strongswan: upgrade 5.9.5 -> 5.9.6

* Drop backport patch 0001-openssl-Don-t-unload-providers.patch * Backport a patch to fix the build error: src/libstrongswan/utils/enum.c: In function 'enum_flags_to_string': src/libstrongswan/utils/enum.c💯9: error: format not a string literal and no format arguments [-Werror=format-security] 100 | if (snprintf(buf, len, e->names[0]) >= len) | ^~ Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-16 07:15:43 +01:00 · 2022-06-29 14:53:05 +08:00 · 2022-06-29 14:53:05 +08:00 · 689e8422b8
commit 689e8422b8
parent 13f0e9d680
3 changed files with 33 additions and 94 deletions
--- a/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
+++ b/meta-networking/recipes-support/strongswan/files/0001-enum-Fix-compiler-warning.patch
@ -0,0 +1,31 @@
 From d23c0ea81e630af3cfda89aeeb52146c0c84c960 Mon Sep 17 00:00:00 2001
 From: Tobias Brunner <tobias@strongswan.org>
 Date: Mon, 2 May 2022 09:31:49 +0200
 Subject: [PATCH] enum: Fix compiler warning
 Closes strongswan/strongswan#1025
 Upstream-Status: Backport
 [https://github.com/strongswan/strongswan/commit/d23c0ea81e630af3cfda89aeeb52146c0c84c960]
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
 src/libstrongswan/utils/enum.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/libstrongswan/utils/enum.c b/src/libstrongswan/utils/enum.c
 index 79da450f0c..1e77489f6f 100644
 --- a/src/libstrongswan/utils/enum.c
 +++ b/src/libstrongswan/utils/enum.c
@@ -97,7 +97,7 @@ char *enum_flags_to_string(enum_name_t *e, u_int val, char *buf, size_t len)
 		return buf;
 	}
 -	if (snprintf(buf, len, e->names[0]) >= len)
 +	if (snprintf(buf, len, "%s", e->names[0]) >= len)
 	{
 		return NULL;
 	}
 -- 
 2.25.1
--- a/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
+++ b/meta-networking/recipes-support/strongswan/files/0001-openssl-Don-t-unload-providers.patch
@ -1,92 +0,0 @@
 From 3eecd40cec6415fc033f8d9141ab652047e71524 Mon Sep 17 00:00:00 2001
 From: Tobias Brunner <tobias@strongswan.org>
 Date: Wed, 23 Feb 2022 17:29:02 +0100
 Subject: [PATCH] openssl: Don't unload providers
 There is a conflict between atexit() handlers registered by OpenSSL and
 some executables (e.g. swanctl or pki) to deinitialize libstrongswan.
 Because plugins are usually loaded after atexit() has been called, the
 handler registered by OpenSSL will run before our handler.  So when the
 latter destroys the plugins it's a bad idea to try to access any OpenSSL
 objects as they might already be invalid.
 Fixes: f556fce16b60 ("openssl: Load "legacy" provider in OpenSSL 3 for algorithms like MD4, DES etc.")
 Closes strongswan/strongswan#921
 Upstream-Status: Backport
 [https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524]
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
 .../plugins/openssl/openssl_plugin.c          | 27 +++----------------
 1 file changed, 3 insertions(+), 24 deletions(-)
 diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
 index 6b4923649..1491d5cf8 100644
 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
 +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -16,7 +16,6 @@
 #include <library.h>
 #include <utils/debug.h>
 -#include <collections/array.h>
 #include <threading/thread.h>
 #include <threading/mutex.h>
 #include <threading/thread_value.h>
@@ -74,13 +73,6 @@ struct private_openssl_plugin_t {
 	 * public functions
 	 */
 	openssl_plugin_t public;
 -
 -#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 -	/**
 -	 * Loaded providers
 -	 */
 -	array_t *providers;
 -#endif
 };
 /**
@@ -887,15 +879,6 @@ METHOD(plugin_t, get_features, int,
 METHOD(plugin_t, destroy, void,
 	private_openssl_plugin_t *this)
 {
 -#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 -	OSSL_PROVIDER *provider;
 -	while (array_remove(this->providers, ARRAY_TAIL, &provider))
 -	{
 -		OSSL_PROVIDER_unload(provider);
 -	}
 -	array_destroy(this->providers);
 -#endif /* OPENSSL_VERSION_NUMBER */
 -
 /* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
  * can't call it as we couldn't re-initialize the library (as required by the
  * unit tests and the Android app) */
@@ -1009,20 +992,16 @@ plugin_t *openssl_plugin_create()
 			DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
 			return NULL;
 		}
 -		array_insert_create(&this->providers, ARRAY_TAIL, fips);
 		/* explicitly load the base provider containing encoding functions */
 -		array_insert_create(&this->providers, ARRAY_TAIL,
 -							OSSL_PROVIDER_load(NULL, "base"));
 +		OSSL_PROVIDER_load(NULL, "base");
 	}
 	else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
 									 TRUE, lib->ns))
 	{
 		/* load the legacy provider for algorithms like MD4, DES, BF etc. */
 -		array_insert_create(&this->providers, ARRAY_TAIL,
 -							OSSL_PROVIDER_load(NULL, "legacy"));
 +		OSSL_PROVIDER_load(NULL, "legacy");
 		/* explicitly load the default provider, as mentioned by crypto(7) */
 -		array_insert_create(&this->providers, ARRAY_TAIL,
 -							OSSL_PROVIDER_load(NULL, "default"));
 +		OSSL_PROVIDER_load(NULL, "default");
 	}
 	ossl_provider_names_t data = {};
 	OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
 -- 
 2.25.1
--- a/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
+++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb
@ -9,10 +9,10 @@ DEPENDS = "flex-native flex bison-native"
 DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', '  tpm2-tss', '', d)}"
 SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \
-           file://0001-openssl-Don-t-unload-providers.patch \
+           file://0001-enum-Fix-compiler-warning.patch \
           "
-SRC_URI[sha256sum] = "983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd"
+SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7"
 UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar"