[openswan/f14/master] - New upstream release - Fixes for CVE-2010-3308 and CVE-2010-3302
avesh agarwal
avesh at fedoraproject.org
Mon Sep 27 18:41:40 UTC 2010
commit 9467f4c524825cd60e541d2cb5b422ecb798cdb3
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon Sep 27 14:41:43 2010 -0400
- New upstream release
- Fixes for CVE-2010-3308 and CVE-2010-3302
.gitignore | 1 +
openswan-2.6-relpath.patch | 12 ++++++------
openswan-600167.patch | 30 +++++++++++++++---------------
openswan-600174.patch | 6 +++---
openswan-ipsec-help-524146-509318.patch | 6 +++---
openswan.spec | 8 ++++++--
sources | 2 +-
7 files changed, 35 insertions(+), 30 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 8b0cd3c..b201aaa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,4 @@ openswan-2.6.24.tar.gz
openswan-2.6.25.tar.gz
openswan-2.6.27.tar.gz
openswan-2.6.28.tar.gz
+/openswan-2.6.29.tar.gz
diff --git a/openswan-2.6-relpath.patch b/openswan-2.6-relpath.patch
index 598d11f..b17d844 100644
--- a/openswan-2.6-relpath.patch
+++ b/openswan-2.6-relpath.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/Makefile.inc openswan-2.6.28-cvs-patched/Makefile.inc
---- openswan-2.6.28-orig/Makefile.inc 2010-08-13 12:32:39.498355929 -0400
-+++ openswan-2.6.28-cvs-patched/Makefile.inc 2010-08-13 12:31:32.151347825 -0400
+diff -urNp openswan-2.6.29-orig/Makefile.inc openswan-2.6.29-cvs-patched/Makefile.inc
+--- openswan-2.6.29-orig/Makefile.inc 2010-09-27 13:10:05.456420264 -0400
++++ openswan-2.6.29-cvs-patched/Makefile.inc 2010-09-27 13:10:25.270412552 -0400
@@ -123,6 +123,8 @@ FINALRCDIR=$(shell for d in $(INC_RCDIRS
do if test -d $(DESTDIR)/$$d ; \
then echo $$d ; exit 0 ; \
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.28-orig/Makefile.inc openswan-2.6.28-cvs-patched/Makefil
RCDIR=$(DESTDIR)$(FINALRCDIR)
-diff -urNp openswan-2.6.28-orig/programs/setup/Makefile openswan-2.6.28-cvs-patched/programs/setup/Makefile
---- openswan-2.6.28-orig/programs/setup/Makefile 2010-08-13 12:32:39.514356039 -0400
-+++ openswan-2.6.28-cvs-patched/programs/setup/Makefile 2010-08-13 12:31:56.645349136 -0400
+diff -urNp openswan-2.6.29-orig/programs/setup/Makefile openswan-2.6.29-cvs-patched/programs/setup/Makefile
+--- openswan-2.6.29-orig/programs/setup/Makefile 2010-09-27 13:10:05.486420297 -0400
++++ openswan-2.6.29-cvs-patched/programs/setup/Makefile 2010-09-27 13:10:25.271412259 -0400
@@ -32,7 +32,7 @@ include ${srcdir}../Makefile.program
doinstall:: setup
@rm -f $(BINDIR)/setup
diff --git a/openswan-600167.patch b/openswan-600167.patch
index 8afbeef..ae82d27 100644
--- a/openswan-600167.patch
+++ b/openswan-600167.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/programs/auto/auto.in openswan-2.6.28-cvs-patched/programs/auto/auto.in
---- openswan-2.6.28-orig/programs/auto/auto.in 2010-08-13 12:32:39.526355843 -0400
-+++ openswan-2.6.28-cvs-patched/programs/auto/auto.in 2010-08-13 12:46:09.160348224 -0400
+diff -urNp openswan-2.6.29-orig/programs/auto/auto.in openswan-2.6.29-cvs-patched/programs/auto/auto.in
+--- openswan-2.6.29-orig/programs/auto/auto.in 2010-09-27 13:10:05.509412095 -0400
++++ openswan-2.6.29-cvs-patched/programs/auto/auto.in 2010-09-27 13:21:42.080412196 -0400
@@ -40,6 +40,112 @@ op=
argc=
utc=
@@ -114,10 +114,10 @@ diff -urNp openswan-2.6.28-orig/programs/auto/auto.in openswan-2.6.28-cvs-patche
for dummy
do
case "$1" in
-diff -urNp openswan-2.6.28-orig/programs/pluto/connections.c openswan-2.6.28-cvs-patched/programs/pluto/connections.c
---- openswan-2.6.28-orig/programs/pluto/connections.c 2010-08-13 12:32:39.529366288 -0400
-+++ openswan-2.6.28-cvs-patched/programs/pluto/connections.c 2010-08-13 12:47:28.026361321 -0400
-@@ -457,7 +457,7 @@ check_orientations(void)
+diff -urNp openswan-2.6.29-orig/programs/pluto/connections.c openswan-2.6.29-cvs-patched/programs/pluto/connections.c
+--- openswan-2.6.29-orig/programs/pluto/connections.c 2010-09-27 13:10:05.513420574 -0400
++++ openswan-2.6.29-cvs-patched/programs/pluto/connections.c 2010-09-27 13:23:51.288412353 -0400
+@@ -462,7 +462,7 @@ check_orientations(void)
}
}
@@ -126,7 +126,7 @@ diff -urNp openswan-2.6.28-orig/programs/pluto/connections.c openswan-2.6.28-cvs
default_end(struct end *e, ip_address *dflt_nexthop)
{
err_t ugh = NULL;
-@@ -1056,7 +1056,8 @@ check_connection_end(const struct whack_
+@@ -1054,7 +1054,8 @@ check_connection_end(const struct whack_
}
/* MAKE this more sane in the face of unresolved IP addresses */
@@ -136,10 +136,10 @@ diff -urNp openswan-2.6.28-orig/programs/pluto/connections.c openswan-2.6.28-cvs
{
/* other side is wildcard: we must check if other conditions met */
if (that->host_type != KH_IPHOSTNAME && isanyaddr(&this->host_addr))
-diff -urNp openswan-2.6.28-orig/programs/pluto/connections.h openswan-2.6.28-cvs-patched/programs/pluto/connections.h
---- openswan-2.6.28-orig/programs/pluto/connections.h 2010-08-13 12:32:39.540355907 -0400
-+++ openswan-2.6.28-cvs-patched/programs/pluto/connections.h 2010-08-13 12:47:45.981097622 -0400
-@@ -289,6 +289,8 @@ extern size_t format_end(char *buf, size
+diff -urNp openswan-2.6.29-orig/programs/pluto/connections.h openswan-2.6.29-cvs-patched/programs/pluto/connections.h
+--- openswan-2.6.29-orig/programs/pluto/connections.h 2010-09-27 13:10:05.521420141 -0400
++++ openswan-2.6.29-cvs-patched/programs/pluto/connections.h 2010-09-27 13:24:39.600412208 -0400
+@@ -291,6 +291,8 @@ extern size_t format_end(char *buf, size
, const struct end *this, const struct end *that
, bool is_left, lset_t policy);
@@ -148,9 +148,9 @@ diff -urNp openswan-2.6.28-orig/programs/pluto/connections.h openswan-2.6.28-cvs
struct whack_message; /* forward declaration of tag whack_msg */
extern void add_connection(const struct whack_message *wm);
extern void initiate_connection(const char *name
-diff -urNp openswan-2.6.28-orig/programs/pluto/initiate.c openswan-2.6.28-cvs-patched/programs/pluto/initiate.c
---- openswan-2.6.28-orig/programs/pluto/initiate.c 2010-08-13 12:32:39.527355693 -0400
-+++ openswan-2.6.28-cvs-patched/programs/pluto/initiate.c 2010-08-13 12:49:08.196356440 -0400
+diff -urNp openswan-2.6.29-orig/programs/pluto/initiate.c openswan-2.6.29-cvs-patched/programs/pluto/initiate.c
+--- openswan-2.6.29-orig/programs/pluto/initiate.c 2010-09-27 13:10:05.511412073 -0400
