[openswan] Fixes 806518: new upstream release
avesh
avesh at fedoraproject.org
Mon May 14 20:15:25 UTC 2012
commit 88fbb9b43f93eceb74544211b97902192699ea80
Author: Avesh Agarwal <avagarwa at redhat.com>
Date: Mon May 14 16:15:22 2012 -0400
Fixes 806518: new upstream release
- Updated local patches
.gitignore | 2 +
openswan-2.6-relpath.patch | 14 +-
openswan-cisco-issues.patch | 229 ++++---------------------------
openswan-ipsec-help-524146-509318.patch | 6 +-
openswan.spec | 8 +-
sources | 4 +-
6 files changed, 46 insertions(+), 217 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 6931261..56a1e6c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,5 @@ openswan-2.6.28.tar.gz
/openswan-2.6.36.tar.gz.asc
/openswan-2.6.37.tar.gz
/openswan-2.6.37.tar.gz.asc
+/openswan-2.6.38.tar.gz
+/openswan-2.6.38.tar.gz.asc
diff --git a/openswan-2.6-relpath.patch b/openswan-2.6-relpath.patch
index 7f061f5..de4dfa8 100644
--- a/openswan-2.6-relpath.patch
+++ b/openswan-2.6-relpath.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.37/Makefile.inc openswan-2.6.37-patched/Makefile.inc
---- openswan-2.6.37/Makefile.inc 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/Makefile.inc 2011-10-28 19:55:41.516072193 -0400
+diff -urNp openswan-2.6.38-patched/Makefile.inc openswan-2.6.38-current/Makefile.inc
+--- openswan-2.6.38-patched/Makefile.inc 2012-05-14 15:17:33.573272378 -0400
++++ openswan-2.6.38-current/Makefile.inc 2012-05-14 15:18:40.817270688 -0400
@@ -129,6 +129,8 @@ FINALRCDIR?=$(shell for d in $(INC_RCDIR
do if test -d $(DESTDIR)/$$d ; \
then echo $$d ; exit 0 ; \
@@ -10,10 +10,10 @@ diff -urNp openswan-2.6.37/Makefile.inc openswan-2.6.37-patched/Makefile.inc
RCDIR?=$(DESTDIR)$(FINALRCDIR)
-diff -urNp openswan-2.6.37/programs/setup/Makefile openswan-2.6.37-patched/programs/setup/Makefile
---- openswan-2.6.37/programs/setup/Makefile 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/setup/Makefile 2011-10-28 19:55:41.517072193 -0400
-@@ -37,7 +37,7 @@ doinstall:: $(PROGRAM) $(CONFFILES) $(EX
+diff -urNp openswan-2.6.38-patched/programs/setup/Makefile openswan-2.6.38-current/programs/setup/Makefile
+--- openswan-2.6.38-patched/programs/setup/Makefile 2012-05-14 15:17:33.568272379 -0400
++++ openswan-2.6.38-current/programs/setup/Makefile 2012-05-14 15:18:40.817270688 -0400
+@@ -35,7 +35,7 @@ doinstall:: $(PROGRAM) $(CONFFILES) $(EX
@mkdir -p $(RCDIR) $(BINDIR)
# install and link everything
@$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
diff --git a/openswan-cisco-issues.patch b/openswan-cisco-issues.patch
index 57552df..958573c 100644
--- a/openswan-cisco-issues.patch
+++ b/openswan-cisco-issues.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.37/programs/pluto/connections.c openswan-2.6.37-patched/programs/pluto/connections.c
---- openswan-2.6.37/programs/pluto/connections.c 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/connections.c 2011-10-28 19:57:49.413033232 -0400
+diff -urNp openswan-2.6.38-patched/programs/pluto/connections.c openswan-2.6.38-current/programs/pluto/connections.c
+--- openswan-2.6.38-patched/programs/pluto/connections.c 2012-05-14 15:17:33.561272377 -0400
++++ openswan-2.6.38-current/programs/pluto/connections.c 2012-05-14 15:27:45.861258974 -0400
@@ -222,7 +222,7 @@ delete_end(struct connection *c UNUSED,
pfreeany(e->host_addr_name);
}
@@ -10,10 +10,10 @@ diff -urNp openswan-2.6.37/programs/pluto/connections.c openswan-2.6.37-patched/
delete_sr(struct connection *c, struct spd_route *sr)
{
delete_end(c, sr, &sr->this);
-diff -urNp openswan-2.6.37/programs/pluto/connections.h openswan-2.6.37-patched/programs/pluto/connections.h
