[Swan-commit] Changes to ref refs/heads/matt-testing
Paul Wouters
paul at vault.libreswan.fi
Wed Jul 17 21:52:36 EEST 2013
New commits:
commit 4d0085311654145b61ba36d3893b9f971a0b36ce
Merge: 405aae7 3bf51a4
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 22:13:15 2013 -0400
Merge branch 'master' into matt-testing
commit 3bf51a434536c45bc513f1ea5d6bc501fa2095c7
Author: Matt Rogers <mrogers at redhat.com>
Date: Thu Jun 20 01:09:47 2013 -0400
testing - allow a "post" script to run after both I/R run scripts
complete, just before running final on both. Good for testing
whack after tunnel establishment.
They are used by placing commands in eastpost1.sh/westpost2.sh or
westpost1.sh/eastpost2.sh. The script with '1' will run before '2'
for order control.
commit 405aae71cd0ba352f0e0219cbf15d531665934f8
Merge: fd7b00b 90d799a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 22:11:31 2013 -0400
Merge branch 'master' into matt-testing
commit 90d799adcbb2ace25f60c5235563f76a83341fca
Author: Matt Rogers <mrogers at redhat.com>
Date: Thu Jun 20 01:03:35 2013 -0400
fix dist_cert special keys/certs and paths
commit fd7b00b09f1ab1f13d1aaf3e28065500b8271552
Merge: 9b7aa05 cb93cf2
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 22:09:53 2013 -0400
Merge branch 'master' into matt-testing
commit e4ba42f2138628d061778151805b1969b331036e
Merge: e4daf85 cb93cf2
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 22:05:06 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit e4daf85cff4f889d66374b87802647e6c8c46059
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 22:04:43 2013 -0400
updated changes
commit 552e93225483246f3db0bc0884d88b304768fed0
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 22:02:22 2013 -0400
_stackmanager: Clear disable_xfm/disable_policy /proc files for labeled IPsec
commit cb93cf2a25ccc47ac08195bcf2189642252d2d15
Merge: 82f48c1 0b55c23
Author: Antony Antony <antony at phenome.org>
Date: Tue Jun 25 15:06:17 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 0b55c23cdaf319b7df309117ccb47e4cfa18f73f
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 10:31:52 2013 -0400
ipsec_xform.h: Add a comment to show we left out 1des on purpose
commit f7686fcfa48fe7cd7d716d47c5146d8f864a3d78
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Jun 25 10:22:45 2013 -0400
pluto: Clarified kernel_alg_esp_auth_ok() calls
It's an "ugh" call, it returns err_t so returning NULL means
success, and non-NULL is the error string.
commit c88bb255f88076a26d804310f791bf6ab3b9cd6b
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jun 24 23:40:03 2013 -0400
updated changes
commit 05bf3cb62bee050af972bc9a64afcab35c72a90f
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jun 24 23:38:58 2013 -0400
pluto: Removed KERNEL_ALG define - it could not be disabled
commit 6194a0422e75d51dc170b6ff2e2518e4b6a3d87f
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jun 24 23:05:03 2013 -0400
pluto: Removed IKE_ALG define - it could not be disabled
commit 0102644971fd38a3f5bdd7af7c49f4b1c3b11959
Author: Paul Wouters <pwouters at redhat.com>
Date: Mon Jun 24 16:52:23 2013 -0400
documentation: minor edits in ipsec.conf.in
commit 82f48c16a842732271e4f78e73ad55a5fe265a67
Merge: 9494238 0d27962
Author: Antony Antony <antony at phenome.org>
Date: Sun Jun 23 09:20:50 2013 +0000
Merge branch 'master' of ssh://vault.foobar.fi/srv/src/libreswan
commit 9494238f4543085dec52eef3eb4ad57e11055590
Author: Antony Antony <antony at phenome.org>
Date: Sun Jun 23 09:20:18 2013 +0000
ikev2: remove extra debug lines creaped in while hunting for bug 78
commit a9d558f144f106a3b1f5069d4eab37e636c59f09
commit 0d27962b980dfc74e8d0fc835a06e908ac13b011
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jun 22 23:17:09 2013 -0400
KLIPS: sha2 family support via OCF/CryptoAPI [David]
commit fdef6edebc23618f1d5e9518dd5c90ba732ce7d2
Author: Paul Wouters <pwouters at redhat.com>
Date: Sat Jun 22 23:14:13 2013 -0400
testing: updated ikev2-01-fallback-ikev1
I think the "second" attempt with ikev1 only happens after whack
has been released, not entirely sure how to catch this apart from
adding the sleep there.
