[libreswan] added 3 patches for libreswan-3.10
Paul Wouters
pwouters at fedoraproject.org
Tue Sep 9 16:58:54 UTC 2014
commit 55a85124f73c8c5218c87af874b2d1c2eacfd88a
Author: Paul Wouters <pwouters at redhat.com>
Date: Tue Sep 9 12:58:42 2014 -0400
added 3 patches for libreswan-3.10
libreswan-3.10-autoroute.patch | 80 +++++++++++++++++++++++++++++++++++++++
libreswan-3.10-coverity.patch | 81 ++++++++++++++++++++++++++++++++++++++++
libreswan-3.10-snprintf.patch | 21 ++++++++++
3 files changed, 182 insertions(+), 0 deletions(-)
---
diff --git a/libreswan-3.10-autoroute.patch b/libreswan-3.10-autoroute.patch
new file mode 100644
index 0000000..298a385
--- /dev/null
+++ b/libreswan-3.10-autoroute.patch
@@ -0,0 +1,80 @@
+commit dded96917330dc7726d2520ef74deff710ed7673
+Author: Paul Wouters <pwouters at redhat.com>
+Date: Mon Sep 8 20:38:32 2014 -0400
+
+ addconn: routing should happen after listen (bug introduced in 3.10)
+
+ This caused auto=route (auto=ondemand) connections to not load properly,
+ because pluto wasn't listening yet so these connections could not orient.
+
+diff --git a/programs/addconn/addconn.c b/programs/addconn/addconn.c
+index 5961a14..4c605a7 100644
+--- a/programs/addconn/addconn.c
++++ b/programs/addconn/addconn.c
+@@ -1,8 +1,9 @@
+ /*
+ * A program to read the configuration file and load a single conn
+ * Copyright (C) 2005 Michael Richardson <mcr at xelerance.com>
+- * Copyright (C) 2012 Paul Wouters <paul at libreswan.org>
+- * Copyright (C) 2012 Kim B. Heino <b at bbbs.net>
++ * Copyright (C) 2012-2014 Paul Wouters <paul at libreswan.org>
++ * Copyright (C) 2014 D. Hugh Redelmeier <hugh at mimosa.com>
++ * Copyright (C) 2012-2013 Kim B. Heino <b at bbbs.net>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+@@ -725,19 +726,37 @@ int main(int argc, char *argv[])
+ conn->desired_state == STARTUP_START) {
+ if (verbose)
+ printf(" %s", conn->name);
+- resolve_defaultroute(conn);
+ starter_whack_add_conn(cfg, conn);
+ }
+- if (conn->desired_state == STARTUP_ONDEMAND)
+- starter_whack_route_conn(cfg, conn);
+ }
+
+- /* We added all connections, let pluto listen, then startup our conns */
++ /*
++ * We loaded all connections. Now tell pluto to listen,
++ * then route the conns and resolve default route.
++ */
+ starter_whack_listen(cfg);
+
+ if (verbose)
+- printf(" Pass #2: Initiating auto=start connections\n");
++ printf(" Pass #2: Routing auto=route and auto=start connections\n");
+
++ for (conn = cfg->conns.tqh_first;
++ conn != NULL;
++ conn = conn->link.tqe_next) {
++ if (conn->desired_state == STARTUP_ADD ||
++ conn->desired_state == STARTUP_ONDEMAND ||
++ conn->desired_state == STARTUP_START) {
++ if (verbose)
++ printf(" %s", conn->name);
++ resolve_defaultroute(conn);
++ if (conn->desired_state == STARTUP_ONDEMAND ||
++ conn->desired_state == STARTUP_START) {
++ starter_whack_route_conn(cfg, conn);
++ }
++ }
++ }
++
++ if (verbose)
++ printf(" Pass #3: Initiating auto=start connections\n");
+
+ for (conn = cfg->conns.tqh_first;
+ conn != NULL;
+@@ -745,10 +764,10 @@ int main(int argc, char *argv[])
+ if (conn->desired_state == STARTUP_START) {
+ if (verbose)
+ printf(" %s", conn->name);
+- resolve_defaultroute(conn);
+ starter_whack_initiate_conn(cfg, conn);
+ }
+ }
++
+ if (verbose)
+ printf("\n");
+ } else {
diff --git a/libreswan-3.10-coverity.patch b/libreswan-3.10-coverity.patch
new file mode 100644
index 0000000..9380d31
--- /dev/null
+++ b/libreswan-3.10-coverity.patch
@@ -0,0 +1,81 @@
+diff --git a/programs/pluto/ikev2_crypto.c b/programs/pluto/ikev2_crypto.c
+index 58c62c8..4a305c7 100644
