Due to a pattern matching bug in Pakfire, those files have been
incorrectly packages instead of being deleted which results in build
errors when linking.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.
This vulnerability has been registered as CVE-2017-11185.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit disables stroke, charon and scepclient in favour
of the new configuration tool swanctl.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Blowfish and RC2 are very broken and nowhere in use at all.
To avoid that these get used by accident, we just delete the
internal modules that implement it.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The swanctl feature is not needed in IPFire right now,
but we want to use IPSECKEY in the future.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The kernel-libipsec plugin implements IPsec in userspace
and uses TAP devices which is not recommended for being
used in production.
The unity plugin increases compatibility with Cisco Unity
endpoints.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a minor update to the latest stable version of strongswan.
The support and usage of systemd explicitly has been enabled and
the dependency to systemd has been updated because the configure script
of strongswan is looking for the systemd compat libraries which are provided
by systemd 221-2 and later versions.
There was the requirement to move some libraries to %{libdir} because
of a hard-coded RPATH, which is against our release policy.
Fixes#10896.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>