commit f0b918828d5fc15c075e3c0793c1fe12c11f227b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 16:16:36 2013 -0400
testing: fix ikev2-11-simple-psk config and converted to kvm
commit 9b7aa057533bc8613ba38156819ef8e65d79343f
Merge: cbc30f8 d286b2d
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 14:16:18 2013 -0400
Merge branch 'master' into matt-testing
commit d286b2d03b34e82c9ac19cd2d6c55a875912243b
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 11:01:35 2013 -0400
docs: fixup note in Makefile about OCF compiling
commit c7edcd90c33a936dee38e78fee76bd87d0092960
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 10:51:41 2013 -0400
FIPS: Add check to ipsec verify for prelink command and /etc/prelink.cache
Also some cleanup of tab indentation
commit 2fbc9012f4a92a0aae9417b87dc2625a24fc8351
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 10:31:16 2013 -0400
pluto: Add and clarify ipsec status
Added:
- config setup options (natt, retransmits, uniqueids, nhelpers, etc)
- compile time paths (config, ipsecd, secrets, sbin, lib and libexec dirs)
- FIPS and SElinux status
Clarify:
- Added some spacers and headers to clearly mark the different sections
For some of this, plutomain's main() variables had to be pulled from main
and become a static global in plutomain.c. We also had to store some new
variables, that before we only read from optarg and did not remember at all.
commit d7cb94f97d26fd42f440c6653c89bd3db51a3fb8
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 10:30:54 2013 -0400
updated CHANGES
commit 7c4c80b977e586727261837cc274ed9693058cdc
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 10:25:19 2013 -0400
FIPS: Remove hardcoded /usr/libexec/ipsec path, use IPSEC_EXECDIR
Now that the makefile passes -DIPSEC_EXECDIR, we can use that to
properly determine the path for our helper programs that need to
be FIPS checked.
commit 97c9090f15d8416e3e175a52f6a88ba8449905ed
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 10:05:38 2013 -0400
building: Pass some variables to make using -D so programs/pluto can use it
Specifically: IPSEC_SBINDIR, IPSEC_LIBDIR and IPSEC_EXECDIR
This allows us to print their locations in "ipsec status", and will
also remove the need for the FIPS check to use hardcoded paths in
plutomain.c
commit c33c779cab608cd92580ea64be9de5e6661470d4
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 10:02:47 2013 -0400
building: Cleanup Makefile.inc
Allow more variables to be overridden by the user, by specifying these
as "?=" instead of "="
Removed obsoleted and unused variables: RPMKERNDIR,RPMTMPDIR,RPMDEST,
RPMBUILD and RH_KERNELSRC.
commit cbc30f8d279a8ad9236b16a286f518155d809364
Merge: 69f465b ed726b8
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 09:19:15 2013 -0400
Merge branch 'master' into matt-testing
commit ed726b84bd99fb221c1982decd47800bd3c16002
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 09:17:35 2013 -0400
updated changes
commit 84be9faa77bf1fefeb78da88217ee80791f198b9
Author: David McCullough <ucdevel at gmail.com>
Date: Fri Jun 21 09:15:44 2013 -0400
KLIPS: pointer can look valid during free process
Its possible that a pointer looks valid for a while during
the free process even though it isn't. I think this was submitted
to me but I have lost the source (sorry).
