | | | | | | Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.9 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.7 -> 5.9.8Yi Zhao2022-10-081-2/+2
| | | | | | | | | | | | ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8 * Drop PACKAGECONFIG[scep] as scepclient has been removed. * Add plugin-gcm to RDEPENDS as gcm plugin has been added to the default plugins. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.6 -> 5.9.7Yi Zhao2022-08-062-33/+5
| | | | | | | | | | | | | | | ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.7 * Drop backport patch 0001-enum-Fix-compiler-warning.patch. * Update RDEPENDS to fix strongswan startup failures: plugin 'mgf1': failed to load - mgf1_plugin_create not found and no plugin file available plugin 'fips-prf': failed to load - fips_prf_plugin_create not found and no plugin file available plugin 'kdf': failed to load - kdf_plugin_create not found and no plugin file available plugin 'drbg': failed to load - drbg_plugin_create not found and no plugin file available Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.5 -> 5.9.6Yi Zhao2022-07-023-94/+33
| | | | | | | | | | | | | * Drop backport patch 0001-openssl-Don-t-unload-providers.patch * Backport a patch to fix the build error: src/libstrongswan/utils/enum.c: In function 'enum_flags_to_string': src/libstrongswan/utils/enum.c:100:9: error: format not a string literal and no format arguments [-Werror=format-security] 100 | if (snprintf(buf, len, e->names[0]) >= len) | ^~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: 5.9.4 -> 5.9.5Yi Zhao2022-03-304-124/+94
| | | | | | | | | | | | | | | | | | | * Backport a patch to fix the segfault with swanctl: $ /usr/sbin/charon-systemd & $ /usr/sbin/swanctl --load-all --noprompt no files found matching '/etc/swanctl/conf.d/*.conf' no authorities found, 0 unloaded no pools found, 0 unloaded no connections found, 0 unloaded Segmentation fault * Drop fix-funtion-parameter.patch and 0001-memory.h-Include-stdint.h-for-uintptr_t.patch as the issues have been fixed upstream. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* recipes: Update LICENSE variable to use SPDX license identifiersKhem Raj2022-03-041-1/+1
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Fix DeprecationWarning about regexpsMartin Jansa2022-02-211-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | * fixes: meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:125: DeprecationWarning: invalid escape sequence \. meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:126: DeprecationWarning: invalid escape sequence \. meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:128: DeprecationWarning: invalid escape sequence \. meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:129: DeprecationWarning: invalid escape sequence \. meta-oe/meta-networking/recipes-support/strongswan/strongswan_5.9.4.bb:130: DeprecationWarning: invalid escape sequence \. meta-oe/meta-oe/recipes-graphics/ttf-fonts/ttf-mplus_027.bb:18: DeprecationWarning: invalid escape sequence \. meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio-paranoia_10.2+2.0.1.bb:21: DeprecationWarning: invalid escape sequence \. meta-oe/meta-oe/recipes-multimedia/libcdio/libcdio_2.1.0.bb:28: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1342: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \- oe-core/meta/classes/package.bbclass:1343: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1344: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1345: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1348: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1350: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1353: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1355: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1358: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1360: DeprecationWarning: invalid escape sequence \. oe-core/meta/classes/package.bbclass:1365: DeprecationWarning: invalid escape sequence \. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: remove redundant DEPENDSArmin Kuster2021-12-271-1/+1
| | | | | | | drop openssl and gmp from DEPENDS, covered in PACKAGECONFIG Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add integrity optionsArmin Kuster2021-12-271-0/+36
| | | | | Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add tpm PACKAGECONFIGArmin Kuster2021-12-271-0/+5
| | | | | | | migrate meta-tpm strongswan tweaks to meta-networking Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: provide PACKAGECONFIG for cureve25519Armin Kuster2021-12-271-2/+2
