[meta-networking][PATCH] strongswan: upgrade 5.9.5 -> 5.9.6
|
Yi Zhao
* Drop backport patch 0001-openssl-Don-t-unload-providers.patch
* Backport a patch to fix the build error: src/libstrongswan/utils/enum.c: In function 'enum_flags_to_string': src/libstrongswan/utils/enum.c:100:9: error: format not a string literal and no format arguments [-Werror=format-security] 100 | if (snprintf(buf, len, e->names[0]) >= len) | ^~ Signed-off-by: Yi Zhao <yi.zhao@...> --- .../0001-enum-Fix-compiler-warning.patch | 31 +++++++ .../0001-openssl-Don-t-unload-providers.patch | 92 ------------------- ...trongswan_5.9.5.bb => strongswan_5.9.6.bb} | 4 +- 3 files changed, 33 insertions(+), 94 deletions(-) create mode 100644 meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch delete mode 100644 meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch rename meta-networking/recipes-support/strongswan/{strongswan_5.9.5.bb => strongswan_5.9.6.bb} (98%) diff --git a/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch new file mode 100644 index 000000000..e730fe1cd --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch @@ -0,0 +1,31 @@ +From d23c0ea81e630af3cfda89aeeb52146c0c84c960 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@...> +Date: Mon, 2 May 2022 09:31:49 +0200 +Subject: [PATCH] enum: Fix compiler warning + +Closes strongswan/strongswan#1025 + +Upstream-Status: Backport +[https://github.com/strongswan/strongswan/commit/d23c0ea81e630af3cfda89aeeb52146c0c84c960] + +Signed-off-by: Yi Zhao <yi.zhao@...> +--- + src/libstrongswan/utils/enum.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c +index 79da450f0c..1e77489f6f 100644 +--- a/src/libstrongswan/utils/enum.c ++++ b/src/libstrongswan/utils/enum.c +@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *e, u_int val, char *buf, size_t len) + return buf; + } + +- if (snprintf(buf, len, e->names[0]) >= len) ++ if (snprintf(buf, len, "%s", e->names[0]) >= len) + { + return NULL; + } +-- +2.25.1 + diff --git a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch deleted file mode 100644 index 7da48cd2c..000000000 --- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@...> -Date: Wed, 23 Feb 2022 17:29:02 +0100 -Subject: [PATCH] openssl: Don't unload providers - -There is a conflict between atexit() handlers registered by OpenSSL and -some executables (e.g. swanctl or pki) to deinitialize libstrongswan. -Because plugins are usually loaded after atexit() has been called, the -handler registered by OpenSSL will run before our handler. So when the -latter destroys the plugins it's a bad idea to try to access any OpenSSL -objects as they might already be invalid. - -Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.") -Closes strongswan/strongswan#921 - -Upstream-Status: Backport -[https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524] - -Signed-off-by: Yi Zhao <yi.zhao@...> ---- - .../plugins/openssl/openssl_plugin.c | 27 +++---------------- - 1 file changed, 3 insertions(+), 24 deletions(-) - -diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c -index 6b4923649..1491d5cf8 100644 ---- a/src/libstrongswan/plugins/openssl/openssl_plugin.c -+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c -@@ -16,7 +16,6 @@ - - #include <library.h> - #include <utils/debug.h> --#include <collections/array.h> - #include <threading/thread.h> - #include <threading/mutex.h> - #include <threading/thread_value.h> -@@ -74,13 +73,6 @@ struct private_openssl_plugin_t { - * public functions - */ - openssl_plugin_t public; -- --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- /** -- * Loaded providers -- */ -- array_t *providers; --#endif - }; - - /** -@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int, - METHOD(plugin_t, destroy, void, - private_openssl_plugin_t *this) - { --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- OSSL_PROVIDER *provider; -- while (array_remove(this->providers, ARRAY_TAIL, &provider)) -- { -- OSSL_PROVIDER_unload(provider); -- } -- array_destroy(this->providers); --#endif /* OPENSSL_VERSION_NUMBER */ -- - /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we - * can't call it as we couldn't re-initialize the library (as required by the - * unit tests and the Android app) */ -@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create() - DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider"); - return NULL; - } -- array_insert_create(&this->providers, ARRAY_TAIL, fips); - /* explicitly load the base provider containing encoding functions */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "base")); -+ OSSL_PROVIDER_load(NULL, "base"); - } - else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy", - TRUE, lib->ns)) - { - /* load the legacy provider for algorithms like MD4, DES, BF etc. */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "legacy")); -+ OSSL_PROVIDER_load(NULL, "legacy"); - /* explicitly load the default provider, as mentioned by crypto(7) */ -- array_insert_create(&this->providers, ARRAY_TAIL, -- OSSL_PROVIDER_load(NULL, "default")); -+ OSSL_PROVIDER_load(NULL, "default"); - } - ossl_provider_names_t data = {}; - OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data); --- -2.25.1 - diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb similarity index 98% rename from meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb rename to meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb index cfb7b41fa..1b82dceac 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.5.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb @@ -9,10 +9,10 @@ DEPENDS = "flex-native flex bison-native" DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ - file://0001-openssl-Don-t-unload-providers.patch \ + file://0001-enum-Fix-compiler-warning.patch \ " -SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd" +SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" -- 2.25.1 |
|
|