aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2010-12-08 13:12:31 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2010-12-09 10:22:17 +0000
commitf8781c234e11c85203a088bda2daf1509be2afaf (patch)
treef65080725f70e2c3ab583a34225849119356886b
parent82817882ad8de4bb18fe227b175f41fdc5b68cdd (diff)
downloadaports-f8781c234e11c85203a088bda2daf1509be2afaf.tar.bz2
aports-f8781c234e11c85203a088bda2daf1509be2afaf.tar.xz
main/ipsec-tools: upgrade to snapshot 2010-12-08
* remove patches merged upstream (cherry picked from commit fd5fc13c1d89fa53425315ffba5c2676b2f30b71)
-rw-r--r--main/ipsec-tools/80-admin-big-reply-fix.patch123
-rw-r--r--main/ipsec-tools/90-dpd-window-fix.patch85
-rw-r--r--main/ipsec-tools/95-purge-on-delete-notify.patch57
-rw-r--r--main/ipsec-tools/99-purge-on-delete-fix.patch110
-rw-r--r--main/ipsec-tools/APKBUILD18
5 files changed, 5 insertions, 388 deletions
diff --git a/main/ipsec-tools/80-admin-big-reply-fix.patch b/main/ipsec-tools/80-admin-big-reply-fix.patch
deleted file mode 100644
index d3e4b5d570..0000000000
--- a/main/ipsec-tools/80-admin-big-reply-fix.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-Index: src/racoon/admin.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.c,v
-retrieving revision 1.35
-diff -u -r1.35 admin.c
---- a/src/racoon/admin.c 21 Oct 2010 06:15:28 -0000 1.35
-+++ b/src/racoon/admin.c 29 Oct 2010 10:51:28 -0000
-@@ -638,9 +638,15 @@
- }
-
- combuf = (struct admin_com *) retbuf;
-- combuf->ac_len = tlen;
-+ combuf->ac_len = (u_int16_t) tlen;
- combuf->ac_cmd = req->ac_cmd & ~ADMIN_FLAG_VERSION;
-- combuf->ac_errno = l_ac_errno;
-+ if (tlen != (u_int32_t) combuf->ac_len &&
-+ l_ac_errno == 0) {
-+ combuf->ac_len_high = tlen >> 16;
-+ combuf->ac_cmd |= ADMIN_FLAG_LONG_REPLY;
-+ } else {
-+ combuf->ac_errno = l_ac_errno;
-+ }
- combuf->ac_proto = req->ac_proto;
-
- if (buf != NULL)
-Index: src/racoon/admin.h
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/admin.h,v
-retrieving revision 1.7
-diff -u -r1.7 admin.h
---- a/src/racoon/admin.h 29 Aug 2008 00:30:15 -0000 1.7
-+++ b/src/racoon/admin.h 29 Oct 2010 10:51:28 -0000
-@@ -49,16 +49,19 @@
- union {
- int16_t ac_un_errno;
- uint16_t ac_un_version;
-+ uint16_t ac_un_len_high;
- } u;
- u_int16_t ac_proto;
- };
- #define ac_errno u.ac_un_errno
- #define ac_version u.ac_un_version
-+#define ac_len_high u.ac_un_len_high
-
- /*
- * Version field in request is valid.
- */
- #define ADMIN_FLAG_VERSION 0x8000
-+#define ADMIN_FLAG_LONG_REPLY 0x8000
-
- /*
- * No data follows as the data.
-Index: src/racoon/kmpstat.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/kmpstat.c,v
-retrieving revision 1.6
-diff -u -r1.6 kmpstat.c
---- a/src/racoon/kmpstat.c 2 Oct 2007 09:47:45 -0000 1.6
-+++ b/src/racoon/kmpstat.c 29 Oct 2010 10:51:29 -0000
-@@ -138,7 +138,7 @@
- {
- struct admin_com h, *com;
- caddr_t buf;
-- int len;
-+ int len, rlen;
- int l = 0;
- caddr_t p;
-
-@@ -153,19 +153,25 @@
- if (len < sizeof(h))
- goto bad1;
-
-- if (h.ac_errno) {
-+ if (h.ac_errno && !(h.ac_cmd & ADMIN_FLAG_LONG_REPLY)) {
- errno = h.ac_errno;
- goto bad1;
- }
-
-+ /* real length */
-+ if (h.ac_cmd & ADMIN_FLAG_LONG_REPLY)
-+ rlen = ((u_int32_t)h.ac_len) + (((u_int32_t)h.ac_len_high) << 16);
-+ else
-+ rlen = h.ac_len;
-+
- /* allocate buffer */
-- if ((*combufp = vmalloc(h.ac_len)) == NULL)
-+ if ((*combufp = vmalloc(rlen)) == NULL)
- goto bad1;
-
- /* read real message */
- p = (*combufp)->v;
-- while (l < len) {
-- if ((len = recv(so, p, h.ac_len, 0)) < 0) {
-+ while (l < rlen) {
-+ if ((len = recv(so, p, rlen - l, 0)) < 0) {
- perror("recv");
- goto bad2;
- }
-Index: src/racoon/racoonctl.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/racoonctl.c,v
-retrieving revision 1.17
-diff -u -r1.17 racoonctl.c
---- a/src/racoon/racoonctl.c 20 Apr 2009 13:22:00 -0000 1.17
-+++ b/src/racoon/racoonctl.c 29 Oct 2010 10:51:29 -0000
-@@ -1426,10 +1426,14 @@
- int len;
-
- com = (struct admin_com *)combuf->v;
-- len = com->ac_len - sizeof(*com);
-+ if (com->ac_cmd & ADMIN_FLAG_LONG_REPLY)
-+ len = ((u_int32_t)com->ac_len) + (((u_int32_t)com->ac_len_high) << 16);
-+ else
-+ len = com->ac_len;
-+ len -= sizeof(*com);
- buf = combuf->v + sizeof(*com);
-
-- switch (com->ac_cmd) {
-+ switch (com->ac_cmd & ~ADMIN_FLAG_LONG_REPLY) {
- case ADMIN_SHOW_SCHED:
- print_schedule(buf, len);
- break;
-
diff --git a/main/ipsec-tools/90-dpd-window-fix.patch b/main/ipsec-tools/90-dpd-window-fix.patch
deleted file mode 100644
index d3ac9a9aa2..0000000000
--- a/main/ipsec-tools/90-dpd-window-fix.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-Index: src/racoon/isakmp_inf.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
-retrieving revision 1.41
-diff -u -r1.41 isakmp_inf.c
---- a/src/racoon/isakmp_inf.c 3 Jul 2009 06:41:46 -0000 1.41
-+++ b/src/racoon/isakmp_inf.c 5 May 2010 15:56:38 -0000
-@@ -1450,17 +1450,16 @@
- struct isakmp_pl_ru *ru;
- u_int32_t msgid;
- {
-+ u_int32_t seq;
-
- plog(LLV_DEBUG, LOCATION, iph1->remote,
- "DPD R-U-There-Ack received\n");
-
-- /* XXX Maintain window of acceptable sequence numbers ?
-- * => ru->data <= iph2->dpd_seq &&
-- * ru->data >= iph2->dpd_seq - iph2->dpd_fails ? */
-- if (ntohl(ru->data) != iph1->dpd_seq-1) {
-+ seq = ntohl(ru->data);
-+ if (seq <= iph1->dpd_last_ack || seq > iph1->dpd_seq) {
- plog(LLV_ERROR, LOCATION, iph1->remote,
-- "Wrong DPD sequence number (%d, %d expected).\n",
-- ntohl(ru->data), iph1->dpd_seq-1);
-+ "Wrong DPD sequence number (%d; last_ack=%d, seq=%d).\n",
-+ seq, iph1->dpd_last_ack, iph1->dpd_seq);
- return 0;
- }
-
-@@ -1472,6 +1471,7 @@
- }
-
- iph1->dpd_fails = 0;
-+ iph1->dpd_last_ack = seq;
- sched_cancel(&iph1->dpd_r_u);
- isakmp_sched_r_u(iph1, 0);
-
-@@ -1535,12 +1535,13 @@
- memcpy(ru->i_ck, iph1->index.i_ck, sizeof(cookie_t));
- memcpy(ru->r_ck, iph1->index.r_ck, sizeof(cookie_t));
-
-- if (iph1->dpd_seq == 0){
-+ if (iph1->dpd_seq == 0) {
- /* generate a random seq which is not too big */
-- srand(time(NULL));
-- iph1->dpd_seq = rand() & 0x0fff;
-+ iph1->dpd_seq = iph1->dpd_last_ack = rand() & 0x0fff;
- }
-
-+ iph1->dpd_seq++;
-+ iph1->dpd_fails++;
- ru->data = htonl(iph1->dpd_seq);
-
- error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, 0);
