[openswan/f16] Fixes for rhbzs #592265, #693432, #719594
avesh agarwal
avesh at fedoraproject.org
Wed Oct 5 14:46:03 UTC 2011
commit ea366afd4fbab4ed7542172934be08e9cc52bd56
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Wed Oct 5 10:45:52 2011 -0400
Fixes for rhbzs #592265, #693432, #719594
.gitignore | 2 +
openswan-2.6-relpath.patch | 14 +++---
openswan-592265.patch | 55 ----------------------
openswan-cisco-issues.patch | 78 +++++++++++++++---------------
openswan-ipsec-help-524146-509318.patch | 6 +-
openswan.spec | 10 ++--
sources | 3 +-
7 files changed, 59 insertions(+), 109 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 3059c13..3cc6ede 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,5 @@ openswan-2.6.28.tar.gz
/openswan-2.6.32.tar.gz.asc
/openswan-2.6.34.tar.gz
/openswan-2.6.35.tar.gz
+/openswan-2.6.36.tar.gz
+/openswan-2.6.36.tar.gz.asc
diff --git a/openswan-2.6-relpath.patch b/openswan-2.6-relpath.patch
index a86f28e..71d3ea1 100644
--- a/openswan-2.6-relpath.patch
+++ b/openswan-2.6-relpath.patch
@@ -1,7 +1,7 @@
-diff -urNp openswan-2.6.35-orig/Makefile.inc openswan-2.6.35-cvs-patched/Makefile.inc
---- openswan-2.6.35-orig/Makefile.inc 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/Makefile.inc 2011-08-01 16:04:54.411576629 -0400
-@@ -123,6 +123,8 @@ FINALRCDIR?=$(shell for d in $(INC_RCDIR
+diff -urNp openswan-2.6.36/Makefile.inc openswan-2.6.36-patched/Makefile.inc
+--- openswan-2.6.36/Makefile.inc 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/Makefile.inc 2011-10-05 10:25:15.968760654 -0400
+@@ -129,6 +129,8 @@ FINALRCDIR?=$(shell for d in $(INC_RCDIR
do if test -d $(DESTDIR)/$$d ; \
then echo $$d ; exit 0 ; \
fi ; done ; echo $(INC_RCDEFAULT) )
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.35-orig/Makefile.inc openswan-2.6.35-cvs-patched/Makefil
RCDIR?=$(DESTDIR)$(FINALRCDIR)
-diff -urNp openswan-2.6.35-orig/programs/setup/Makefile openswan-2.6.35-cvs-patched/programs/setup/Makefile
---- openswan-2.6.35-orig/programs/setup/Makefile 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/setup/Makefile 2011-08-01 16:04:54.411576629 -0400
+diff -urNp openswan-2.6.36/programs/setup/Makefile openswan-2.6.36-patched/programs/setup/Makefile
+--- openswan-2.6.36/programs/setup/Makefile 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/setup/Makefile 2011-10-05 10:25:15.969760653 -0400
@@ -37,7 +37,7 @@ doinstall:: $(PROGRAM) $(CONFFILES) $(EX
@mkdir -p $(RCDIR) $(BINDIR)
# install and link everything
diff --git a/openswan-cisco-issues.patch b/openswan-cisco-issues.patch
index 192f160..8476249 100644
--- a/openswan-cisco-issues.patch
+++ b/openswan-cisco-issues.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.35-orig/programs/pluto/connections.c openswan-2.6.35-cvs-patched/programs/pluto/connections.c
---- openswan-2.6.35-orig/programs/pluto/connections.c 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/connections.c 2011-08-01 16:15:36.750319149 -0400
+diff -urNp openswan-2.6.36/programs/pluto/connections.c openswan-2.6.36-patched/programs/pluto/connections.c
+--- openswan-2.6.36/programs/pluto/connections.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/connections.c 2011-10-05 10:27:54.433668971 -0400
@@ -222,7 +222,7 @@ delete_end(struct connection *c UNUSED,
pfreeany(e->host_addr_name);
}
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/connections.c openswan-2.6.35-cvs
delete_sr(struct connection *c, struct spd_route *sr)
{
delete_end(c, sr, &sr->this);
-diff -urNp openswan-2.6.35-orig/programs/pluto/connections.h openswan-2.6.35-cvs-patched/programs/pluto/connections.h
---- openswan-2.6.35-orig/programs/pluto/connections.h 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/connections.h 2011-08-01 16:15:36.752319129 -0400
+diff -urNp openswan-2.6.36/programs/pluto/connections.h openswan-2.6.36-patched/programs/pluto/connections.h
+--- openswan-2.6.36/programs/pluto/connections.h 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/connections.h 2011-10-05 10:27:54.434668971 -0400
@@ -304,6 +304,7 @@ extern void release_connection(struct co
extern void delete_connection(struct connection *c, bool relations);
extern void delete_connections_by_name(const char *name, bool strict);
@@ -21,9 +21,9 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/connections.h openswan-2.6.35-cvs
extern char *add_group_instance(struct connection *group, const ip_subnet *target);
extern void remove_group_instance(const struct connection *group, const char *name);
extern void release_dead_interfaces(void);
-diff -urNp openswan-2.6.35-orig/programs/pluto/ikev1_aggr.c openswan-2.6.35-cvs-patched/programs/pluto/ikev1_aggr.c
---- openswan-2.6.35-orig/programs/pluto/ikev1_aggr.c 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/ikev1_aggr.c 2011-08-01 16:15:36.753319119 -0400
+diff -urNp openswan-2.6.36/programs/pluto/ikev1_aggr.c openswan-2.6.36-patched/programs/pluto/ikev1_aggr.c
+--- openswan-2.6.36/programs/pluto/ikev1_aggr.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/ikev1_aggr.c 2011-10-05 10:27:54.436668971 -0400
@@ -1183,7 +1183,7 @@ aggr_outI1_tail(struct pluto_crypto_req_
}
#endif
@@ -33,9 +33,9 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/ikev1_aggr.c openswan-2.6.35-cvs-
reset_cur_state();
return STF_INTERNAL_ERROR;
}
-diff -urNp openswan-2.6.35-orig/programs/pluto/ikev1_main.c openswan-2.6.35-cvs-patched/programs/pluto/ikev1_main.c
---- openswan-2.6.35-orig/programs/pluto/ikev1_main.c 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/ikev1_main.c 2011-08-01 16:15:36.762319030 -0400
+diff -urNp openswan-2.6.36/programs/pluto/ikev1_main.c openswan-2.6.36-patched/programs/pluto/ikev1_main.c
+--- openswan-2.6.36/programs/pluto/ikev1_main.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/ikev1_main.c 2011-10-05 10:27:54.439668969 -0400
@@ -216,7 +216,7 @@ main_outI1(int whack_sock
int np = --numvidtosend > 0 ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE;
@@ -45,9 +45,9 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/ikev1_main.c openswan-2.6.35-cvs-
reset_cur_state();
return STF_INTERNAL_ERROR;
}
-diff -urNp openswan-2.6.35-orig/programs/pluto/kernel.c openswan-2.6.35-cvs-patched/programs/pluto/kernel.c
---- openswan-2.6.35-orig/programs/pluto/kernel.c 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/kernel.c 2011-08-01 16:15:36.763319021 -0400
+diff -urNp openswan-2.6.36/programs/pluto/kernel.c openswan-2.6.36-patched/programs/pluto/kernel.c
+--- openswan-2.6.36/programs/pluto/kernel.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/kernel.c 2011-10-05 10:27:54.443668966 -0400
@@ -436,6 +436,7 @@ fmt_common_shell_out(char *buf, int blen
#endif
"%s " /* PLUTO_MY_SRCIP - if any */
@@ -64,10 +64,10 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/kernel.c openswan-2.6.35-cvs-patc
, c->cisco_dns_info ? c->cisco_dns_info : ""
, c->cisco_domain_info ? c->cisco_domain_info : ""
, c->cisco_banner ? c->cisco_banner : ""
-diff -urNp openswan-2.6.35-orig/programs/pluto/nat_traversal.c openswan-2.6.35-cvs-patched/programs/pluto/nat_traversal.c
---- openswan-2.6.35-orig/programs/pluto/nat_traversal.c 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/nat_traversal.c 2011-08-01 16:15:36.765319001 -0400
-@@ -198,7 +198,7 @@ static void _natd_hash(const struct hash
+diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.c openswan-2.6.36-patched/programs/pluto/nat_traversal.c
+--- openswan-2.6.36/programs/pluto/nat_traversal.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/nat_traversal.c 2011-10-05 10:27:54.445668966 -0400
+@@ -199,7 +199,7 @@ static void _natd_hash(const struct hash
*
* Used when we're Initiator
*/
@@ -76,7 +76,7 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/nat_traversal.c openswan-2.6.35-c
{
bool r = TRUE;
DBG(DBG_NATT
-@@ -207,6 +207,9 @@ bool nat_traversal_insert_vid(u_int8_t n
+@@ -208,6 +208,9 @@ bool nat_traversal_insert_vid(u_int8_t n
, nat_traversal_support_non_ike));
if (nat_traversal_support_port_floating) {
@@ -86,7 +86,7 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/nat_traversal.c openswan-2.6.35-c
if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_RFC);
if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_IETF_05);
if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_IETF_03);
-@@ -214,8 +217,9 @@ bool nat_traversal_insert_vid(u_int8_t n
+@@ -215,8 +218,9 @@ bool nat_traversal_insert_vid(u_int8_t n
if (r)
r = out_vid(nat_traversal_support_non_ike ? ISAKMP_NEXT_VID : np,
outs, VID_NATT_IETF_02);
@@ -97,9 +97,9 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/nat_traversal.c openswan-2.6.35-c
if (r) r = out_vid(np, outs, VID_NATT_IETF_00);
}
return r;
-diff -urNp openswan-2.6.35-orig/programs/pluto/nat_traversal.h openswan-2.6.35-cvs-patched/programs/pluto/nat_traversal.h
---- openswan-2.6.35-orig/programs/pluto/nat_traversal.h 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/nat_traversal.h 2011-08-01 16:15:36.767318981 -0400
+diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.h openswan-2.6.36-patched/programs/pluto/nat_traversal.h
+--- openswan-2.6.36/programs/pluto/nat_traversal.h 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/nat_traversal.h 2011-10-05 10:27:54.446668966 -0400
@@ -129,7 +129,7 @@ extern int nat_traversal_espinudp_socket
*/
#ifndef PB_STREAM_UNDEFINED
@@ -109,9 +109,9 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/nat_traversal.h openswan-2.6.35-c
#endif
u_int32_t nat_traversal_vid_to_method(unsigned short nat_t_vid);
-diff -urNp openswan-2.6.35-orig/programs/pluto/spdb_v1_struct.c openswan-2.6.35-cvs-patched/programs/pluto/spdb_v1_struct.c
---- openswan-2.6.35-orig/programs/pluto/spdb_v1_struct.c 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/spdb_v1_struct.c 2011-08-01 16:15:36.767318981 -0400
+diff -urNp openswan-2.6.36/programs/pluto/spdb_v1_struct.c openswan-2.6.36-patched/programs/pluto/spdb_v1_struct.c
+--- openswan-2.6.36/programs/pluto/spdb_v1_struct.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/spdb_v1_struct.c 2011-10-05 10:27:54.448668965 -0400
@@ -1527,7 +1527,7 @@ parse_ipsec_transform(struct isakmp_tran
case SA_LIFE_TYPE_SECONDS:
/* silently limit duration to our maximum */
@@ -135,10 +135,10 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/spdb_v1_struct.c openswan-2.6.35-
}
else if (st->hidden_variables.st_nat_traversal & NAT_T_DETECTED) {
attrs->encapsulation = val - ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS + ENCAPSULATION_MODE_TUNNEL;
-diff -urNp openswan-2.6.35-orig/programs/pluto/xauth.c openswan-2.6.35-cvs-patched/programs/pluto/xauth.c
---- openswan-2.6.35-orig/programs/pluto/xauth.c 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/pluto/xauth.c 2011-08-01 16:15:36.768318971 -0400
-@@ -1783,7 +1783,9 @@ modecfg_inR1(struct msg_digest *md)
+diff -urNp openswan-2.6.36/programs/pluto/xauth.c openswan-2.6.36-patched/programs/pluto/xauth.c
+--- openswan-2.6.36/programs/pluto/xauth.c 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/pluto/xauth.c 2011-10-05 10:27:54.450668963 -0400
+@@ -1782,7 +1782,9 @@ modecfg_inR1(struct msg_digest *md)
, caddr);
if(addrbytesptr(&c->spd.this.host_srcip, NULL) == 0
@@ -149,7 +149,7 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/xauth.c openswan-2.6.35-cvs-patch
openswan_log("setting ip source address to %s"
, caddr);
c->spd.this.host_srcip = a;
-@@ -1833,7 +1835,11 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1832,7 +1834,11 @@ modecfg_inR1(struct msg_digest *md)
{
/* concatenate new IP address string on end of
* existing string, separated by ' '.
