[openswan/f14] Fixes for cve-2011-3380

[avesh agarwal]

commit dc1e0eb331f87aef0f36e9d88a96d54e086562df
Author: Avesh Agarwal <avagarwa at redhat.com>
Date:   Wed Oct 5 11:19:25 2011 -0400

    Fixes for cve-2011-3380

 openswan-cve-2011-3380.patch |   12 ++++++++++++
 openswan.spec                |    7 ++++++-
 2 files changed, 18 insertions(+), 1 deletions(-)
---
diff --git a/openswan-cve-2011-3380.patch b/openswan-cve-2011-3380.patch
new file mode 100644
index 0000000..5dc58a0
--- /dev/null
+++ b/openswan-cve-2011-3380.patch
@@ -0,0 +1,12 @@
+diff -urNp openswan-2.6.33-patched/programs/pluto/ike_alg.c openswan-2.6.33-current/programs/pluto/ike_alg.c
+--- openswan-2.6.33-patched/programs/pluto/ike_alg.c	2011-10-05 11:13:11.596816659 -0400
++++ openswan-2.6.33-current/programs/pluto/ike_alg.c	2011-10-05 11:16:54.917104728 -0400
+@@ -115,7 +115,7 @@ bool ike_alg_enc_ok(int ealg, unsigned k
+ 				ealg, key_len);
+ 		}
+ 	);
+-	if (!ret && *errp)
++	if (!ret && errp)
+ 		*errp = ugh_buf;
+ 	return ret;
+ }
diff --git a/openswan.spec b/openswan.spec
index e5e50fe..89bd688 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -9,7 +9,7 @@ Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
 Name: openswan
 Version: 2.6.33
 
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Url: http://www.openswan.org/
 Source: openswan-%{version}.tar.gz
@@ -18,6 +18,7 @@ Source2: ipsec.conf
 
 Patch1: openswan-2.6-relpath.patch
 Patch2: openswan-ipsec-help-524146-509318.patch
+Patch3: openswan-cve-2011-3380.patch
 
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -73,6 +74,7 @@ system.
 
 %patch1 -p1 -b .relpath
 %patch2 -p1
+%patch3 -p1
 
 %build
 
@@ -222,6 +224,9 @@ fi
 chkconfig --add ipsec || :
 
 %changelog
+* Wed Oct 5 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.33-2
+- Fixes for cve-2011-3380
+
 * Wed Mar 9 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.33-1
 - New upstream release openswan
 - Updated local patches