[openswan/f14/master] - New upstream release - Fixes for CVE-2010-3308 and CVE-2010-3302

avesh agarwal avesh at fedoraproject.org
Mon Sep 27 18:41:40 UTC 2010 

commit 9467f4c524825cd60e541d2cb5b422ecb798cdb3
Author: Avesh Agarwal <avagarwa at redhat.com>
Date:   Mon Sep 27 14:41:43 2010 -0400

    - New upstream release
    - Fixes for CVE-2010-3308 and CVE-2010-3302

 .gitignore                              |    1 +
 openswan-2.6-relpath.patch              |   12 ++++++------
 openswan-600167.patch                   |   30 +++++++++++++++---------------
 openswan-600174.patch                   |    6 +++---
 openswan-ipsec-help-524146-509318.patch |    6 +++---
 openswan.spec                           |    8 ++++++--
 sources                                 |    2 +-
 7 files changed, 35 insertions(+), 30 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 8b0cd3c..b201aaa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@ openswan-2.6.24.tar.gz
 openswan-2.6.25.tar.gz
 openswan-2.6.27.tar.gz
 openswan-2.6.28.tar.gz
+/openswan-2.6.29.tar.gz
diff --git a/openswan-2.6-relpath.patch b/openswan-2.6-relpath.patch
index 598d11f..b17d844 100644
--- a/openswan-2.6-relpath.patch
+++ b/openswan-2.6-relpath.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/Makefile.inc openswan-2.6.28-cvs-patched/Makefile.inc
---- openswan-2.6.28-orig/Makefile.inc	2010-08-13 12:32:39.498355929 -0400
-+++ openswan-2.6.28-cvs-patched/Makefile.inc	2010-08-13 12:31:32.151347825 -0400
+diff -urNp openswan-2.6.29-orig/Makefile.inc openswan-2.6.29-cvs-patched/Makefile.inc
+--- openswan-2.6.29-orig/Makefile.inc	2010-09-27 13:10:05.456420264 -0400
++++ openswan-2.6.29-cvs-patched/Makefile.inc	2010-09-27 13:10:25.270412552 -0400
 @@ -123,6 +123,8 @@ FINALRCDIR=$(shell for d in $(INC_RCDIRS
  		do if test -d $(DESTDIR)/$$d ; \
  		then echo $$d ; exit 0 ; \
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.28-orig/Makefile.inc openswan-2.6.28-cvs-patched/Makefil
  RCDIR=$(DESTDIR)$(FINALRCDIR)
  
  
-diff -urNp openswan-2.6.28-orig/programs/setup/Makefile openswan-2.6.28-cvs-patched/programs/setup/Makefile
---- openswan-2.6.28-orig/programs/setup/Makefile	2010-08-13 12:32:39.514356039 -0400
-+++ openswan-2.6.28-cvs-patched/programs/setup/Makefile	2010-08-13 12:31:56.645349136 -0400
+diff -urNp openswan-2.6.29-orig/programs/setup/Makefile openswan-2.6.29-cvs-patched/programs/setup/Makefile
+--- openswan-2.6.29-orig/programs/setup/Makefile	2010-09-27 13:10:05.486420297 -0400
++++ openswan-2.6.29-cvs-patched/programs/setup/Makefile	2010-09-27 13:10:25.271412259 -0400
 @@ -32,7 +32,7 @@ include ${srcdir}../Makefile.program
  doinstall:: setup
  	@rm -f $(BINDIR)/setup
diff --git a/openswan-600167.patch b/openswan-600167.patch
index 8afbeef..ae82d27 100644
--- a/openswan-600167.patch
+++ b/openswan-600167.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/programs/auto/auto.in openswan-2.6.28-cvs-patched/programs/auto/auto.in
---- openswan-2.6.28-orig/programs/auto/auto.in	2010-08-13 12:32:39.526355843 -0400
-+++ openswan-2.6.28-cvs-patched/programs/auto/auto.in	2010-08-13 12:46:09.160348224 -0400
+diff -urNp openswan-2.6.29-orig/programs/auto/auto.in openswan-2.6.29-cvs-patched/programs/auto/auto.in
+--- openswan-2.6.29-orig/programs/auto/auto.in	2010-09-27 13:10:05.509412095 -0400
++++ openswan-2.6.29-cvs-patched/programs/auto/auto.in	2010-09-27 13:21:42.080412196 -0400
 @@ -40,6 +40,112 @@ op=
  argc=
  utc=
@@ -114,10 +114,10 @@ diff -urNp openswan-2.6.28-orig/programs/auto/auto.in openswan-2.6.28-cvs-patche
  for dummy
  do
  	case "$1" in
-diff -urNp openswan-2.6.28-orig/programs/pluto/connections.c openswan-2.6.28-cvs-patched/programs/pluto/connections.c
---- openswan-2.6.28-orig/programs/pluto/connections.c	2010-08-13 12:32:39.529366288 -0400
-+++ openswan-2.6.28-cvs-patched/programs/pluto/connections.c	2010-08-13 12:47:28.026361321 -0400
-@@ -457,7 +457,7 @@ check_orientations(void)
+diff -urNp openswan-2.6.29-orig/programs/pluto/connections.c openswan-2.6.29-cvs-patched/programs/pluto/connections.c
+--- openswan-2.6.29-orig/programs/pluto/connections.c	2010-09-27 13:10:05.513420574 -0400
++++ openswan-2.6.29-cvs-patched/programs/pluto/connections.c	2010-09-27 13:23:51.288412353 -0400
+@@ -462,7 +462,7 @@ check_orientations(void)
      }
  }
  
