This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 6ecbdec1b76812fc2657c11a66aecb7dc34ee658 (commit) via df5fbff5319a798146ecf1365a4638b5c1a1c888 (commit) from b34ba990aa7365be679774e6a4c938825f6f25f5 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 6ecbdec1b76812fc2657c11a66aecb7dc34ee658 Merge: df5fbff b34ba99 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 31 00:59:59 2015 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next
commit df5fbff5319a798146ecf1365a4638b5c1a1c888 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 31 00:55:21 2015 +0200
strongswan: Update to 5.3.0
Enable support for CCM and CTR
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/strongswan | 6 +++++ lfs/strongswan | 12 ++++------ src/patches/strongswan-ipfire.patch | 46 ++++++++++++++++++------------------- 3 files changed, 34 insertions(+), 30 deletions(-)
Difference in files: diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index a26a86c..2abb58e 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -16,8 +16,10 @@ etc/strongswan.d/charon-logging.conf etc/strongswan.d/charon.conf etc/strongswan.d/charon/aes.conf etc/strongswan.d/charon/attr.conf +etc/strongswan.d/charon/ccm.conf etc/strongswan.d/charon/cmac.conf etc/strongswan.d/charon/constraints.conf +etc/strongswan.d/charon/ctr.conf etc/strongswan.d/charon/curl.conf etc/strongswan.d/charon/des.conf etc/strongswan.d/charon/dhcp.conf @@ -94,8 +96,10 @@ usr/lib/ipsec/libtls.so.0.0.0 #usr/lib/ipsec/plugins usr/lib/ipsec/plugins/libstrongswan-aes.so usr/lib/ipsec/plugins/libstrongswan-attr.so +usr/lib/ipsec/plugins/libstrongswan-ccm.so usr/lib/ipsec/plugins/libstrongswan-cmac.so usr/lib/ipsec/plugins/libstrongswan-constraints.so +usr/lib/ipsec/plugins/libstrongswan-ctr.so usr/lib/ipsec/plugins/libstrongswan-curl.so usr/lib/ipsec/plugins/libstrongswan-dhcp.so usr/lib/ipsec/plugins/libstrongswan-des.so @@ -175,8 +179,10 @@ usr/sbin/ipsec #usr/share/strongswan/templates/config/plugins #usr/share/strongswan/templates/config/plugins/aes.conf #usr/share/strongswan/templates/config/plugins/attr.conf +#usr/share/strongswan/templates/config/plugins/ccm.conf #usr/share/strongswan/templates/config/plugins/cmac.conf #usr/share/strongswan/templates/config/plugins/constraints.conf +#usr/share/strongswan/templates/config/plugins/ctr.conf #usr/share/strongswan/templates/config/plugins/curl.conf #usr/share/strongswan/templates/config/plugins/des.conf #usr/share/strongswan/templates/config/plugins/dhcp.conf diff --git a/lfs/strongswan b/lfs/strongswan index 77c287a..1de4320 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 5.2.2 +VER = 5.3.0
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7ee1a33060b2bde35be0f6d78a1d26d0 +$(DL_FILE)_MD5 = c52d4228231c2025d9c320d0e9990327
install : $(TARGET)
@@ -78,11 +78,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-eb25190.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh cd $(DIR_APP) && ./configure \ @@ -93,6 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-farp \ --enable-openssl \ --enable-gcrypt \ + --enable-ccm \ + --enable-ctr \ --enable-gcm \ --enable-xauth-eap \ --enable-xauth-noauth \ diff --git a/src/patches/strongswan-ipfire.patch b/src/patches/strongswan-ipfire.patch index 71eb24e..79bee04 100644 --- a/src/patches/strongswan-ipfire.patch +++ b/src/patches/strongswan-ipfire.patch @@ -1,8 +1,8 @@ ---- a/src/_updown/_updown.in -+++ b/src/_updown/_updown.in -@@ -178,6 +178,29 @@ - ;; - esac +--- strongswan-5.3.0/src/_updown/_updown.in.old 2015-03-17 18:17:43.000000000 +0000 ++++ strongswan-5.3.0/src/_updown/_updown.in 2015-03-30 22:48:27.084030719 +0000 +@@ -122,6 +122,29 @@ + # address family. + #