-@@ -1549,12 +1550,6 @@
- plog(LLV_DEBUG, LOCATION, iph1->remote,
- "DPD R-U-There sent (%d)\n", error);
-
-- /* will be decreased if ACK received... */
-- iph1->dpd_fails++;
--
-- /* XXX should be increased only when ACKed ? */
-- iph1->dpd_seq++;
--
- /* Reschedule the r_u_there with a short delay,
- * will be deleted/rescheduled if ACK received before */
- isakmp_sched_r_u(iph1, 1);
-Index: src/racoon/handler.h
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
-retrieving revision 1.22
-diff -u -r1.22 handler.h
---- a/src/racoon/handler.h 3 Sep 2009 09:29:07 -0000 1.22
-+++ b/src/racoon/handler.h 5 May 2010 15:56:39 -0000
-@@ -202,7 +202,8 @@
-
- #ifdef ENABLE_DPD
- int dpd_support; /* Does remote supports DPD ? */
-- u_int16_t dpd_seq; /* DPD seq number to receive */
-+ u_int32_t dpd_last_ack;
-+ u_int32_t dpd_seq; /* DPD seq number to receive */
- u_int8_t dpd_fails; /* number of failures */
- struct sched dpd_r_u;
- #endif
diff --git a/main/ipsec-tools/95-purge-on-delete-notify.patch b/main/ipsec-tools/95-purge-on-delete-notify.patch
deleted file mode 100644
index aa92135bc4..0000000000
--- a/main/ipsec-tools/95-purge-on-delete-notify.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Index: src/racoon/isakmp.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
-retrieving revision 1.63
-diff -u -p -r1.63 isakmp.c
---- a/src/racoon/isakmp.c 21 Oct 2010 06:15:28 -0000 1.63
-+++ b/src/racoon/isakmp.c 4 Nov 2010 14:52:39 -0000
-@@ -766,6 +766,20 @@ isakmp_main(msg, remote, local)
- return 0;
- }
-
-+static int
-+ph1_rekey_enabled(iph1)
-+ struct ph1handle *iph1;
-+{
-+ if (iph1->rmconf->rekey == REKEY_FORCE)
-+ return 1;
-+#ifdef ENABLE_DPD
-+ if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
-+ iph1->rmconf->dpd_interval)
-+ return 1;
-+#endif
-+ return 0;
-+}
-+
- /*
- * main function of phase 1.
- */
-@@ -866,13 +880,7 @@ ph1_main(iph1, msg)
- migrate_dying_ph12(iph1);
-
- /* add to the schedule to expire, and seve back pointer. */
-- if ((iph1->rmconf->rekey == REKEY_FORCE)
--#ifdef ENABLE_DPD
-- ||
-- (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
-- iph1->rmconf->dpd_interval)
--#endif
-- ) {
-+ if (ph1_rekey_enabled(iph1)) {
- sched_schedule(&iph1->sce,
- iph1->approval->lifetime *
- PFKEY_SOFT_LIFETIME_RATE / 100,
-@@ -2071,7 +2079,13 @@ isakmp_ph1delete(iph1)
- plog(LLV_INFO, LOCATION, NULL,
- "ISAKMP-SA deleted %s-%s spi:%s\n",
- src, dst, isakmp_pindex(&iph1->index, 0));
-+
- evt_phase1(iph1, EVT_PHASE1_DOWN, NULL);
-+
-+ if (new_iph1 == NULL && ph1_rekey_enabled(iph1)) {
-+ purge_remote(iph1);
-+ script_hook(iph1, SCRIPT_PHASE1_DEAD);
-+ }
- racoon_free(src);
- racoon_free(dst);
-
diff --git a/main/ipsec-tools/99-purge-on-delete-fix.patch b/main/ipsec-tools/99-purge-on-delete-fix.patch
deleted file mode 100644
index edcc28ac8e..0000000000
--- a/main/ipsec-tools/99-purge-on-delete-fix.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Index: src/racoon/handler.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
-retrieving revision 1.33
-diff -u -r1.33 handler.c
---- a/src/racoon/handler.c 21 Oct 2010 06:04:33 -0000 1.33
-+++ b/src/racoon/handler.c 15 Nov 2010 07:26:44 -0000
-@@ -514,6 +514,22 @@
- LIST_INIT(&ph1tree);
- }
-
-+int
-+ph1_rekey_enabled(iph1)
-+ struct ph1handle *iph1;
-+{
-+ if (iph1->rmconf == NULL)
-+ return 0;
-+ if (iph1->rmconf->rekey == REKEY_FORCE)
-+ return 1;
-+#ifdef ENABLE_DPD
-+ if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
-+ iph1->rmconf->dpd_interval)
-+ return 1;
-+#endif
-+ return 0;
-+}
-+
- /* %%% management phase 2 handler */
-
- int
-Index: src/racoon/handler.h
