[Swan-commit] Changes to ref refs/heads/master

2019-10-16 Thread Paul Wouters
New commits:
commit b3203a5cb9985e28e3754238cb30f00b876faa6c
Author: Paul Wouters 
Date:   Wed Oct 16 10:44:27 2019 -0400

building: Don't enable USE_LABELED_IPSEC for all Linux builds

In 3.23 it was accidentally enabled for all linux builds, but not
all linux distributions use/support selinux, and people had to
manually disable it.

It is enabled by default if compiled on fedora (unless explicitly
disabled)

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-15 Thread Andrew Cagney
New commits:
commit 5268c79cb1351968bba66a276800417fe2d3044b
Author: Andrew Cagney 
Date:   Tue Oct 8 14:26:44 2019 -0400

hash-table: change the hash key() method to a more typical hasher() method 
that returns hash_t

Eliminate need to duplicate the data being hashed as a key, instead
have the hasher() function feed it piece meal into a primitive (such as
was done by hostpair).  Abuse 'typedef struct' so that all code is
strongly encouraged to use hash_t.hash and, hence, a consistently
sized hash value.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-15 Thread Antony Antony
New commits:
commit e15500d76959c5c3c4526b25fc1ef1c454c58925
Author: Antony Antony 
Date:   Tue Oct 15 11:17:50 2019 +

building: fixes to install-rpm-build-dep generic for fedora and CentOS8

commit 5ea33b9df297cba9d226fb4a23c166c0098b00f9
Author: Antony Antony 
Date:   Tue Oct 15 08:09:49 2019 +

testing: travis sudo is not available during docker build:

commit 6984671b5f074c971a9175f6c48615e15124e65f
Author: Antony Antony 
Date:   Mon Oct 14 20:43:25 2019 +

testing: ipcheck add more cases and use range_size() for addresspools

commit 2cae9b4c787083d41a66c6c0c6f9414c69cfaded
Author: Antony Antony 
Date:   Mon Oct 14 11:42:15 2019 +

addresspool: fixes to move size from ip_range to ip_pool

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-13 Thread Andrew Cagney
New commits:
commit aa6db07328f25200219825917dbd6e9c5179d7c7
Author: Andrew Cagney 
Date:   Mon Oct 7 19:54:22 2019 -0400

enumcheck: cleanups

- lswlog_*()->jam_*()
- don't use LSWLOG_FILE()
- don't use LSWBUF
- use hunk_streq()
- don't assume a .array field in jambuf_t

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-13 Thread Andrew Cagney
New commits:
commit 7590b818537876b865d2f9ab78aba271221a904f
Author: Andrew Cagney 
Date:   Wed Oct 9 12:00:41 2019 -0400

packets: treat the contents if an input-pbs as read-only

hence, replace same_in_pbs_left_as_chunk() with pbs_in_left_as_shunk,
et.al.

Since NSS doesn't do const it ends up needing a cast.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-13 Thread Andrew Cagney
New commits:
commit d9801bec9862ce1f247898d8f8d805c6c70f649b
Author: Andrew Cagney 
Date:   Sun Oct 13 21:35:53 2019 -0400

kvm: kvm-{diffs,check}-modified -> kvm-modified-{diffs,check,results}

more consistent and complete

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-13 Thread Andrew Cagney
New commits:
commit 2409d61a48c07d2c581f71da5dd43e1f11a92491
Author: Andrew Cagney 
Date:   Sun Oct 13 10:44:47 2019 -0400

ip: set ESP delete said using esp field

Cut paste typo on 847821ca52b0073e33d1b8614d971064fd5514ac.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-12 Thread Antony Antony
New commits:
commit 466b646ac1d3411311945b59ad84022601b7938c
Merge: d7eea0e 12ed30b
Author: Antony Antony 
Date:   Sat Oct 12 18:57:37 2019 +

Merge branch 'addresspool6'

more fixes, ranage checks and ip check fixes

commit 12ed30bb8fa51ef0d12dfeed24f3413c7e5ece35
Author: Antony Antony 
Date:   Sat Oct 12 18:47:21 2019 +

testing: minor changes to reference output could be due to transients

commit 45e075bf4af71af44d1e20a798640ac54e805e25
Author: Antony Antony 
Date:   Sat Oct 12 14:55:10 2019 +

pluto: addresspool IPv6 fixes

allow bigger ranges to parse, and truncate to 4B - 1

commit adca5e2143849a60703b099f2fccde50c1efa910
Author: Antony Antony 
Date:   Sat Oct 12 14:50:43 2019 +

ip: range_check add more IPv6 tests

use r->size in the struct ip_range

commit fd040bfb65b6f75f8ae904fbdd64a060ba97051b
Author: Antony Antony 
Date:   Sat Oct 12 14:49:32 2019 +

ip: address use address_type to check v4

commit c1870b66d0f9ac51bc326b0bb1457196492e3bfe
Author: Antony Antony 
Date:   Sat Oct 12 14:47:48 2019 +

ip: ttorange() fixes

flexible handling of IPv6 range.
jam_range() can print an IPv6 subnet or a range with - in it.
.size if part of struct ip_range

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-12 Thread Andrew Cagney
New commits:
commit d7eea0edd5cede40ec412fa34c5c2757c169b59c
Author: Andrew Cagney 
Date:   Fri Oct 11 00:24:09 2019 -0400

address pool: reduce complexity from O(#LEASES) to O(1)

Leases were being stored as a linked list.  In the case of reusable
(nee sharable) leases that list could grow until there was an entry
for every possible address.  Think about 10.0.0.0/8.

