diff --git a/net/libreswan/Makefile b/net/libreswan/Makefile index ddc930431..1b5c696e3 100644 --- a/net/libreswan/Makefile +++ b/net/libreswan/Makefile @@ -7,12 +7,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libreswan -PKG_VERSION:=3.31 +PKG_VERSION:=3.32 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.libreswan.org/ -PKG_HASH:=4ad9732b30d07a9f4b838fb5580fa11b7b65e073bf97665591ee611bc2d6b8f3 +PKG_HASH:=236b57fee8f562302c54f2b16d8a839a9039fcb5893668e61b398ec6b179432e PKG_MAINTAINER:=Lucian Cristian PKG_LICENSE:=GPL-2.0-or-later @@ -64,16 +64,19 @@ define Package/libreswan/conffiles /etc/ipsec.conf /etc/ipsec.secrets endef +TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed +TARGET_CFLAGS += -flto MAKE_FLAGS+= \ WERROR_CFLAGS=" " \ USE_LINUX_AUDIT=false \ USE_LABELED_IPSEC=false \ USE_NM=false \ + USE_NSS_KDF=true \ + USE_NSS_PRF=true \ USE_LIBCURL=false \ USE_GLIBC_KERN_FLIP_HEADERS=true \ USE_XAUTHPAM=false \ - USE_FIPSCHECK=false \ USE_LIBCAP_NG=false \ USE_SYSTEMD_WATCHDOG=false \ USE_SECCOMP=false\ diff --git a/net/libreswan/patches/030-fix_nss_3.52.patch b/net/libreswan/patches/030-fix_nss_3.52.patch new file mode 100644 index 000000000..11209b9c4 --- /dev/null +++ b/net/libreswan/patches/030-fix_nss_3.52.patch @@ -0,0 +1,30 @@ +From db7715407efa43cd2a66caed67c02d8f7bb90b35 Mon Sep 17 00:00:00 2001 +From: Paul Wouters +Date: Tue, 12 May 2020 12:56:38 -0400 +Subject: [PATCH] nss: move NSS_PKCS11_2_0_COMPAT define to + ike_alg_encrypt_nss_gcm_ops.c + +It needs to go before any nss includes are done, and those includes are +all over the place. But CK_GCM_PARAMS is only used in one file, so +just define it there instead before the nss includes. +--- + lib/libswan/ike_alg_encrypt_nss_gcm_ops.c | 6 ++++++ + 1 files changed, 6 insertions(+), 0 deletions(-) + +diff --git a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c +index 93a027089a..571913cc1e 100644 +--- a/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c ++++ b/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c +@@ -16,6 +16,12 @@ + #include + #include + ++/* ++ * Special advise from Bob Relyea - needs to go before any nss include ++ * ++ */ ++#define NSS_PKCS11_2_0_COMPAT 1 ++ + #include "lswlog.h" + #include "lswnss.h" + #include "prmem.h"