Update to 5.5.2

4 files changed, 13 insertions, 93 deletions

diff --git a/.SRCINFO b/.SRCINFO
index dcbfdc131ba1..7ea1c1e77fb9 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
 # Generated by mksrcinfo v8
-# Sat Feb  4 18:21:59 UTC 2017
+# Tue Mar 28 19:56:18 UTC 2017
 pkgbase = strongswan
 	pkgdesc = open source IPsec implementation
-	pkgver = 5.5.1
-	pkgrel = 5
+	pkgver = 5.5.2
+	pkgrel = 1
 	url = http://www.strongswan.org
 	arch = i686
 	arch = x86_64
@@ -102,16 +102,13 @@ pkgbase = strongswan
 	backup = etc/strongswan.d/charon/xauth-generic.conf
 	backup = etc/strongswan.d/charon/xcbc.conf
 	backup = etc/strongswan.d/charon/unity.conf
-	source = https://download.strongswan.org/strongswan-5.5.1.tar.bz2
-	source = https://download.strongswan.org/strongswan-5.5.1.tar.bz2.sig
+	backup = etc/strongswan.d/charon/curve25519.conf
+	source = https://download.strongswan.org/strongswan-5.5.2.tar.bz2
+	source = https://download.strongswan.org/strongswan-5.5.2.tar.bz2.sig
 	source = configure_ac.patch
-	source = 2222-charon-systemd-sighup.patch
-	source = 2238-eap-dynamic-auth.patch
-	sha256sums = 720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7
+	sha256sums = da976fca836f05fc7b7a38baab299745f960cb7640319969d239d8aa4ace9f6a
 	sha256sums = SKIP
 	sha256sums = 003750d77fa501075f1fdb6f55926dc544407c5dd26e2fd8d5eb4917ddf0b3f7
-	sha256sums = SKIP
-	sha256sums = SKIP
 
 pkgname = strongswan
 
diff --git a/2222-charon-systemd-sighup.patch b/2222-charon-systemd-sighup.patch
deleted file mode 100644
index 544612c20755..000000000000
--- a/2222-charon-systemd-sighup.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-index 5c7bbd779..fc93e2182 100644
---- a/src/charon-systemd/charon-systemd.c
-+++ b/src/charon-systemd/charon-systemd.c
-@@ -241,6 +241,7 @@ static int run()
-        sigset_t set;
-
-        sigemptyset(&set);
-+       sigaddset(&set, SIGHUP);
-        sigaddset(&set, SIGTERM);
-        sigprocmask(SIG_BLOCK, &set, NULL);
-
-@@ -262,6 +263,21 @@ static int run()
-                }
-                switch (sig)
-                {
-+                       case SIGHUP:
-+                       {
-+                               DBG1(DBG_DMN, "signal of type SIGHUP received. Reloading "
-+                                        "configuration");
-+                               if (lib->settings->load_files(lib->settings, lib->conf, FALSE))
-+                               {
-+                                       charon->load_loggers(charon, NULL, FALSE);
-+                                       lib->plugins->reload(lib->plugins, NULL);
-+                               }
-+                               else
-+                               {
-+                                       DBG1(DBG_DMN, "reloading config failed, keeping old");
-+                               }
-+                               break;
-+                       }
-                        case SIGTERM:
-                        {
-                                DBG1(DBG_DMN, "SIGTERM received, shutting down");
diff --git a/2238-eap-dynamic-auth.patch b/2238-eap-dynamic-auth.patch
deleted file mode 100644
index 17b954ea7d38..000000000000
--- a/2238-eap-dynamic-auth.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
-index d0f0595de..83ccd3a8a 100644
---- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
-+++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c
-@@ -94,6 +94,13 @@ static eap_method_t *load_method(private_eap_dynamic_t *this,
-        return method;
- }
-
-+METHOD(eap_method_t, get_auth, auth_cfg_t*,
-+       private_eap_dynamic_t *this)
-+{
-+       /* get_auth() is only registered if the EAP method supports it */
-+       return this->method->get_auth(this->method);
-+}
-+
- /**
-  * Select the first method we can instantiate and is supported by both peers.
-  */
-@@ -135,6 +142,10 @@ static void select_method(private_eap_dynamic_t *this)
-                this->method = load_method(this, entry->type, entry->vendor);
-                if (this->method)
-                {
-+                       if (this->method->get_auth)
-+                       {
-+                               this->public.interface.get_auth = _get_auth;
-+                       }
-                        if (entry->vendor)
-                        {
-                                DBG1(DBG_IKE, "vendor specific EAP method %d-%d selected",
-@@ -211,6 +222,7 @@ METHOD(eap_method_t, process, status_t,
-                /* restart with a different method */
-                this->method->destroy(this->method);
-                this->method = NULL;
-+               this->public.interface.get_auth = NULL;
-                return initiate(this, out);
-        }
-        if (!this->other_types)
-
diff --git a/PKGBUILD b/PKGBUILD
index 928aec56c429..9a1e9e59d212 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -11,8 +11,8 @@
 # Maintainer: Thermi <noel [at] familie-kuntze dot de>
 
 pkgname=strongswan
-pkgver=5.5.1
-pkgrel=5
+pkgver=5.5.2
+pkgrel=1
 pkgdesc="open source IPsec implementation"
 url='http://www.strongswan.org'
 license=("GPL")
@@ -35,23 +35,19 @@ eap-sim.conf,eap-simaka-pseudonym.conf,eap-simaka-reauth.conf,eap-tls.conf,ext-a
 fips-prf.conf,forecast.conf,gmp.conf,ha.conf,hmac.conf,kernel-netlink.conf,md5.conf,mgf1.conf,nonce.conf,newhope.conf,ntru.conf,openssl.conf,\
 pem.conf,pgp.conf,pkcs1.conf,pkcs12.conf,pkcs7.conf,pkcs8.conf,pubkey.conf,random.conf,rc2.conf,resolve.conf,\
 revocation.conf,sha1.conf,sha2.conf,sha3.conf,socket-default.conf,sql.conf,sqlite.conf,sshkey.conf,stroke.conf,updown.conf,\
-vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf}
+vici.conf,x509.conf,xauth-eap.conf,xauth-generic.conf,xcbc.conf,unity.conf,curve25519.conf}
 )
 
 source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2"
     "https://download.strongswan.org/strongswan-${pkgver}.tar.bz2.sig"
     "configure_ac.patch"
-    "2222-charon-systemd-sighup.patch"
-    "2238-eap-dynamic-auth.patch"
     )
 
 validpgpkeys=("948F158A4E76A27BF3D07532DF42C170B34DBA77")
 
-sha256sums=('720b301991f77bdedd8d551a956f52e2d11686a0ec18e832094f86cf2b842ab7'
+sha256sums=('da976fca836f05fc7b7a38baab299745f960cb7640319969d239d8aa4ace9f6a'
             'SKIP'
-            '003750d77fa501075f1fdb6f55926dc544407c5dd26e2fd8d5eb4917ddf0b3f7'
-            'SKIP'
-            'SKIP')
+            '003750d77fa501075f1fdb6f55926dc544407c5dd26e2fd8d5eb4917ddf0b3f7')
             
 # We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
 # would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
@@ -60,8 +56,6 @@ prepare()
 {
     cd "${srcdir}/${pkgname}-${pkgver}"
     patch -p1 -l < "${srcdir}/configure_ac.patch"
-    patch -p1 -l < "${srcdir}/2222-charon-systemd-sighup.patch"
-    patch -p1 -l < "${srcdir}/2238-eap-dynamic-auth.patch"
     autoreconf
 }
 
@@ -87,7 +81,7 @@ build() {
         --enable-aesni --enable-eap-ttls --enable-radattr --enable-xauth-pam --enable-xauth-noauth \
         --enable-eap-dynamic --enable-eap-peap --enable-eap-tls --enable-chapoly --enable-unity \
         --with-capabilities=libcap --enable-newhope --enable-ntru --enable-mgf1 --enable-sha3 \
-        --enable-bliss
+        --enable-bliss --enable-dnscert
 # if you want networkmanager support, add --enable-nm
 #       --enable-ruby-gems --enable-python-eggs
   make