[openswan/f15] new upstream release fixes for cve-2011-3380
avesh agarwal
avesh at fedoraproject.org
Wed Oct 5 14:54:20 UTC 2011
commit 3b3e7cfa25f5bf2fc17d6fa9ebe666f93979dedf
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Oct 5 10:54:08 2011 -0400
new upstream release
fixes for cve-2011-3380
.gitignore | 2 +
compile-errors.patch | 518 --------------------
openswan-2.6-relpath.patch | 14 +-
...sco-704118.patch => openswan-cisco-issues.patch | 113 +++--
openswan-ipsec-help-524146-509318.patch | 6 +-
openswan.spec | 10 +-
sources | 3 +-
7 files changed, 85 insertions(+), 581 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 8795463..9873926 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,5 @@ openswan-2.6.28.tar.gz
/openswan-2.6.32.tar.gz
/openswan-2.6.32.tar.gz.asc
/openswan-2.6.33.tar.gz
+/openswan-2.6.36.tar.gz
+/openswan-2.6.36.tar.gz.asc
diff --git a/openswan-2.6-relpath.patch b/openswan-2.6-relpath.patch
index 7d98edc..71d3ea1 100644
--- a/openswan-2.6-relpath.patch
+++ b/openswan-2.6-relpath.patch
@@ -1,7 +1,7 @@
-diff -urNp openswan-2.6.32-orig/Makefile.inc openswan-2.6.32-cvs-patched/Makefile.inc
---- openswan-2.6.32-orig/Makefile.inc 2010-12-20 12:44:19.113079987 -0500
-+++ openswan-2.6.32-cvs-patched/Makefile.inc 2010-12-20 12:51:03.383330043 -0500
-@@ -123,6 +123,8 @@ FINALRCDIR?=$(shell for d in $(INC_RCDIR
+diff -urNp openswan-2.6.36/Makefile.inc openswan-2.6.36-patched/Makefile.inc
+--- openswan-2.6.36/Makefile.inc 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/Makefile.inc 2011-10-05 10:25:15.968760654 -0400
+@@ -129,6 +129,8 @@ FINALRCDIR?=$(shell for d in $(INC_RCDIR
do if test -d $(DESTDIR)/$$d ; \
then echo $$d ; exit 0 ; \
fi ; done ; echo $(INC_RCDEFAULT) )
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.32-orig/Makefile.inc openswan-2.6.32-cvs-patched/Makefil
RCDIR?=$(DESTDIR)$(FINALRCDIR)
-diff -urNp openswan-2.6.32-orig/programs/setup/Makefile openswan-2.6.32-cvs-patched/programs/setup/Makefile
---- openswan-2.6.32-orig/programs/setup/Makefile 2010-12-20 12:44:19.124080258 -0500
-+++ openswan-2.6.32-cvs-patched/programs/setup/Makefile 2010-12-20 12:51:46.128322171 -0500
+diff -urNp openswan-2.6.36/programs/setup/Makefile openswan-2.6.36-patched/programs/setup/Makefile
+--- openswan-2.6.36/programs/setup/Makefile 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/setup/Makefile 2011-10-05 10:25:15.969760653 -0400
@@ -37,7 +37,7 @@ doinstall:: $(PROGRAM) $(CONFFILES) $(EX
@mkdir -p $(RCDIR) $(BINDIR)
# install and link everything
diff --git a/openswan-cisco-704118.patch b/openswan-cisco-issues.patch
similarity index 64%
rename from openswan-cisco-704118.patch
rename to openswan-cisco-issues.patch
index 1f63d12..8476249 100644
--- a/openswan-cisco-704118.patch
+++ b/openswan-cisco-issues.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/connections.c openswan-2.6.33-current/programs/pluto/connections.c
---- openswan-2.6.33-cvs-patched/programs/pluto/connections.c 2011-05-19 15:44:56.668354895 -0400
-+++ openswan-2.6.33-current/programs/pluto/connections.c 2011-05-25 14:14:44.825112425 -0400
+diff -urNp openswan-2.6.36/programs/pluto/connections.c openswan-2.6.36-patched/programs/pluto/connections.c
+--- openswan-2.6.36/programs/pluto/connections.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/connections.c 2011-10-05 10:27:54.433668971 -0400
@@ -222,7 +222,7 @@ delete_end(struct connection *c UNUSED,
pfreeany(e->host_addr_name);
}
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/connections.c openswan-2.6
delete_sr(struct connection *c, struct spd_route *sr)
{
delete_end(c, sr, &sr->this);
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/connections.h openswan-2.6.33-current/programs/pluto/connections.h
---- openswan-2.6.33-cvs-patched/programs/pluto/connections.h 2011-05-19 15:44:56.564355864 -0400
-+++ openswan-2.6.33-current/programs/pluto/connections.h 2011-05-24 14:29:16.728073224 -0400
+diff -urNp openswan-2.6.36/programs/pluto/connections.h openswan-2.6.36-patched/programs/pluto/connections.h
+--- openswan-2.6.36/programs/pluto/connections.h 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/connections.h 2011-10-05 10:27:54.434668971 -0400
@@ -304,6 +304,7 @@ extern void release_connection(struct co
extern void delete_connection(struct connection *c, bool relations);
extern void delete_connections_by_name(const char *name, bool strict);
@@ -21,10 +21,10 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/connections.h openswan-2.6
extern char *add_group_instance(struct connection *group, const ip_subnet *target);
extern void remove_group_instance(const struct connection *group, const char *name);
extern void release_dead_interfaces(void);
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/ikev1_aggr.c openswan-2.6.33-current/programs/pluto/ikev1_aggr.c
---- openswan-2.6.33-cvs-patched/programs/pluto/ikev1_aggr.c 2011-05-19 15:44:56.211359148 -0400
-+++ openswan-2.6.33-current/programs/pluto/ikev1_aggr.c 2011-05-19 16:13:10.206653536 -0400
-@@ -1151,7 +1151,7 @@ aggr_outI1_tail(struct pluto_crypto_req_
+diff -urNp openswan-2.6.36/programs/pluto/ikev1_aggr.c openswan-2.6.36-patched/programs/pluto/ikev1_aggr.c
+--- openswan-2.6.36/programs/pluto/ikev1_aggr.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/ikev1_aggr.c 2011-10-05 10:27:54.436668971 -0400
+@@ -1183,7 +1183,7 @@ aggr_outI1_tail(struct pluto_crypto_req_
}
#endif
@@ -33,9 +33,9 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/ikev1_aggr.c openswan-2.6.
reset_cur_state();
return STF_INTERNAL_ERROR;
}
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/ikev1_main.c openswan-2.6.33-current/programs/pluto/ikev1_main.c
---- openswan-2.6.33-cvs-patched/programs/pluto/ikev1_main.c 2011-05-19 15:44:56.569355816 -0400
-+++ openswan-2.6.33-current/programs/pluto/ikev1_main.c 2011-05-19 16:15:00.304684842 -0400
+diff -urNp openswan-2.6.36/programs/pluto/ikev1_main.c openswan-2.6.36-patched/programs/pluto/ikev1_main.c
+--- openswan-2.6.36/programs/pluto/ikev1_main.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/ikev1_main.c 2011-10-05 10:27:54.439668969 -0400
@@ -216,7 +216,7 @@ main_outI1(int whack_sock
int np = --numvidtosend > 0 ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE;
@@ -45,10 +45,10 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/ikev1_main.c openswan-2.6.
reset_cur_state();
return STF_INTERNAL_ERROR;
}
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/kernel.c openswan-2.6.33-current/programs/pluto/kernel.c
---- openswan-2.6.33-cvs-patched/programs/pluto/kernel.c 2011-05-19 15:44:56.332358023 -0400
-+++ openswan-2.6.33-current/programs/pluto/kernel.c 2011-05-19 16:22:18.092806749 -0400
-@@ -434,6 +434,7 @@ fmt_common_shell_out(char *buf, int blen
+diff -urNp openswan-2.6.36/programs/pluto/kernel.c openswan-2.6.36-patched/programs/pluto/kernel.c
+--- openswan-2.6.36/programs/pluto/kernel.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/kernel.c 2011-10-05 10:27:54.443668966 -0400
+@@ -436,6 +436,7 @@ fmt_common_shell_out(char *buf, int blen
#endif
"%s " /* PLUTO_MY_SRCIP - if any */
#ifdef XAUTH
@@ -56,7 +56,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/kernel.c openswan-2.6.33-c
"PLUTO_CISCO_DNS_INFO='%s' "
"PLUTO_CISCO_DOMAIN_INFO='%s' "
"PLUTO_PEER_BANNER='%s' "
-@@ -468,6 +469,7 @@ fmt_common_shell_out(char *buf, int blen
+@@ -472,6 +473,7 @@ fmt_common_shell_out(char *buf, int blen
#endif
, srcip_str
#ifdef XAUTH
@@ -64,10 +64,10 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/kernel.c openswan-2.6.33-c
, c->cisco_dns_info ? c->cisco_dns_info : ""
, c->cisco_domain_info ? c->cisco_domain_info : ""
, c->cisco_banner ? c->cisco_banner : ""
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.c openswan-2.6.33-current/programs/pluto/nat_traversal.c
---- openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.c 2011-05-19 15:44:56.109360096 -0400
-+++ openswan-2.6.33-current/programs/pluto/nat_traversal.c 2011-05-19 16:15:48.152263005 -0400
-@@ -198,7 +198,7 @@ static void _natd_hash(const struct hash
+diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.c openswan-2.6.36-patched/programs/pluto/nat_traversal.c
+--- openswan-2.6.36/programs/pluto/nat_traversal.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/nat_traversal.c 2011-10-05 10:27:54.445668966 -0400
+@@ -199,7 +199,7 @@ static void _natd_hash(const struct hash
*
* Used when we're Initiator
*/
@@ -76,7 +76,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.c openswan-2
{
bool r = TRUE;
DBG(DBG_NATT
-@@ -207,6 +207,9 @@ bool nat_traversal_insert_vid(u_int8_t n
+@@ -208,6 +208,9 @@ bool nat_traversal_insert_vid(u_int8_t n
, nat_traversal_support_non_ike));
if (nat_traversal_support_port_floating) {
@@ -86,7 +86,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.c openswan-2
if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_RFC);
if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_IETF_05);
if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_IETF_03);
-@@ -214,8 +217,9 @@ bool nat_traversal_insert_vid(u_int8_t n
+@@ -215,8 +218,9 @@ bool nat_traversal_insert_vid(u_int8_t n
if (r)
r = out_vid(nat_traversal_support_non_ike ? ISAKMP_NEXT_VID : np,
outs, VID_NATT_IETF_02);
@@ -97,9 +97,9 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.c openswan-2
if (r) r = out_vid(np, outs, VID_NATT_IETF_00);
}
return r;
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.h openswan-2.6.33-current/programs/pluto/nat_traversal.h
---- openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.h 2011-05-19 15:44:56.633355222 -0400
-+++ openswan-2.6.33-current/programs/pluto/nat_traversal.h 2011-05-19 16:16:02.427137055 -0400
+diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.h openswan-2.6.36-patched/programs/pluto/nat_traversal.h
+--- openswan-2.6.36/programs/pluto/nat_traversal.h 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/nat_traversal.h 2011-10-05 10:27:54.446668966 -0400
@@ -129,7 +129,7 @@ extern int nat_traversal_espinudp_socket
*/
#ifndef PB_STREAM_UNDEFINED
@@ -109,10 +109,10 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/nat_traversal.h openswan-2
#endif
u_int32_t nat_traversal_vid_to_method(unsigned short nat_t_vid);
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/spdb_v1_struct.c openswan-2.6.33-current/programs/pluto/spdb_v1_struct.c
---- openswan-2.6.33-cvs-patched/programs/pluto/spdb_v1_struct.c 2011-05-19 15:44:56.486356588 -0400
-+++ openswan-2.6.33-current/programs/pluto/spdb_v1_struct.c 2011-05-19 16:17:15.427492259 -0400
-@@ -1547,7 +1547,7 @@ parse_ipsec_transform(struct isakmp_tran
+diff -urNp openswan-2.6.36/programs/pluto/spdb_v1_struct.c openswan-2.6.36-patched/programs/pluto/spdb_v1_struct.c
+--- openswan-2.6.36/programs/pluto/spdb_v1_struct.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/spdb_v1_struct.c 2011-10-05 10:27:54.448668965 -0400
+@@ -1527,7 +1527,7 @@ parse_ipsec_transform(struct isakmp_tran
case SA_LIFE_TYPE_SECONDS:
/* silently limit duration to our maximum */
attrs->life_seconds = val <= SA_LIFE_DURATION_MAXIMUM
@@ -121,7 +121,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/spdb_v1_struct.c openswan-
break;
case SA_LIFE_TYPE_KBYTES:
attrs->life_kilobytes = val;
-@@ -1613,7 +1613,13 @@ parse_ipsec_transform(struct isakmp_tran
+@@ -1593,7 +1593,13 @@ parse_ipsec_transform(struct isakmp_tran
loglog(RC_LOG_SERIOUS,
"%s must only be used with old IETF drafts",
enum_name(&enc_mode_names, val));
@@ -135,10 +135,10 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/spdb_v1_struct.c openswan-
}
else if (st->hidden_variables.st_nat_traversal & NAT_T_DETECTED) {
attrs->encapsulation = val - ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS + ENCAPSULATION_MODE_TUNNEL;
-diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/xauth.c openswan-2.6.33-current/programs/pluto/xauth.c
---- openswan-2.6.33-cvs-patched/programs/pluto/xauth.c 2011-05-19 15:44:56.186359379 -0400
-+++ openswan-2.6.33-current/programs/pluto/xauth.c 2011-05-25 14:16:43.683004561 -0400
-@@ -1785,7 +1785,9 @@ modecfg_inR1(struct msg_digest *md)
+diff -urNp openswan-2.6.36/programs/pluto/xauth.c openswan-2.6.36-patched/programs/pluto/xauth.c
+--- openswan-2.6.36/programs/pluto/xauth.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/xauth.c 2011-10-05 10:27:54.450668963 -0400
+@@ -1782,7 +1782,9 @@ modecfg_inR1(struct msg_digest *md)
, caddr);
if(addrbytesptr(&c->spd.this.host_srcip, NULL) == 0
@@ -149,7 +149,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/xauth.c openswan-2.6.33-cu
openswan_log("setting ip source address to %s"
, caddr);
c->spd.this.host_srcip = a;
-@@ -1835,7 +1837,11 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1832,7 +1834,11 @@ modecfg_inR1(struct msg_digest *md)
{
/* concatenate new IP address string on end of
* existing string, separated by ' '.
@@ -161,7 +161,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/xauth.c openswan-2.6.33-cu
size_t sz_old = strlen(old);
size_t sz_added = strlen(caddr) + 1;
char *new = alloc_bytes(sz_old + 1 + sz_added, "cisco_dns_info+");
-@@ -1845,6 +1851,7 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1842,6 +1848,7 @@ modecfg_inR1(struct msg_digest *md)
memcpy(new + sz_old + 1, caddr, sz_added);
c->cisco_dns_info = new;
pfree(old);
@@ -169,7 +169,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/xauth.c openswan-2.6.33-cu
}
}
-@@ -1860,18 +1867,22 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1857,18 +1864,22 @@ modecfg_inR1(struct msg_digest *md)
break;
case CISCO_BANNER:
@@ -193,7 +193,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/xauth.c openswan-2.6.33-cu
ip_address a;
char caddr[SUBNETTOT_BUF];
size_t len = pbs_left(&strattr);
-@@ -1884,6 +1895,18 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1881,6 +1892,18 @@ modecfg_inR1(struct msg_digest *md)
tmp_spd2->that.has_client_wildcard = FALSE;
}
@@ -212,10 +212,27 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/pluto/xauth.c openswan-2.6.33-cu
while (len > 0) {
u_int32_t *ap;
tmp_spd = clone_thing(c->spd, "remote subnets policies");
-diff -urNp openswan-2.6.33-cvs-patched/programs/_updown.netkey/_updown.netkey.in openswan-2.6.33-current/programs/_updown.netkey/_updown.netkey.in
---- openswan-2.6.33-cvs-patched/programs/_updown.netkey/_updown.netkey.in 2011-05-19 15:44:56.804353631 -0400
-+++ openswan-2.6.33-current/programs/_updown.netkey/_updown.netkey.in 2011-05-25 14:14:08.429451092 -0400
-@@ -185,6 +185,14 @@ downroute() {
+@@ -1932,13 +1955,13 @@ modecfg_inR1(struct msg_digest *md)
+ tmp_spd->that.cert.type = 0;
+
+ tmp_spd->this.ca.ptr = NULL;
+- tmp_spd->this.ca.ptr = NULL;
++ tmp_spd->that.ca.ptr = NULL;
+
+ tmp_spd->this.groups = NULL;
+- tmp_spd->this.groups = NULL;
++ tmp_spd->that.groups = NULL;
+
+ tmp_spd->this.virt = NULL;
+- tmp_spd->this.virt = NULL;
++ tmp_spd->that.virt = NULL;
+
+ tmp_spd->next = NULL;
+ tmp_spd2->next = tmp_spd;
+diff -urNp openswan-2.6.36/programs/_updown.netkey/_updown.netkey.in openswan-2.6.36-patched/programs/_updown.netkey/_updown.netkey.in
+--- openswan-2.6.36/programs/_updown.netkey/_updown.netkey.in 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/_updown.netkey/_updown.netkey.in 2011-10-05 10:27:54.450668963 -0400
+@@ -188,6 +188,14 @@ downroute() {
ip route flush cache
}
@@ -230,7 +247,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/_updown.netkey/_updown.netkey.in
updateresolvconf() {
if [ -z "$PLUTO_NM_CONFIGURED" -o "$PLUTO_NM_CONFIGURED" = 0 ]; then
-@@ -317,6 +325,32 @@ addsource() {
+@@ -320,6 +328,32 @@ addsource() {
return $st
}
@@ -263,7 +280,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/_updown.netkey/_updown.netkey.in
doroute() {
if [ -z "$PLUTO_MY_SOURCEIP" ] && [ -n "$DEFAULTSOURCE" ]
-@@ -356,6 +390,12 @@ doroute() {
+@@ -359,6 +393,12 @@ doroute() {
parms2="$parms2 src ${PLUTO_MY_SOURCEIP%/*}"
fi
@@ -276,7 +293,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/_updown.netkey/_updown.netkey.in
case "$PLUTO_PEER_CLIENT" in
"0.0.0.0/0")
# opportunistic encryption work around
-@@ -399,6 +439,7 @@ case "$PLUTO_VERB" in
+@@ -402,6 +442,7 @@ case "$PLUTO_VERB" in
;;
down-host)
# connection to me going down
@@ -284,7 +301,7 @@ diff -urNp openswan-2.6.33-cvs-patched/programs/_updown.netkey/_updown.netkey.in
# If you are doing a custom version, firewall commands go here.
;;
up-client)
-@@ -407,6 +448,7 @@ case "$PLUTO_VERB" in
+@@ -410,6 +451,7 @@ case "$PLUTO_VERB" in
;;
down-client)
# connection to my client subnet going down
diff --git a/openswan-ipsec-help-524146-509318.patch b/openswan-ipsec-help-524146-509318.patch
index 812d0ea..4b4c6d8 100644
--- a/openswan-ipsec-help-524146-509318.patch
+++ b/openswan-ipsec-help-524146-509318.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.32-orig/programs/ipsec/ipsec.in openswan-2.6.32-cvs-patched/programs/ipsec/ipsec.in
---- openswan-2.6.32-orig/programs/ipsec/ipsec.in 2010-12-20 12:44:19.150080076 -0500
-+++ openswan-2.6.32-cvs-patched/programs/ipsec/ipsec.in 2010-12-20 12:55:34.269071757 -0500
+diff -urNp openswan-2.6.36/programs/ipsec/ipsec.in openswan-2.6.36-patched/programs/ipsec/ipsec.in
+--- openswan-2.6.36/programs/ipsec/ipsec.in 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/ipsec/ipsec.in 2011-10-05 10:26:23.083717270 -0400
@@ -80,9 +80,9 @@ case "$1" in
--help)
echo "Usage: ipsec command argument ..."
diff --git a/openswan.spec b/openswan.spec
index f8de0dd..12d3818 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -7,7 +7,7 @@
Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
-Version: 2.6.33
+Version: 2.6.36
Release: 1%{?dist}
License: GPLv2+
@@ -18,8 +18,7 @@ Source2: ipsec.conf
Patch1: openswan-2.6-relpath.patch
Patch2: openswan-ipsec-help-524146-509318.patch
-Patch3: openswan-cisco-704118.patch
-Patch4: compile-errors.patch
+Patch3: openswan-cisco-issues.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -78,7 +77,6 @@ system.
%patch1 -p1 -b .relpath
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%build
@@ -198,6 +196,10 @@ fi
chkconfig --add ipsec || :
%changelog
+* Wed Oct 5 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.36-1
+- new upstream release
+- fixes for cve-2011-3380
+
* Wed May 25 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.33-1
- New upstream release openswan-2.6.33
- Updated local patches
diff --git a/sources b/sources
index a861910..6f4eff9 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
-7e9c28585307b7ad4f59737debb0d940 openswan-2.6.33.tar.gz
+b3a1733493520bb18729633b62ef8247 openswan-2.6.36.tar.gz
+b006eca7af5c5849703b0dea9c00356e openswan-2.6.36.tar.gz.asc
More information about the scm-commits
mailing list