This patch replaces the list with an array that grows on demand:

- the operation LEASE.ADDRESS->LEASE is O(1)

- the array grows simply doubling it size (0 1 2 4 ...): no
  preallocation magic to test

- lists et.al. get implemented using offsets (array moves): there are
  some pretty ugly macros dealing with this :-(

- the free list is double linked: single-use leases are prepended;
  reusable leases are appended (so they get recovered in FIFO order);
  only when the free list is totally exhausted will the lease array
  grow

- the operation ID->LEASE uses an O(1) hash table implemented on top
  of the leases array: when the array grows the hash table is rebuilt

- the reusable leases unique IDs are stored as strings

- the code that tried to mix in the xauth e-mail address isn't enabled
  as, seamingly, it wasn't doing anything other than changing a log

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-12 Thread Andrew Cagney
New commits:
commit 134558c23cdaabf9de91642774fd3585a929b21b
Merge: 3741850 d0b011f
Author: Andrew Cagney 
Date:   Sat Oct 12 08:45:30 2019 -0400

ip: ip_said cleanups

- change type of .proto to ip_protocol; fix bug where wrong value was
  being stuffed into field (lucky other end expected that)

- use str_said() et.al.; simplfy code accumulating ip_saids in a buffer

Merge commit 'd0b011ffd007ab9c7523e5a878824510eaba62f2'

commit 3741850dce1c4cc5b4ac22bbdfeaa09a5d00e157
Author: Andrew Cagney 
Date:   Sat Oct 12 08:44:13 2019 -0400

kvm: add missing slash in 'make kvm-results' target

Follow-up b605ccfa5a65a95e2873dd6b29366a6c6654b3cc.

commit d0b011ffd007ab9c7523e5a878824510eaba62f2
Author: Andrew Cagney 
Date:   Fri Oct 4 13:20:14 2019 -0400

ip: change ip_said .proto's type to ip_protocol, update

commit 344df95645fff8baabe101675b6dcded3b54cd4e
Author: Andrew Cagney 
Date:   Wed Aug 21 17:05:07 2019 -0400

ip: use str_said() and jam_said()

commit 847821ca52b0073e33d1b8614d971064fd5514ac
Author: Andrew Cagney 
Date:   Thu Oct 10 17:35:49 2019 -0400

ip: don't initialize ip_said's field-by-field

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-12 Thread Antony Antony
New commits:
commit e1e68ec8ba22556ae358a8bb24b64bb8aea2f281
Author: Antony Antony 
Date:   Sat Oct 12 09:21:21 2019 +

ip: ip_range_check ipv6 ranges as subnets

commit 7a31a752e1a26a64d389b0168d0069646155fd23
Author: Antony Antony 
Date:   Sat Oct 12 09:19:55 2019 +

ip: ttorange() fixes to allow ipv6 ranges too

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit 2a079f95b0a744a3a1b2cde14aec02a787c34a96
Author: Andrew Cagney 
Date:   Fri Oct 11 21:32:04 2019 -0400

kvmrunner: add --exit-ok, so that the failure exit status can be suppressed

For instance when generating json it isn't useful.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit 4b2a4b8b4f4e14f835e4104b05e0deda0091000e
Author: Andrew Cagney 
Date:   Fri Oct 11 20:45:18 2019 -0400

kvm: decode matched binary text before trying to convert it

more UTF-8 fallout

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit ff2ce1c699cd4d231bc631f405cb2ecbf16b086c
Author: Andrew Cagney 
Date:   Fri Oct 11 17:57:47 2019 -0400

testing: sanitize 'expiring in 23 hours' to 'expiring in X days'

(why I'm getting 23 hours I don't know - the certs are all new)

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit d1a9a1ec80ea67df14d1e4a3c547c1df02751b3f
Author: Andrew Cagney 
Date:   Fri Oct 11 14:06:24 2019 -0400

dnsoe: sanitize the DNS QUESTION string, update tests

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit f767aac44dd51014051de3c0f5430e3cd3889af6
Author: Andrew Cagney 
Date:   Fri Oct 11 12:53:48 2019 -0400

testing: sanitize the escape character ^] - \035 GS (group separator) - in 
audit logs

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit 9d60bed445a21b1b92fb365bd66382b7453fb636
Author: Andrew Cagney 
Date:   Fri Oct 11 12:47:22 2019 -0400

testing: detect control characters in sanitized console output

Like 7189803e460f89d8ffd8d5a682c362fabb9f16eb but more
forgiving

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit 7189803e460f89d8ffd8d5a682c362fabb9f16eb
Author: Andrew Cagney 
Date:   Fri Oct 11 12:19:19 2019 -0400

testing: check for control characters in the log file - ISCNTRL

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Andrew Cagney
New commits:
commit 0f502f95a510965b860d8ae5cb209acec1b2570a
Author: Andrew Cagney 
Date:   Wed Oct 9 12:00:13 2019 -0400

memory: shunk_eq() -> hunk_eq() et.al. - so it can be used on chunks

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Antony Antony
New commits:
commit 11e0384ff6e90e2023ead6500bbc1fb883548aa1
Author: Antony Antony 
Date:   Fri Oct 11 12:26:16 2019 +

testing: bump the default travis build to F30

commit 6c8de9ec35759384749e1f58806ce8c571345e4b
Author: Antony Antony 
Date:   Fri Oct 11 12:25:23 2019 +

addresspool: fix unitialized use. Followup of 63d1c99cee

noticed on travis builds

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-11 Thread Antony Antony
New commits:
commit c292bc1fcc71e0bee0586f46a1e276058290f532
Merge: 885156f cdc57cb
Author: Antony Antony 
Date:   Fri Oct 11 11:28:30 2019 +

Merge branch 'addrsspool6'

This is mostly server support for IPv6 addrsspool
client support is partial, it need updown script support for v6.
an example of server side config

conn east
left=%any
right=2001:db8:1:2::23
leftid=%any
rightid=@east
leftaddresspool=2001:db8:0:3:1::/97
rightsubnet=2001:db8:0:2::/64
narrowing=yes
hostaddrfamily=ipv6
clientaddrfamily=ipv6

ERROR on Client after the connection come up, missing source address and 
route
missing support for up-client-v6 addsource()
ping6 -c 2 -w 5 -I 2001:db8:0:3:1::0 2001:db8:0:2::254
ping: bind icmp socket: Cannot assign requested address

commit cdc57cba0810c42b46ed1f908cb1502787ab71b8
Author: Antony Antony 
Date:   Wed Oct 9 16:45:41 2019 +

testing: addresspool6 tests

commit 63d1c99cee360fa1b39fc68e4d21f334fb484eab
Author: Antony Antony 
Date:   Thu Oct 10 09:13:54 2019 +

addresspool: initial support for IPv6 addresspool

allow ipv6 addresspool
conn v6pool
leftaddresspool=2001:db8:0:3:1::/97

 * pool range is specified as subnet
 * allowed prefix length /96 to /128
 * /96 accepted with a WARNING, truncate pool size to 2^32-1, one less than 
4B
 * IKEv2 only support initially.
 * as a client updown do not support up-client-v6 ie. addsource() is not 
called

commit fe4b2b29aabc8d0494f1b4c5358931fa66068e71
Author: Antony Antony 
Date:   Thu Oct 10 09:13:07 2019 +

ip: ttorange allow ipv6 also

only allow prefix length /96 - /128

commit 53aab68ddf8fce2621b18feca55354ca753ccdee
Author: Antony Antony 
Date:   Thu Oct 10 09:11:45 2019 +

ip: address ntohl_address return bytes 12-16 uint32_t for IPv6

IPv6 use the last 32 bits as index for addresspool.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit 885156f0859abe6ef5dbcbd07905b975743a0a1a
Author: Andrew Cagney 
Date:   Fri Oct 11 00:53:15 2019 -0400

kvm: save diffs with b"\n", not rb"\n" as line break

Follow-up e9273420587c5f6707d2d900c4d22eedc87a3031.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit b8caf95701c32d2cdd3c9531b4684532df2fa133
Author: Andrew Cagney 
Date:   Fri Oct 11 00:34:10 2019 -0400

kvm: fix --print diffs

follow-up e9273420587c5f6707d2d900c4d22eedc87a3031.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit 9f062de07193bb3a62f0605cb1cce948d94e05fe
Author: Andrew Cagney 
Date:   Fri Oct 11 00:10:29 2019 -0400

memory: add resize_things()

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit e9273420587c5f6707d2d900c4d22eedc87a3031
Author: Andrew Cagney 
Date:   Thu Oct 10 23:33:27 2019 -0400

kvm: grep for problems in log files using a byte-stream, not utf-8

So that things don't barf when garbage looks like broken utf-8.
Should add a pattern to check for garbage.

commit 3880350660b1f2f5917978d74bb1ac5d5aed90d2
Author: Andrew Cagney 
Date:   Thu May 2 09:46:43 2019 -0400

kvm: split file contents cache off from grepping code

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit 65b44f23489bdeaf17f83afbc6a21cf172cedb1c
Author: Andrew Cagney 
Date:   Thu Oct 10 23:25:52 2019 -0400

x509: encode an ECDSA's private key's public keyid as text not binary

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Paul Wouters
New commits:
commit f78f7e694e00783a7d2e0598d96dedc92d7d01b7
Author: Paul Wouters 
Date:   Thu Oct 10 21:01:49 2019 -0400

documentation: updated CHANGES

commit 7353b10f0ad2f6f133dcccb19ee5fa51d4083420
Author: Paul Wouters 
Date:   Thu Oct 10 21:00:28 2019 -0400

testing: add addconn-04 to TESTLIST

commit ab9d737039cf75f9649576ae46127b688a3ee2e9
Author: Paul Wouters 
Date:   Thu Oct 10 21:00:06 2019 -0400

testing: add addconn-4

commit 8d4acad27bc98db8361fe285135c60c45b647158
Author: Paul Wouters 
Date:   Thu Oct 10 20:30:49 2019 -0400

pluto: pass --config option from pluto to forked addconn

Otherwise the addconn that is started by pluto will use the
compiled in default /etc/ipsec.conf and not pick up the same
config as pluto was started with.

Also, store this properly for displaying in ipsec status, as
the libipsecconf parser inside pluto isn't updated with this
non-standard config file location.

This is rhbz#1760633

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit 083fab3c088ac5ca7c4d2a571c4b4ea357fe0ebd
Author: Andrew Cagney 
Date:   Thu Oct 10 18:42:48 2019 -0400

ipcheck: test ttosa("unk77.9@1.2.3.4"); expect an error

Where "unk77.9@1.2.3.4" is returned by satot() when passed
the hand crafted ip_said:

  (ip_said) {.proto=77,.spi=9,.dst=1.2.3.4)

Since ttosa() refuses to parse the above, and all other code
paths use constant protocol values, it shouldn't be possible
for the above to appear in pluto.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit 08a13b73653eae3d5f1a55477950a23a305e8e50
Author: Andrew Cagney 
Date:   Thu Oct 10 16:20:48 2019 -0400

ip: fix satot()'s unk77.9@1.2.3.4 output

Follow-up de99fb5c3ed6554ab156de4b09ff9bdf7601ce97.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit c2e4b3af6801d4afe88b487653d18082e0573e3a
Author: Andrew Cagney 
Date:   Thu Oct 10 16:07:59 2019 -0400

ipcheck: use where_t - avoid absolute paths in names

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit b579747f5cb85fa6c7081843c534b526f73a2c94
Author: Andrew Cagney 
Date:   Thu Oct 10 10:11:15 2019 -0400

memory: clone_chunk() -> clone_hunk() - so that it also works with 
read-only shunks

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit 163714345bbfe9533960afeb63eea6532dd8f9bb
Merge: de99fb5 c4cc832
Author: Andrew Cagney 
Date:   Thu Oct 10 09:21:25 2019 -0400

logging: eliminate sanitize_string()

Remove it from the debug-log path: id/dn should no longer leak control
characters.  Merge it into cisco_stringify() (the function's a mess).

Merge commit 'c4cc8322aaa4fe98a1f26ca3acc987fdfa09f113'

commit c4cc8322aaa4fe98a1f26ca3acc987fdfa09f113
Author: Andrew Cagney 
Date:   Wed Oct 9 11:04:54 2019 -0400

loging: delete sanitze_string(), no longer used

commit 469a892783906f054956c16da8aa6b30ea7d5678
Author: Andrew Cagney 
Date:   Wed Oct 9 11:01:39 2019 -0400

logging: don't sanitize debug log output

commit fca05db52987a2782041c1335262dc052a350a8c
Author: Andrew Cagney 
Date:   Wed Oct 9 11:02:02 2019 -0400

demux: merge sanitize_string() into cisco_stringify()

Result makes it clear that what gets sanitized how is pretty
arbitrary.  Let jambuf deal with overflow.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit de99fb5c3ed6554ab156de4b09ff9bdf7601ce97
Author: Andrew Cagney 
Date:   Wed Oct 9 22:23:45 2019 -0400

ip: add ip_protocol - ICMP, ESP, AH, ...; use when converting to/from 
ip_said text

Also notice how there's SA_* and ET_* both defining the same values
(and if you look carefully, code instead using the IKEv1 protocol
values)

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-10 Thread Andrew Cagney
New commits:
commit 3d785936e4e21120714302e67e8342b578c80084
Author: Andrew Cagney 
Date:   Mon Oct 7 13:04:01 2019 -0400

x509: replace idtoa() and dntoa() with calls to str_{id,dn}()

Since the underlying jam_dn()'s output is:
- printable ASCII
- rfc4514 compliant
- NSS's CERT_AsciiToName() friendly
- atodn() parsable
- directly loggable (no sanitize required)
the old routines aren't necessary

Also in str_{id,dn}() pass in jam_raw_bytes() instead of
jam_sanitized_bytes() - the output is already ASCII.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread Andrew Cagney
New commits:
commit 5fd2b1873918b42c49c18c25dfff94c92b01bbad
Author: Andrew Cagney 
Date:   Wed Oct 9 09:30:05 2019 -0400

logging: merge jam_raw_bytes() and the static function concat()

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread Paul Wouters
New commits:
commit cd4894f836c69896b7221ea6e6343f92b9f4f75e
Author: Paul Wouters 
Date:   Wed Oct 9 21:52:58 2019 -0400

tesing: for f30.mk use python3-libs not python-libs

It is the same package but in centos8 python-libs does not exist

commit 928668ba6ef9d6985d8e7c3bc2ac1b9cfe66ef22
Author: Paul Wouters 
Date:   Wed Oct 9 21:26:18 2019 -0400

testing: in f30.mk use /usr/sbin/dnssec-signzone instead of package name

Because between fedora versions and rhel/centos versions, the binary
appears in a different package (bind-dnssec-utls vs bind-utils)

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread Andrew Cagney
New commits:
commit 0e4b3ea9ce56c10b952afd923403de9fd59bd606
Author: Andrew Cagney 
Date:   Wed Oct 2 12:56:49 2019 -0400

ip: addrtypeof(said->dst) -> said_type(said)

don't assume ip_said's internals

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread Paul Wouters
New commits:
commit fc9059285ecd6d7e8cb03d329d11a9ce80dddecc
Author: Paul Wouters 
Date:   Wed Oct 9 21:09:49 2019 -0400

building: enable PowerTools repo for CentOS8

This is where some required -devel packages are located

This is used for "make install-testing-rpm-dep" and "make 
install-rpm-run-dep"

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread D. Hugh Redelmeier
New commits:
commit feabbb1290cc796eabcd49f1e4b379d7d565dc83
Author: D. Hugh Redelmeier 
Date:   Wed Oct 9 16:05:21 2019 -0400

pluto: nss_cert_verify.c: don't spell when drunk

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread D. Hugh Redelmeier
New commits:
commit 1d22c5a11acfbee75f996c2a750677109c0362ab
Author: D. Hugh Redelmeier 
Date:   Wed Oct 9 15:55:26 2019 -0400

testing: check/ip/ipcheck.h fix spelling and grammatical error

Note: none of these messages shows up in a test reference log so I
guess that the testing isn't comprehensive.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread D. Hugh Redelmeier
New commits:
commit 1d583d0dca8ca2c33ffc41262466d410a0e60a10
Author: D. Hugh Redelmeier 
Date:   Wed Oct 9 15:49:54 2019 -0400

lib/libswan/x509dn.c: tiny tidy

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread Andrew Cagney
New commits:
commit 20fb8f0153a61a8788be8eba9a88443c10c407fc
Author: Andrew Cagney 
Date:   Sat Oct 5 14:01:47 2019 -0400

ip: shuffle ISAKMP_V[12]_FRAG_MAXLEN_IPV[46] macros into ip_info, use

Use the state's remote-end rather than the connection's addr_family
to select the IP version - fragment based on what is not what might
be.

(ignore long standing issue where should_fragment_ike_msg() is using
IKEv1's fragement size but is called from IKEv2).

commit fdb796923ca1c365f9fc70aed8e3c8012bf66b26
Author: Andrew Cagney 
Date:   Tue Oct 8 12:38:27 2019 -0400

ip: make subnet() static

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-09 Thread Andrew Cagney
New commits:
commit 933ae8d9db1d7f571490926a9bea28e4f67f7004
Author: Andrew Cagney 
Date:   Mon Oct 7 19:50:31 2019 -0400

shunk_t: add shunk_streq() and shunk_span(), test

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-08 Thread Andrew Cagney
New commits:
commit 769325acad8f79f38e258454ccf0f55731cd6a88
Author: Andrew Cagney 
Date:   Tue Oct 8 10:13:34 2019 -0400

logging: eliminate jambuf_as_chunk()

Follow-up 94a8680d501154f4a85b6219094e8f5ef3d31b4d which eliminated
a long standing hack where the jambuf was being scribbled on.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-08 Thread Andrew Cagney
New commits:
commit 01645da0375e45378ccad1e5a072b88182831846
Author: Andrew Cagney 
Date:   Tue Oct 8 17:50:22 2019 -0400

testing: add make to f30's install list

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-08 Thread Andrew Cagney
New commits:
commit e212da7a063920bafa236bd5be3eb8994ece60c2
Author: Andrew Cagney 
Date:   Mon Oct 7 21:15:06 2019 -0400

ip: turn addrtosubnet() into a wrapper that takes an endpoint

Since the code expects to set the subnet's port (could be zero) as a
side effect of copying the first parameter (which contains an embedded
port) into subnet.addr (remember, historically, this was all
implemented using a sockaddr and that has an embedded port).

Implement using subnet_from_{address,endpoint}().  Debug-log all calls
- who knew pluto created the subnet HOST_IP:8 when an acquire was
triggered by a ping packet.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-07 Thread Andrew Cagney
New commits:
commit 201db468ec56df5774532be549c77b43242b066f
Author: Andrew Cagney 
Date:   Mon Oct 7 14:13:03 2019 -0400

logging: delete LSWLOG_STRING(), unused

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-07 Thread Andrew Cagney
New commits:
commit b71a8fa6091a5f4f96f94f32fa0f5679f5a880dd
Author: Andrew Cagney 
Date:   Mon Oct 7 11:56:06 2019 -0400

testing: in check-01, run dncheck not idcheck

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-07 Thread Andrew Cagney
New commits:
commit 98657ce47748c312ac17902f0701b9d017f82504
Author: Andrew Cagney 
Date:   Sun Oct 6 14:35:04 2019 -0400

connections: delete .tunnel_addr_family, never read

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-06 Thread Andrew Cagney
New commits:
commit 886c7ad4dd62992ec2ff315099c386e43870216b
Author: Andrew Cagney 
Date:   Mon Sep 9 17:10:42 2019 -0400

ip: eliminate init_ip_info() - no longer needed

See 90de7bbda2d4867bb3e2354001cf80f1168e57a8.

commit 39e2c4d74d86ab04d4146fb3eac163ecc273f036
Author: Andrew Cagney 
Date:   Fri Oct 4 07:40:07 2019 -0400

spi spigrp: life support

- change type of 'af' from int to ip_info*
- change address_family to ip_info*
- use jam_said()
- use said_type()
- use domain_to_address()
- explicitly force port to zero when emitting PFKEY address

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-05 Thread Andrew Cagney
New commits:
commit 3a360f453223af84a13c4e906fc1c3b412fe89fc
Author: Andrew Cagney 
Date:   Thu Oct 3 11:05:07 2019 -0400

eroute: change said_af's type from int to const struct ip_info*

- use said_{address,type}() to get ip_info
- use domain_to_address(ip_info) to do lookups

commit d94195888ea1f80f5580123f144372b87ed3969e
Author: Andrew Cagney 
Date:   Wed Oct 2 12:34:51 2019 -0400

ip: add ttoaddr() variants that take 'ip_info*type' instead of 'int af'

- eliminate need for dangerous dereference in ttoaddr(_type(ip)->af)
- name them {domain,numeric}_to_address() so that the version that
  could do a DNS lookup is less obscure
- instead of fuzzy srclen==0 logic, pass the string as a shunk_t
- always set the result parameter to something

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-04 Thread Andrew Cagney
New commits:
commit f8fd9daaf72d21161ec6082a3d3b00947027aa95
Author: Andrew Cagney 
Date:   Mon Sep 30 13:08:00 2019 -0400

dncheck: test x509 / rfc4514 code, fix bugs

in jam_raw_dn(nss_compatible):

- if the OID is unknown, emit N.M.O.P and not 0xXXX
- if the OID is unknown, dump the value's BER as #HEX
- escape '"', '+', ',', ';', '<', '>', or '\' using \CHAR
- escape non-printable ascii using \XX
- escape leading ' ' using \CHAR (same for '#' but ...)
- work around NSS bug by dumping value with leading # as #BER
- work around NSS bug by escaping '#' and '='

which means the text should always be ascii; also hack up atodn() so
that it doesn't toally barf on the above; could do with tests with
bad input.

Also and note about ,, and // hacks to atodn() - came in via
RHBZ#868987; see 9a2ce7936885775ba0f134f200469f34034429ca and
b918a5176a09b558af50518f19f39e69e9b54c19.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-04 Thread Andrew Cagney
New commits:
commit 6494d0ccbeec886eb05136e5e5d19969bf6abcc9
Author: Andrew Cagney 
Date:   Fri Oct 4 14:07:48 2019 -0400

ip: restore .mask_cnt = 128

Merge botch in f8ef456c439c51e06ac4b81238bc2d6fa50e9785.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-04 Thread Tuomo Soini
New commits:
commit 92bd2e94d01733568be946381926826d8424671a
Author: Tuomo Soini 
Date:   Fri Oct 4 19:44:53 2019 +0300

Revert "Makefile: fix "make rpm" target to work with 
VERSION_ADD_GIT_DIRTY=true"

This reverts commit f29db848b6127a976063b5084a57cc4345a3c6c5.

This didn't fix the actual problem which is that tarball is created with
git archive which doesn't include local changes. So it is better break when
tree is dirty.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-04 Thread Tuomo Soini
New commits:
commit f29db848b6127a976063b5084a57cc4345a3c6c5
Author: Tuomo Soini 
Date:   Fri Oct 4 17:17:47 2019 +0300

Makefile: fix "make rpm" target to work with VERSION_ADD_GIT_DIRTY=true

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-04 Thread Andrew Cagney
New commits:
commit 25880e53d1d63154ea9633464476e80cbdf3246d
Author: Andrew Cagney 
Date:   Thu Oct 3 21:38:08 2019 -0400

ip: add said_addresss()

and more notes

commit f8ef456c439c51e06ac4b81238bc2d6fa50e9785
Author: Andrew Cagney 
Date:   Thu Oct 3 11:04:13 2019 -0400

ip_info: add .any_endpoint for [::]:0 or 0.0.0.0:0, test

commit b4ec1a031c8dd24cf901311890253dea49bb441a
Author: Andrew Cagney 
Date:   Thu Oct 3 11:04:50 2019 -0400

ipcheck: move CHECK_ADDRESS() to ipcheck.h header so it can be shared

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-03 Thread Andrew Cagney
New commits:
commit 90de7bbda2d4867bb3e2354001cf80f1168e57a8
Author: Andrew Cagney 
Date:   Wed Oct 2 13:22:27 2019 -0400

ip_info: use static initializers to construct well known addresses

commit 22acc5ae9c21fde522a8a96309e1f6fbb35ff86f
Author: Andrew Cagney 
Date:   Wed Oct 2 12:56:29 2019 -0400

ip_info: add .ip_name, cleanup structure order

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-02 Thread Andrew Cagney
New commits:
commit c2146e639035460384118ec06a1b2afbb324ccc4
Author: Andrew Cagney 
Date:   Sun Sep 29 09:13:31 2019 -0400

ip: replace ip_address's .af with .version (value 0, 4, 6)

More intuitive, at least when printing an ip_address from a debugger.

Remove the sockaddr #includes.

commit 107224de2c1097ed0cabc30870a24c4307504c2b
Author: Andrew Cagney 
Date:   Tue Oct 1 09:22:54 2019 -0400

connections: make the expression isanyaddr(_net) && 
isanyaddr(_mask) more boring

replace it with subnet_contains_all_addresses().

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-01 Thread Paul Wouters
New commits:
commit bf67ba715ed9ea1bf5ba2a416dfdfe7573c265f5
Author: Paul Wouters 
Date:   Tue Oct 1 12:08:20 2019 -0400

building: extend make install-testing-rpm-dep and make rpm to support 
RHEL/CentOS 7

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-01 Thread Andrew Cagney
New commits:
commit de007669e38c63b26ea2c916182a7234ccb9ea2c
Author: Andrew Cagney 
Date:   Mon Sep 30 13:07:04 2019 -0400

x509: remove references to idtoa() in comments

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-10-01 Thread Andrew Cagney
New commits:
commit ecbe6d7f9c8837fdf22615f19538a6cf0f9a8489
Author: Andrew Cagney 
Date:   Thu Sep 26 13:00:55 2019 -0400

ip: eliminate subnetisnone()

and, in log messages, use:
  ... contains no addresses
rather than:
  ... only contains anyaddr
to refer to a subnet/range that contains no addresses

