1 files changed, 79 insertions, 34 deletions

diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index c0debfba3c0..668a9f8113e 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -1,27 +1,59 @@
 # Contributor: Jesse Young <jlyo@jlyo.org>
+# Contributor: Nicolas Lorin <androw95220@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=strongswan
-pkgver=5.8.1
-_pkgver=${pkgver//_rc/rc}
-pkgrel=0
+pkgver=5.9.13
+pkgrel=1
 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
 url="https://www.strongswan.org/"
 arch="all"
 pkgusers="ipsec"
 pkggroups="ipsec"
-license="GPL-2.0-or-later"
+license="GPL-2.0-or-later WITH OpenSSL-Exception"
 depends="iproute2"
-makedepends="linux-headers python3 sqlite-dev openssl-dev curl-dev
-	gmp-dev libcap-dev"
+makedepends="
+	curl-dev
+	gettext-dev
+	gmp-dev
+	libcap-dev
+	linux-headers
+	openssl-dev>3
+	py3-setuptools
+	python3
+	sqlite-dev
+	"
 install="$pkgname.pre-install"
-subpackages="$pkgname-doc $pkgname-dbg $pkgname-openrc"
-source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
+subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc py3-vici-pyc py3-vici::noarch"
+source="https://download.strongswan.org/strongswan-$pkgver.tar.bz2
+	0001-charon-add-optional-source-and-remote-overrides-for-.patch
+	0002-vici-send-certificates-for-ike-sa-events.patch
+	0003-vici-add-support-for-individual-sa-state-changes.patch
+
+	disable_test_time_printf_hook.patch
 
 	strongswan.initd
 	charon.initd
+	charon.logrotate
+	charon-logfile.conf
 	"
 
+# 32bit archs seem to get stuck in rsa test suite at "generate" or "load"
+case "$CARCH" in
+	arm*|x86) options="!check";;
+esac
+
 # secfixes:
+#   5.9.12-r0:
+#     - CVE-2023-41913
+#   5.9.10-r0:
+#     - CVE-2023-26463
+#   5.9.8-r0:
+#     - CVE-2022-40617
+#   5.9.1-r4:
+#     - CVE-2021-45079
+#   5.9.1-r3:
+#     - CVE-2021-41990
+#     - CVE-2021-41991
 #   5.7.1-r0:
 #     - CVE-2018-17540
 #   5.7.0-r0:
@@ -34,30 +66,7 @@ source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
 #     - CVE-2017-9022
 #     - CVE-2017-9023
 
-prepare() {
-	local i
-	cd "$builddir"
-	for i in $source; do
-		case $i in
-		*.patch) msg $i; patch -Np1 -i "$srcdir"/$i || _err="$_err $i" ;;
-		esac
-	done
-
-	if [ -n "$_err" ]; then
-		error "The following patches failed:"
-		for i in $_err; do
-			echo "  $i"
-		done
-		return 1
-	fi
-
-	# the headers they ship conflicts with the real thing.
-	#rm -r src/include/linux
-}
-
 build() {
-	cd "$builddir"
-
 	# notes about configuration:
 	# - try to keep options in ./configure --help order
 	# - apk depends on openssl, so we use that
@@ -108,23 +117,59 @@ build() {
 		--enable-unity \
 		--enable-ha \
 		--enable-cmd \
+		--enable-python-eggs \
 		--enable-swanctl \
 		--enable-shared \
 		--disable-static \
+		--enable-bypass-lan \
 		$_aesni
 	make
+
+	cd src/libcharon/plugins/vici/python
+	make
+	python3 setup.py build
+}
+
+check() {
+	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 	install -m755 -D "$srcdir/$pkgname.initd" "$pkgdir/etc/init.d/$pkgname"
 	install -m755 -D "$srcdir/charon.initd" "$pkgdir/etc/init.d/charon"
 
 	# for CRL caching
 	chown ipsec:ipsec "$pkgdir"/etc/ipsec.d/crls "$pkgdir"/etc/swanctl/x509crl
+
+	cd src/libcharon/plugins/vici/python/
+	python setup.py install --root="$pkgdir" --skip-build
+}
+
+logfile() {
+	pkgdesc="Dedicated log file configuration for charon"
+	depends=$pkgname
+
+	install -m 644 -D charon.logrotate "$subpkgdir/etc/logrotate.d/charon"
+	install -m 644 -D charon-logfile.conf \
+		"$subpkgdir/etc/strongswan.d/charon-logfile.conf"
+	install -m 2750 -o ipsec -g wheel -d "$subpkgdir/var/log/ipsec"
+}
+
+vici() {
+	pkgdesc="Native Python interface for strongSwan's VICI protocol"
+
+	amove usr/lib/python*
 }
 
-sha512sums="630d24643b3d61e931bb25cdd083ad3c55f92fe41f3fcd3198012eee486fb3b1a16dc3f80936162afb7da9e471d45d92b7d183a00153a558babb2a79e5f6813f  strongswan-5.8.1.tar.bz2
+sha512sums="
+a929c1fb2a5e7d3064f6cd0be76703198406dad981f4b345311a004c18aa3c12adcb49eb33705fe4c3c31daf556cef5906d8753f5d9fbff5a27b732f93d8f19f  strongswan-5.9.13.tar.bz2
+50ddcaa115237a31aa021c7be46ae9ec84f5f7c1f340af254026ebf47a0e53147373bf691c71d51cae3a871cb3d9635542c209d47457f608780f67f376258a13  0001-charon-add-optional-source-and-remote-overrides-for-.patch
+378060da77cd3ecec98f033953cf26170b765b12500b96067517e31f9cc904bff9bb2637b520906f6a9ccd2db39d085c38c3fcabedef8c441353f14920f7e33a  0002-vici-send-certificates-for-ike-sa-events.patch
+da04054d30adee03b9f21cbb7649cc30c7dfcef50a9aaea038ac8f35e5e9cb199a62c9e666ed6b7c4520dfca39d00eaee85a1ebe7de2def3b003e92e0b2bb4cc  0003-vici-add-support-for-individual-sa-state-changes.patch
+23e175fdd7445e06e5d7275903380a6a5e4c76d833b2680c8c9fcd704d5908990ded0bb408bba718cd67a41cb32c7ad308a6c93aeb7eae82f8bc5803f8e1bbc4  disable_test_time_printf_hook.patch
 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9  strongswan.initd
-4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5  charon.initd"
+4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5  charon.initd
+3eb0cd762a186d611a6322c1470581298c953b3e729fc85a13801611940eb896e8f6935e10eaa36884bd5c36600ba778d4af4c0ed1e9063436bd748268fd733b  charon.logrotate
+5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363  charon-logfile.conf
+"