++++ openswan-2.6.29-cvs-patched/programs/pluto/initiate.c 2010-09-27 13:25:36.244411412 -0400
@@ -151,6 +151,121 @@ struct initiate_stuff {
enum crypto_importance importance;
};
diff --git a/openswan-600174.patch b/openswan-600174.patch
index cc886c1..0764a41 100644
--- a/openswan-600174.patch
+++ b/openswan-600174.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/programs/_updown.netkey/_updown.netkey.in openswan-2.6.28-cvs-patched/programs/_updown.netkey/_updown.netkey.in
---- openswan-2.6.28-orig/programs/_updown.netkey/_updown.netkey.in 2010-08-13 12:32:39.499355849 -0400
-+++ openswan-2.6.28-cvs-patched/programs/_updown.netkey/_updown.netkey.in 2010-08-13 12:41:22.129348564 -0400
+diff -urNp openswan-2.6.29-orig/programs/_updown.netkey/_updown.netkey.in openswan-2.6.29-cvs-patched/programs/_updown.netkey/_updown.netkey.in
+--- openswan-2.6.29-orig/programs/_updown.netkey/_updown.netkey.in 2010-09-27 13:10:05.457433103 -0400
++++ openswan-2.6.29-cvs-patched/programs/_updown.netkey/_updown.netkey.in 2010-09-27 13:18:21.561412463 -0400
@@ -270,8 +270,15 @@ fi
addsource() {
st=0
diff --git a/openswan-ipsec-help-524146-509318.patch b/openswan-ipsec-help-524146-509318.patch
index 74d92e6..283c3d5 100644
--- a/openswan-ipsec-help-524146-509318.patch
+++ b/openswan-ipsec-help-524146-509318.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.28-orig/programs/ipsec/ipsec.in openswan-2.6.28-cvs-patched/programs/ipsec/ipsec.in
---- openswan-2.6.28-orig/programs/ipsec/ipsec.in 2010-08-13 12:32:39.552355921 -0400
-+++ openswan-2.6.28-cvs-patched/programs/ipsec/ipsec.in 2010-08-13 12:37:16.270127186 -0400
+diff -urNp openswan-2.6.29-orig/programs/ipsec/ipsec.in openswan-2.6.29-cvs-patched/programs/ipsec/ipsec.in
+--- openswan-2.6.29-orig/programs/ipsec/ipsec.in 2010-09-27 13:10:05.529420266 -0400
++++ openswan-2.6.29-cvs-patched/programs/ipsec/ipsec.in 2010-09-27 13:12:47.588189664 -0400
@@ -79,9 +79,9 @@ case "$1" in
--help)
echo "Usage: ipsec command argument ..."
diff --git a/openswan.spec b/openswan.spec
index 6455cfb..b6f61d6 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -8,7 +8,7 @@
Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
-Version: 2.6.28
+Version: 2.6.29
Release: 1%{?dist}
License: GPLv2+
@@ -24,7 +24,7 @@ Patch4: openswan-600167.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-BuildRequires: gmp-devel bison flex man-db xmlto bind-devel
+BuildRequires: gmp-devel bison flex xmlto bind-devel
%if %{USE_LIBNSS}
BuildRequires: nss-devel >= %{nss_version}
%endif
@@ -230,6 +230,10 @@ fi
chkconfig --add ipsec || :
%changelog
+* Mon Sep 27 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.29-1
+- New upstream release
+- Fixes for CVE-2010-3308 and CVE-2010-3302
+
* Fri Aug 13 2010 Avesh Agarwal <avagarwa at redhat.com> - 2.6.28-1
- New upstream release
- Updated existing patches
diff --git a/sources b/sources
index 0aecb02..024834e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-37f2ad2664dd89e6ad96ae82f6378166 openswan-2.6.28.tar.gz
+cd6c127585ec6db63780e9a40d5387fb openswan-2.6.29.tar.gz
More information about the scm-commits
mailing list