@@ -126,7 +126,7 @@ diff -urNp openswan-2.6.28-orig/programs/pluto/connections.c openswan-2.6.28-cvs
  default_end(struct end *e, ip_address *dflt_nexthop)
  {
      err_t ugh = NULL;
-@@ -1056,7 +1056,8 @@ check_connection_end(const struct whack_
+@@ -1054,7 +1054,8 @@ check_connection_end(const struct whack_
      }
  
      /* MAKE this more sane in the face of unresolved IP addresses */
@@ -136,10 +136,10 @@ diff -urNp openswan-2.6.28-orig/programs/pluto/connections.c openswan-2.6.28-cvs
      {
  	/* other side is wildcard: we must check if other conditions met */
  	if (that->host_type != KH_IPHOSTNAME && isanyaddr(&this->host_addr))
-diff -urNp openswan-2.6.28-orig/programs/pluto/connections.h openswan-2.6.28-cvs-patched/programs/pluto/connections.h
---- openswan-2.6.28-orig/programs/pluto/connections.h	2010-08-13 12:32:39.540355907 -0400
-+++ openswan-2.6.28-cvs-patched/programs/pluto/connections.h	2010-08-13 12:47:45.981097622 -0400
-@@ -289,6 +289,8 @@ extern size_t format_end(char *buf, size
+diff -urNp openswan-2.6.29-orig/programs/pluto/connections.h openswan-2.6.29-cvs-patched/programs/pluto/connections.h
+--- openswan-2.6.29-orig/programs/pluto/connections.h	2010-09-27 13:10:05.521420141 -0400
++++ openswan-2.6.29-cvs-patched/programs/pluto/connections.h	2010-09-27 13:24:39.600412208 -0400
+@@ -291,6 +291,8 @@ extern size_t format_end(char *buf, size
      , const struct end *this, const struct end *that
      , bool is_left, lset_t policy);
  