---- openswan-2.6.37/programs/pluto/connections.h 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/connections.h 2011-10-28 19:57:49.414033232 -0400
-@@ -304,6 +304,7 @@ extern void release_connection(struct co
+diff -urNp openswan-2.6.38-patched/programs/pluto/connections.h openswan-2.6.38-current/programs/pluto/connections.h
+--- openswan-2.6.38-patched/programs/pluto/connections.h 2012-05-14 15:17:33.560272378 -0400
++++ openswan-2.6.38-current/programs/pluto/connections.h 2012-05-14 15:28:03.740258650 -0400
+@@ -321,6 +321,7 @@ extern void release_connection(struct co
extern void delete_connection(struct connection *c, bool relations);
extern void delete_connections_by_name(const char *name, bool strict);
extern void delete_every_connection(void);
@@ -21,124 +21,10 @@ diff -urNp openswan-2.6.37/programs/pluto/connections.h openswan-2.6.37-patched/
extern char *add_group_instance(struct connection *group, const ip_subnet *target);
extern void remove_group_instance(const struct connection *group, const char *name);
extern void release_dead_interfaces(void);
-diff -urNp openswan-2.6.37/programs/pluto/ikev1_aggr.c openswan-2.6.37-patched/programs/pluto/ikev1_aggr.c
---- openswan-2.6.37/programs/pluto/ikev1_aggr.c 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/ikev1_aggr.c 2011-10-28 19:57:49.416033232 -0400
-@@ -1183,7 +1183,7 @@ aggr_outI1_tail(struct pluto_crypto_req_
- }
- #endif
-
-- if (!nat_traversal_insert_vid(np, &md->rbody)) {
-+ if (!nat_traversal_insert_vid(np, &md->rbody, st)) {
- reset_cur_state();
- return STF_INTERNAL_ERROR;
- }
-diff -urNp openswan-2.6.37/programs/pluto/ikev1_main.c openswan-2.6.37-patched/programs/pluto/ikev1_main.c
---- openswan-2.6.37/programs/pluto/ikev1_main.c 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/ikev1_main.c 2011-10-28 19:57:49.418033230 -0400
-@@ -216,7 +216,7 @@ main_outI1(int whack_sock
- int np = --numvidtosend > 0 ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE;
-
- /* Add supported NAT-Traversal VID */
-- if (!nat_traversal_insert_vid(np, &md.rbody)) {
-+ if (!nat_traversal_insert_vid(np, &md.rbody, st)) {
- reset_cur_state();
- return STF_INTERNAL_ERROR;
- }
-diff -urNp openswan-2.6.37/programs/pluto/kernel.c openswan-2.6.37-patched/programs/pluto/kernel.c
---- openswan-2.6.37/programs/pluto/kernel.c 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/kernel.c 2011-10-28 19:57:49.419033230 -0400
-@@ -436,6 +436,7 @@ fmt_common_shell_out(char *buf, int blen
- #endif
- "%s " /* PLUTO_MY_SRCIP - if any */
- #ifdef XAUTH
-+ "PLUTO_IS_PEER_CISCO='%u' "
- "PLUTO_CISCO_DNS_INFO='%s' "
- "PLUTO_CISCO_DOMAIN_INFO='%s' "
- "PLUTO_PEER_BANNER='%s' "
-@@ -472,6 +473,7 @@ fmt_common_shell_out(char *buf, int blen
- #endif
- , srcip_str
- #ifdef XAUTH
-+ , c->remotepeertype
- , c->cisco_dns_info ? c->cisco_dns_info : ""
- , c->cisco_domain_info ? c->cisco_domain_info : ""
- , c->cisco_banner ? c->cisco_banner : ""
-diff -urNp openswan-2.6.37/programs/pluto/nat_traversal.c openswan-2.6.37-patched/programs/pluto/nat_traversal.c
---- openswan-2.6.37/programs/pluto/nat_traversal.c 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/nat_traversal.c 2011-10-28 19:57:49.420033230 -0400
-@@ -199,7 +199,7 @@ static void _natd_hash(const struct hash
- *
- * Used when we're Initiator
- */
--bool nat_traversal_insert_vid(u_int8_t np, pb_stream *outs)
-+bool nat_traversal_insert_vid(u_int8_t np, pb_stream *outs, struct state *st)
- {
- bool r = TRUE;
- DBG(DBG_NATT
-@@ -208,6 +208,9 @@ bool nat_traversal_insert_vid(u_int8_t n
- , nat_traversal_support_non_ike));
-
- if (nat_traversal_support_port_floating) {
-+ if (st->st_connection->remotepeertype == CISCO) {