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-30 Thread Paul Wouters
New commits:
commit 4aef63b58627157c68e6b979ee83ab51929a35ec
Author: John Mah 
Date:   Mon Sep 30 22:30:20 2019 -0400

pluto: fix for redirect-to type when it is FQDN

It was accidentally removed in commit f634a5ca653ca2895

Signed-off-by: Vukasin Karadzic 
Signed-off-by: Paul Wouters 

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-30 Thread Paul Wouters
New commits:
commit b68c5a33261ea07defa119edee97e4a495588d6c
Author: Paul Wouters 
Date:   Mon Sep 30 20:14:13 2019 -0400

building: fixup path in make rpm for version.mk

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-30 Thread Paul Wouters
New commits:
commit ed22298b01e6357a0c69cbe297ebb8cbe8225d4e
Author: Paul Wouters 
Date:   Mon Sep 30 16:42:40 2019 -0400

building: set correct version for pluto when building "make rpm" version.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-30 Thread Andrew Cagney
New commits:
commit c9cce3ab28ffdadf7b1020aab3a9af374b20d989
Merge: 2c7b291 0ea970c
Author: Andrew Cagney 
Date:   Mon Sep 30 09:52:39 2019 -0400

ikev1: fake the missing 'STATE_MAIN_I1: sent MI1, expecting MR1' line

As in replace the wack-only and redundant message "initiate" appearing
at the end of the first state transition with something (slightly) more
meaningful:

   002 "westnet-eastnet-ah" #1: initiating Main Mode
  -1v1 "westnet-eastnet-ah" #1: STATE_MAIN_I1: initiate
  +1v1 "westnet-eastnet-ah" #1: STATE_MAIN_I1: sent MI1, expecting MR1
   1v1 "westnet-eastnet-ah" #1: STATE_MAIN_I2: sent MI2, expecting MR2

and send it to both whack and log.  Same for quick, same for aggressive.

(Like for newer crypto code, returning the status and then letting
resume_handler() call complete_v1_state_transition() would be better).

Merge commit '0ea970ca479540b69470120a90b644bc803f653e'

commit 0ea970ca479540b69470120a90b644bc803f653e
Author: Andrew Cagney 
Date:   Sun Sep 29 15:10:16 2019 -0400

ikev1: replace whack_log("STATE_MAIN_I1: initiate) with 
loglog(STATE_MAIN_I1: sent MI1, expecting MR1)

So that the log is consistent with complete_v1_state_transtion().

Same for quick mode and aggressive mode.

commit f370d88a343b2976e6805311b4527293329b629c
Author: Andrew Cagney 
Date:   Sun Sep 29 17:22:08 2019 -0400

testing: update "STATE_MAIN_I1: initiate" -> "STATE_MAIN_I1: sent MI1, 
expecting MR1" et.al.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-29 Thread Paul Wouters
New commits:
commit 2c7b2918f97297d277a35a8267de53086e796d03
Author: Paul Wouters 
Date:   Sun Sep 29 22:00:09 2019 -0400

XFRM: log some additional reqid with debugging enabled

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-29 Thread Andrew Cagney
New commits:
commit 6e1046bc1a7f8b2a3c851dd0a50aa4b1d36da2ea
Merge: a8b2963 f5bde2f
Author: Andrew Cagney 
Date:   Sun Sep 29 10:13:06 2019 -0400

ip: add more structure wrappers

Merge commit 'f5bde2f585'

commit f5bde2f5853d4e9d09721921e2b076e042140a19
Author: Andrew Cagney 
Date:   Thu Sep 26 11:24:55 2019 -0400

ip: add subnet_from_{address,endpoint}() test

commit 590290d45a714eff0c7df4e70943484648549a7e
Author: Andrew Cagney 
Date:   Wed Sep 25 17:07:26 2019 -0400

ip: add subnet_contains_{all,no}_addresses(), test

Since subnets are like sets, use "contains".
Use names consistent with ip_info.subnet_{all,no}_addresses.

commit b144d1dc737538f8acc118e7d504a4da3937c310
Author: Andrew Cagney 
Date:   Fri Sep 13 10:34:22 2019 -0400

ip: add update_{endpoint,subnet}_nport(), test

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-29 Thread Andrew Cagney
New commits:
commit a8b29633f503660b12e0199dd94e78d1756dc5fc
Author: Andrew Cagney 
Date:   Sun Sep 29 10:01:30 2019 -0400

connections: delete dead #ifdef HAVE_SIN_LEN code

Nothing, not even BSD, defines HAVE_SIN_LEN.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-29 Thread Andrew Cagney
New commits:
commit ac71461481cf8de112229b034279c9697957a65a
Author: Andrew Cagney 
Date:   Fri Aug 23 11:05:59 2019 -0400

ip: re-implement ip_address internals

reduce:

union {
struct sockaddr_in v4;
struct sockaddr_in6 v6;
} u;

to the fields that pluto needs, namely:

int af;
uint8_t bytes[/*16*/sizeof(struct in6_addr)];
uint16_t hport;

(note that the presence of .hport in ip_address is considered a bug -
it should move to ip_endpoint; see ENDPOINT_TYPE)

(#ifdef ADDRESS_TYPE is ripped out)

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-28 Thread Andrew Cagney
New commits:
commit 901d4f3360744586615ce10a5c6ed3911c3961d2
Author: Andrew Cagney 
Date:   Fri Sep 27 11:00:22 2019 -0400

ip: replace addrtypeof() with subnet_type()->af

... don't assume subnet.addr is an address

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-28 Thread Andrew Cagney
New commits:
commit 2c608d28fb26294715832883bb49994af44ed3e6
Author: Andrew Cagney 
Date:   Mon Sep 23 11:59:31 2019 -0400

connection: create jam_end() from format_end(), use 
jam_id(jam_sanitized_bytes)

Eliminate double buffering of output.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-27 Thread Andrew Cagney
New commits:
commit e4ee8f39fc7577a7174b77e498c38524971c7307
Author: Andrew Cagney 
Date:   Fri Sep 27 14:46:03 2019 -0400

kvm: make it easier to kill a running testsuite from a second terminal

gmake kvm-status
print the process status of kvmrunner.py

gmake kvm-kill
kill the kvmrunner process

It uses the new option --pid-file.  When using make kvm-test, this
defaults to the file kvmrunner.pid in topdir

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-27 Thread Andrew Cagney
New commits:
commit b605ccfa5a65a95e2873dd6b29366a6c6654b3cc
Author: Andrew Cagney 
Date:   Fri Sep 27 13:03:55 2019 -0400

kvm: add $(KVM_BASELINE), so gmake kvm-{diffs,results} have something to 
compare against

For instance, and assuming ../master is a second libreswan directory
that contains test results, adding:
  KVM_BASELINE=../master
to Makefile.inc.local will cause:
  gmake kvm-diffs
  gmake kvm-results
to include a comparsion with the baseline.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-27 Thread Andrew Cagney
New commits:
commit a752d8fa3d2b24d08e785833acf484239a91f5bf
Author: Andrew Cagney 
Date:   Thu Sep 26 12:45:37 2019 -0400

ipcheck: fix parameter to endpoint_type() check

the endpoint, not the address

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-26 Thread Andrew Cagney
New commits:
commit 250fd26d6c4eb7830ef46bb10cfd301fe448538d
Author: Andrew Cagney 
Date:   Tue Sep 24 10:56:00 2019 -0400

connection: eliminate .host_port_specific

Instead directly test for host_port!=pluto_port in logging path.