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.h,v
-retrieving revision 1.24
-diff -u -r1.24 handler.h
---- a/src/racoon/handler.h 12 Nov 2010 09:09:47 -0000 1.24
-+++ b/src/racoon/handler.h 15 Nov 2010 07:26:44 -0000
-@@ -493,6 +493,7 @@
- extern int resolveph1rmconf __P((struct ph1handle *));
- extern void flushph1 __P((void));
- extern void initph1tree __P((void));
-+extern int ph1_rekey_enabled __P((struct ph1handle *));
-
- extern int enumph2 __P((struct ph2selector *ph2sel,
- int (* enum_func)(struct ph2handle *iph2, void *arg),
-Index: src/racoon/isakmp.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c,v
-retrieving revision 1.65
-diff -u -r1.65 isakmp.c
---- a/src/racoon/isakmp.c 12 Nov 2010 10:36:37 -0000 1.65
-+++ b/src/racoon/isakmp.c 15 Nov 2010 07:26:45 -0000
-@@ -766,20 +766,6 @@
- return 0;
- }
-
--static int
--ph1_rekey_enabled(iph1)
-- struct ph1handle *iph1;
--{
-- if (iph1->rmconf->rekey == REKEY_FORCE)
-- return 1;
--#ifdef ENABLE_DPD
-- if (iph1->rmconf->rekey == REKEY_ON && iph1->dpd_support &&
-- iph1->rmconf->dpd_interval)
-- return 1;
--#endif
-- return 0;
--}
--
- /*
- * main function of phase 1.
- */
-@@ -2081,11 +2067,9 @@
- src, dst, isakmp_pindex(&iph1->index, 0));
-
- evt_phase1(iph1, EVT_PHASE1_DOWN, NULL);
--
-- if (new_iph1 == NULL && ph1_rekey_enabled(iph1)) {
-- purge_remote(iph1);
-+ if (new_iph1 == NULL && ph1_rekey_enabled(iph1))
- script_hook(iph1, SCRIPT_PHASE1_DEAD);
-- }
-+
- racoon_free(src);
- racoon_free(dst);
-
-Index: src/racoon/isakmp_inf.c
-===================================================================
-RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
-retrieving revision 1.43
-diff -u -r1.43 isakmp_inf.c
---- a/src/racoon/isakmp_inf.c 12 Nov 2010 09:09:47 -0000 1.43
-+++ b/src/racoon/isakmp_inf.c 15 Nov 2010 07:26:45 -0000
-@@ -516,10 +516,12 @@
- sched_cancel(&del_ph1->scr);
-
- /*
-- * Do not delete IPsec SAs when receiving an IKE delete notification.
-- * Just delete the IKE SA.
-+ * Delete also IPsec-SAs if rekeying is enabled.
- */
-- isakmp_ph1expire(del_ph1);
-+ if (ph1_rekey_enabled(del_ph1))
-+ purge_remote(del_ph1);
-+ else
-+ isakmp_ph1expire(del_ph1);
- }
- break;
-
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 26182b6b91..6e071b9547 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ipsec-tools
-pkgver=0.8_alpha20101022
-_myver=0.8-alpha20101022
-pkgrel=3
+pkgver=0.8_alpha20101208
+_myver=0.8-alpha20101208
+pkgrel=0
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
license="BSD"
@@ -15,10 +15,6 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
50-reverse-connect.patch
70-defer-isakmp-ident-handling.patch
75-racoonctl-rcvbuf.patch
- 80-admin-big-reply-fix.patch
- 90-dpd-window-fix.patch
- 95-purge-on-delete-notify.patch
- 99-purge-on-delete-fix.patch
"
_builddir="$srcdir"/$pkgname-$_myver
@@ -58,13 +54,9 @@ package() {
install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon
}
-md5sums="1492b83edc944b5d32d2eff51e33399e ipsec-tools-0.8-alpha20101022.tar.gz
+md5sums="9da0417ea19629777d7d7a555667f6d8 ipsec-tools-0.8-alpha20101208.tar.gz
74f12ed04ed273a738229c0bfbf829cc racoon.initd
2d00250cf72da7f2f559c91b65a48747 racoon.confd
13bda94a598aabf593280e04ea16065d 50-reverse-connect.patch
94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch
-2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch
-c3898b162d284bc163f99cc52925b52a 80-admin-big-reply-fix.patch
-0391a6967ad19673588302bc8b17e0e2 90-dpd-window-fix.patch
-8bc73a15407564321c8f571b5656b28d 95-purge-on-delete-notify.patch
-e8bee665227335d75880cf3753d2279e 99-purge-on-delete-fix.patch"
+2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch"