[git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 6f0fd5e1789e59ec1aad25bea560494c5750a4b9

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 8105 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, fifteen has been updated
       via  6f0fd5e1789e59ec1aad25bea560494c5750a4b9 (commit)
       via  d0d3fe9d266c265697250dabba0bfdac316314ff (commit)
       via  1a386bb9d8765a04651f54348d0d1e01d9950235 (commit)
       via  c648458609b87478266e691429131ed2c8d70f9a (commit)
       via  34daf4dbf8e4e5e4fb901f8dcece703480a1ac1f (commit)
       via  ec985733a532fb257e75fd75a10746fe9c8cfb80 (commit)
       via  6fb9681c24360c0c531e18215673e2ba83c53879 (commit)
      from  7d3b1f7eafe2122c3b9cc0c46448846158a6abf7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6f0fd5e1789e59ec1aad25bea560494c5750a4b9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Wed Nov 13 14:05:27 2013 +0100

    kernel: update to 3.10.19.

commit d0d3fe9d266c265697250dabba0bfdac316314ff
Merge: 7d3b1f7 1a386bb
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date:   Wed Nov 13 14:05:15 2013 +0100

    Merge remote-tracking branch 'origin/next' into fifteen
    
    Conflicts:
    	lfs/samba
    	lfs/strongswan

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/common/i586/strongswan-padlock |  1 +
 config/rootfiles/common/strongswan              |  1 +
 lfs/linux                                       |  8 +++---
 lfs/samba                                       |  6 ++---
 lfs/strongswan                                  | 18 ++++++++-----
 src/patches/strongswan-5.1.1-delay-dpd.patch    | 35 +++++++++++++++++++++++++
 6 files changed, 56 insertions(+), 13 deletions(-)
 create mode 100644 src/patches/strongswan-5.1.1-delay-dpd.patch

Difference in files:
diff --git a/config/rootfiles/common/i586/strongswan-padlock b/config/rootfiles/common/i586/strongswan-padlock
index 02aa457..4ebfc75 100644
--- a/config/rootfiles/common/i586/strongswan-padlock
+++ b/config/rootfiles/common/i586/strongswan-padlock
@@ -1 +1,2 @@
 usr/lib/ipsec/plugins/libstrongswan-padlock.so
+usr/lib/ipsec/plugins/libstrongswan-rdrand.so
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index da94336..732e327 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -75,6 +75,7 @@ usr/lib/ipsec/plugins/libstrongswan-sha2.so
 usr/lib/ipsec/plugins/libstrongswan-socket-default.so
 usr/lib/ipsec/plugins/libstrongswan-sshkey.so
 usr/lib/ipsec/plugins/libstrongswan-stroke.so
+usr/lib/ipsec/plugins/libstrongswan-unity.so
 usr/lib/ipsec/plugins/libstrongswan-updown.so
 usr/lib/ipsec/plugins/libstrongswan-x509.so
 usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
diff --git a/lfs/linux b/lfs/linux
index a061cf2..5fc9e1f 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,10 +24,10 @@
 
 include Config
 
-VER        = 3.10.18
+VER        = 3.10.19
 
 RPI_PATCHES = linux-3.10.10-c1af7c6
-GRS_PATCHES = grsecurity-2.9.1-3.10.18-ipfire1.patch.xz
+GRS_PATCHES = grsecurity-2.9.1-3.10.19-ipfire1.patch.xz
 
 THISAPP    = linux-$(VER)
 DL_FILE    = linux-$(VER).tar.xz
@@ -74,9 +74,9 @@ $(DL_FILE)				= $(URL_IPFIRE)/$(DL_FILE)
 rpi-patches-$(RPI_PATCHES).patch.xz	= $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
 $(GRS_PATCHES)				= $(URL_IPFIRE)/$(GRS_PATCHES)
 
-$(DL_FILE)_MD5				= e091753da622788cfd662dd67c2f9b48
+$(DL_FILE)_MD5				= 1d4f243e49c63129415b9bc05ec9e4d3
 rpi-patches-$(RPI_PATCHES).patch.xz_MD5	= ef9274b3ff5d05daaaa4bdbe86ad00fc
-$(GRS_PATCHES)_MD5			= 3faeda10c223473e386b79b16b087858
+$(GRS_PATCHES)_MD5			= 9dae5a6cb22521cd2c714ffaeaac031e
 
 install : $(TARGET)
 
diff --git a/lfs/samba b/lfs/samba
index ce53eba..aa635d1 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.6.19
+VER        = 3.6.20
 
 THISAPP    = samba-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = samba
-PAK_VER    = 53
+PAK_VER    = 54
 
 DEPS       = "cups"
 
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = afe9c7c590f3093555cd6e870d2532e1
+$(DL_FILE)_MD5 = 3f1b60c681845ce6828a1abe5aacf671
 
 install : $(TARGET)
 
diff --git a/lfs/strongswan b/lfs/strongswan
index f573cd8..948db5b 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.1.1dr4
+VER        = 5.1.1
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -33,9 +33,13 @@ DIR_APP    = $(DIR_SRC)/strongswan-$(VER)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 
 ifeq "$(MACHINE)" "i586"
-	PADLOCK = --enable-padlock
+	CONFIGURE_OPTIONS = \
+		--enable-padlock \
+		--enable-rdrand
 else
-	PADLOCK = --disable-padlock
+	CONFIGURE_OPTIONS = \
+		--disable-padlock \
+		--disable-rdrand
 endif
 
 ###############################################################################
@@ -46,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 05899faa9b8a8f253474af809b283ef9
+$(DL_FILE)_MD5 = e3af3d493d22286be3cd794533a8966a
 
 install : $(TARGET)
 
@@ -77,6 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-delay-dpd.patch
 
 	cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
 	cd $(DIR_APP) && ./configure \
@@ -91,9 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--enable-eap-peap \
 		--enable-eap-mschapv2 \
 		--enable-eap-identity \
-		$(PADLOCK)
+		--enable-unity \
+		$(CONFIGURE_OPTIONS)
 
-	cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
+	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 
 	# Remove all library files we don't want or need.
diff --git a/src/patches/strongswan-5.1.1-delay-dpd.patch b/src/patches/strongswan-5.1.1-delay-dpd.patch
new file mode 100644
index 0000000..db3d664
--- /dev/null
+++ b/src/patches/strongswan-5.1.1-delay-dpd.patch
@@ -0,0 +1,35 @@
+From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin(a)revosec.ch>
+Date: Fri, 1 Nov 2013 11:28:53 +0100
+Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying
+
+Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
+is perfectly valid. For short(er) DPD delays, this leads to the situation where
+we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
+Avoid that DPD by resetting the INBOUND timestamp during set_state().
+---
+ src/libcharon/sa/ike_sa.c |    8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
+index 0282087..d482f8b 100644
+--- a/src/libcharon/sa/ike_sa.c
++++ b/src/libcharon/sa/ike_sa.c
+@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
+ 					DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
+ 				}
+ 				trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
++				if (trigger_dpd)
++				{
++					/* Some peers delay the DELETE after rekeying an IKE_SA.
++					 * If this delay is longer than our DPD delay, we would
++					 * send a DPD request here. The IKE_SA is not ready to do
++					 * so yet, so prevent that. */
++					this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
++				}
+ 			}
+ 			break;
+ 		}
+-- 
+1.7.4.1
+


hooks/post-receive
--
IPFire 2.x development tree