[ptxdist] [PATCH] strongswan: update to 5.0.4
The security bug fixed in 5.0.4 affected only the openssl plugin, which is disabled in this package. --- rules/strongswan.make | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/rules/strongswan.make b/rules/strongswan.make index 31b7221..6401832 100644 --- a/rules/strongswan.make +++ b/rules/strongswan.make @@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_STRONGSWAN) += strongswan # # Paths and names # -STRONGSWAN_VERSION := 5.0.2 -STRONGSWAN_MD5 := 77dc16443fd141f46183d3a4f60986ef +STRONGSWAN_VERSION := 5.0.4 +STRONGSWAN_MD5 := 0ab0397b44b197febfd0f89148344035 STRONGSWAN := strongswan-$(STRONGSWAN_VERSION) STRONGSWAN_SUFFIX := tar.bz2 STRONGSWAN_URL := http://download.strongswan.org/$(STRONGSWAN).$(STRONGSWAN_SUFFIX) @@ -34,6 +34,7 @@ STRONGSWAN_CONF_TOOL := autoconf STRONGSWAN_CONF_OPT:= \ $(CROSS_AUTOCONF_USR) \ --$(call ptx/endis, PTXCONF_STRONGSWAN_LIBCURL)-curl \ + --disable-unbound \ --disable-soup \ --disable-ldap \ --enable-aes \ @@ -57,6 +58,7 @@ STRONGSWAN_CONF_OPT := \ --enable-pkcs8 \ --enable-pgp \ --enable-dnskey \ + --disable-ipseckey \ --enable-pem \ --enable-hmac \ --enable-cmac \ @@ -95,6 +97,7 @@ STRONGSWAN_CONF_OPT := \ --enable-xauth-generic \ --disable-xauth-eap \ --disable-xauth-pam \ + --disable-xauth-noauth \ --disable-tnc-ifmap \ --disable-tnc-pdp \ --disable-tnc-imc \ @@ -146,7 +149,7 @@ STRONGSWAN_CONF_OPT := \ --disable-addrblock \ --disable-unity \ --disable-uci \ - --disable-android \ + --disable-android-dns \ --disable-android-log \ --disable-maemo \ --disable-nm \ @@ -155,6 +158,7 @@ STRONGSWAN_CONF_OPT := \ --disable-lookip \ --disable-error-notify \ --disable-certexpire \ + --disable-systime-fix \ --disable-led \ --disable-duplicheck \ --disable-coupling \ @@ -162,6 +166,9 @@ STRONGSWAN_CONF_OPT := \ --disable-vstr \ --disable-monolithic \ --disable-bfd-backtraces \ + --disable-unit-tests \ + --disable-tkm \ + --disable-defaults \ --enable-dependency-tracking \ --enable-shared \ --disable-static \ -- 1.7.10.4 -- ptxdist mailing list ptxdist@pengutronix.de
[ptxdist] [PATCH] libkmod: avoid calling syscall() with -1
This fixes an illegal instruction error on qemu ARM. Signed-off-by: Jan Luebbe j...@pengutronix.de --- ...0001-libkmod-Avoid-calling-syscall-with-1.patch | 32 patches/kmod-13/series |4 +++ 2 files changed, 36 insertions(+) create mode 100644 patches/kmod-13/0001-libkmod-Avoid-calling-syscall-with-1.patch create mode 100644 patches/kmod-13/series diff --git a/patches/kmod-13/0001-libkmod-Avoid-calling-syscall-with-1.patch b/patches/kmod-13/0001-libkmod-Avoid-calling-syscall-with-1.patch new file mode 100644 index 000..bfeaf34 --- /dev/null +++ b/patches/kmod-13/0001-libkmod-Avoid-calling-syscall-with-1.patch @@ -0,0 +1,32 @@ +From: Jan Luebbe j...@pengutronix.de +Date: Thu, 2 May 2013 16:40:22 +0200 +Subject: [PATCH] libkmod: Avoid calling syscall() with -1 + +At least in qemu 1.4.1 for vexpress/arm-cortexa9, this resulted in an +illegal instruction error. Solve that by returning an error when +__NR_finit_module is -1. +--- + libkmod/missing.h |9 - + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/libkmod/missing.h b/libkmod/missing.h +index edb88b9..ac24a35 100644 +--- a/libkmod/missing.h b/libkmod/missing.h +@@ -20,8 +20,15 @@ + #endif + + #ifndef HAVE_FINIT_MODULE ++#include errno.h ++ + static inline int finit_module(int fd, const char *uargs, int flags) + { +- return syscall(__NR_finit_module, fd, uargs, flags); ++ if (__NR_finit_module == -1) { ++ errno = ENOSYS; ++ return -1; ++ } else { ++ return syscall(__NR_finit_module, fd, uargs, flags); ++ } + } + #endif diff --git a/patches/kmod-13/series b/patches/kmod-13/series new file mode 100644 index 000..8f9a8ac --- /dev/null +++ b/patches/kmod-13/series @@ -0,0 +1,4 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +0001-libkmod-Avoid-calling-syscall-with-1.patch +# 663dcc1cd4b4be9a3934dab348129c99 - git-ptx-patches magic -- 1.7.10.4 -- ptxdist mailing list ptxdist@pengutronix.de
Re: [ptxdist] [PATCH] libkmod: avoid calling syscall() with -1
On Thu, May 02, 2013 at 04:54:30PM +0200, Jan Luebbe wrote: This fixes an illegal instruction error on qemu ARM. Please do not apply this yet, there is still some discussion going on upstream: http://bugs.funtoo.org/browse/FL-534 http://thread.gmane.org/gmane.linux.kernel.modules/1061 Jan -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0| Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917- | -- ptxdist mailing list ptxdist@pengutronix.de
[ptxdist] [PATCH] libkmod: avoid calling syscall() with -1
This fixes an illegal instruction error on qemu ARM. Signed-off-by: Jan Luebbe j...@pengutronix.de --- It seems this patch has been applied upstream: http://thread.gmane.org/gmane.linux.kernel.modules/1061/focus=1064 ...ssing-Don-t-call-syscall-with-syscallno-1.patch | 40 patches/kmod-13/series |4 ++ 2 files changed, 44 insertions(+) create mode 100644 patches/kmod-13/0001-missing-Don-t-call-syscall-with-syscallno-1.patch create mode 100644 patches/kmod-13/series diff --git a/patches/kmod-13/0001-missing-Don-t-call-syscall-with-syscallno-1.patch b/patches/kmod-13/0001-missing-Don-t-call-syscall-with-syscallno-1.patch new file mode 100644 index 000..a385d63 --- /dev/null +++ b/patches/kmod-13/0001-missing-Don-t-call-syscall-with-syscallno-1.patch @@ -0,0 +1,40 @@ +From: Lucas De Marchi lucas.de.mar...@gmail.com +Date: Thu, 2 May 2013 13:22:57 -0300 +Subject: [PATCH] missing: Don't call syscall() with syscallno == -1 + +Reported-by: Jean-Francis Roy jeanfran...@funtoo.org +Reported-by: Jan Luebbe j...@pengutronix.de +--- + libkmod/missing.h | 10 ++ + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libkmod/missing.h b/libkmod/missing.h +index edb88b9..b31af84 100644 +--- a/libkmod/missing.h b/libkmod/missing.h +@@ -1,5 +1,6 @@ + #pragma once + ++#include errno.h + #include unistd.h + #include sys/syscall.h + +@@ -15,13 +16,14 @@ + # define MODULE_INIT_IGNORE_VERMAGIC 2 + #endif + +-#ifndef __NR_finit_module +-# define __NR_finit_module -1 +-#endif +- + #ifndef HAVE_FINIT_MODULE + static inline int finit_module(int fd, const char *uargs, int flags) + { ++#ifndef __NR_finit_module ++ errno = ENOSYS; ++ return -1; ++#else + return syscall(__NR_finit_module, fd, uargs, flags); ++#endif + } + #endif diff --git a/patches/kmod-13/series b/patches/kmod-13/series new file mode 100644 index 000..3fc301f --- /dev/null +++ b/patches/kmod-13/series @@ -0,0 +1,4 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +0001-missing-Don-t-call-syscall-with-syscallno-1.patch +# 0b7413dd7632441bc24225859a7d1866 - git-ptx-patches magic -- 1.7.10.4 -- ptxdist mailing list ptxdist@pengutronix.de