commit 60b1f63909d55abc04a774b8dc540790458b91b9
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 09:14:16 2013 -0400
KLIPS: fixup of proc entries for 3.9+ kernels by David
commit bd21eb290881e12dc91ae3552b52dadf332810f0
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri Jun 21 09:10:56 2013 -0400
KLIPS: kernels > 3.4 need udp_encap_enable()
Patch by David
commit a320456652429c4335ea5f17ae47e82079cfe8d4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 20:03:16 2013 -0400
testing: Removed ikev2-12-no-nhelpers and updated ikev2-no-nhelpers-01
commit 4c39e587f2626d00b341ce510776ac17ac9736c4
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 19:59:35 2013 -0400
testing: Remove workaround for nhelpers for ikev2-03-basic-rawrsa
commit 69f465b1d0d2f5f97a131d7f5243c8d4b21cbf2c
Merge: 678dda1 7889a36
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 19:19:42 2013 -0400
Merge branch 'master' into matt-testing
commit 7889a366ba2f23b37fde1ad422b31d4a71c1ecca
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 19:11:24 2013 -0400
fix commit anomaly in 20fff025f920ac71ec763fb7f755daf063f446ca
commit 678dda194b4b3b61171f19181970ed9bea6917de
Merge: fd34201 20fff02
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 19:03:00 2013 -0400
Merge branch 'master' into matt-testing
commit 20fff025f920ac71ec763fb7f755daf063f446ca
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 18:53:52 2013 -0400
pluto: Simplify Pluto_IsFIPS()
Change Pluto_IsFIPS() to work similarly to Pluto_IsSElinux() by returning
an int with 0,1,2 (disabled,enabled,error).
Don't log when Pluto_IsFIPS() is called in the regular (0,1) case, let
the caller log. As Pluto_IsFIPS() was called twice, we ended up with
two log messages about FIPS being enabled.
We still call it twice, as I am not sure if FIPS would allow me to store
the results of a "fips check" in a local variable.
commit c101361387fb0852800f87453eaa9868c67e418f
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 18:35:32 2013 -0400
libswan: Added Pluto_IsSElinux()
Added int Pluto_IsSElinux(void) which can be used for "ipsec status"
to show whether or not the system is running in SElinux enforcing
mode or not. Currently returns:
/* 0 disabled
* 1 enabled
* 2 indeterminate
*/
commit 40f6f7788301c8fa33af0f3bec1facee927605a1
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 18:34:27 2013 -0400
pluto: Change db_ops_show_status() to return void.
The only caller for it did not use the return type, which was always
0 anyway.
commit 666c487820f6573ec6e73b5753c5f0dd13c70cb4
Merge: 970ad80 548c206
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 18:32:17 2013 -0400
Merge branch 'master' of vault.libreswan.fi:/srv/src/libreswan
commit 970ad80122874c419f75f871ed4462a38dead31b
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 18:30:25 2013 -0400
updated changes
commit e6b2e65ccbbba175b294b709bd284ec0112ca9f9
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 18:20:08 2013 -0400
pluto: nhelpers= does not default to -1 (lsbz#126)
If pluto was started using --config /etc/ipsec.conf, we would read the
nhelpers= line from "config setup". If that line was not specified, we
defaulted to 0. When not using --config, we defaulted to -1.
ipsecconf_default_values() now sets nhelpers to -1, so that when --config
is used without an nhelpers= line, we do the right thing.
(related: currently we cannot specify "-1")
commit 548c206522385646d011949ab43efd148872ca52
Author: Paul Wouters <pwouters at redhat.com>
Date: Thu Jun 20 13:07:45 2013 -0400
testing: use OBJDIR=/tmp/lsw_build to speedup userland compile
Using tmpfs is much faster inside the VMs then using the real disk.
Even using ccache, the second run is slower then compiling from
scratch in /tmp, so we also remove ccache from the packate install list.
More information about the Swan-commit
mailing list