Not sure what "if TRUE, then IKE ports are tested for" was refering
to, but suspect it hasn't been true for some time.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-26 Thread Andrew Cagney
New commits:
commit 8b9d26337cecd625a2dbad0fe068d5d4e841d6f4
Author: Andrew Cagney 
Date:   Wed Sep 25 11:15:39 2019 -0400

x509: cleanup match_certs_id(), use str_{id,dn}()

- only call str_{id,dn}() when there's an error (and !debug)

- debug-log both our and NSS's idea of how to represent .derSubject

- move largely redundant and misleading log message:
 "Peer public key SubjectAltName does not match peer ID"
  to callers; make it clear where a tripple log is comming from

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-25 Thread Andrew Cagney
New commits:
commit 2c22bd5f5467a38c00bd7d8a4d1285e42ba385a3
Author: Andrew Cagney 
Date:   Mon Sep 23 12:07:11 2019 -0400

x509: clean up lsw_get_secret(), debug-log using str_id()

{me,him}->{this,that}; more hints that that_id may change

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-24 Thread D. Hugh Redelmeier
New commits:
commit edb6ef007ebf13a6beaa7b3b327b3185258a13ff
Author: D. Hugh Redelmeier 
Date:   Tue Sep 24 17:28:56 2019 -0400

pluto: nss_cert_verify.c: cert_VerifySubjectAltName: don't skip missing '@'

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-24 Thread D. Hugh Redelmeier
New commits:
commit e67c7ea6622d8fb82a67118706a93872bc70f741
Author: D. Hugh Redelmeier 
Date:   Tue Sep 24 17:19:51 2019 -0400

pluto: connections.c: simplify idr_wildmatch (kind of)

- (new behaviour) elminate trailing "." characters from consideration
  (like same_id())

- make idr_wildmatch file static

- replace struct connection *c argument with struct end *this argument:
  more circumscribed.

- reduce scope of autos

- add comments

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-24 Thread Andrew Cagney
New commits:
commit 672c8cb6611236f7f0bee4852c26e6606aa28c00
Author: Andrew Cagney 
Date:   Mon Sep 23 10:26:20 2019 -0400

state logging: turn fmt_list_traffic() into 
jam_state_traffic()+whack_log_state_traffic()

Make it all static.  Replace idtoa() with jam_id().  Eliminate double
buffering.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-24 Thread Paul Wouters
New commits:
commit e9996632adc088ed487ead695b97e88e8837be83
Author: Paul Wouters 
Date:   Tue Sep 24 12:23:34 2019 -0400

testing: fix typo in testname in TESTLIST

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-24 Thread Andrew Cagney
New commits:
commit 71af2de47bc24ab8b680d63ba0e41d312512711c
Author: Andrew Cagney 
Date:   Mon Sep 23 09:28:01 2019 -0400

x509 logging: in add_rsa_pubkey_to_pluto() replace idtoa() with str_id()

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-24 Thread Antony Antony
New commits:
commit 49ccf4ddecffbcafc0fdd9fe5e19e73ed1cb6296
Author: Antony Antony 
Date:   Tue Sep 24 09:32:17 2019 +

testing: fix travis target

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-24 Thread Antony Antony
New commits:
commit 3fded7d76318b149d11cf9c7a02c42a354cf06fa
Author: Antony Antony 
Date:   Sat Sep 21 07:20:04 2019 +

testing: nsrun fix

commit 9f09a485807b738a2b5184e101db93e94cbab7a4
Author: Antony Antony 
Date:   Tue Sep 24 08:13:01 2019 +

testing: improve make testing rpm building

commit ec54dedb71572b33fbd15e6b52a55b724af49471
Author: Antony Antony 
Date:   Sat Sep 21 23:06:09 2019 +

testing: libreswan-testing.spec.in to libreswan-testing.spec

commit bde7bae3d64380aac1ef479a72b110e3faab52f2
Author: Antony Antony 
Date:   Sat Sep 21 16:53:44 2019 +

testing: clean up install-testing-rpm-dep

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-23 Thread Paul Wouters
New commits:
commit 057f7b4268173804204223f379b2238a2ea6b0c6
Author: Paul Wouters 
Date:   Mon Sep 23 23:12:43 2019 -0400

testing: remove ipsec-tools

It provides an old ikev1 racoon and setkey command, which none of
the test use anymore. The only setkey command is on a freebsd test
and is supplied by freebsd itself.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-23 Thread Paul Wouters
New commits:
commit eeebdba631a5a3c66dead4373a10b642e0c078dc
Author: Paul Wouters 
Date:   Mon Sep 23 22:59:30 2019 -0400

testing: remove leftovers of racoon/racoon2.

We have long since removed the interop tests as racoon2 is simply too
old and limited to care about. It's not used in the real world.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-23 Thread Andrew Cagney
New commits:
commit 88be99022b6d4bfaa72fe426261d32263605e468
Author: Andrew Cagney 
Date:   Mon Sep 23 14:27:31 2019 -0400

testing: really delete netkey-xfrm-sport-sanitizer.sed

Only use was in newoe-20-ipv6 and that's already running the
ipsec-look sanitizer which deals with sport.

Fixes 9639baf39c0a266ec44e08d06195dc86d5c1c08e.
(disclaimer - test currently fails)

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-23 Thread Andrew Cagney
New commits:
commit 1e8fc1c7b81b2d14a507b6b63d9555bcffb5998a
Author: Andrew Cagney 
Date:   Mon Sep 23 13:44:11 2019 -0400

testing: make s/ sport N / sport SPORT / more robust

Explicitly exclude the magic ports (there are a lot!)
so that random 4-digit SPORTS do get sanitized.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-23 Thread Andrew Cagney
New commits:
commit da2e7c14a9058a49559be2b7e052d7d27407710b
Author: Andrew Cagney 
Date:   Mon Sep 23 13:52:50 2019 -0400

Revert "testing: delete netkey-xfrm-sport-sanitizer.sed, seemingly unused"

Oops it is used by testing/pluto/newoe-20-ipv6.