| | | | | | | | Not everyone wants this to be installed by default. Enable to remove cureve25519 is someone wants to. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add required kernel modules to RRECOMMENDSYi Zhao2021-11-111-1/+4
| | | | | | | | | | Strongswan failed to startup because there is no kernel module named ipsec. Add basic kernel modules required by strongswan per [1]. [1] https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules, Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.3 -> 5.9.4Yi Zhao2021-10-191-2/+2
| | | | | | | | Add openssl PACKAGECONFIG back as the openssl 3.0 compatibility issue has been fixed. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: disable openssl PACKAGECONFIGAlexander Kanavin2021-10-141-1/+1
| | | | | | | Until upstream addresses openssl 3.x compatibility issues. Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* Convert to new override syntaxMartin Jansa2021-08-031-20/+20
| | | | | | | | | | This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* strongswan: upgrade 5.9.2 -> 5.9.3zangrc2021-07-131-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | - Added AES_ECB, SHA-3 and SHAKE-256 support to wolfssl plugin. - Added AES_CCM and SHA-3 signature support to openssl plugin. - The x509 and openssl plugins now consider the authorityKeyIdentifier, if available, before verifying signatures, which avoids unnecessary signature verifications after a CA key rollover if both certificates are loaded. - The pkcs11 plugin better handles optional attributes like CKA_TRUSTED, which previously depended on a version check. - charon-nm now supports using SANs as client identities, not only full DNs. - charon-tkm now handles IKE encryption. - A MOBIKE update is sent again if a a change in the NAT mappings is detected but the endpoints stay the same. - Converted most of the test case scenarios to the vici interface Signed-off-by: Zang Ruochen <zangrc.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: Make PACKAGECONFIG a default valueJoe Hershberger2021-04-171-1/+1
| | | | | | | | Change from a weak default to a default in the definition of the PACKAGECONFIG. In https://github.com/flihp/meta-measured/blob/master/networking-layer/recipes-support/strongswan/strongswan_5.%25.bbappend the PACKAGECONFIG is appended to, so if the definition is weak here, the variable will be empty when the bbappend attempts to add to it. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.9.1 -> 5.9.2zangrc2021-03-041-2/+2
| | | | | Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.8.4 -> 5.9.1zangrc2020-11-232-37/+2
| | | | | | | | 0001-Remove-obsolete-setting-regarding-the-Standard-Outpu.patch Removed since this is included in 5.9.1 Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: remove ldap from default PACKAGECONFIGNick Rosbrook2020-11-101-1/+0
| | | | | | | Since ldap is not a standard DISTRO_FEATURE, leave it disabled by default. Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: do not use deprecated stroke and starter by defaultNick Rosbrook2020-11-101-2/+10
| | | | | | | | | | | | | | | | The swanctl and vici configuration of strongswan is preferred, as the stroke plugin used with starter is deprecated. As a reasonable default, add swanctl to PACKAGECONFIG by default, and remove stroke. When systemd is in DISTRO_FEATURES, add systemd-charon to PACKAGECONFIG, and add charon when systemd is not in DISTRO_FEATURES. While here, make sure strongswan-starter.service is only installed when charon is enabled. The current unconditional installation of strongswan-starter.service can break systems which install strongswan.service for use with swanctl. Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add some PACKAGECONFIG options for EAPNick Rosbrook2020-11-061-0/+2
| | | | | | | Add options for eap-identity and eap-mschapv2 plugins. Signed-off-by: Nick Rosbrook <rosbrookn@ainfosec.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: Remove obsolete setting regarding the Standard OutputMingli Yu2020-09-232-0/+35
| | | | | | | | | | | | The Standard output type "syslog" is obsolete, causing a warning since systemd version 246 [1]. Please consider using "journal" or "journal+console" [1] https://github.com/systemd/systemd/blob/master/NEWS#L202 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.8.2 -> 5.8.4Wang Mingyu2020-03-311-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.8.1 -> 5.8.2Wang Mingyu2020-01-031-2/+2
| | | | | Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add a PACKAGECONFIG for libbfd stack tracesCallaghan, Dan2019-10-171-0/+1
| | | | | | | | | | | | | | | | | | Strongswan installs a signal handler for SIGSEGV, SIGILL, and SIGBUS which attempts to print a stack trace of the crash. For producing line numbers in the stack trace, it can use libbfd from binutils, or libunwind, or else it falls back to a slower method using /usr/bin/addr2line. Currently the addr2line method is unlikely to actually work, since there is no RDEPENDS to pull that command into the image. This patch adds a PACKAGECONFIG to enable the libbfd-based stack traces, which is likely the best alternative since binutils is already required for building everything, and it will be faster than the addr2line method (which requires addr2line and libbfd anyway). Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: install dev headersCallaghan, Dan2019-10-041-1/+2
| | | | | | | | These are needed for other packages which want to link against libstrongswan or other libraries included with Strongswan. By default, no headers are installed. Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: Fix do_patch fuzzKhem Raj2019-09-071-5/+3
| | | | | | | | | | | | Refresh the patch to apply cleanly Fixes Applying patch 0001-memory.h-Include-stdint.h-for-uintptr_t.patch patching file src/libstrongswan/utils/utils/memory.h Hunk #1 succeeded at 26 with fuzz 2 (offset 4 lines). Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.8.0 -> 5.8.1Yuan Chao2019-09-021-2/+2
| | | | | Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.7.1 -> 5.8.0Yi Zhao2019-06-251-5/+4
| | | | | | | | Rename systemd service units since it uses strongswan-starter.service for the legacy unit and strongswan.service for the modern one. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* meta-networking: remove True option to getVar calls (again)André Draszik2019-01-131-3/+3
| | | | | | | | | | | | | | A couple have still been missed in the past despite multiple attempts at doing so (or simply have re-appeared?). Search & replace made using the following command: sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \ -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \ | cut -d':' -f1 \ | sort -u) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade to 5.7.1Qi.Chen@windriver.com2018-10-161-2/+2
| | | | | Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: upgrade 5.6.2 -> 5.6.3Yi Zhao2018-07-032-3/+3
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: add UPSTREAM_CHECK_REGEXYi Zhao2018-05-301-0/+2
| | | | | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* strongswan: refresh patchesArmin Kuster2018-04-132-20/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | WARNING: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c Hunk #1 succeeded at 192 (offset 50 lines). Hunk #2 succeeded at 255 with fuzz 1 (offset 58 lines). checking file src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h Hunk #1 succeeded at 43 (offset -1 lines). checking file src/libstrongswan/plugins/openssl/openssl_plugin.c Hunk #1 succeeded at 609 (offset 221 lines). Signed-off-by: Armin Kuster <akuster808@gmail.com>
* strongswan: 5.5.3 -> 5.6.2Huang Qiyu2018-04-092-5/+5
| | | | | | | | 1.Upgrade strongswan from 5.5.3 to 5.6.2. 2.Modify fix-funtion-parameter.patch, since the data has been changed. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: add ${PN}-plugin-curve25519 to RDEPENDSMingli Yu2018-02-051-0/+1
| | | | | | | | | | | | | | | | * The default DH group curve25519 depends on an optional plugin ${PN}-plugin-curve25519, add it to RDEPENDS to avoid below error: root@test:~# ipsec up host-lan initiating IKE_SA host-lan[1] to 192.168.7.2 configured DH group CURVE_25519 not supported tried to checkin and delete nonexisting IKE_SA establishing connection 'host-lan' failed Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: Include stdint.h for uintptr_tKhem Raj2017-09-082-2/+29
| | | | | | Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: 5.5.1 -> 5.5.3fan.xin2017-06-281-2/+2
| | | | | | Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* strongswan: Split pluginsDavid Vincent2017-04-271-13/+88
| | | | | | | | | | | | | | | | | strongSwan offers a plugin mechanism therefore it should not be mandatory to install all of them when installing the package. Each plugin is now a self-contained package with the library and its configuration. To remain compatible with the current configuration, a default set of plugins has been selected as RDEPENDS of the main package. This default list is based on the default strongSwan list minus some plugins enabled via PACKAGECONFIG (see https://wiki.strongswan.org/projects/strongswan/PluginList). Signed-off-by: David Vincent <freesilicon@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-23 10:00:32 +0000