* [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 6f0fd5e1789e59ec1aad25bea560494c5750a4b9
@ 2013-11-13 15:55 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-11-13 15:55 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 8105 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, fifteen has been updated
via 6f0fd5e1789e59ec1aad25bea560494c5750a4b9 (commit)
via d0d3fe9d266c265697250dabba0bfdac316314ff (commit)
via 1a386bb9d8765a04651f54348d0d1e01d9950235 (commit)
via c648458609b87478266e691429131ed2c8d70f9a (commit)
via 34daf4dbf8e4e5e4fb901f8dcece703480a1ac1f (commit)
via ec985733a532fb257e75fd75a10746fe9c8cfb80 (commit)
via 6fb9681c24360c0c531e18215673e2ba83c53879 (commit)
from 7d3b1f7eafe2122c3b9cc0c46448846158a6abf7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6f0fd5e1789e59ec1aad25bea560494c5750a4b9
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 14:05:27 2013 +0100
kernel: update to 3.10.19.
commit d0d3fe9d266c265697250dabba0bfdac316314ff
Merge: 7d3b1f7 1a386bb
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Wed Nov 13 14:05:15 2013 +0100
Merge remote-tracking branch 'origin/next' into fifteen
Conflicts:
lfs/samba
lfs/strongswan
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/i586/strongswan-padlock | 1 +
config/rootfiles/common/strongswan | 1 +
lfs/linux | 8 +++---
lfs/samba | 6 ++---
lfs/strongswan | 18 ++++++++-----
src/patches/strongswan-5.1.1-delay-dpd.patch | 35 +++++++++++++++++++++++++
6 files changed, 56 insertions(+), 13 deletions(-)
create mode 100644 src/patches/strongswan-5.1.1-delay-dpd.patch
Difference in files:
diff --git a/config/rootfiles/common/i586/strongswan-padlock b/config/rootfiles/common/i586/strongswan-padlock
index 02aa457..4ebfc75 100644
--- a/config/rootfiles/common/i586/strongswan-padlock
+++ b/config/rootfiles/common/i586/strongswan-padlock
@@ -1 +1,2 @@
usr/lib/ipsec/plugins/libstrongswan-padlock.so
+usr/lib/ipsec/plugins/libstrongswan-rdrand.so
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index da94336..732e327 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -75,6 +75,7 @@ usr/lib/ipsec/plugins/libstrongswan-sha2.so
usr/lib/ipsec/plugins/libstrongswan-socket-default.so
usr/lib/ipsec/plugins/libstrongswan-sshkey.so
usr/lib/ipsec/plugins/libstrongswan-stroke.so
+usr/lib/ipsec/plugins/libstrongswan-unity.so
usr/lib/ipsec/plugins/libstrongswan-updown.so
usr/lib/ipsec/plugins/libstrongswan-x509.so
usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
diff --git a/lfs/linux b/lfs/linux
index a061cf2..5fc9e1f 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -24,10 +24,10 @@
include Config
-VER = 3.10.18
+VER = 3.10.19
RPI_PATCHES = linux-3.10.10-c1af7c6
-GRS_PATCHES = grsecurity-2.9.1-3.10.18-ipfire1.patch.xz
+GRS_PATCHES = grsecurity-2.9.1-3.10.19-ipfire1.patch.xz
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
@@ -74,9 +74,9 @@ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = e091753da622788cfd662dd67c2f9b48
+$(DL_FILE)_MD5 = 1d4f243e49c63129415b9bc05ec9e4d3
rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = ef9274b3ff5d05daaaa4bdbe86ad00fc
-$(GRS_PATCHES)_MD5 = 3faeda10c223473e386b79b16b087858
+$(GRS_PATCHES)_MD5 = 9dae5a6cb22521cd2c714ffaeaac031e
install : $(TARGET)
diff --git a/lfs/samba b/lfs/samba
index ce53eba..aa635d1 100644
--- a/lfs/samba
+++ b/lfs/samba
@@ -24,7 +24,7 @@
include Config
-VER = 3.6.19
+VER = 3.6.20
THISAPP = samba-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 53
+PAK_VER = 54
DEPS = "cups"
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = afe9c7c590f3093555cd6e870d2532e1
+$(DL_FILE)_MD5 = 3f1b60c681845ce6828a1abe5aacf671
install : $(TARGET)
diff --git a/lfs/strongswan b/lfs/strongswan
index f573cd8..948db5b 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
include Config
-VER = 5.1.1dr4
+VER = 5.1.1
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -33,9 +33,13 @@ DIR_APP = $(DIR_SRC)/strongswan-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586"
- PADLOCK = --enable-padlock
+ CONFIGURE_OPTIONS = \
+ --enable-padlock \
+ --enable-rdrand
else
- PADLOCK = --disable-padlock
+ CONFIGURE_OPTIONS = \
+ --disable-padlock \
+ --disable-rdrand
endif
###############################################################################
@@ -46,7 +50,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 05899faa9b8a8f253474af809b283ef9
+$(DL_FILE)_MD5 = e3af3d493d22286be3cd794533a8966a
install : $(TARGET)
@@ -77,6 +81,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-delay-dpd.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \
@@ -91,9 +96,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--enable-eap-peap \
--enable-eap-mschapv2 \
--enable-eap-identity \
- $(PADLOCK)
+ --enable-unity \
+ $(CONFIGURE_OPTIONS)
- cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
+ cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
# Remove all library files we don't want or need.
diff --git a/src/patches/strongswan-5.1.1-delay-dpd.patch b/src/patches/strongswan-5.1.1-delay-dpd.patch
new file mode 100644
index 0000000..db3d664
--- /dev/null
+++ b/src/patches/strongswan-5.1.1-delay-dpd.patch
@@ -0,0 +1,35 @@
+From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin(a)revosec.ch>
+Date: Fri, 1 Nov 2013 11:28:53 +0100
+Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying
+
+Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
+is perfectly valid. For short(er) DPD delays, this leads to the situation where
+we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
+Avoid that DPD by resetting the INBOUND timestamp during set_state().
+---
+ src/libcharon/sa/ike_sa.c | 8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
+index 0282087..d482f8b 100644
+--- a/src/libcharon/sa/ike_sa.c
++++ b/src/libcharon/sa/ike_sa.c
+@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
+ DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
+ }
+ trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
++ if (trigger_dpd)
++ {
++ /* Some peers delay the DELETE after rekeying an IKE_SA.
++ * If this delay is longer than our DPD delay, we would
++ * send a DPD request here. The IKE_SA is not ready to do
++ * so yet, so prevent that. */
++ this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
++ }
+ }
+ break;
+ }
+--
+1.7.4.1
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-11-13 15:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-11-13 15:55 [git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 6f0fd5e1789e59ec1aad25bea560494c5750a4b9 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox