aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-08-23 14:58:18 +0300
committerTimo Teräs <timo.teras@iki.fi>2012-08-23 14:59:26 +0300
commit75708decfc9606471b2f84956c5aedbdc587b5c1 (patch)
tree5758bae5c4e480bbec562b856d5c11ae1e51e7cb
parentc2a9ab90408365e4d68c3bfe3350a09fd908881a (diff)
downloadaports-75708decfc9606471b2f84956c5aedbdc587b5c1.tar.bz2
aports-75708decfc9606471b2f84956c5aedbdc587b5c1.tar.xz
main/ipsec-tools: cherry-pick fixes from upstream CVS
-rw-r--r--main/ipsec-tools/01-privsep-fix.patch46
-rw-r--r--main/ipsec-tools/02-pfkey-buffer-size-fix.patch65
-rw-r--r--main/ipsec-tools/03-list-foreach-fixes.patch59
-rw-r--r--main/ipsec-tools/04-splitnet-malloc-fix.patch36
-rw-r--r--main/ipsec-tools/05-bignum-alloc-fix.patch25
-rw-r--r--main/ipsec-tools/APKBUILD12
6 files changed, 242 insertions, 1 deletions
diff --git a/main/ipsec-tools/01-privsep-fix.patch b/main/ipsec-tools/01-privsep-fix.patch
new file mode 100644
index 0000000000..a4842a8ac9
--- /dev/null
+++ b/main/ipsec-tools/01-privsep-fix.patch
@@ -0,0 +1,46 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/privsep.c,v
+retrieving revision 1.21
+retrieving revision 1.21.2.1
+diff -u -p -r1.21 -r1.21.2.1
+--- ipsec-tools/src/racoon/privsep.c 2011/03/06 08:28:10 1.21
++++ ipsec-tools/src/racoon/privsep.c 2011/08/12 05:46:06 1.21.2.1
+@@ -1,4 +1,4 @@
+-/* $NetBSD: privsep.c,v 1.21 2011/03/06 08:28:10 tteras Exp $ */
++/* $NetBSD: privsep.c,v 1.21.2.1 2011/08/12 05:46:06 tteras Exp $ */
+
+ /* Id: privsep.c,v 1.15 2005/08/08 11:23:44 vanhu Exp */
+
+@@ -67,6 +67,7 @@
+ #include "admin.h"
+ #include "sockmisc.h"
+ #include "privsep.h"
++#include "session.h"
+
+ static int privsep_sock[2] = { -1, -1 };
+
+@@ -193,6 +194,13 @@ privsep_recv(sock, bufp, lenp)
+ return 0;
+ }
+
++static int
++privsep_do_exit(void *ctx, int fd)
++{
++ kill(getpid(), SIGTERM);
++ return 0;
++}
++
+ int
+ privsep_init(void)
+ {
+@@ -273,6 +281,7 @@ privsep_init(void)
+ strerror(errno));
+ return -1;
+ }
++ monitor_fd(privsep_sock[1], privsep_do_exit, NULL, 0);
+
+ return 0;
+ break;
diff --git a/main/ipsec-tools/02-pfkey-buffer-size-fix.patch b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
new file mode 100644
index 0000000000..eb028304b8
--- /dev/null
+++ b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
@@ -0,0 +1,65 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c,v
+retrieving revision 1.21
+retrieving revision 1.21.2.1
+diff -u -p -r1.21 -r1.21.2.1
+--- ipsec-tools/src/libipsec/pfkey.c 2011/01/20 16:08:35 1.21
++++ ipsec-tools/src/libipsec/pfkey.c 2011/11/14 13:25:06 1.21.2.1
+@@ -1,4 +1,4 @@
+-/* $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */
++/* $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp $ */
+
+ /* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */
+
+@@ -1783,7 +1783,9 @@ int
+ pfkey_open(void)
+ {
+ int so;
+- int bufsiz = 128 * 1024; /*is 128K enough?*/
++ int bufsiz_current, bufsiz_wanted;
++ int ret;
++ socklen_t len;
+
+ if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
+ __ipsec_set_strerror(strerror(errno));
+@@ -1794,14 +1796,29 @@ pfkey_open(void)
+ * This is a temporary workaround for KAME PR 154.
+ * Don't really care even if it fails.
+ */
+- (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+- bufsiz = 256 * 1024;
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+- bufsiz = 512 * 1024;
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+- bufsiz = 1024 * 1024;
+- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
++ /* Try to have 128k. If we have more, do not lower it. */
++ bufsiz_wanted = 128 * 1024;
++ len = sizeof(bufsiz_current);
++ ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
++ &bufsiz_current, &len);
++ if ((ret < 0) || (bufsiz_current < bufsiz_wanted))
++ (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
++ &bufsiz_wanted, sizeof(bufsiz_wanted));
++
++ /* Try to have have at least 2MB. If we have more, do not lower it. */
++ bufsiz_wanted = 2 * 1024 * 1024;
++ len = sizeof(bufsiz_current);
++ ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
++ &bufsiz_current, &len);
++ if (ret < 0)
++ bufsiz_current = 128 * 1024;
++
++ for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
++ if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
++ &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
++ break;
++ }
++
+ __ipsec_errcode = EIPSEC_NO_ERROR;
+ return so;
+ }
diff --git a/main/ipsec-tools/03-list-foreach-fixes.patch b/main/ipsec-tools/03-list-foreach-fixes.patch
new file mode 100644
index 0000000000..9851b63ceb
--- /dev/null
+++ b/main/ipsec-tools/03-list-foreach-fixes.patch
@@ -0,0 +1,59 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
+retrieving revision 1.39
+retrieving revision 1.40
+diff -u -p -r1.39 -r1.40
+--- ipsec-tools/src/racoon/handler.c 2011/03/14 17:18:12 1.39
++++ ipsec-tools/src/racoon/handler.c 2011/11/17 14:41:55 1.40
+@@ -1,4 +1,4 @@
+-/* $NetBSD: handler.c,v 1.39 2011/03/14 17:18:12 tteras Exp $ */
++/* $NetBSD: handler.c,v 1.40 2011/11/17 14:41:55 vanhu Exp $ */
+
+ /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
+
+@@ -611,9 +611,11 @@ getph2byid(src, dst, spid)
+ struct sockaddr *src, *dst;
+ u_int32_t spid;
+ {
+- struct ph2handle *p;
++ struct ph2handle *p, *next;
++
++ for (p = LIST_FIRST(&ph2tree); p; p = next) {
++ next = LIST_NEXT(p, chain);
+
+- LIST_FOREACH(p, &ph2tree, chain) {
+ if (spid == p->spid &&
+ cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH &&
+ cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){
+@@ -985,9 +987,11 @@ void
+ remcontacted(remote)
+ struct sockaddr *remote;
+ {
+- struct contacted *p;
++ struct contacted *p, *next;
++
++ for (p = LIST_FIRST(&ctdtree); p; p = next) {
++ next = LIST_NEXT(p, chain);
+
+- LIST_FOREACH(p, &ctdtree, chain) {
+ if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) {
+ LIST_REMOVE(p, chain);
+ racoon_free(p->remote);
+@@ -1555,10 +1559,12 @@ int
+ purgeph1bylogin(login)
+ char *login;
+ {
+- struct ph1handle *p;
++ struct ph1handle *p, *next;
+ int found = 0;
+
+- LIST_FOREACH(p, &ph1tree, chain) {
++ for (p = LIST_FIRST(&ph1tree); p; p = next) {
++ next = LIST_NEXT(p, chain);
++
+ if (p->mode_cfg == NULL)
+ continue;
+ if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) {
diff --git a/main/ipsec-tools/04-splitnet-malloc-fix.patch b/main/ipsec-tools/04-splitnet-malloc-fix.patch
new file mode 100644
index 0000000000..5f7aa8b90a
--- /dev/null
+++ b/main/ipsec-tools/04-splitnet-malloc-fix.patch
@@ -0,0 +1,36 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_unity.c,v
+retrieving revision 1.9
+retrieving revision 1.9.18.1
+diff -u -p -r1.9 -r1.9.18.1
+--- ipsec-tools/src/racoon/isakmp_unity.c 2007/10/19 03:37:19 1.9
++++ ipsec-tools/src/racoon/isakmp_unity.c 2012/01/01 17:32:04 1.9.18.1
+@@ -1,4 +1,4 @@
+-/* $NetBSD: isakmp_unity.c,v 1.9 2007/10/19 03:37:19 manu Exp $ */
++/* $NetBSD: isakmp_unity.c,v 1.9.18.1 2012/01/01 17:32:04 tteras Exp $ */
+
+ /* Id: isakmp_unity.c,v 1.10 2006/07/31 04:49:23 manubsd Exp */
+
+@@ -387,8 +387,9 @@ char * splitnet_list_2str(list, splitnet
+ netentry = netentry->next;
+ }
+
+- /* allocate network list string */
+- str = racoon_malloc(len);
++ /* allocate network list string; we need the extra byte temporarily
++ * as sprintf() will write trailing 0-byte after the space. */
++ str = racoon_malloc(len + 1);
+ if (str == NULL)
+ return NULL;
+
+@@ -414,6 +415,7 @@ char * splitnet_list_2str(list, splitnet
+ netentry = netentry->next;
+ }
+
++ /* trim the string to not have trailing spaces */
+ str[len-1]=0;
+
+ return str;
diff --git a/main/ipsec-tools/05-bignum-alloc-fix.patch b/main/ipsec-tools/05-bignum-alloc-fix.patch
new file mode 100644
index 0000000000..90c330ff43
--- /dev/null
+++ b/main/ipsec-tools/05-bignum-alloc-fix.patch
@@ -0,0 +1,25 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
+retrieving revision 1.20
+retrieving revision 1.21
+diff -u -p -r1.20 -r1.21
+--- ipsec-tools/src/racoon/crypto_openssl.c 2010/10/20 13:40:02 1.20
++++ ipsec-tools/src/racoon/crypto_openssl.c 2012/08/15 14:51:30 1.21
+@@ -1,4 +1,4 @@
+-/* $NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $ */
++/* $NetBSD: crypto_openssl.c,v 1.21 2012/08/15 14:51:30 manu Exp $ */
+
+ /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
+
+@@ -2501,7 +2501,7 @@ eay_bn2v(var, bn)
+ vchar_t **var;
+ BIGNUM *bn;
+ {
+- *var = vmalloc(bn->top * BN_BYTES);
++ *var = vmalloc(BN_num_bytes(bn));
+ if (*var == NULL)
+ return(-1);
+
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 9076efd534..24b6d0485f 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ipsec-tools
pkgver=0.8.0
-pkgrel=4
+pkgrel=5
pkgdesc="User-space IPsec tools for various IPsec implementations"
url="http://ipsec-tools.sourceforge.net/"
arch="all"
@@ -12,6 +12,11 @@ subpackages="$pkgname-doc $pkgname-dev"
source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
racoon.initd
racoon.confd
+ 01-privsep-fix.patch
+ 02-pfkey-buffer-size-fix.patch
+ 03-list-foreach-fixes.patch
+ 04-splitnet-malloc-fix.patch
+ 05-bignum-alloc-fix.patch
20-grekey-support.patch
50-reverse-connect.patch
70-defer-isakmp-ident-handling.patch
@@ -60,6 +65,11 @@ package() {
md5sums="c9a318cdbc0946f4e51464866d529739 ipsec-tools-0.8.0.tar.gz
74f12ed04ed273a738229c0bfbf829cc racoon.initd
2d00250cf72da7f2f559c91b65a48747 racoon.confd
+518349f275fafcabed7751b943a5cfaf 01-privsep-fix.patch
+44171d829782105d368cd0c99b784da9 02-pfkey-buffer-size-fix.patch
+fc3ac8a58b50bc231e3d45bd619b199e 03-list-foreach-fixes.patch
+272ca19929bdf387fe9e3fab7ab3e270 04-splitnet-malloc-fix.patch
+51e9065f0267afdd91705f78bf27a337 05-bignum-alloc-fix.patch
79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch
f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch
94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch