[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6ecbdec1b76812fc2657c11a66aecb7dc34ee658

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 10181 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  6ecbdec1b76812fc2657c11a66aecb7dc34ee658 (commit)
       via  df5fbff5319a798146ecf1365a4638b5c1a1c888 (commit)
      from  b34ba990aa7365be679774e6a4c938825f6f25f5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6ecbdec1b76812fc2657c11a66aecb7dc34ee658
Merge: df5fbff b34ba99
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Tue Mar 31 00:59:59 2015 +0200

    Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next

commit df5fbff5319a798146ecf1365a4638b5c1a1c888
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Tue Mar 31 00:55:21 2015 +0200

    strongswan: Update to 5.3.0
    
    Enable support for CCM and CTR

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/common/strongswan  |  6 +++++
 lfs/strongswan                      | 12 ++++------
 src/patches/strongswan-ipfire.patch | 46 ++++++++++++++++++-------------------
 3 files changed, 34 insertions(+), 30 deletions(-)

Difference in files:
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index a26a86c..2abb58e 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -16,8 +16,10 @@ etc/strongswan.d/charon-logging.conf
 etc/strongswan.d/charon.conf
 etc/strongswan.d/charon/aes.conf
 etc/strongswan.d/charon/attr.conf
+etc/strongswan.d/charon/ccm.conf
 etc/strongswan.d/charon/cmac.conf
 etc/strongswan.d/charon/constraints.conf
+etc/strongswan.d/charon/ctr.conf
 etc/strongswan.d/charon/curl.conf
 etc/strongswan.d/charon/des.conf
 etc/strongswan.d/charon/dhcp.conf
@@ -94,8 +96,10 @@ usr/lib/ipsec/libtls.so.0.0.0
 #usr/lib/ipsec/plugins
 usr/lib/ipsec/plugins/libstrongswan-aes.so
 usr/lib/ipsec/plugins/libstrongswan-attr.so
+usr/lib/ipsec/plugins/libstrongswan-ccm.so
 usr/lib/ipsec/plugins/libstrongswan-cmac.so
 usr/lib/ipsec/plugins/libstrongswan-constraints.so
+usr/lib/ipsec/plugins/libstrongswan-ctr.so
 usr/lib/ipsec/plugins/libstrongswan-curl.so
 usr/lib/ipsec/plugins/libstrongswan-dhcp.so
 usr/lib/ipsec/plugins/libstrongswan-des.so
@@ -175,8 +179,10 @@ usr/sbin/ipsec
 #usr/share/strongswan/templates/config/plugins
 #usr/share/strongswan/templates/config/plugins/aes.conf
 #usr/share/strongswan/templates/config/plugins/attr.conf
+#usr/share/strongswan/templates/config/plugins/ccm.conf
 #usr/share/strongswan/templates/config/plugins/cmac.conf
 #usr/share/strongswan/templates/config/plugins/constraints.conf
+#usr/share/strongswan/templates/config/plugins/ctr.conf
 #usr/share/strongswan/templates/config/plugins/curl.conf
 #usr/share/strongswan/templates/config/plugins/des.conf
 #usr/share/strongswan/templates/config/plugins/dhcp.conf
diff --git a/lfs/strongswan b/lfs/strongswan
index 77c287a..1de4320 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.2.2
+VER        = 5.3.0
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 7ee1a33060b2bde35be0f6d78a1d26d0
+$(DL_FILE)_MD5 = c52d4228231c2025d9c320d0e9990327
 
 install : $(TARGET)
 
@@ -78,11 +78,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-eb25190.patch
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-650a3ad.patch
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-816-dd0ebb.patch
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.2.2-issue-819-cd2c30a.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
 
 	cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
 	cd $(DIR_APP) && ./configure \
@@ -93,6 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--enable-farp \
 		--enable-openssl \
 		--enable-gcrypt \
+		--enable-ccm \
+		--enable-ctr \
 		--enable-gcm \
 		--enable-xauth-eap \
 		--enable-xauth-noauth \
diff --git a/src/patches/strongswan-ipfire.patch b/src/patches/strongswan-ipfire.patch
index 71eb24e..79bee04 100644
--- a/src/patches/strongswan-ipfire.patch
+++ b/src/patches/strongswan-ipfire.patch
@@ -1,8 +1,8 @@
---- a/src/_updown/_updown.in
-+++ b/src/_updown/_updown.in
-@@ -178,6 +178,29 @@
- 	;;
- esac
+--- strongswan-5.3.0/src/_updown/_updown.in.old	2015-03-17 18:17:43.000000000 +0000
++++ strongswan-5.3.0/src/_updown/_updown.in	2015-03-30 22:48:27.084030719 +0000
+@@ -122,6 +122,29 @@
+ #              address family.
+ #
  
 +function ip_encode() {
 +	local IFS=.
@@ -27,10 +27,10 @@
 +	[ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) ))
 +}
 +
- # utility functions for route manipulation
- # Meddling with this stuff should not be necessary and requires great care.
- uproute() {
-@@ -407,12 +430,12 @@
+ # define a minimum PATH environment in case it is not set
+ PATH="/sbin:/bin:/usr/sbin:/usr/bin:@sbindir@"
+ export PATH
+@@ -232,12 +255,12 @@
  	# connection to me, with (left/right)firewall=yes, coming up
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -46,7 +46,7 @@
  	#
  	# allow IPIP traffic because of the implicit SA created by the kernel if
  	# IPComp is used (for small inbound packets that are not compressed)
-@@ -428,10 +451,10 @@
+@@ -253,10 +276,10 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO \
@@ -59,7 +59,7 @@
  	  fi
  	fi
  	;;
-@@ -439,12 +462,12 @@
+@@ -264,12 +287,12 @@
  	# connection to me, with (left/right)firewall=yes, going down
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -75,7 +75,7 @@
  	#
  	# IPIP exception teardown
  	if [ -n "$PLUTO_IPCOMP" ]
-@@ -459,10 +482,10 @@
+@@ -284,10 +307,10 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO -- \
@@ -88,7 +88,7 @@
  	  fi
  	fi
  	;;
-@@ -472,24 +495,24 @@
+@@ -297,24 +320,24 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
  	then
@@ -121,7 +121,7 @@
  	fi
  	#
  	# allow IPIP traffic because of the implicit SA created by the kernel if
-@@ -497,7 +520,7 @@
+@@ -322,7 +345,7 @@
  	# INPUT is correct here even for forwarded traffic.
  	if [ -n "$PLUTO_IPCOMP" ]
  	then
@@ -130,7 +130,7 @@
  	      -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
  	fi
  	#
-@@ -507,12 +530,51 @@
+@@ -332,12 +355,51 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO \
@@ -184,7 +184,7 @@
  	;;
  down-client:iptables)
  	# connection to client subnet, with (left/right)firewall=yes, going down
-@@ -520,34 +582,34 @@
+@@ -345,34 +407,34 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
  	then
@@ -228,7 +228,7 @@
  	      -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT
  	fi
  	#
-@@ -557,12 +619,51 @@
+@@ -382,12 +444,51 @@
  	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
  	  then
  	    logger -t $TAG -p $FAC_PRIO -- \
@@ -282,7 +282,7 @@
  	;;
  #
  # IPv6
-@@ -597,10 +698,10 @@
+@@ -412,10 +513,10 @@
  	# connection to me, with (left/right)firewall=yes, coming up
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -295,7 +295,7 @@
  	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
  	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
  	#
-@@ -621,10 +722,10 @@
+@@ -436,10 +537,10 @@
  	# connection to me, with (left/right)firewall=yes, going down
  	# This is used only by the default updown script, not by your custom
  	# ones, so do not mess with it; see CAUTION comment up at top.
@@ -308,7 +308,7 @@
  	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
  	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
  	#
-@@ -647,10 +748,10 @@
+@@ -462,10 +563,10 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
  	then
@@ -321,7 +321,7 @@
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
  	fi
-@@ -659,10 +760,10 @@
+@@ -474,10 +575,10 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then
@@ -334,7 +334,7 @@
  	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
  	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
  	fi
-@@ -686,11 +787,11 @@
+@@ -501,11 +602,11 @@
  	# ones, so do not mess with it; see CAUTION comment up at top.
  	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
  	then
@@ -348,7 +348,7 @@
  	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
  	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
  	         $IPSEC_POLICY_IN -j ACCEPT
-@@ -700,11 +801,11 @@
+@@ -515,11 +616,11 @@
  	# or sometimes host access via the internal IP is needed
  	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
  	then


hooks/post-receive
--
IPFire 2.x development tree