include $(TOPDIR)/rules.mk
PKG_NAME:=libreswan
-PKG_VERSION:=3.31
+PKG_VERSION:=3.32
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://download.libreswan.org/
-PKG_HASH:=4ad9732b30d07a9f4b838fb5580fa11b7b65e073bf97665591ee611bc2d6b8f3
+PKG_HASH:=236b57fee8f562302c54f2b16d8a839a9039fcb5893668e61b398ec6b179432e
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENSE:=GPL-2.0-or-later
/etc/ipsec.conf
/etc/ipsec.secrets
endef
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+TARGET_CFLAGS += -flto
MAKE_FLAGS+= \
WERROR_CFLAGS=" " \
USE_LINUX_AUDIT=false \
USE_LABELED_IPSEC=false \
USE_NM=false \
+ USE_NSS_KDF=true \
+ USE_NSS_PRF=true \
USE_LIBCURL=false \
USE_GLIBC_KERN_FLIP_HEADERS=true \
USE_XAUTHPAM=false \
- USE_FIPSCHECK=false \
USE_LIBCAP_NG=false \
USE_SYSTEMD_WATCHDOG=false \
USE_SECCOMP=false\
--- /dev/null
+From db7715407efa43cd2a66caed67c02d8f7bb90b35 Mon Sep 17 00:00:00 2001
+From: Paul Wouters <pwouters@redhat.com>
+Date: Tue, 12 May 2020 12:56:38 -0400
+Subject: [PATCH] nss: move NSS_PKCS11_2_0_COMPAT define to
+ ike_alg_encrypt_nss_gcm_ops.c
+
+It needs to go before any nss includes are done, and those includes are
+all over the place. But CK_GCM_PARAMS is only used in one file, so
+just define it there instead before the nss includes.
+---
+ lib/libswan/ike_alg_encrypt_nss_gcm_ops.c | 6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
+index 93a027089a..571913cc1e 100644
+--- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
++++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
+@@ -16,6 +16,12 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
++/*
++ * Special advise from Bob Relyea - needs to go before any nss include
++ *
++ */
++#define NSS_PKCS11_2_0_COMPAT 1
++
+ #include "lswlog.h"
+ #include "lswnss.h"
+ #include "prmem.h"
projects / feed / packages.git / commitdiff