[openswan/f16] new upstream release fixes for cve-2011-4073
avesh agarwal
avesh at fedoraproject.org
Sat Oct 29 00:16:51 UTC 2011
commit 4c33f1c30d7a93d21c358cf40cc34513962a4976
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Fri Oct 28 20:16:48 2011 -0400
new upstream release
fixes for cve-2011-4073
.gitignore | 2 +
openswan-2.6-relpath.patch | 12 +++---
openswan-cisco-issues.patch | 60 +++++++++++++++---------------
openswan-ipsec-help-524146-509318.patch | 6 ++--
openswan.spec | 6 +++-
sources | 4 +-
6 files changed, 48 insertions(+), 42 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 3cc6ede..6931261 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,5 @@ openswan-2.6.28.tar.gz
/openswan-2.6.35.tar.gz
/openswan-2.6.36.tar.gz
/openswan-2.6.36.tar.gz.asc
+/openswan-2.6.37.tar.gz
+/openswan-2.6.37.tar.gz.asc
diff --git a/openswan-2.6-relpath.patch b/openswan-2.6-relpath.patch
index 71d3ea1..7f061f5 100644
--- a/openswan-2.6-relpath.patch
+++ b/openswan-2.6-relpath.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.36/Makefile.inc openswan-2.6.36-patched/Makefile.inc
---- openswan-2.6.36/Makefile.inc 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/Makefile.inc 2011-10-05 10:25:15.968760654 -0400
+diff -urNp openswan-2.6.37/Makefile.inc openswan-2.6.37-patched/Makefile.inc
+--- openswan-2.6.37/Makefile.inc 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/Makefile.inc 2011-10-28 19:55:41.516072193 -0400
@@ -129,6 +129,8 @@ FINALRCDIR?=$(shell for d in $(INC_RCDIR
do if test -d $(DESTDIR)/$$d ; \
then echo $$d ; exit 0 ; \
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.36/Makefile.inc openswan-2.6.36-patched/Makefile.inc
RCDIR?=$(DESTDIR)$(FINALRCDIR)
-diff -urNp openswan-2.6.36/programs/setup/Makefile openswan-2.6.36-patched/programs/setup/Makefile
---- openswan-2.6.36/programs/setup/Makefile 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/setup/Makefile 2011-10-05 10:25:15.969760653 -0400
+diff -urNp openswan-2.6.37/programs/setup/Makefile openswan-2.6.37-patched/programs/setup/Makefile
+--- openswan-2.6.37/programs/setup/Makefile 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/setup/Makefile 2011-10-28 19:55:41.517072193 -0400
@@ -37,7 +37,7 @@ doinstall:: $(PROGRAM) $(CONFFILES) $(EX
@mkdir -p $(RCDIR) $(BINDIR)
# install and link everything
diff --git a/openswan-cisco-issues.patch b/openswan-cisco-issues.patch
index 8476249..57552df 100644
--- a/openswan-cisco-issues.patch
+++ b/openswan-cisco-issues.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.36/programs/pluto/connections.c openswan-2.6.36-patched/programs/pluto/connections.c
---- openswan-2.6.36/programs/pluto/connections.c 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/connections.c 2011-10-05 10:27:54.433668971 -0400
+diff -urNp openswan-2.6.37/programs/pluto/connections.c openswan-2.6.37-patched/programs/pluto/connections.c
+--- openswan-2.6.37/programs/pluto/connections.c 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/connections.c 2011-10-28 19:57:49.413033232 -0400
@@ -222,7 +222,7 @@ delete_end(struct connection *c UNUSED,
pfreeany(e->host_addr_name);
}
@@ -10,9 +10,9 @@ diff -urNp openswan-2.6.36/programs/pluto/connections.c openswan-2.6.36-patched/
delete_sr(struct connection *c, struct spd_route *sr)
{
delete_end(c, sr, &sr->this);
-diff -urNp openswan-2.6.36/programs/pluto/connections.h openswan-2.6.36-patched/programs/pluto/connections.h
---- openswan-2.6.36/programs/pluto/connections.h 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/connections.h 2011-10-05 10:27:54.434668971 -0400
+diff -urNp openswan-2.6.37/programs/pluto/connections.h openswan-2.6.37-patched/programs/pluto/connections.h
+--- openswan-2.6.37/programs/pluto/connections.h 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/connections.h 2011-10-28 19:57:49.414033232 -0400
@@ -304,6 +304,7 @@ extern void release_connection(struct co
extern void delete_connection(struct connection *c, bool relations);
extern void delete_connections_by_name(const char *name, bool strict);
@@ -21,9 +21,9 @@ diff -urNp openswan-2.6.36/programs/pluto/connections.h openswan-2.6.36-patched/
extern char *add_group_instance(struct connection *group, const ip_subnet *target);
extern void remove_group_instance(const struct connection *group, const char *name);
extern void release_dead_interfaces(void);
-diff -urNp openswan-2.6.36/programs/pluto/ikev1_aggr.c openswan-2.6.36-patched/programs/pluto/ikev1_aggr.c
---- openswan-2.6.36/programs/pluto/ikev1_aggr.c 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/ikev1_aggr.c 2011-10-05 10:27:54.436668971 -0400
+diff -urNp openswan-2.6.37/programs/pluto/ikev1_aggr.c openswan-2.6.37-patched/programs/pluto/ikev1_aggr.c
+--- openswan-2.6.37/programs/pluto/ikev1_aggr.c 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/ikev1_aggr.c 2011-10-28 19:57:49.416033232 -0400
@@ -1183,7 +1183,7 @@ aggr_outI1_tail(struct pluto_crypto_req_
}
#endif
@@ -33,9 +33,9 @@ diff -urNp openswan-2.6.36/programs/pluto/ikev1_aggr.c openswan-2.6.36-patched/p
reset_cur_state();
return STF_INTERNAL_ERROR;
}
-diff -urNp openswan-2.6.36/programs/pluto/ikev1_main.c openswan-2.6.36-patched/programs/pluto/ikev1_main.c
---- openswan-2.6.36/programs/pluto/ikev1_main.c 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/ikev1_main.c 2011-10-05 10:27:54.439668969 -0400
+diff -urNp openswan-2.6.37/programs/pluto/ikev1_main.c openswan-2.6.37-patched/programs/pluto/ikev1_main.c
+--- openswan-2.6.37/programs/pluto/ikev1_main.c 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/ikev1_main.c 2011-10-28 19:57:49.418033230 -0400
@@ -216,7 +216,7 @@ main_outI1(int whack_sock
int np = --numvidtosend > 0 ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE;
@@ -45,9 +45,9 @@ diff -urNp openswan-2.6.36/programs/pluto/ikev1_main.c openswan-2.6.36-patched/p
reset_cur_state();
return STF_INTERNAL_ERROR;
}
-diff -urNp openswan-2.6.36/programs/pluto/kernel.c openswan-2.6.36-patched/programs/pluto/kernel.c
---- openswan-2.6.36/programs/pluto/kernel.c 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/kernel.c 2011-10-05 10:27:54.443668966 -0400
+diff -urNp openswan-2.6.37/programs/pluto/kernel.c openswan-2.6.37-patched/programs/pluto/kernel.c
+--- openswan-2.6.37/programs/pluto/kernel.c 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/kernel.c 2011-10-28 19:57:49.419033230 -0400
@@ -436,6 +436,7 @@ fmt_common_shell_out(char *buf, int blen
#endif
"%s " /* PLUTO_MY_SRCIP - if any */
@@ -64,9 +64,9 @@ diff -urNp openswan-2.6.36/programs/pluto/kernel.c openswan-2.6.36-patched/progr
, c->cisco_dns_info ? c->cisco_dns_info : ""
, c->cisco_domain_info ? c->cisco_domain_info : ""
, c->cisco_banner ? c->cisco_banner : ""
-diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.c openswan-2.6.36-patched/programs/pluto/nat_traversal.c
---- openswan-2.6.36/programs/pluto/nat_traversal.c 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/nat_traversal.c 2011-10-05 10:27:54.445668966 -0400
+diff -urNp openswan-2.6.37/programs/pluto/nat_traversal.c openswan-2.6.37-patched/programs/pluto/nat_traversal.c
+--- openswan-2.6.37/programs/pluto/nat_traversal.c 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/nat_traversal.c 2011-10-28 19:57:49.420033230 -0400
@@ -199,7 +199,7 @@ static void _natd_hash(const struct hash
*
* Used when we're Initiator
@@ -97,9 +97,9 @@ diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.c openswan-2.6.36-patche
if (r) r = out_vid(np, outs, VID_NATT_IETF_00);
}
return r;
-diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.h openswan-2.6.36-patched/programs/pluto/nat_traversal.h
---- openswan-2.6.36/programs/pluto/nat_traversal.h 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/nat_traversal.h 2011-10-05 10:27:54.446668966 -0400
+diff -urNp openswan-2.6.37/programs/pluto/nat_traversal.h openswan-2.6.37-patched/programs/pluto/nat_traversal.h
+--- openswan-2.6.37/programs/pluto/nat_traversal.h 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/nat_traversal.h 2011-10-28 19:57:49.420033230 -0400
@@ -129,7 +129,7 @@ extern int nat_traversal_espinudp_socket
*/
#ifndef PB_STREAM_UNDEFINED
@@ -109,9 +109,9 @@ diff -urNp openswan-2.6.36/programs/pluto/nat_traversal.h openswan-2.6.36-patche
#endif
u_int32_t nat_traversal_vid_to_method(unsigned short nat_t_vid);
-diff -urNp openswan-2.6.36/programs/pluto/spdb_v1_struct.c openswan-2.6.36-patched/programs/pluto/spdb_v1_struct.c
---- openswan-2.6.36/programs/pluto/spdb_v1_struct.c 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/spdb_v1_struct.c 2011-10-05 10:27:54.448668965 -0400
+diff -urNp openswan-2.6.37/programs/pluto/spdb_v1_struct.c openswan-2.6.37-patched/programs/pluto/spdb_v1_struct.c
+--- openswan-2.6.37/programs/pluto/spdb_v1_struct.c 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/spdb_v1_struct.c 2011-10-28 19:57:49.421033230 -0400
@@ -1527,7 +1527,7 @@ parse_ipsec_transform(struct isakmp_tran
case SA_LIFE_TYPE_SECONDS:
/* silently limit duration to our maximum */
@@ -135,9 +135,9 @@ diff -urNp openswan-2.6.36/programs/pluto/spdb_v1_struct.c openswan-2.6.36-patch
}
else if (st->hidden_variables.st_nat_traversal & NAT_T_DETECTED) {
attrs->encapsulation = val - ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS + ENCAPSULATION_MODE_TUNNEL;
-diff -urNp openswan-2.6.36/programs/pluto/xauth.c openswan-2.6.36-patched/programs/pluto/xauth.c
---- openswan-2.6.36/programs/pluto/xauth.c 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/pluto/xauth.c 2011-10-05 10:27:54.450668963 -0400
+diff -urNp openswan-2.6.37/programs/pluto/xauth.c openswan-2.6.37-patched/programs/pluto/xauth.c
+--- openswan-2.6.37/programs/pluto/xauth.c 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/pluto/xauth.c 2011-10-28 19:57:49.424033229 -0400
@@ -1782,7 +1782,9 @@ modecfg_inR1(struct msg_digest *md)
, caddr);
@@ -229,9 +229,9 @@ diff -urNp openswan-2.6.36/programs/pluto/xauth.c openswan-2.6.36-patched/progra
tmp_spd->next = NULL;
tmp_spd2->next = tmp_spd;
-diff -urNp openswan-2.6.36/programs/_updown.netkey/_updown.netkey.in openswan-2.6.36-patched/programs/_updown.netkey/_updown.netkey.in
---- openswan-2.6.36/programs/_updown.netkey/_updown.netkey.in 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/_updown.netkey/_updown.netkey.in 2011-10-05 10:27:54.450668963 -0400
+diff -urNp openswan-2.6.37/programs/_updown.netkey/_updown.netkey.in openswan-2.6.37-patched/programs/_updown.netkey/_updown.netkey.in
+--- openswan-2.6.37/programs/_updown.netkey/_updown.netkey.in 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/_updown.netkey/_updown.netkey.in 2011-10-28 19:57:49.426033229 -0400
@@ -188,6 +188,14 @@ downroute() {
ip route flush cache
}
diff --git a/openswan-ipsec-help-524146-509318.patch b/openswan-ipsec-help-524146-509318.patch
index 4b4c6d8..90b734f 100644
--- a/openswan-ipsec-help-524146-509318.patch
+++ b/openswan-ipsec-help-524146-509318.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.36/programs/ipsec/ipsec.in openswan-2.6.36-patched/programs/ipsec/ipsec.in
---- openswan-2.6.36/programs/ipsec/ipsec.in 2011-10-05 09:48:39.000000000 -0400
-+++ openswan-2.6.36-patched/programs/ipsec/ipsec.in 2011-10-05 10:26:23.083717270 -0400
+diff -urNp openswan-2.6.37/programs/ipsec/ipsec.in openswan-2.6.37-patched/programs/ipsec/ipsec.in
+--- openswan-2.6.37/programs/ipsec/ipsec.in 2011-10-28 17:11:53.000000000 -0400
++++ openswan-2.6.37-patched/programs/ipsec/ipsec.in 2011-10-28 19:57:08.925045694 -0400
@@ -80,9 +80,9 @@ case "$1" in
--help)
echo "Usage: ipsec command argument ..."
diff --git a/openswan.spec b/openswan.spec
index 081747b..a78c6cd 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -8,7 +8,7 @@
Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
-Version: 2.6.36
+Version: 2.6.37
Release: 1%{?dist}
License: GPLv2+
@@ -209,6 +209,10 @@ fi
chkconfig --add ipsec || :
%changelog
+* Fri Oct 28 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.37-1
+- new upstream release
+- fixes for cve-2011-4073
+
* Wed Oct 5 2011 Avesh Agarwal <avagarwa at redhat.com> - 2.6.36-1
- new upstream release
- fixes for cve-2011-3380
diff --git a/sources b/sources
index 6f4eff9..41d2635 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-b3a1733493520bb18729633b62ef8247 openswan-2.6.36.tar.gz
-b006eca7af5c5849703b0dea9c00356e openswan-2.6.36.tar.gz.asc
+e5c948555088df06cfadcfbe6c13adfe openswan-2.6.37.tar.gz
+e3731b00a5bfe136cc1365042375f714 openswan-2.6.37.tar.gz.asc
More information about the scm-commits
mailing list