rpms/ipsec-tools/devel ipsec-tools-0.7.1-loopback.patch, NONE, 1.1 .cvsignore, 1.12, 1.13 ipsec-tools.spec, 1.55, 1.56 sources, 1.12, 1.13 ipsec-tools-0.7-libs.patch, 1.1, NONE ipsec-tools-0.7-loopback.patch, 1.2, NONE ipsec-tools-0.7-newcookie-alen.patch, 1.1, NONE ipsec.h, 1.1, NONE isakmp.c.diff, 1.1, NONE pfkeyv2.h, 1.4, NONE udp.h, 1.1, NONE xfrm.h, 1.2, NONE
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Tue Jul 29 12:31:54 UTC 2008
Author: tmraz
Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21578
Modified Files:
.cvsignore ipsec-tools.spec sources
Added Files:
ipsec-tools-0.7.1-loopback.patch
Removed Files:
ipsec-tools-0.7-libs.patch ipsec-tools-0.7-loopback.patch
ipsec-tools-0.7-newcookie-alen.patch ipsec.h isakmp.c.diff
pfkeyv2.h udp.h xfrm.h
Log Message:
* Tue Jul 29 2008 Tomas Mraz <tmraz at redhat.com> - 0.7.1-1
- Update to a new upstream version
ipsec-tools-0.7.1-loopback.patch:
--- NEW FILE ipsec-tools-0.7.1-loopback.patch ---
diff -up ipsec-tools-0.7.1/configure.ac.loopback ipsec-tools-0.7.1/configure.ac
--- ipsec-tools-0.7.1/configure.ac.loopback 2008-07-22 15:53:46.000000000 +0200
+++ ipsec-tools-0.7.1/configure.ac 2008-07-29 09:57:26.000000000 +0200
@@ -794,6 +794,16 @@ if test "$enable_security_context" = "ye
fi
fi
+# Option --enable-racoon-over-loopback
+AC_MSG_CHECKING(if --enable-racoon-over-loopback option is specified)
+AC_ARG_ENABLE(racoon-over-loopback,
+ [ --enable-racoon-over-loopback enable racoon to use loopback],
+ [], [enable_racoon_over_loopback=no])
+if test $enable_racoon_over_loopback = "yes"; then
+ AC_DEFINE([ENABLE_RACOON_OVER_LOOPBACK], [], [Enable racoon to use loopback])
+fi
+AC_MSG_RESULT($enable_racoon_over_loopback)
+
CFLAGS="$CFLAGS $CFLAGS_ADD"
CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
diff -up ipsec-tools-0.7.1/src/racoon/isakmp_inf.c.loopback ipsec-tools-0.7.1/src/racoon/isakmp_inf.c
--- ipsec-tools-0.7.1/src/racoon/isakmp_inf.c.loopback 2008-07-11 10:08:42.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/isakmp_inf.c 2008-07-29 11:38:29.000000000 +0200
@@ -383,7 +383,7 @@ isakmp_info_recv_n(iph1, notify, msgid,
"delete phase1 handle.\n");
return -1;
} else {
- if (getph2bymsgid(iph1, msgid) == NULL) {
+ if (getph2bymsgid(iph1, msgid, iph1->side) == NULL) {
plog(LLV_ERROR, LOCATION, iph1->remote,
"fatal %s notify messsage, "
"phase1 should be deleted.\n",
@@ -512,7 +512,7 @@ isakmp_info_recv_d(iph1, delete, msgid,
return 0;
}
- del_ph1=getph1byindex((isakmp_index *)(delete + 1));
+ del_ph1=getph1byindex((isakmp_index *)(delete + 1), ANYSIDE);
if(del_ph1 != NULL){
EVT_PUSH(del_ph1->local, del_ph1->remote,
@@ -641,7 +641,7 @@ isakmp_info_send_d2(iph2)
* don't send delete information if there is no phase 1 handler.
* It's nonsensical to negotiate phase 1 to send the information.
*/
- iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+ iph1 = getph1byaddr(iph2->src, iph2->dst, 0, ANYSIDE);
if (iph1 == NULL){
plog(LLV_DEBUG2, LOCATION, NULL,
"No ph1 handler found, could not send DELETE_SA\n");
@@ -1110,7 +1110,7 @@ purge_isakmp_spi(proto, spi, n)
size_t i;
for (i = 0; i < n; i++) {
- iph1 = getph1byindex(&spi[i]);
+ iph1 = getph1byindex(&spi[i], ANYSIDE);
if (!iph1)
continue;
diff -up ipsec-tools-0.7.1/src/racoon/isakmp_xauth.c.loopback ipsec-tools-0.7.1/src/racoon/isakmp_xauth.c
--- ipsec-tools-0.7.1/src/racoon/isakmp_xauth.c.loopback 2007-08-07 06:49:24.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/isakmp_xauth.c 2008-07-29 09:57:26.000000000 +0200
@@ -360,7 +360,7 @@ xauth_reply_stub(args)
struct xauth_reply_arg *xra = (struct xauth_reply_arg *)args;
struct ph1handle *iph1;
- if ((iph1 = getph1byindex(&xra->index)) != NULL)
+ if ((iph1 = getph1byindex(&xra->index, ANYSIDE)) != NULL)
(void)xauth_reply(iph1, xra->port, xra->id, xra->res);
else
plog(LLV_ERROR, LOCATION, NULL,
diff -up ipsec-tools-0.7.1/src/racoon/isakmp.h.loopback ipsec-tools-0.7.1/src/racoon/isakmp.h
--- ipsec-tools-0.7.1/src/racoon/isakmp.h.loopback 2006-09-09 18:22:09.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/isakmp.h 2008-07-29 09:57:26.000000000 +0200
@@ -39,6 +39,8 @@
/* must include <netinet/in.h> first. */
/* must include "isakmp_var.h" first. */
+#define ANYSIDE -1 /* either INITIATOR or RESPONDER */
+
#define INITIATOR 0 /* synonym sender */
#define RESPONDER 1 /* synonym receiver */
diff -up ipsec-tools-0.7.1/src/racoon/handler.c.loopback ipsec-tools-0.7.1/src/racoon/handler.c
--- ipsec-tools-0.7.1/src/racoon/handler.c.loopback 2008-01-11 15:12:00.000000000 +0100
+++ ipsec-tools-0.7.1/src/racoon/handler.c 2008-07-29 11:29:31.000000000 +0200
@@ -101,14 +101,19 @@ static void sweep_recvdpkt __P((void *))
extern caddr_t val2str(const char *, size_t);
struct ph1handle *
-getph1byindex(index)
+getph1byindex(index, side)
isakmp_index *index;
+ int side;
{
struct ph1handle *p;
LIST_FOREACH(p, &ph1tree, chain) {
if (p->status == PHASE1ST_EXPIRED)
continue;
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ if (p->side != side && side != ANYSIDE)
+ continue;
+#endif
if (memcmp(&p->index, index, sizeof(*index)) == 0)
return p;
}
@@ -121,14 +126,19 @@ getph1byindex(index)
* search for isakmp handler by i_ck in index.
*/
struct ph1handle *
-getph1byindex0(index)
+getph1byindex0(index, side)
isakmp_index *index;
+ int side;
{
struct ph1handle *p;
LIST_FOREACH(p, &ph1tree, chain) {
if (p->status == PHASE1ST_EXPIRED)
continue;
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ if (p->side != side && side != ANYSIDE)
+ continue;
+#endif
if (memcmp(&p->index, index, sizeof(cookie_t)) == 0)
return p;
}
@@ -142,9 +152,10 @@ getph1byindex0(index)
* with phase 2's destinaion.
*/
struct ph1handle *
-getph1byaddr(local, remote, established)
+getph1byaddr(local, remote, established, side)
struct sockaddr *local, *remote;
int established;
+ int side;
{
struct ph1handle *p;
@@ -155,6 +166,10 @@ getph1byaddr(local, remote, established)
LIST_FOREACH(p, &ph1tree, chain) {
if (p->status == PHASE1ST_EXPIRED)
continue;
+ #ifdef ENABLE_RACOON_OVER_LOOPBACK
+ if (p->side != side && side != ANYSIDE)
+ continue;
+ #endif
plog(LLV_DEBUG2, LOCATION, NULL, "p->local: %s\n", saddr2str(p->local));
plog(LLV_DEBUG2, LOCATION, NULL, "p->remote: %s\n", saddr2str(p->remote));
@@ -175,14 +190,19 @@ getph1byaddr(local, remote, established)
}
struct ph1handle *
-getph1byaddrwop(local, remote)
+getph1byaddrwop(local, remote, side)
struct sockaddr *local, *remote;
+ int side;
{
struct ph1handle *p;
LIST_FOREACH(p, &ph1tree, chain) {
if (p->status == PHASE1ST_EXPIRED)
continue;
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ if (p->side != side && side != ANYSIDE)
+ continue;
+#endif
if (cmpsaddrwop(local, p->local) == 0
&& cmpsaddrwop(remote, p->remote) == 0)
return p;
@@ -197,14 +217,19 @@ getph1byaddrwop(local, remote)
* with phase 2's destinaion.
*/
struct ph1handle *
-getph1bydstaddrwop(remote)
+getph1bydstaddrwop(remote, side)
struct sockaddr *remote;
+ int side;
{
struct ph1handle *p;
LIST_FOREACH(p, &ph1tree, chain) {
if (p->status == PHASE1ST_EXPIRED)
continue;
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ if (p->side != side && side != ANYSIDE)
+ continue;
+#endif
if (cmpsaddrwop(remote, p->remote) == 0)
return p;
}
@@ -472,13 +497,18 @@ getph2byseq(seq)
* search ph2handle with message id.
*/
struct ph2handle *
-getph2bymsgid(iph1, msgid)
+getph2bymsgid(iph1, msgid, side)
struct ph1handle *iph1;
u_int32_t msgid;
+ int side;
{
struct ph2handle *p;
LIST_FOREACH(p, &ph2tree, chain) {
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ if (p->side != side && side != ANYSIDE)
+ continue;
+#endif
if (p->msgid == msgid)
return p;
}
@@ -517,12 +547,17 @@ getph2byid(src, dst, spid)
}
struct ph2handle *
-getph2bysaddr(src, dst)
+getph2bysaddr(src, dst, side)
struct sockaddr *src, *dst;
+ int side;
{
struct ph2handle *p;
LIST_FOREACH(p, &ph2tree, chain) {
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ if (p->side != side && side != ANYSIDE)
+ continue;
+#endif
if (cmpsaddrstrict(src, p->src) == 0 &&
cmpsaddrstrict(dst, p->dst) == 0)
return p;
@@ -1128,7 +1163,7 @@ static int revalidate_ph2(struct ph2hand
if (iph2->ph1 != NULL)
iph1=iph2->ph1;
else
- iph1=getph1byaddr(iph2->src, iph2->dst, 0);
+ iph1=getph1byaddr(iph2->src, iph2->dst, 0, ANYSIDE);
if(iph1 != NULL && iph1->rmconf != NULL) {
check_level = iph1->rmconf->pcheck_level;
diff -up ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback ipsec-tools-0.7.1/src/racoon/pfkey.c
--- ipsec-tools-0.7.1/src/racoon/pfkey.c.loopback 2008-07-29 09:57:26.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/pfkey.c 2008-07-29 09:57:26.000000000 +0200
@@ -1264,10 +1264,11 @@ pk_recvupdate(mhp)
/* turn off the timer for calling pfkey_timeover() */
SCHED_KILL(iph2->sce);
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
/* update status */
- /* Do this in pk_recvadd
- * iph2->status = PHASE2ST_ESTABLISHED;
- */
+ if (cmpsaddrstrict(iph2->ph1->local, iph2->ph1->remote) == 0)
+ iph2->status = PHASE2ST_ESTABLISHED;
+#endif
#ifdef ENABLE_STATS
gettimeofday(&iph2->end, NULL);
@@ -1322,6 +1323,12 @@ pk_sendadd(iph2)
return -1;
}
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ /* This prevents adding the same SA twice, since done in update */
+ if (cmpsaddrstrict(iph2->ph1->local, iph2->ph1->remote) == 0)
+ return 0;
+#endif
+
if (iph2->side == INITIATOR)
proxy = iph2->ph1->rmconf->support_proxy;
else if (iph2->sainfo && iph2->sainfo->id_i)
@@ -1764,7 +1771,7 @@ pk_recvacquire(mhp)
*/
iph2[0] = getph2byid(src, dst, xpl->sadb_x_policy_id);
if (iph2[0] == NULL)
- iph2[0] = getph2bysaddr(src, dst);
+ iph2[0] = getph2bysaddr(src, dst, ANYSIDE);
if (iph2[0] != NULL) {
if (iph2[0]->status < PHASE2ST_ESTABLISHED) {
diff -up ipsec-tools-0.7.1/src/racoon/isakmp.c.loopback ipsec-tools-0.7.1/src/racoon/isakmp.c
--- ipsec-tools-0.7.1/src/racoon/isakmp.c.loopback 2008-07-11 10:08:41.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/isakmp.c 2008-07-29 11:37:16.000000000 +0200
@@ -387,6 +387,36 @@ end:
return(error);
}
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+/*
+ * isakmp phase 1 search helper
+ */
+static struct ph1handle *
+isakmp_ph1pickside(iph1_i, iph1_r, local)
+ struct ph1handle *iph1_i, *iph1_r;
+ struct sockaddr *local;
+{
+ if (iph1_i == NULL && iph1_r != NULL) {
+ if (cmpsaddrstrict(iph1_r->remote, local) != 0)
+ return iph1_r;
+ else
+ return NULL;
+ } else if (iph1_i != NULL && iph1_r == NULL) {
+ if (cmpsaddrstrict(iph1_i->remote, local) != 0)
+ return iph1_i;
+ else
+ return NULL;
+ } else if (iph1_i != NULL && iph1_r != NULL) {
+ if (iph1_r->status < iph1_i->status)
+ return iph1_r;
+ else
+ return iph1_i;
+ }
+
+ return NULL;
+}
+#endif
+
/*
* main processing to handle isakmp payload
*/
@@ -453,7 +483,15 @@ isakmp_main(msg, remote, local)
}
}
- iph1 = getph1byindex(index);
+
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ iph1 = isakmp_ph1pickside(getph1byindex(index, INITIATOR),
+ getph1byindex(index, RESPONDER),
+ local);
+#else
+ iph1 = getph1byindex(index, ANYSIDE);
+#endif
+
if (iph1 != NULL) {
/* validity check */
if (memcmp(&isakmp->r_ck, r_ck0, sizeof(cookie_t)) == 0 &&
@@ -553,7 +591,15 @@ isakmp_main(msg, remote, local)
*/
/* search for phase1 handle by index without r_ck */
- iph1 = getph1byindex0(index);
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ iph1 = isakmp_ph1pickside(
+ getph1byindex0(index, INITIATOR),
+ getph1byindex0(index, RESPONDER),
+ local);
+#else
+ iph1=getph1byindex0(index, ANYSIDE);
+#endif
+
if (iph1 == NULL) {
/*it must be the 1st message from a initiator.*/
if (memcmp(&isakmp->r_ck, r_ck0,
@@ -629,7 +675,7 @@ isakmp_main(msg, remote, local)
* NOTE: We think such informational exchange should be ignored.
*/
if (iph1 == NULL) {
- iph1 = getph1byindex0(index);
+ iph1 = getph1byindex0(index, INITIATOR);
if (iph1 == NULL) {
plog(LLV_ERROR, LOCATION, remote,
"unknown Informational "
@@ -656,6 +702,9 @@ isakmp_main(msg, remote, local)
case ISAKMP_ETYPE_QUICK:
{
struct ph2handle *iph2;
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ struct ph2handle *iph2_i, *iph2_r;
+#endif
if (iph1 == NULL) {
isakmp_info_send_nx(isakmp, remote, local,
@@ -688,8 +737,31 @@ isakmp_main(msg, remote, local)
return -1;
}
- /* search isakmp phase 2 stauts record. */
- iph2 = getph2bymsgid(iph1, msgid);
+ /* search isakmp phase 2 status record. */
+#ifdef ENABLE_RACOON_OVER_LOOPBACK
+ iph2_i = getph2bymsgid(iph1, msgid, INITIATOR);
+ iph2_r = getph2bymsgid(iph1, msgid, RESPONDER);
+ if (iph2_i == NULL && iph2_r != NULL) {
+ if (cmpsaddrstrict(iph1->remote, local) != 0)
+ iph2 = iph2_r;
+ else
+ iph2 = NULL;
+ } else if (iph2_i != NULL && iph2_r == NULL) {
+ if (cmpsaddrstrict(iph1->remote, local) != 0)
+ iph2 = iph2_i;
+ else
+ iph2 = NULL;
+ } else if (iph2_i != NULL && iph2_r != NULL) {
+ if (iph2_r->status < iph2_i->status)
+ iph2 = iph2_r;
+ else
+ iph2 = iph2_i;
+ } else
+ iph2 = NULL;
+#else
+ iph2 = getph2bymsgid(iph1, msgid, ANYSIDE);
+#endif
+
if (iph2 == NULL) {
/* it must be new negotiation as responder */
if (isakmp_ph2begin_r(iph1, msg) < 0)
@@ -2165,15 +2237,15 @@ isakmp_post_acquire(iph2)
*/
#ifdef ENABLE_NATT
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
- if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
+ if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst, ANYSIDE)) != NULL) {
set_port(iph2->src, extract_port(iph1->local));
set_port(iph2->dst, extract_port(iph1->remote));
}
} else {
- iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+ iph1 = getph1byaddr(iph2->src, iph2->dst, 0, ANYSIDE);
}
#else
- iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+ iph1 = getph1byaddr(iph2->src, iph2->dst, 0, ANYSIDE);
#endif
/* no ISAKMP-SA found. */
@@ -2300,17 +2372,17 @@ isakmp_chkph1there(iph2)
#ifdef ENABLE_NATT
if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: extract_port.\n");
- if( (iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL){
+ if( (iph1 = getph1byaddrwop(iph2->src, iph2->dst, ANYSIDE)) != NULL){
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found a ph1 wop.\n");
}
} else {
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: searching byaddr.\n");
- iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+ iph1 = getph1byaddr(iph2->src, iph2->dst, 0, ANYSIDE);
if(iph1 != NULL)
plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found byaddr.\n");
}
#else
- iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+ iph1 = getph1byaddr(iph2->src, iph2->dst, 0, ANYSIDE);
#endif
/* XXX Even if ph1 as responder is there, should we not start
@@ -2574,7 +2646,7 @@ isakmp_newmsgid2(iph1)
do {
msgid2 = eay_random();
- } while (getph2bymsgid(iph1, msgid2));
+ } while (getph2bymsgid(iph1, msgid2, iph1->side));
return msgid2;
}
@@ -3189,7 +3261,7 @@ purge_remote(iph1)
iph1->status = PHASE1ST_EXPIRED;
/* Check if we have another, still valid, phase1 SA. */
- new_iph1 = getph1byaddr(iph1->local, iph1->remote, 1);
+ new_iph1 = getph1byaddr(iph1->local, iph1->remote, 1, ANYSIDE);
/*
* Delete all orphaned or binded to the deleting ph1handle phase2 SAs.
diff -up ipsec-tools-0.7.1/src/racoon/handler.h.loopback ipsec-tools-0.7.1/src/racoon/handler.h
--- ipsec-tools-0.7.1/src/racoon/handler.h.loopback 2008-07-29 09:57:26.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/handler.h 2008-07-29 11:32:03.000000000 +0200
@@ -425,13 +425,13 @@ struct ph1handle;
struct ph2handle;
struct policyindex;
-extern struct ph1handle *getph1byindex __P((isakmp_index *));
-extern struct ph1handle *getph1byindex0 __P((isakmp_index *));
+extern struct ph1handle *getph1byindex __P((isakmp_index *, int));
+extern struct ph1handle *getph1byindex0 __P((isakmp_index *, int));
extern struct ph1handle *getph1byaddr __P((struct sockaddr *,
- struct sockaddr *, int));
+ struct sockaddr *, int, int));
extern struct ph1handle *getph1byaddrwop __P((struct sockaddr *,
- struct sockaddr *));
-extern struct ph1handle *getph1bydstaddrwop __P((struct sockaddr *));
+ struct sockaddr *, int));
+extern struct ph1handle *getph1bydstaddrwop __P((struct sockaddr *, int));
#ifdef ENABLE_HYBRID
struct ph1handle *getph1bylogin __P((char *));
int purgeph1bylogin __P((char *));
@@ -448,8 +448,9 @@ extern struct ph2handle *getph2byspidx _
extern struct ph2handle *getph2byspid __P((u_int32_t));
extern struct ph2handle *getph2byseq __P((u_int32_t));
extern struct ph2handle *getph2bysaddr __P((struct sockaddr *,
- struct sockaddr *));
-extern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t));
+ struct sockaddr *, int));
+extern struct ph2handle *getph2bymsgid __P((struct ph1handle *, u_int32_t,
+ int));
extern struct ph2handle *getph2byid __P((struct sockaddr *,
struct sockaddr *, u_int32_t));
extern struct ph2handle *getph2bysaidx __P((struct sockaddr *,
diff -up ipsec-tools-0.7.1/src/racoon/admin.c.loopback ipsec-tools-0.7.1/src/racoon/admin.c
--- ipsec-tools-0.7.1/src/racoon/admin.c.loopback 2008-06-18 09:30:19.000000000 +0200
+++ ipsec-tools-0.7.1/src/racoon/admin.c 2008-07-29 09:57:26.000000000 +0200
@@ -289,7 +289,7 @@ out2:
