This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, fifteen has been updated via 6f0fd5e1789e59ec1aad25bea560494c5750a4b9 (commit) via d0d3fe9d266c265697250dabba0bfdac316314ff (commit) via 1a386bb9d8765a04651f54348d0d1e01d9950235 (commit) via c648458609b87478266e691429131ed2c8d70f9a (commit) via 34daf4dbf8e4e5e4fb901f8dcece703480a1ac1f (commit) via ec985733a532fb257e75fd75a10746fe9c8cfb80 (commit) via 6fb9681c24360c0c531e18215673e2ba83c53879 (commit) from 7d3b1f7eafe2122c3b9cc0c46448846158a6abf7 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 6f0fd5e1789e59ec1aad25bea560494c5750a4b9 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 14:05:27 2013 +0100
kernel: update to 3.10.19.
commit d0d3fe9d266c265697250dabba0bfdac316314ff Merge: 7d3b1f7 1a386bb Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Nov 13 14:05:15 2013 +0100
Merge remote-tracking branch 'origin/next' into fifteen
Conflicts: lfs/samba lfs/strongswan
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/i586/strongswan-padlock | 1 + config/rootfiles/common/strongswan | 1 + lfs/linux | 8 +++--- lfs/samba | 6 ++--- lfs/strongswan | 18 ++++++++----- src/patches/strongswan-5.1.1-delay-dpd.patch | 35 +++++++++++++++++++++++++ 6 files changed, 56 insertions(+), 13 deletions(-) create mode 100644 src/patches/strongswan-5.1.1-delay-dpd.patch
Difference in files: diff --git a/config/rootfiles/common/i586/strongswan-padlock b/config/rootfiles/common/i586/strongswan-padlock index 02aa457..4ebfc75 100644 --- a/config/rootfiles/common/i586/strongswan-padlock +++ b/config/rootfiles/common/i586/strongswan-padlock @@ -1 +1,2 @@ usr/lib/ipsec/plugins/libstrongswan-padlock.so +usr/lib/ipsec/plugins/libstrongswan-rdrand.so diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index da94336..732e327 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -75,6 +75,7 @@ usr/lib/ipsec/plugins/libstrongswan-sha2.so usr/lib/ipsec/plugins/libstrongswan-socket-default.so usr/lib/ipsec/plugins/libstrongswan-sshkey.so usr/lib/ipsec/plugins/libstrongswan-stroke.so +usr/lib/ipsec/plugins/libstrongswan-unity.so usr/lib/ipsec/plugins/libstrongswan-updown.so usr/lib/ipsec/plugins/libstrongswan-x509.so usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so diff --git a/lfs/linux b/lfs/linux index a061cf2..5fc9e1f 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,10 +24,10 @@
include Config
-VER = 3.10.18 +VER = 3.10.19
RPI_PATCHES = linux-3.10.10-c1af7c6 -GRS_PATCHES = grsecurity-2.9.1-3.10.18-ipfire1.patch.xz +GRS_PATCHES = grsecurity-2.9.1-3.10.19-ipfire1.patch.xz
THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -74,9 +74,9 @@ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz $(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = e091753da622788cfd662dd67c2f9b48 +$(DL_FILE)_MD5 = 1d4f243e49c63129415b9bc05ec9e4d3 rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = ef9274b3ff5d05daaaa4bdbe86ad00fc -$(GRS_PATCHES)_MD5 = 3faeda10c223473e386b79b16b087858 +$(GRS_PATCHES)_MD5 = 9dae5a6cb22521cd2c714ffaeaac031e
install : $(TARGET)
diff --git a/lfs/samba b/lfs/samba index ce53eba..aa635d1 100644 --- a/lfs/samba +++ b/lfs/samba @@ -24,7 +24,7 @@
include Config
-VER = 3.6.19 +VER = 3.6.20
THISAPP = samba-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba -PAK_VER = 53 +PAK_VER = 54
DEPS = "cups"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = afe9c7c590f3093555cd6e870d2532e1 +$(DL_FILE)_MD5 = 3f1b60c681845ce6828a1abe5aacf671
install : $(TARGET)
diff --git a/lfs/strongswan b/lfs/strongswan index f573cd8..948db5b 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 5.1.1dr4 +VER = 5.1.1
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -33,9 +33,13 @@ DIR_APP = $(DIR_SRC)/strongswan-$(VER) TARGET = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586" - PADLOCK = --enable-padlock + CONFIGURE_OPTIONS = \ + --enable-padlock \ + --enable-rdrand else - PADLOCK = --disable-padlock + CONFIGURE_OPTIONS = \ + --disable-padlock \ + --disable-rdrand endif
############################################################################### @@ -46,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 05899faa9b8a8f253474af809b283ef9 +$(DL_FILE)_MD5 = e3af3d493d22286be3cd794533a8966a
install : $(TARGET)
@@ -77,6 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-delay-dpd.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh cd $(DIR_APP) && ./configure \ @@ -91,9 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-eap-peap \ --enable-eap-mschapv2 \ --enable-eap-identity \ - $(PADLOCK) + --enable-unity \ + $(CONFIGURE_OPTIONS)
- cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt" + cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install
# Remove all library files we don't want or need. diff --git a/src/patches/strongswan-5.1.1-delay-dpd.patch b/src/patches/strongswan-5.1.1-delay-dpd.patch new file mode 100644 index 0000000..db3d664 --- /dev/null +++ b/src/patches/strongswan-5.1.1-delay-dpd.patch @@ -0,0 +1,35 @@ +From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001 +From: Martin Willi martin@revosec.ch +Date: Fri, 1 Nov 2013 11:28:53 +0100 +Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying + +Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which +is perfectly valid. For short(er) DPD delays, this leads to the situation where +we send a DPD request during set_state(), but the IKE_SA has no hosts set yet. +Avoid that DPD by resetting the INBOUND timestamp during set_state(). +--- + src/libcharon/sa/ike_sa.c | 8 ++++++++ + 1 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c +index 0282087..d482f8b 100644 +--- a/src/libcharon/sa/ike_sa.c ++++ b/src/libcharon/sa/ike_sa.c +@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void, + DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t); + } + trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg); ++ if (trigger_dpd) ++ { ++ /* Some peers delay the DELETE after rekeying an IKE_SA. ++ * If this delay is longer than our DPD delay, we would ++ * send a DPD request here. The IKE_SA is not ready to do ++ * so yet, so prevent that. */ ++ this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED]; ++ } + } + break; + } +-- +1.7.4.1 +
hooks/post-receive -- IPFire 2.x development tree