-+ if (r) r = out_vid(np, outs, VID_NATT_RFC);
-+ } else {
- if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_RFC);
- if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_IETF_05);
- if (r) r = out_vid(ISAKMP_NEXT_VID, outs, VID_NATT_IETF_03);
-@@ -215,8 +218,9 @@ bool nat_traversal_insert_vid(u_int8_t n
- if (r)
- r = out_vid(nat_traversal_support_non_ike ? ISAKMP_NEXT_VID : np,
- outs, VID_NATT_IETF_02);
-+ }
- }
-- if (nat_traversal_support_non_ike) {
-+ if (nat_traversal_support_non_ike && st->st_connection->remotepeertype != CISCO) {
- if (r) r = out_vid(np, outs, VID_NATT_IETF_00);
- }
- return r;
-diff -urNp openswan-2.6.37/programs/pluto/nat_traversal.h openswan-2.6.37-patched/programs/pluto/nat_traversal.h
---- openswan-2.6.37/programs/pluto/nat_traversal.h 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/nat_traversal.h 2011-10-28 19:57:49.420033230 -0400
-@@ -129,7 +129,7 @@ extern int nat_traversal_espinudp_socket
- */
- #ifndef PB_STREAM_UNDEFINED
- bool nat_traversal_add_vid(u_int8_t np, pb_stream *outs);
--bool nat_traversal_insert_vid(u_int8_t np, pb_stream *outs);
-+bool nat_traversal_insert_vid(u_int8_t np, pb_stream *outs, struct state *st);
- #endif
- u_int32_t nat_traversal_vid_to_method(unsigned short nat_t_vid);
-
-diff -urNp openswan-2.6.37/programs/pluto/spdb_v1_struct.c openswan-2.6.37-patched/programs/pluto/spdb_v1_struct.c
---- openswan-2.6.37/programs/pluto/spdb_v1_struct.c 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/spdb_v1_struct.c 2011-10-28 19:57:49.421033230 -0400
-@@ -1527,7 +1527,7 @@ parse_ipsec_transform(struct isakmp_tran
- case SA_LIFE_TYPE_SECONDS:
- /* silently limit duration to our maximum */
- attrs->life_seconds = val <= SA_LIFE_DURATION_MAXIMUM
-- ? val : SA_LIFE_DURATION_MAXIMUM;
-+ ? (val < st->st_connection->sa_ipsec_life_seconds ? val : st->st_connection->sa_ipsec_life_seconds) : SA_LIFE_DURATION_MAXIMUM;
- break;
- case SA_LIFE_TYPE_KBYTES:
- attrs->life_kilobytes = val;
-@@ -1593,7 +1593,13 @@ parse_ipsec_transform(struct isakmp_tran
- loglog(RC_LOG_SERIOUS,
- "%s must only be used with old IETF drafts",
- enum_name(&enc_mode_names, val));
-+ if(st->st_connection->remotepeertype == CISCO) {
-+ DBG_log( "Allowing, as this may be due to rekey");
-+ attrs->encapsulation = val - ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS + ENCAPSULATION_MODE_TUNNEL;
-+ }
-+ else {
- return FALSE;
-+ }
- }
- else if (st->hidden_variables.st_nat_traversal & NAT_T_DETECTED) {
- attrs->encapsulation = val - ENCAPSULATION_MODE_UDP_TUNNEL_DRAFTS + ENCAPSULATION_MODE_TUNNEL;
-diff -urNp openswan-2.6.37/programs/pluto/xauth.c openswan-2.6.37-patched/programs/pluto/xauth.c
---- openswan-2.6.37/programs/pluto/xauth.c 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/pluto/xauth.c 2011-10-28 19:57:49.424033229 -0400
-@@ -1782,7 +1782,9 @@ modecfg_inR1(struct msg_digest *md)
+diff -urNp openswan-2.6.38-patched/programs/pluto/xauth.c openswan-2.6.38-current/programs/pluto/xauth.c
+--- openswan-2.6.38-patched/programs/pluto/xauth.c 2012-05-14 15:17:33.562272377 -0400
++++ openswan-2.6.38-current/programs/pluto/xauth.c 2012-05-14 15:38:17.634183294 -0400
+@@ -1785,7 +1785,9 @@ modecfg_inR1(struct msg_digest *md)
, caddr);
if(addrbytesptr(&c->spd.this.host_srcip, NULL) == 0
@@ -149,7 +35,7 @@ diff -urNp openswan-2.6.37/programs/pluto/xauth.c openswan-2.6.37-patched/progra
openswan_log("setting ip source address to %s"
, caddr);
c->spd.this.host_srcip = a;
-@@ -1832,7 +1834,11 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1835,7 +1837,11 @@ modecfg_inR1(struct msg_digest *md)
{
/* concatenate new IP address string on end of
* existing string, separated by ' '.
@@ -161,15 +47,15 @@ diff -urNp openswan-2.6.37/programs/pluto/xauth.c openswan-2.6.37-patched/progra
size_t sz_old = strlen(old);
size_t sz_added = strlen(caddr) + 1;
char *new = alloc_bytes(sz_old + 1 + sz_added, "cisco_dns_info+");
-@@ -1842,6 +1848,7 @@ modecfg_inR1(struct msg_digest *md)
- memcpy(new + sz_old + 1, caddr, sz_added);
- c->cisco_dns_info = new;
+@@ -1847,6 +1853,7 @@ modecfg_inR1(struct msg_digest *md)
pfree(old);
-+ }
}
}
++ }
-@@ -1857,18 +1864,22 @@ modecfg_inR1(struct msg_digest *md)
+ DBG_log("Cisco DNS info: %s, len=%zd", st->st_connection->cisco_dns_info, strlen(st->st_connection->cisco_dns_info));
+ }
+@@ -1860,18 +1867,22 @@ modecfg_inR1(struct msg_digest *md)
break;
case CISCO_BANNER:
@@ -193,7 +79,7 @@ diff -urNp openswan-2.6.37/programs/pluto/xauth.c openswan-2.6.37-patched/progra
ip_address a;
char caddr[SUBNETTOT_BUF];
size_t len = pbs_left(&strattr);
-@@ -1881,6 +1892,18 @@ modecfg_inR1(struct msg_digest *md)
+@@ -1884,6 +1895,18 @@ modecfg_inR1(struct msg_digest *md)
tmp_spd2->that.has_client_wildcard = FALSE;
}
@@ -207,31 +93,14 @@ diff -urNp openswan-2.6.37/programs/pluto/xauth.c openswan-2.6.37-patched/progra
+ tmp_spd1 = tmp_spd->next;
+ pfree(tmp_spd);
+ tmp_spd = tmp_spd1;
-+ }
++ }
+
while (len > 0) {
u_int32_t *ap;
tmp_spd = clone_thing(c->spd, "remote subnets policies");
-@@ -1932,13 +1955,13 @@ modecfg_inR1(struct msg_digest *md)
- tmp_spd->that.cert.type = 0;
-
- tmp_spd->this.ca.ptr = NULL;
-- tmp_spd->this.ca.ptr = NULL;
-+ tmp_spd->that.ca.ptr = NULL;
-
- tmp_spd->this.groups = NULL;
-- tmp_spd->this.groups = NULL;
-+ tmp_spd->that.groups = NULL;
-
- tmp_spd->this.virt = NULL;
-- tmp_spd->this.virt = NULL;
-+ tmp_spd->that.virt = NULL;
-
- tmp_spd->next = NULL;
- tmp_spd2->next = tmp_spd;
-diff -urNp openswan-2.6.37/programs/_updown.netkey/_updown.netkey.in openswan-2.6.37-patched/programs/_updown.netkey/_updown.netkey.in
---- openswan-2.6.37/programs/_updown.netkey/_updown.netkey.in 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/_updown.netkey/_updown.netkey.in 2011-10-28 19:57:49.426033229 -0400
+diff -urNp openswan-2.6.38-patched/programs/_updown.netkey/_updown.netkey.in openswan-2.6.38-current/programs/_updown.netkey/_updown.netkey.in
+--- openswan-2.6.38-patched/programs/_updown.netkey/_updown.netkey.in 2012-05-14 15:17:33.565272379 -0400
++++ openswan-2.6.38-current/programs/_updown.netkey/_updown.netkey.in 2012-05-14 15:42:09.289155715 -0400
@@ -188,6 +188,14 @@ downroute() {
ip route flush cache
}
@@ -245,55 +114,9 @@ diff -urNp openswan-2.6.37/programs/_updown.netkey/_updown.netkey.in openswan-2.
+}
+
updateresolvconf() {
-
- if [ -z "$PLUTO_NM_CONFIGURED" -o "$PLUTO_NM_CONFIGURED" = 0 ]; then
-@@ -320,6 +328,32 @@ addsource() {
- return $st
- }
-
-+delsource() {
-+ st=0
-+ # check if given sourceip is local and add as alias if not
-+ if ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local; then
-+ it="ip addr del ${PLUTO_MY_SOURCEIP%/*}/32 dev ${PLUTO_INTERFACE%:*}"
-+
-+ oops="`eval $it 2>&1`"
-+ st=$?
-+ if [ " $oops" = " " -a " $st" != " 0" ]; then
-+ oops="silent error, exit status $st"
-+ fi
-+ case "$oops" in
-+ 'RTNETLINK answers: File exists'*)
-+ # should not happen, but ... ignore if the
-+ # address was already assigned on interface
-+ oops=""
-+ st=0
-+ ;;
-+ esac
-+ if [ " $oops" != " " -o " $st" != " 0" ]; then
-+ echo "$0: delsource \`$it' failed ($oops)" >&2
-+ fi
-+ fi
-+ return $st
-+}
-+
-
- doroute() {
- if [ -z "$PLUTO_MY_SOURCEIP" ] && [ -n "$DEFAULTSOURCE" ]
-@@ -359,6 +393,12 @@ doroute() {
- parms2="$parms2 src ${PLUTO_MY_SOURCEIP%/*}"
- fi
-
-+ if [ -z "$PLUTO_IS_PEER_CISCO" -o "$PLUTO_IS_PEER_CISCO" = 1 ]; then
-+ if [ "$1" = "del" -a -n "$PLUTO_MY_SOURCEIP" ]; then
-+ delsource
-+ fi
-+ fi
-+
- case "$PLUTO_PEER_CLIENT" in
- "0.0.0.0/0")
- # opportunistic encryption work around
-@@ -402,6 +442,7 @@ case "$PLUTO_VERB" in
+ if [ -n "$PLUTO_CISCO_DNS_INFO" ]; then
+ if [ -n "`pidof unbound`" -a -n "$PLUTO_CISCO_DOMAIN_INFO" ]; then
+@@ -457,6 +465,7 @@ case "$PLUTO_VERB" in
;;
down-host)
# connection to me going down
@@ -301,7 +124,7 @@ diff -urNp openswan-2.6.37/programs/_updown.netkey/_updown.netkey.in openswan-2.
# If you are doing a custom version, firewall commands go here.
;;
up-client)
-@@ -410,6 +451,7 @@ case "$PLUTO_VERB" in
+@@ -465,6 +474,7 @@ case "$PLUTO_VERB" in
;;
down-client)
# connection to my client subnet going down
diff --git a/openswan-ipsec-help-524146-509318.patch b/openswan-ipsec-help-524146-509318.patch
index 90b734f..a4ed01d 100644
--- a/openswan-ipsec-help-524146-509318.patch
+++ b/openswan-ipsec-help-524146-509318.patch
@@ -1,6 +1,6 @@
-diff -urNp openswan-2.6.37/programs/ipsec/ipsec.in openswan-2.6.37-patched/programs/ipsec/ipsec.in
---- openswan-2.6.37/programs/ipsec/ipsec.in 2011-10-28 17:11:53.000000000 -0400
-+++ openswan-2.6.37-patched/programs/ipsec/ipsec.in 2011-10-28 19:57:08.925045694 -0400
+diff -urNp openswan-2.6.38-patched/programs/ipsec/ipsec.in openswan-2.6.38-current/programs/ipsec/ipsec.in
+--- openswan-2.6.38-patched/programs/ipsec/ipsec.in 2012-05-14 15:17:33.563272378 -0400
++++ openswan-2.6.38-current/programs/ipsec/ipsec.in 2012-05-14 15:20:50.952267555 -0400
@@ -80,9 +80,9 @@ case "$1" in
--help)
echo "Usage: ipsec command argument ..."
diff --git a/openswan.spec b/openswan.spec
index 401c247..db69f12 100644
--- a/openswan.spec
+++ b/openswan.spec
@@ -8,9 +8,9 @@
Summary: IPSEC implementation with IKEv1 and IKEv2 keying protocols
Name: openswan
-Version: 2.6.37
+Version: 2.6.38
-Release: 2%{?dist}
+Release: 1%{?dist}
License: GPLv2+
Url: http://www.openswan.org/
Source: openswan-%{version}.tar.gz
@@ -209,6 +209,10 @@ fi
chkconfig --add ipsec || :
%changelog
+* Mon May 14 2012 Avesh Agarwal <avagarwa at redhat.com> - 2.6.38-1
+- Fixes 806518: new upstream release
+- Updated local patches
+
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.6.37-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
diff --git a/sources b/sources
index 41d2635..39f5afe 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-e5c948555088df06cfadcfbe6c13adfe openswan-2.6.37.tar.gz
-e3731b00a5bfe136cc1365042375f714 openswan-2.6.37.tar.gz.asc
+13073eb5314b83a31be88e4117e8bbcd openswan-2.6.38.tar.gz
+13dfa5734bf87ab246339f02241be12a openswan-2.6.38.tar.gz.asc
More information about the scm-commits
mailing list