STRDUP_FATAL(loc);
STRDUP_FATAL(rem);
- if ((iph1 = getph1byaddrwop(src, dst)) == NULL) {
+ if ((iph1 = getph1byaddrwop(src, dst, ANYSIDE)) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"phase 1 for %s -> %s not found\n", loc, rem);
} else {
@@ -340,7 +340,7 @@ out2:
plog(LLV_INFO, LOCATION, NULL,
"Flushing all SAs for peer %s\n", rem);
- while ((iph1 = getph1bydstaddrwop(dst)) != NULL) {
+ while ((iph1 = getph1bydstaddrwop(dst, ANYSIDE)) != NULL) {
loc = racoon_strdup(saddrwop2str(iph1->local));
STRDUP_FATAL(loc);
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/.cvsignore,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- .cvsignore 29 Aug 2007 04:04:57 -0000 1.12
+++ .cvsignore 29 Jul 2008 12:31:24 -0000 1.13
@@ -1,2 +1 @@
-ipsec-tools-0.6.6.tar.bz2
-ipsec-tools-0.7.tar.bz2
+ipsec-tools-0.7.1.tar.bz2
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- ipsec-tools.spec 28 Feb 2008 16:07:33 -0000 1.55
+++ ipsec-tools.spec 29 Jul 2008 12:31:24 -0000 1.56
@@ -1,24 +1,21 @@
Name: ipsec-tools
-Version: 0.7
-Release: 13%{?dist}
+Version: 0.7.1
+Release: 1%{?dist}
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
URL: http://ipsec-tools.sourceforge.net/
-Source: http://prdownload.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2
+Source: ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.7/ipsec-tools-%{version}.tar.bz2
Source1: racoon.conf
Source2: psk.txt
Source3: p1_up_down
Source4: racoon.init
-Patch: ipsec-tools-0.7-libs.patch
-Patch2: isakmp.c.diff
Patch3: ipsec-tools-0.7-acquires.patch
-Patch4: ipsec-tools-0.7-loopback.patch
+Patch4: ipsec-tools-0.7.1-loopback.patch
# the following patches were also submitted upstream:
Patch5: ipsec-tools-0.7-iface.patch
Patch6: ipsec-tools-0.7-dupsplit.patch
Patch7: ipsec-tools-0.7-contextsize.patch
-Patch8: ipsec-tools-0.7-newcookie-alen.patch
Patch9: ipsec-tools-0.7-splitcidr.patch
BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
@@ -37,14 +34,11 @@
%prep
%setup -q
-%patch -p1
-%patch2 -p1
%patch3 -p1 -b .acquires
%patch4 -p1 -b .loopback
%patch5 -p1 -b .iface
%patch6 -p1 -b .dupsplit
%patch7 -p1 -b .ctxsize
-%patch8 -p1 -b .cookie
%patch9 -p1 -b .splitcidr
./bootstrap
@@ -52,7 +46,9 @@
%build
source /etc/profile.d/krb5-devel.sh
sed -i 's|-Werror||g' configure
-CFLAGS="$RPM_OPT_FLAGS" %configure \
+LDFLAGS="-Wl,--as-needed"
+export LDFLAGS
+%configure \
--with-kernel-headers=/usr/include \
--sysconfdir=/etc/racoon \
--without-readline \
@@ -123,6 +119,9 @@
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Tue Jul 29 2008 Tomas Mraz <tmraz at redhat.com> - 0.7.1-1
+- Update to a new upstream version
+
* Thu Feb 28 2008 Steve Conklin <sconklin at redhat.com> - 0.7-13
- Resolves bz#273261 remote-access client connection to Cisco ASA
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/sources,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- sources 29 Aug 2007 04:04:57 -0000 1.12
+++ sources 29 Jul 2008 12:31:24 -0000 1.13
@@ -1 +1 @@
-c0a586924edde35264ecfe94ad1c261f ipsec-tools-0.7.tar.bz2
+30b196a2829556182c39aed9f83c0bbf ipsec-tools-0.7.1.tar.bz2
--- ipsec-tools-0.7-libs.patch DELETED ---
--- ipsec-tools-0.7-loopback.patch DELETED ---
--- ipsec-tools-0.7-newcookie-alen.patch DELETED ---
--- ipsec.h DELETED ---
--- isakmp.c.diff DELETED ---
--- pfkeyv2.h DELETED ---
--- udp.h DELETED ---
--- xfrm.h DELETED ---
More information about the scm-commits
mailing list