This reverts commit 9639baf39c0a266ec44e08d06195dc86d5c1c08e.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-23 Thread Andrew Cagney
New commits:
commit 9639baf39c0a266ec44e08d06195dc86d5c1c08e
Author: Andrew Cagney 
Date:   Mon Sep 23 13:42:50 2019 -0400

testing: delete netkey-xfrm-sport-sanitizer.sed, seemingly unused

Now there are two.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-23 Thread Andrew Cagney
New commits:
commit 53f63d7eb2cf0f64683b0ca7e824afe095d1f15a
Author: Andrew Cagney 
Date:   Mon Sep 16 09:32:30 2019 -0400

x509: cleanup cert_VerifySubjectAltName(), and its use of idtoa()

- replace the id string parameter with the underlying id_t

  this way the function, and not the caller, can control how the ID->A
  conversion is performed

  use jam_raw_bytes() so no sanitization occures and then sanitize the
  raw ID when logging

- merge in d8529c6157d0cfe1620e7a7530bac1e5f1a1fb2d's code logging both
  the ID's type and text into function

  suspect ID_ prefix should be dropped

  and drop redundant logging at call site; update tests

- merge in d8529c6157d0cfe1620e7a7530bac1e5f1a1fb2d's
  passert(raw_id[0]=='@') but as as a pexpect()

  discover bug where one caller is passing in an ASN.1 DN ID with
  first character discarded (it isn't '@')

  suspect that calling with an ASN.1 DN ID (even after fix) is futile

  suspect the code can check the ID's kind and then not bother when it
  isn't an IP or DNS

- shuffle function body so that cert's alt name is upacked first

  and try to clarify error messages; is there an nss error that can be
  appended

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-20 Thread Paul Wouters
New commits:
commit c9aa82b8a66967ef5a2f3410b7b9e9011b8618f4
Author: Paul Wouters 
Date:   Fri Sep 20 19:34:13 2019 -0400

building: update "make rpm" target to actually build the rpms

It detects the OS for fedora and rhel derivates

based on the kvm-targets.mk version.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-20 Thread Paul Wouters
New commits:
commit e544648e4279f1b973a01973b9e3b2e2e0acb039
Author: Paul Wouters 
Date:   Fri Sep 20 17:21:01 2019 -0400

testing: update for removed firewall log files from console.

These showed up for KVM testing but not for namespace testing.

commit 3a63c1cc04379941ae414c713da23593d0e5158c
Author: Paul Wouters 
Date:   Fri Sep 20 17:20:25 2019 -0400

testing: sanitize kernel firewall hits away

(does this really mean we should just not use LOGDROP but DROP ?)

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-20 Thread Paul Wouters
New commits:
commit aa9ebfa04957af1f34ccfd40956c4036024be778
Author: Paul Wouters 
Date:   Fri Sep 20 17:07:05 2019 -0400

setup: Detect namespace and start pluto directly without initsystem

This is used for namespace testing

commit 2025f55312c84749c57df2a9f6994176d563536f
Author: Paul Wouters 
Date:   Fri Sep 20 16:55:32 2019 -0400

building: fix make target from install--rpm-dep to install-rpm-dep

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-20 Thread Andrew Cagney
New commits:
commit e7471653d73eac2900f9348ea12ffdf734b4e7f1
Author: Andrew Cagney 
Date:   Tue Sep 17 10:59:01 2019 -0400

x508: in signature_check_gen() (nee {RSA,ECDSA}_signature_check_gen()) 
switch idtoa() to str_id()

As in:
- merge struct tac_state_{ECDSA,RSA} into struct tac_state, add pubkey_type
- merge take_a_crack_PRSA,ECDSA}() into take_a_crack(); use a jambuf to 
accumulate tested IDs
- merge try_all_{ECDSA,RSA}_keys() into try_all_keys()
- merge {RSA,ECDSA}_signature_check_gen() into signature_check_gen()
- replace misc switches and hardwired strings with pubkey_type and 
pubkey_keyid()
and then finally change idtoa() to str_id(), but now only once

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-20 Thread Andrew Cagney
New commits:
commit ca3b5ccdfbb481e850609b71a03d31a5853814c3
Author: Andrew Cagney 
Date:   Wed Sep 18 14:36:52 2019 -0400

x509: add pubkey_keyid(), pubkey_size() and pubkey_ckaid()

These three fields really seem to belong in 'struct pubkey' proper.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-19 Thread Andrew Cagney
New commits:
commit 3a60e8a8e7697040697a751690a1245362452fee
Author: Andrew Cagney 
Date:   Thu Sep 19 09:56:17 2019 -0400

x509: sprinkle "RSA" on error messages

be consistent with ECDSA equivalents; why do I keep seeing double

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-19 Thread Andrew Cagney
New commits:
commit e26e608f6eb6888753aa760a5d0f1066a20f6e88
Author: Andrew Cagney 
Date:   Wed Sep 18 14:13:57 2019 -0400

x509: replace struct pubkey's enum pubkey_alg alg with struct pubkey_type 
*type

Where struct pubkey_type contains: the name, the pubkey_alg, and
functions for freeing and unpacking the pubkey.

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-19 Thread Tuomo Soini
New commits:
commit 8f1823d4229fa628811f199580b3101e6e353cd5
Author: Tuomo Soini 
Date:   Thu Sep 19 13:48:11 2019 +0300

_updown.netkey: don't remove old resolv.conf, just update it

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


[Swan-commit] Changes to ref refs/heads/master

2019-09-18 Thread D. Hugh Redelmeier
New commits:
commit d8529c6157d0cfe1620e7a7530bac1e5f1a1fb2d
Author: D. Hugh Redelmeier 
Date:   Wed Sep 18 13:24:15 2019 -0400

pluto: x509.c: simplify match_certs_id()

commit 054eee5586b5a0fc8cb5a62e4aba5fde0c1a4e52
Author: D. Hugh Redelmeier 
Date:   Wed Sep 18 13:23:10 2019 -0400

pluto: addresspool.c: make can_share_lease() more readable

___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-commit


  1   2   3   4   5   6   7   8   9   10   >