rpms/openswan/F-12 openswan-2.6.24-nspr.patch, NONE, 1.1 openswan-2.6.24-warnings.patch, NONE, 1.1 openswan-ipsec-help.patch, NONE, 1.1 .cvsignore, 1.28, 1.29 openswan.spec, 1.82, 1.83 sources, 1.27, 1.28 openswan-2.6-initscript-correction.patch, 1.1, NONE openswan-2.6.22-gcc44.patch, 1.1, NONE
avesh agarwal
avesh at fedoraproject.org
Mon Feb 8 17:11:52 UTC 2010
Author: avesh
Update of /cvs/pkgs/rpms/openswan/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22207
Modified Files:
.cvsignore openswan.spec sources
Added Files:
openswan-2.6.24-nspr.patch openswan-2.6.24-warnings.patch
openswan-ipsec-help.patch
Removed Files:
openswan-2.6-initscript-correction.patch
openswan-2.6.22-gcc44.patch
Log Message:
* Mon Feb 8 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.24-1
- New upstream release
- Cisco interop patches
- Improved init script
- Fix to allow ";" in the ike/esp parameters
- Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306
- Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode
- Fix to the issue where Some programs were installed
twice causing .old files
- lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ .
This is to avoid an SElinux AVC Denial
- Fix for the issueo where ipsec help shows the list twice
- Fix for compile time warnings
openswan-2.6.24-nspr.patch:
rsasigkey/Makefile | 5 ++++-
showhostkey/Makefile | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
--- NEW FILE openswan-2.6.24-nspr.patch ---
diff -urNp openswan-2.6.24-orig/programs/rsasigkey/Makefile openswan-2.6.24/programs/rsasigkey/Makefile
--- openswan-2.6.24-orig/programs/rsasigkey/Makefile 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/rsasigkey/Makefile 2010-01-11 16:28:41.000000000 -0500
@@ -18,7 +18,7 @@ include ${OPENSWANSRCDIR}/Makefile.inc
ifeq ($(USE_LIBNSS),true)
CFLAGS+=-DHAVE_LIBNSS
# temp workaround for bug in nspr 4.8.2
-CFLAGS+=-Wno-strict-prototypes
+#CFLAGS+=-Wno-strict-prototypes
ifeq ($(USE_FIPSCHECK),true)
FIPS_CHECK=1
CFLAGS+=-DFIPS_CHECK
@@ -38,3 +38,6 @@ endif
include ${srcdir}../Makefile.program
+ifeq ($(USE_LIBNSS),true)
+CFLAGS+=-Wno-strict-prototypes
+endif
diff -urNp openswan-2.6.24-orig/programs/showhostkey/Makefile openswan-2.6.24/programs/showhostkey/Makefile
--- openswan-2.6.24-orig/programs/showhostkey/Makefile 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/showhostkey/Makefile 2010-01-11 16:29:32.000000000 -0500
@@ -18,10 +18,13 @@ ifeq ($(USE_LIBNSS),true)
CFLAGS+=-DHAVE_LIBNSS
INCLUDES+=-I/usr/include/nspr4 -I/usr/include/nss3
# temp workaround for bug in nspr 4.8.2
-CFLAGS+=-Wno-strict-prototypes
+#CFLAGS+=-Wno-strict-prototypes
endif
PROGRAM=showhostkey
include ${srcdir}../Makefile.program
+ifeq ($(USE_LIBNSS),true)
+CFLAGS+=-Wno-strict-prototypes
+endif
openswan-2.6.24-warnings.patch:
lib/libopenswan/oswconf.c | 5 ++++-
programs/pluto/kernel.c | 4 ++--
programs/pluto/pluto_crypt.c | 1 +
programs/pluto/rcv_info.c | 4 +++-
programs/pluto/rcv_whack.c | 9 +++++++--
programs/pluto/whack.c | 5 ++++-
6 files changed, 21 insertions(+), 7 deletions(-)
--- NEW FILE openswan-2.6.24-warnings.patch ---
diff -urNp openswan-2.6.24-orig/lib/libopenswan/oswconf.c openswan-2.6.24/lib/libopenswan/oswconf.c
--- openswan-2.6.24-orig/lib/libopenswan/oswconf.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/lib/libopenswan/oswconf.c 2010-01-14 22:03:45.000000000 -0500
@@ -206,7 +206,7 @@ char *getNSSPassword(PK11SlotInfo *slot,
char* strings;
char* token=NULL;
const long maxPwdFileSize = NSSpwdfilesize;
- int i, tlen;
+ int i, tlen=0;
if (slot) {
token = PK11_GetTokenName(slot);
@@ -214,6 +214,9 @@ char *getNSSPassword(PK11SlotInfo *slot,
