[openswan/f14] Fixes for cve-2011-3380
avesh agarwal
avesh at fedoraproject.org
Wed Oct 5 15:19:37 UTC 2011
commit dc1e0eb331f87aef0f36e9d88a96d54e086562df
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Oct 5 11:19:25 2011 -0400
Fixes for cve-2011-3380
openswan-cve-2011-3380.patch | 12 ++++++++++++
openswan.spec | 7 ++++++-
2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/openswan-cve-2011-3380.patch b/openswan-cve-2011-3380.patch
new file mode 100644
index 0000000..5dc58a0
--- /dev/null
+++ b/openswan-cve-2011-3380.patch
@@ -0,0 +1,12 @@
+diff -urNp openswan-2.6.33-patched/programs/pluto/ike_alg.c openswan-2.6.33-current/programs/pluto/ike_alg.c
+--- openswan-2.6.33-patched/programs/pluto/ike_alg.c 2011-10-05 11:13:11.596816659 -0400
++++ openswan-2.6.33-current/programs/pluto/ike_alg.c 2011-10-05 11:16:54.917104728 -0400
+@@ -115,7 +115,7 @@ bool ike_alg_enc_ok(int ealg, unsigned k
+ ealg, key_len);
+ }
+ );
+- if (!ret && *errp)
++ if (!ret && errp)
+ *errp = ugh_buf;
+ return ret;
+ }
diff --git a/openswan.spec b/openswan.spec
index e5e50fe..89bd688 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -9,7 +9,7 @@ Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
Version: 2.6.33
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Url: http://www.openswan.org/
Source: openswan-%{version}.tar.gz
@@ -18,6 +18,7 @@ Source2: ipsec.conf
Patch1: openswan-2.6-relpath.patch
Patch2: openswan-ipsec-help-524146-509318.patch
+Patch3: openswan-cve-2011-3380.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -73,6 +74,7 @@ system.
%patch1 -p1 -b .relpath
%patch2 -p1
+%patch3 -p1
%build
@@ -222,6 +224,9 @@ fi
chkconfig --add ipsec || :
%changelog
+* Wed Oct 5 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.33-2
+- Fixes for cve-2011-3380
+
* Wed Mar 9 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.33-1
- New upstream release openswan
- Updated local patches
More information about the scm-commits
mailing list