| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Add libreswan UCI configuration and hotplug support
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
|
| |
|
|
|
|
| |
fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
| |
Fixes https://libreswan.org/security/CVE-2023-30570
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release Notes:
https://github.com/libreswan/libreswan/releases/tag/v4.10
Fixes: CVE-2023-23009
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
|
| |
See commit 07730ff3 "treewide: add support for "lto" in PKG_BUILD_FLAGS"
on the main repository.
Note: Some packages only added `-flto` to CFLAGS and not LDFLAGS. This
fixes it and properly enables LTO.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Libreswan will set DEFAULT_DNSSEC_ROOTKEY_FILE from the LINUX_VARIANT
variable, which is taken from the ID field in /etc/os-release. This
points to the host file, which is wrong.
Set both variables when calling make.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
libreswan makefile detects macos (darwin) and changes build logic
but OpenWrt is always Linux so it is required to specify linux as
target platfrom
This patch specifies Linux as a target platfrom
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
| |
|
|
|
|
| |
this update also fixes a CVE
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
| |
ipsec needs xfrmi support
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
| |
Support for kernel 4.14 has been dropped in main repo, so remove it
here as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
|
|
| |
The two unique packages "Unbound light" and "Unbound heavy"
were not working well due to the fact that Unbound is mostly
its library. Tools and helpers would crash. Instead a reasonable
default Unbound is built. Also up select options like python
are added. libevent and libpthreads are options to down select.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
|
| |
|
|
|
|
|
|
| |
start if kernel has missing ipv6 support
add libcap-ng support
fix some errors displayed on syslog
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
| |
also add -flto to compiler flags
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
According to a comment in programs/pluto/kernel_xfrm_interface.c:177:
* IFLA_XFRM_IF_ID was added to mainline kernel 4.19 linux/if_link.h
with older kernel headers 'make USE_XFRM_INTERFACE_IFLA_HEADER=true'
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
| |
Added missing limits header. This is normally included in fortify-headers,
which I have disabled locally.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
| |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
usleep is optionally unavailable with uClibc-ng.
Added PKG_LICENSE_FILES
Added PKG_CPE_ID for proper CVE tracking.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
| |
remove unused patches
Add patch to:
Automatically detect whether Curve25519 is available in NSS for USE_DH31
Signed-off-by: Antony Antony <antony@phenome.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
enable libunbound, along with dependency
add kmod-crypto-aead kmod-crypto-gcm dependency to support AES GCM
disable libseccomp
/git/openwrt/build_dir/target-mips_24kc_musl/libreswan-3.27/include/lswseccomp.h:24:10: fatal error: seccomp.h: No such file or directory
#include <seccomp.h>
^~~~~~~~~~~
add missing dependency nspr
add nss-utils dependency to able to import x509 Certificates to fix the error
ipsec import west.p12
/usr/sbin/ipsec: line 239: pk12util: not found
/usr/sbin/ipsec: line 84: certutil: not found
remove libnss dependency, nss-utils util will pull it.
remove unused build option KERNELSRC not necesscay since b4b98e2922.
Signed-off-by: Antony Antony <antony@phenome.org>
|
| |
|
|
|
|
|
|
| |
remove building kernel module, it is not used and is not working with 4.19
rework the ready to use l2tp-ipsec example
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |
|
|
|
|
| |
use the kernel arch for building the modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
|
|
Libreswan is a free software implementation of the most widely
supported and standardized VPN protocol based on ("IPsec") and
the Internet Key Exchange ("IKE"). These standards are produced
and maintained by the Internet Engineering Task Force ("IETF").
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|