tlen = PORT_Strlen(token);
//openswan_log("authentication needed for token name %s with length %d",token,tlen);
}
+ else {
+ return 0;
+ }
}
else {
return 0;
diff -urNp openswan-2.6.24-orig/programs/pluto/kernel.c openswan-2.6.24/programs/pluto/kernel.c
--- openswan-2.6.24-orig/programs/pluto/kernel.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/kernel.c 2010-01-15 10:45:47.000000000 -0500
@@ -360,12 +360,12 @@ fmt_common_shell_out(char *buf, int blen
char *p;
int l;
strncat(srcip_str, "PLUTO_MY_SOURCEIP=", sizeof(srcip_str));
- strncat(srcip_str, "'", sizeof(srcip_str));
+ strncat(srcip_str, "'", sizeof(srcip_str)-strlen(srcip_str)-1);
l = strlen(srcip_str);
p = srcip_str + l;
addrtot(&sr->this.host_srcip, 0, p, sizeof(srcip_str));
- strncat(srcip_str, "'", sizeof(srcip_str));
+ strncat(srcip_str, "'", sizeof(srcip_str)-strlen(srcip_str)-1);
}
{
diff -urNp openswan-2.6.24-orig/programs/pluto/pluto_crypt.c openswan-2.6.24/programs/pluto/pluto_crypt.c
--- openswan-2.6.24-orig/programs/pluto/pluto_crypt.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/pluto_crypt.c 2010-01-14 22:30:25.000000000 -0500
@@ -976,6 +976,7 @@ pluto_helper_thread(void *w) {
struct pluto_crypto_worker *helper;
helper=(struct pluto_crypto_worker *)w;
pluto_crypto_helper(helper->pcw_helper_pipe, helper->pcw_helpernum);
+ return NULL;
}
#endif
diff -urNp openswan-2.6.24-orig/programs/pluto/rcv_info.c openswan-2.6.24/programs/pluto/rcv_info.c
--- openswan-2.6.24-orig/programs/pluto/rcv_info.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/rcv_info.c 2010-01-15 10:58:54.000000000 -0500
@@ -313,7 +313,9 @@ info_handle(int infoctlfd)
{
case IPSEC_CMD_QUERY_HOSTPAIR:
info_lookuphostpair(&ipcq);
- write(infofd, &ipcq, ipcq.head.ipm_msg_len);
+ if(write(infofd, &ipcq, ipcq.head.ipm_msg_len) == -1 ) {
+ plog("info_handle: write error");
+ }
break;
default:
diff -urNp openswan-2.6.24-orig/programs/pluto/rcv_whack.c openswan-2.6.24/programs/pluto/rcv_whack.c
--- openswan-2.6.24-orig/programs/pluto/rcv_whack.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/rcv_whack.c 2010-01-15 11:18:13.000000000 -0500
@@ -156,8 +156,13 @@ static bool writewhackrecord(char *buf,
//DBG_log("buflen: %u abuflen: %u\n", header[0], abuflen);
- fwrite(header, sizeof(u_int32_t)*3, 1, whackrecordfile);
- fwrite(buf, abuflen, 1, whackrecordfile);
+ if(fwrite(header, sizeof(u_int32_t)*3, 1, whackrecordfile) < 1) {
+ DBG_log("writewhackrecord: fwrite error when writing header");
+ }
+
+ if(fwrite(buf, abuflen, 1, whackrecordfile) < 1) {
+ DBG_log("writewhackrecord: fwrite error when writing buf");
+ }
return TRUE;
}
diff -urNp openswan-2.6.24-orig/programs/pluto/whack.c openswan-2.6.24/programs/pluto/whack.c
--- openswan-2.6.24-orig/programs/pluto/whack.c 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/pluto/whack.c 2010-01-15 11:13:58.000000000 -0500
@@ -1957,7 +1957,10 @@ main(int argc, char **argv)
}
le++; /* include NL in line */
- write(1, ls, le - ls);
+ if(write(1, ls, le - ls) != (le-ls)) {
+ int e = errno;
+ fprintf(stderr, "whack: write() failed to stdout(%d %s)\n", e, strerror(e));
+ }
fsync(1);
/* figure out prefix number
openswan-ipsec-help.patch:
ipsec.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE openswan-ipsec-help.patch ---
diff -urNp openswan-2.6.24-orig/programs/ipsec/ipsec.in openswan-2.6.24/programs/ipsec/ipsec.in
--- openswan-2.6.24-orig/programs/ipsec/ipsec.in 2010-01-09 20:34:38.000000000 -0500
+++ openswan-2.6.24/programs/ipsec/ipsec.in 2010-01-13 17:52:10.000000000 -0500
@@ -79,9 +79,9 @@ case "$1" in
--help)
echo "Usage: ipsec command argument ..."
echo "where command is one of:"
- for f in `ls $IPSEC_LIBDIR $IPSEC_EXECDIR | egrep -v -i "$DONTMENTION"`
+ for f in `ls $IPSEC_LIBDIR | egrep -v -i "$DONTMENTION"`
do
- if test -x $IPSEC_LIBDIR/$f || test -x $IPSEC_EXECDIR/$f
+ if test -x $IPSEC_LIBDIR/$f
then
echo " $f"
fi
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/F-12/.cvsignore,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -p -r1.28 -r1.29
--- .cvsignore 9 Sep 2009 17:41:06 -0000 1.28
+++ .cvsignore 8 Feb 2010 17:11:51 -0000 1.29
@@ -12,3 +12,4 @@ openswan-2.6.19.tar.gz
openswan-2.6.21.tar.gz
openswan-2.6.22.tar.gz
openswan-2.6.23.tar.gz
+openswan-2.6.24.tar.gz
Index: openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/F-12/openswan.spec,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -p -r1.82 -r1.83
--- openswan.spec 9 Sep 2009 17:41:07 -0000 1.82
+++ openswan.spec 8 Feb 2010 17:11:52 -0000 1.83
@@ -6,7 +6,7 @@
Summary: Openswan IPSEC implementation
Name: openswan
-Version: 2.6.23
+Version: 2.6.24
Release: 1%{?dist}
License: GPLv2+
@@ -17,8 +17,9 @@ Source2: ipsec.conf
Patch1: openswan-2.6-relpath.patch
Patch2: openswan-2.6-selinux.patch
-Patch3: openswan-2.6-initscript-correction.patch
-Patch4: openswan-2.6.22-gcc44.patch
+Patch3: openswan-2.6.24-nspr.patch
+Patch4: openswan-ipsec-help.patch
+Patch5: openswan-2.6.24-warnings.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -77,6 +78,7 @@ find doc -name .gitignore -print0 | xarg
%patch2 -p1 -b .selinux
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
@@ -135,14 +137,11 @@ FS=$(pwd)
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spi \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/spigrp \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startklips \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startklips.old \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_startnetkey \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/tncfg \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.klips \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.klips.old \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.mast \
- fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.mast.old \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_updown.netkey \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/verify \
fipshmac $RPM_BUILD_ROOT%{_libexecdir}/ipsec/whack \
@@ -227,6 +226,20 @@ fi
chkconfig --add ipsec || :
%changelog
+* Mon Feb 8 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.24-1
+- New upstream release
+- Cisco interop patches
+- Improved init script
+- Fix to allow ";" in the ike/esp parameters
+- Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306
+- Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode
+- Fix to the issue where Some programs were installed
+ twice causing .old files
+- lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ .
+ This is to avoid an SElinux AVC Denial
+- Fix for the issueo where ipsec help shows the list twice
+- Fix for compile time warnings
+
* Wed Sep 09 2009 Avesh Agarwal <avagarwa at redhat.com> - 2.6.23-1
- New upstream release
- Supports smartcards now
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/F-12/sources,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- sources 9 Sep 2009 17:41:07 -0000 1.27
+++ sources 8 Feb 2010 17:11:52 -0000 1.28
@@ -1 +1 @@
-c83053471e639bf3b97e3cf7796b7e83 openswan-2.6.23.tar.gz
+1c76b6982c05392f7c360afb92699661 openswan-2.6.24.tar.gz
--- openswan-2.6-initscript-correction.patch DELETED ---
--- openswan-2.6.22-gcc44.patch DELETED ---
More information about the scm-commits
mailing list