[Swan-commit] Changes to ref refs/heads/master
New commits: commit bc3ea96bc4f9b070db9f8bc36a435e66ffd38917 Author: D. Hugh Redelmeier Date: Thu Jun 28 22:29:17 2018 -0400 pervasive: SET_V4_LEN and SET_V6_LEN to avoid ifdef boilerplace - fixes a number of errors in boilerplate ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 6c5d62336f5ecda886b43a854a1b1879845a7448 Author: Andrew Cagney Date: Thu Jun 28 21:22:28 2018 -0400 building delete $(INSTSUIDFLAGS), unused ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 4c2916187cf2a924e4c53322eb3096cb42f1a58c Author: Andrew Cagney Date: Thu Jun 28 17:32:42 2018 -0400 building: fix typo in #error message ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 43dba94aa17501b0ee12e28bd19ada400f1aa8ab Author: Andrew Cagney Date: Thu Jun 28 17:19:21 2018 -0400 pluto: don't include "kameipsec.h" when it isn't needed ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 260f7f598d9e969553699c5f3b8c1666d077fe05 Author: Andrew Cagney Date: Thu Jun 28 17:11:48 2018 -0400 testing: update addconn-01, expect it to pass ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit ceb2e9fa2a084c5c07590c9c355af889d3ab7504 Author: Andrew Cagney Date: Wed May 2 09:53:17 2018 -0400 config: make "the parser already made sure that only config keywords were used" so Turns out it wasn't being checked, leading to an assertion fail. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 616b3c957421c6f3c7dfcaabc8be716d702bb24f Author: Andrew Cagney Date: Thu Jun 28 16:55:02 2018 -0400 readwriteconf: strip out a long list of bogus #includes ... including "libreswan.h" and all the network headers! This is a simple program that reads and writes files. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit c8d8babc17ce90f70ff16b5342568cd6f74659d0 Author: Andrew Cagney Date: Fri Jun 1 10:18:23 2018 -0400 building: move #ifdef UNBOUND_VERSION*... hack to _after_ #include et.al. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 49cfd21870994d1afc038ecd0830c9ad0a14e6d1 Author: Andrew Cagney Date: Tue May 29 09:24:49 2018 -0400 ikev1 retransmits: only save the received packet when responding Should eliminate problems such as the responder, when receiving a response to its XAUTH request from the initiator (remember, an IKEv1 exchange can flip initiator and responder part way through), would see the received packet matched .st_rpacket and assume it needed to re-transmit something. Really fix 8f440ae125a1d29eb4507bd94b123d22bbd3cb2a ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 58dd6e6db93bf91e2443bf230a0b29cc5cae08df Author: Andrew Cagney Date: Thu Jun 28 16:01:33 2018 -0400 building: add CRYPT_LDFLAGS, don't assume -lcrypt is required ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 5ec3e95ac693da0b115fd0376d5deef220508789 Author: Andrew Cagney Date: Wed May 9 11:20:52 2018 -0400 ikev2: replace ikev2_send_informational() with send_v2_informational_request() Use open_out_pbs() so it's clear that the global reply_stream isn't being used. Use open_v2sk_payload() when constructing the encrypted payload. In the process, eliminate the partially initialized local variable 'e' - payload length was not being cleared (fortunately it was later being overwritten). Let payload.[hc] deal with next payload type. Move to ikev2_send.[hc] where the send code is slowly accumulating. Suspect this and send_v2_delete() can probably be merged. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 8235aceeb0f0fd741cf84cbd384d905fac55f903 Author: Andrew Cagney Date: Thu Jun 28 14:05:37 2018 -0400 building: check for USE_BSDKAME before other kernel options since it likes to disable the others ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 0f28cd1d094c4062bb9ab0c88f4ab408aea0df6b Author: Andrew Cagney Date: Fri Jun 1 17:21:33 2018 -0400 kernel: sprinkle #ifdef NEED_SIN_LEN everywhere it might be useful i.e., immediately after code setting .sin_family Suspect in some cases it isn't, strictly speaking, needed. Some of the code is likely linux kernel only. Suspect using a function returning an ip_address would be cleaner (but that involves hacking linux kernel code). ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit f125ffd463075a90fcb68aeb78afe4cc429d9ee1 Author: Andrew Cagney Date: Fri May 18 13:13:47 2018 -0400 pluto: replace state_transition_fn with IKEv1 and IKEv2 specific variants ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit bd1e2561778331a481b797a314b4ada4ae078249 Author: Andrew Cagney Date: Thu Apr 19 12:57:41 2018 -0400 ikev2: drop redundant check that MD is a MESSAGE_RESPONSE ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit fd383c077ef26e171d261b8ffbba3cd54c373dc9 Author: Andrew Cagney Date: Thu Jun 28 13:13:35 2018 -0400 testing: expect FIPS DH=NONE in algparse tests ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 898b3181798408f58ab30beff6e6c144acac8076 Author: Andrew Cagney Date: Thu Jun 28 12:50:40 2018 -0400 update CHANGES ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 1b9b596962e7295432cc67ee40b286d163076546 Author: Andrew Cagney Date: Thu Jun 28 11:33:25 2018 -0400 testing: rename --impair allow-null-null to the more correct --impair allow-null-none Update ikev2-algo-15-esp-null-none testing both with and without NULL integrity. Update interop-ikev2-pluto-01-integ-none to expect current log output. Merge the now redundant ikev2-algo-esp-null-02 into ikev2-algo-15-esp-null-none. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit b3cc90f3e01bdcfb1fe558c97dc69abbe43d74f5 Author: Andrew Cagney Date: Tue Jun 5 14:29:27 2018 -0400 realtime monotime: add *time_clockid() and *time_as_timespec() So calling pthread_cond_timedwait() correctly is possible. (the calls come and go). ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit de825b62b1b4be832c564d41e4a068c3fadcaedd Author: Andrew Cagney Date: Thu Jun 28 12:29:45 2018 -0400 deltatime: include just for 'struct timeval', not all of "constants.h" ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 4466ba12f1d6629a06a7e05bb6c81e4b10cf5ace Author: Andrew Cagney Date: Wed May 23 14:17:59 2018 -0400 building: don't force $(SHELL) to /bin/bash To quote: We use sh here so this might run correctly on ANY unix host. hopefully this will be very cross platform. Standards people!! ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 27cc15607b708200eeead0737e10308a5c1e872b Author: Andrew Cagney Date: Thu Jun 28 11:08:14 2018 -0400 realtime: assume clock_gettime(CLOCK_REALTIME) available ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 2258488d2aedb26ca037d0cbc21ee1fd036f0d13 Author: Andrew Cagney Date: Thu Apr 26 17:30:38 2018 -0400 ikev2: explicitly handle implied transforms such as AES_GCM[-NONE] and ...;[NONE] Fixes a bug where --impair allow-null-none[sic] would result in a core dump when the incomming proposal didn't include INTEG=NONE. Since DH is using the same code, an implied DH=NONE will result in .dh=&ike_alg_dh_none. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 71cf577483d0a392e82b7389437a1ad146712400 Author: Andrew Cagney Date: Thu Jun 28 10:15:53 2018 -0400 monotime: assume clock_gettime() et.al. available Since code in pluto had being making the assumption for some time. Treat any failure as fatal since it really shouldn't happen. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 46bf7d4c3402b43f4f3cf6c8703648c027fef715 Author: Andrew Cagney Date: Wed May 23 15:03:00 2018 -0400 includes: finish moving typedef ip_address to "ip_address.h" Contains tacky hacky for linux kernels. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 9dd9a63bd5d868ea070951b99f139e5cd021996a Author: Andrew Cagney Date: Thu Jun 28 10:22:52 2018 -0400 ikev2: touch up debug-logging in code iterating over proposals ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit dc1121ec3849eb6d7799cac65536652b516d8ea6 Merge: b751e8f c98c75e Author: Antony Antony Date: Thu Jun 28 15:59:09 2018 +0200 Merge branch 'debian-fixes' commit c98c75ed5ba73d28d1005f11a959423ea3fb1436 Author: Antony Antony Date: Wed Jun 27 22:48:18 2018 +0200 packaging: debian improve 'make deb' to work better source tar ball A release tar.gz files do not have @IPSECBASEVERSION@, just give a warning. - * Release @IPSECBASEVERSION@-1 + * Release 3.25-1 when runnig "make deb" in a git repository directory @IPSECBASEVERSION@ will be substituted with "make showdebversion" e.g. 3.25~33-gbaaec72ac-master commit d8c176e5e9015dfec92a6664506d3d994fa8f1c1 Author: Antony Antony Date: Wed Jun 27 22:17:23 2018 +0200 packaging: debian revert f2cd694b README.nss patch ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit b751e8fb7655f9fbb13660aaf648b39a3adc3cb0 Author: Andrew Cagney Date: Fri Apr 27 09:57:41 2018 -0400 fips: mark DH algorithm 'none' as FIPS compliant For instance, during the initial exchange a child SA with DH=NONE will be negotiated in FIPS mode. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit b087748a142aab2a6eb15d9fe9c2cf90f2ba9db5 Author: Andrew Cagney Date: Thu Apr 26 17:10:29 2018 -0400 ikev2: map DH=&ike_alg_dh_none into .st_pfs_group=NULL when accepting response In IKEv2, a proposal that contains neither INTEG nor DH transforms can be valid - in both cases it is interpreted as proposing 'none'. When this happen, common code expects INTEG = &ike_alg_integ_none and DH = NULL. This would all be ok except that there's a bug in the proposal code when --impair allow-null-none [sic]. The result is a core dump (INTEG=NULL, oops), and the simplest fix ends up also 'fixing' DH (as in it will be set to &ike_alg_dh_none instead of NULL). This patch prevents DH = &ike_alg_dh_none getting into common code. ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
[Swan-commit] Changes to ref refs/heads/master
New commits: commit 88635851662e05f303cbbb4ba499a7e318c53fbc Author: Andrew Cagney Date: Fri May 18 13:44:45 2018 -0400 ikev2: when the propsoals have no valid DH, don't initiate ___ Swan-commit mailing list Swan-commit@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-commit