+function ip_encode() { + local IFS=. @@ -27,10 +27,10 @@ + [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) )) +} + - # utility functions for route manipulation - # Meddling with this stuff should not be necessary and requires great care. - uproute() { -@@ -407,12 +430,12 @@ + # define a minimum PATH environment in case it is not set + PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@" + export PATH +@@ -232,12 +255,12 @@ # connection to me, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. @@ -46,7 +46,7 @@ # # allow IPIP traffic because of the implicit SA created by the kernel if # IPComp is used (for small inbound packets that are not compressed) -@@ -428,10 +451,10 @@ +@@ -253,10 +276,10 @@ if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO \ @@ -59,7 +59,7 @@ fi fi ;; -@@ -439,12 +462,12 @@ +@@ -264,12 +287,12 @@ # connection to me, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. @@ -75,7 +75,7 @@ # # IPIP exception teardown if [ -n "$PLUTO_IPCOMP" ] -@@ -459,10 +482,10 @@ +@@ -284,10 +307,10 @@ if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO -- \ @@ -88,7 +88,7 @@ fi fi ;; -@@ -472,24 +495,24 @@ +@@ -297,24 +320,24 @@ # ones, so do not mess with it; see CAUTION comment up at top. if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] then @@ -121,7 +121,7 @@ fi # # allow IPIP traffic because of the implicit SA created by the kernel if -@@ -497,7 +520,7 @@ +@@ -322,7 +345,7 @@ # INPUT is correct here even for forwarded traffic. if [ -n "$PLUTO_IPCOMP" ] then @@ -130,7 +130,7 @@ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT fi # -@@ -507,12 +530,51 @@ +@@ -332,12 +355,51 @@ if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO \ @@ -184,7 +184,7 @@ ;; down-client:iptables) # connection to client subnet, with (left/right)firewall=yes, going down -@@ -520,34 +582,34 @@ +@@ -345,34 +407,34 @@ # ones, so do not mess with it; see CAUTION comment up at top. if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ] then @@ -228,7 +228,7 @@ -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT fi # -@@ -557,12 +619,51 @@ +@@ -382,12 +444,51 @@ if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO -- \ @@ -282,7 +282,7 @@ ;; # # IPv6 -@@ -597,10 +698,10 @@ +@@ -412,10 +513,10 @@ # connection to me, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. @@ -295,7 +295,7 @@ -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # -@@ -621,10 +722,10 @@ +@@ -436,10 +537,10 @@ # connection to me, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. @@ -308,7 +308,7 @@ -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # -@@ -647,10 +748,10 @@ +@@ -462,10 +563,10 @@ # ones, so do not mess with it; see CAUTION comment up at top. if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] then @@ -321,7 +321,7 @@ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT fi -@@ -659,10 +760,10 @@ +@@ -474,10 +575,10 @@ # or sometimes host access via the internal IP is needed if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] then @@ -334,7 +334,7 @@ -s $PLUTO_MY_CLIENT $S_MY_PORT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi -@@ -686,11 +787,11 @@ +@@ -501,11 +602,11 @@ # ones, so do not mess with it; see CAUTION comment up at top. if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ] then @@ -348,7 +348,7 @@ -s $PLUTO_PEER_CLIENT $S_PEER_PORT \ -d $PLUTO_MY_CLIENT $D_MY_PORT \ $IPSEC_POLICY_IN -j ACCEPT -@@ -700,11 +801,11 @@ +@@ -515,11 +616,11 @@ # or sometimes host access via the internal IP is needed if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ] then
hooks/post-receive -- IPFire 2.x development tree