@@ -161,7 +161,7 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/xauth.c openswan-2.6.35-cvs-patch
size_t sz_old = strlen(old);
size_t sz_added = strlen(caddr) + 1;
char *new = alloc_bytes(sz_old + 1 + sz_added, "cisco_dns_info+");
-@@ -1843,6 +1849,7 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1842,6 +1848,7 @@ modecfg_inR1(struct msg_digest *md)
memcpy(new + sz_old + 1, caddr, sz_added);
c->cisco_dns_info = new;
pfree(old);
@@ -169,7 +169,7 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/xauth.c openswan-2.6.35-cvs-patch
}
}
-@@ -1858,18 +1865,22 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1857,18 +1864,22 @@ modecfg_inR1(struct msg_digest *md)
break;
case CISCO_BANNER:
@@ -193,7 +193,7 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/xauth.c openswan-2.6.35-cvs-patch
ip_address a;
char caddr[SUBNETTOT_BUF];
size_t len = pbs_left(&strattr);
-@@ -1882,6 +1893,18 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1881,6 +1892,18 @@ modecfg_inR1(struct msg_digest *md)
tmp_spd2->that.has_client_wildcard = FALSE;
}
@@ -212,7 +212,7 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/xauth.c openswan-2.6.35-cvs-patch
while (len > 0) {
u_int32_t *ap;
tmp_spd = clone_thing(c->spd, "remote subnets policies");
-@@ -1933,13 +1956,13 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1932,13 +1955,13 @@ modecfg_inR1(struct msg_digest *md)
tmp_spd->that.cert.type = 0;
tmp_spd->this.ca.ptr = NULL;
@@ -229,9 +229,9 @@ diff -urNp openswan-2.6.35-orig/programs/pluto/xauth.c openswan-2.6.35-cvs-patch
tmp_spd->next = NULL;
tmp_spd2->next = tmp_spd;
-diff -urNp openswan-2.6.35-orig/programs/_updown.netkey/_updown.netkey.in openswan-2.6.35-cvs-patched/programs/_updown.netkey/_updown.netkey.in
---- openswan-2.6.35-orig/programs/_updown.netkey/_updown.netkey.in 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/_updown.netkey/_updown.netkey.in 2011-08-01 16:15:36.769318961 -0400
+diff -urNp openswan-2.6.36/programs/_updown.netkey/_updown.netkey.in openswan-2.6.36-patched/programs/_updown.netkey/_updown.netkey.in
+--- openswan-2.6.36/programs/_updown.netkey/_updown.netkey.in 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/_updown.netkey/_updown.netkey.in 2011-10-05 10:27:54.450668963 -0400
@@ -188,6 +188,14 @@ downroute() {
ip route flush cache
}
diff --git a/openswan-ipsec-help-524146-509318.patch b/openswan-ipsec-help-524146-509318.patch
index af61405..4b4c6d8 100644
--- a/openswan-ipsec-help-524146-509318.patch
+++ b/openswan-ipsec-help-524146-509318.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.35-orig/programs/ipsec/ipsec.in openswan-2.6.35-cvs-patched/programs/ipsec/ipsec.in
---- openswan-2.6.35-orig/programs/ipsec/ipsec.in 2011-07-23 16:53:13.000000000 -0400
-+++ openswan-2.6.35-cvs-patched/programs/ipsec/ipsec.in 2011-08-01 16:06:01.315928192 -0400
+diff -urNp openswan-2.6.36/programs/ipsec/ipsec.in openswan-2.6.36-patched/programs/ipsec/ipsec.in
+--- openswan-2.6.36/programs/ipsec/ipsec.in 2011-10-05 09:48:39.000000000 -0400
++++ openswan-2.6.36-patched/programs/ipsec/ipsec.in 2011-10-05 10:26:23.083717270 -0400
@@ -80,9 +80,9 @@ case "$1" in
--help)
echo "Usage: ipsec command argument ..."
diff --git a/openswan.spec b/openswan.spec
index 45fbae0..081747b 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -8,9 +8,9 @@
Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
-Version: 2.6.35
+Version: 2.6.36
-Release: 2%{?dist}
+Release: 1%{?dist}
License: GPLv2+
Url: http://www.openswan.org/
Source: openswan-%{version}.tar.gz
@@ -21,7 +21,6 @@ Source3: README.x509
Patch1: openswan-2.6-relpath.patch
Patch2: openswan-ipsec-help-524146-509318.patch
Patch3: openswan-cisco-issues.patch
-Patch4: openswan-592265.patch
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -86,7 +85,6 @@ install -m 644 %{SOURCE3} docs/README.x509
%patch1 -p1 -b .relpath
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%build
@@ -211,6 +209,10 @@ fi
chkconfig --add ipsec || :
%changelog
+* Wed Oct 5 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.36-1
+- new upstream release
+- fixes for cve-2011-3380
+
* Mon Sep 12 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.35-2
- Fixes for rhbzs #592265, #693432, #719594
diff --git a/sources b/sources
index 093d8a9..6f4eff9 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
-7909a251fbbb807914545b7f42437013 openswan-2.6.35.tar.gz
+b3a1733493520bb18729633b62ef8247 openswan-2.6.36.tar.gz
+b006eca7af5c5849703b0dea9c00356e openswan-2.6.36.tar.gz.asc
More information about the scm-commits
mailing list