+--- a/programs/pluto/ikev2_crypto.c
++++ b/programs/pluto/ikev2_crypto.c
+@@ -65,8 +65,8 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
+ st->st_ah.present? &st->st_ah :
+ NULL;
+
+- assert(ipi != NULL); /* ESP or AH must be present */
+- assert(st->st_esp.present != st->st_ah.present); /* only one */
++ passert(ipi != NULL); /* ESP or AH must be present */
++ passert(st->st_esp.present != st->st_ah.present); /* only one */
+
+ /* ??? there is no kernel_alg_ah_info */
+ ipi->attrs.transattrs.ei = kernel_alg_esp_info(
+@@ -142,14 +142,6 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
+ v2genbytes(&rkeymat, ipi->keymat_len,
+ "responder keys", &childsacalc);
+
+- /* This should really be role == O_INITIATOR, but then our keys are
+- * installed reversed. This is a workaround until we locate the
+- * real problem. It's better not to release copies of our code
+- * that will be incompatible with everything else, including our
+- * own updated version
+- * Found by Herbert Xu
+- * if(role == O_INITIATOR) {
+- */
+ if (role != O_INITIATOR) {
+ DBG(DBG_CRYPT, {
+ DBG_dump_chunk("our keymat", ikeymat);
+@@ -167,4 +159,3 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
+ }
+
+ }
+-
+diff --git a/programs/pluto/pluto_crypt.c b/programs/pluto/pluto_crypt.c
+index 7bf3a2a..080d2a0 100644
+--- a/programs/pluto/pluto_crypt.c
++++ b/programs/pluto/pluto_crypt.c
+@@ -657,7 +657,7 @@ static void kill_helper(struct pluto_crypto_worker *w)
+ }
+
+ void log_crypto_workers(void) {
+- bool first_time = TRUE;
++ static bool first_time = TRUE;
+ int i;
+
+ if (!first_time)
+diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
+index 483f34c..9c6fb11 100644
+--- a/programs/pluto/rcv_whack.c
++++ b/programs/pluto/rcv_whack.c
+@@ -690,7 +690,7 @@ bool whack_prompt_for(int whackfd,
+ return FALSE;
+ }
+
+- if (strlen(ansbuf) == 0) {
++ if (n == 0) {
+ whack_log(RC_LOG_SERIOUS, "no %s entered, aborted", prompt2);
+ return FALSE;
+ }
+diff --git a/programs/rsasigkey/rsasigkey.c b/programs/rsasigkey/rsasigkey.c
+index f3f0194..d853365 100644
+--- a/programs/rsasigkey/rsasigkey.c
++++ b/programs/rsasigkey/rsasigkey.c
+@@ -321,7 +321,14 @@ int main(int argc, char *argv[])
+ device = optarg;
+ break;
+ case 'H': /* set hostname for output */
+- strcpy(outputhostname, optarg);
++ {
++ size_t full_len = strlen(optarg);
++ bool oflow = sizeof(outputhostname) - 1 < full_len;
++ size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
++
++ memcpy(outputhostname, optarg, copy_len);
++ outputhostname[copy_len] = '\0';
++ }
+ break;
+ case 'h': /* help */
+ printf("Usage:\t%s\n", usage);
diff --git a/libreswan-3.10-snprintf.patch b/libreswan-3.10-snprintf.patch
new file mode 100644
index 0000000..55bae52
--- /dev/null
+++ b/libreswan-3.10-snprintf.patch
@@ -0,0 +1,21 @@
+diff -Naur libreswan-3.10-orig/programs/pluto/kernel.c libreswan-3.10/programs/pluto/kernel.c
+--- libreswan-3.10-orig/programs/pluto/kernel.c 2014-09-01 17:44:22.000000000 -0400
++++ libreswan-3.10/programs/pluto/kernel.c 2014-09-08 09:10:29.173718430 -0400
+@@ -441,7 +441,7 @@
+ "PLUTO_STACK='%s' "
+ "%s" /* optional metric */
+ "%s" /* optional mtu */
+- "PLUTO_ADDTIME='%lu' "
++ "PLUTO_ADDTIME='%" PRIu64 "' "
+ "PLUTO_CONN_POLICY='%s' "
+ "PLUTO_CONN_ADDRFAMILY='ipv%d' "
+ "XAUTH_FAILED=%d "
+@@ -479,7 +479,7 @@
+ kernel_ops->kern_name,
+ metric_str,
+ connmtu_str,
+- st == NULL ? 0 : st->st_esp.add_time,
++ (u_int64_t)(st == NULL ? 0U : st->st_esp.add_time),
+ prettypolicy(c->policy),
+ (c->addr_family == AF_INET) ? 4 : 6,
+ (st && st->st_xauth_soft) ? 1 : 0,
More information about the scm-commits
mailing list