usr/lib/ipsec/plugins/libstrongswan-padlock.so
+usr/lib/ipsec/plugins/libstrongswan-rdrand.so
usr/lib/ipsec/plugins/libstrongswan-socket-default.so
usr/lib/ipsec/plugins/libstrongswan-sshkey.so
usr/lib/ipsec/plugins/libstrongswan-stroke.so
+usr/lib/ipsec/plugins/libstrongswan-unity.so
usr/lib/ipsec/plugins/libstrongswan-updown.so
usr/lib/ipsec/plugins/libstrongswan-x509.so
usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
include Config
-VER = 3.10.18
+VER = 3.10.19
RPI_PATCHES = linux-3.10.10-c1af7c6
-GRS_PATCHES = grsecurity-2.9.1-3.10.18-ipfire1.patch.xz
+GRS_PATCHES = grsecurity-2.9.1-3.10.19-ipfire1.patch.xz
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
rpi-patches-$(RPI_PATCHES).patch.xz = $(URL_IPFIRE)/rpi-patches-$(RPI_PATCHES).patch.xz
$(GRS_PATCHES) = $(URL_IPFIRE)/$(GRS_PATCHES)
-$(DL_FILE)_MD5 = e091753da622788cfd662dd67c2f9b48
+$(DL_FILE)_MD5 = 1d4f243e49c63129415b9bc05ec9e4d3
rpi-patches-$(RPI_PATCHES).patch.xz_MD5 = ef9274b3ff5d05daaaa4bdbe86ad00fc
-$(GRS_PATCHES)_MD5 = 3faeda10c223473e386b79b16b087858
+$(GRS_PATCHES)_MD5 = 9dae5a6cb22521cd2c714ffaeaac031e
install : $(TARGET)
include Config
-VER = 3.6.19
+VER = 3.6.20
THISAPP = samba-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = samba
-PAK_VER = 53
+PAK_VER = 54
DEPS = "cups"
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = afe9c7c590f3093555cd6e870d2532e1
+$(DL_FILE)_MD5 = 3f1b60c681845ce6828a1abe5aacf671
install : $(TARGET)
include Config
-VER = 5.1.1dr4
+VER = 5.1.1
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
TARGET = $(DIR_INFO)/$(THISAPP)
ifeq "$(MACHINE)" "i586"
- PADLOCK = --enable-padlock
+ CONFIGURE_OPTIONS = \
+ --enable-padlock \
+ --enable-rdrand
else
- PADLOCK = --disable-padlock
+ CONFIGURE_OPTIONS = \
+ --disable-padlock \
+ --disable-rdrand
endif
###############################################################################
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 05899faa9b8a8f253474af809b283ef9
+$(DL_FILE)_MD5 = e3af3d493d22286be3cd794533a8966a
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.1-delay-dpd.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
cd $(DIR_APP) && ./configure \
--enable-eap-peap \
--enable-eap-mschapv2 \
--enable-eap-identity \
- $(PADLOCK)
+ --enable-unity \
+ $(CONFIGURE_OPTIONS)
- cd $(DIR_APP) && make $(MAKETUNING) LDFLAGS="-lrt"
+ cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
# Remove all library files we don't want or need.
--- /dev/null
+From b76e96e2ef4d56c863b36c8d3c39e3c2efcf4a7c Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin@revosec.ch>
+Date: Fri, 1 Nov 2013 11:28:53 +0100
+Subject: [PATCH] ike: Don't immediately DPD after deferred DELETEs following IKE_SA rekeying
+
+Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
+is perfectly valid. For short(er) DPD delays, this leads to the situation where
+we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
+Avoid that DPD by resetting the INBOUND timestamp during set_state().
+---
+ src/libcharon/sa/ike_sa.c | 8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
+index 0282087..d482f8b 100644
+--- a/src/libcharon/sa/ike_sa.c
++++ b/src/libcharon/sa/ike_sa.c
+@@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void,
+ DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t);
+ }
+ trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg);
++ if (trigger_dpd)
++ {
++ /* Some peers delay the DELETE after rekeying an IKE_SA.
++ * If this delay is longer than our DPD delay, we would
++ * send a DPD request here. The IKE_SA is not ready to do
++ * so yet, so prevent that. */
++ this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED];
++ }
+ }
+ break;
+ }
+--
+1.7.4.1
+