@@ -148,9 +148,9 @@ diff -urNp openswan-2.6.28-orig/programs/pluto/connections.h openswan-2.6.28-cvs
  struct whack_message;	/* forward declaration of tag whack_msg */
  extern void add_connection(const struct whack_message *wm);
  extern void initiate_connection(const char *name
-diff -urNp openswan-2.6.28-orig/programs/pluto/initiate.c openswan-2.6.28-cvs-patched/programs/pluto/initiate.c
---- openswan-2.6.28-orig/programs/pluto/initiate.c	2010-08-13 12:32:39.527355693 -0400
-+++ openswan-2.6.28-cvs-patched/programs/pluto/initiate.c	2010-08-13 12:49:08.196356440 -0400
+diff -urNp openswan-2.6.29-orig/programs/pluto/initiate.c openswan-2.6.29-cvs-patched/programs/pluto/initiate.c
+--- openswan-2.6.29-orig/programs/pluto/initiate.c	2010-09-27 13:10:05.511412073 -0400
++++ openswan-2.6.29-cvs-patched/programs/pluto/initiate.c	2010-09-27 13:25:36.244411412 -0400
 @@ -151,6 +151,121 @@ struct initiate_stuff {
      enum crypto_importance importance;
  };
diff --git a/openswan-600174.patch b/openswan-600174.patch
index cc886c1..0764a41 100644
--- a/openswan-600174.patch
+++ b/openswan-600174.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/programs/_updown.netkey/_updown.netkey.in openswan-2.6.28-cvs-patched/programs/_updown.netkey/_updown.netkey.in
---- openswan-2.6.28-orig/programs/_updown.netkey/_updown.netkey.in	2010-08-13 12:32:39.499355849 -0400
-+++ openswan-2.6.28-cvs-patched/programs/_updown.netkey/_updown.netkey.in	2010-08-13 12:41:22.129348564 -0400
+diff -urNp openswan-2.6.29-orig/programs/_updown.netkey/_updown.netkey.in openswan-2.6.29-cvs-patched/programs/_updown.netkey/_updown.netkey.in
+--- openswan-2.6.29-orig/programs/_updown.netkey/_updown.netkey.in	2010-09-27 13:10:05.457433103 -0400
++++ openswan-2.6.29-cvs-patched/programs/_updown.netkey/_updown.netkey.in	2010-09-27 13:18:21.561412463 -0400
 @@ -270,8 +270,15 @@ fi
  addsource() {
      st=0
diff --git a/openswan-ipsec-help-524146-509318.patch b/openswan-ipsec-help-524146-509318.patch
index 74d92e6..283c3d5 100644
--- a/openswan-ipsec-help-524146-509318.patch
+++ b/openswan-ipsec-help-524146-509318.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/programs/ipsec/ipsec.in openswan-2.6.28-cvs-patched/programs/ipsec/ipsec.in
---- openswan-2.6.28-orig/programs/ipsec/ipsec.in	2010-08-13 12:32:39.552355921 -0400
-+++ openswan-2.6.28-cvs-patched/programs/ipsec/ipsec.in	2010-08-13 12:37:16.270127186 -0400
+diff -urNp openswan-2.6.29-orig/programs/ipsec/ipsec.in openswan-2.6.29-cvs-patched/programs/ipsec/ipsec.in
+--- openswan-2.6.29-orig/programs/ipsec/ipsec.in	2010-09-27 13:10:05.529420266 -0400
++++ openswan-2.6.29-cvs-patched/programs/ipsec/ipsec.in	2010-09-27 13:12:47.588189664 -0400
 @@ -79,9 +79,9 @@ case "$1" in
  --help)
  	echo "Usage: ipsec command argument ..."
diff --git a/openswan.spec b/openswan.spec
index 6455cfb..b6f61d6 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -8,7 +8,7 @@
 
 Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
 Name: openswan
-Version: 2.6.28
+Version: 2.6.29
 
 Release: 1%{?dist}
 License: GPLv2+
@@ -24,7 +24,7 @@ Patch4: openswan-600167.patch
 
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: gmp-devel bison flex man-db xmlto bind-devel
+BuildRequires: gmp-devel bison flex xmlto bind-devel
 %if %{USE_LIBNSS}
 BuildRequires: nss-devel >= %{nss_version}
 %endif
@@ -230,6 +230,10 @@ fi
 chkconfig --add ipsec || :
 
 %changelog
+* Mon Sep 27 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.29-1
+- New upstream release
+- Fixes for CVE-2010-3308 and CVE-2010-3302
+
 * Fri Aug 13 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.28-1
 - New upstream release
 - Updated existing patches
diff --git a/sources b/sources
index 0aecb02..024834e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-37f2ad2664dd89e6ad96ae82f6378166  openswan-2.6.28.tar.gz
+cd6c127585ec6db63780e9a40d5387fb  openswan-2.6.29.tar.gz

More information about the scm-commits mailing list