main/ipsec-tools: cherry-pick fixes from upstream

4 files changed, 55 insertions, 3 deletions

diff --git a/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch
new file mode 100644
index 0000000000..af3f7468be
--- /dev/null
+++ b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch
@@ -0,0 +1,19 @@
+--- a/src/racoon/isakmp_xauth.c	15 Nov 2011 13:51:23 -0000	1.24
++++ b/src/racoon/isakmp_xauth.c	5 Feb 2013 06:21:03 -0000
+@@ -458,10 +458,14 @@
+ 			vfree(xauth_rad_config.acct_server_list[i].host);
+ 			vfree(xauth_rad_config.acct_server_list[i].secret);
+ 		}
+-		if (radius_auth_state != NULL)
++		if (radius_auth_state != NULL) {
+ 			rad_close(radius_auth_state);
+-		if (radius_acct_state != NULL)
++			radius_auth_state = NULL;
++		}
++		if (radius_acct_state != NULL) {
+ 			rad_close(radius_acct_state);
++			radius_acct_state = NULL;
++		}
+ 	}
+ 
+ 	/* initialize radius config */
diff --git a/main/ipsec-tools/03-fix-sport-selection.patch b/main/ipsec-tools/03-fix-sport-selection.patch
new file mode 100644
index 0000000000..56cd999b39
--- /dev/null
+++ b/main/ipsec-tools/03-fix-sport-selection.patch
@@ -0,0 +1,29 @@
+--- a/src/racoon/grabmyaddr.c	14 Mar 2011 17:18:12 -0000	1.28
++++ b/src/racoon/grabmyaddr.c	5 Feb 2013 11:32:59 -0000
+@@ -274,13 +274,24 @@
+ 	struct sockaddr *addr;
+ {
+ 	struct myaddr *my;
++	int port = 0, wport;
+ 
+ 	LIST_FOREACH(my, &opened, chain) {
+-		if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH)
++		switch (cmpsaddr((struct sockaddr *) &my->addr, addr)) {
++		case CMPSADDR_MATCH:
+ 			return extract_port((struct sockaddr *) &my->addr);
++		case CMPSADDR_WILDPORT_MATCH:
++			wport = extract_port((struct sockaddr *) &my->addr);
++			if (port == 0 || wport < port)
++				port = wport;
++			break;
++		}
+ 	}
++	
++	if (port == 0)
++		port = PORT_ISAKMP;
+ 
+-	return PORT_ISAKMP;
++	return port;
+ }
+ 
+ void
diff --git a/main/ipsec-tools/20-grekey-support.patch b/main/ipsec-tools/20-grekey-support.patch
index 17fea3e991..7651b8dbf2 100644
--- a/main/ipsec-tools/20-grekey-support.patch
+++ b/main/ipsec-tools/20-grekey-support.patch
@@ -499,7 +499,7 @@ Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c
  	if (iph1hint == NULL || iph1hint->rmconf == NULL) {
 -		rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0);
 +		int flags = 0;
-+		uint32_t remoteid;
++		uint32_t remoteid = 0;
 +		if (nopassive)
 +			flags |= GETRMCONF_F_NO_PASSIVE;
 +		if (iph2->sainfo != NULL) {
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 0d62f8078c..300c662799 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ipsec-tools
 pkgver=0.8.1
-pkgrel=1
+pkgrel=2
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 arch="all"
@@ -13,6 +13,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
 	racoon.initd
 	racoon.confd
 	01-fix-deletion-notification.patch
+	02-fix-xauth-double-free-on-reload.patch
+	03-fix-sport-selection.patch
 	20-grekey-support.patch
 	50-reverse-connect.patch
 	70-defer-isakmp-ident-handling.patch
@@ -62,7 +64,9 @@ md5sums="4d5d5ccc402c9c6bec0e87217e451fe5  ipsec-tools-0.8.1.tar.gz
 74f12ed04ed273a738229c0bfbf829cc  racoon.initd
 2d00250cf72da7f2f559c91b65a48747  racoon.confd
 c8b141e2c705c31af1c35d481e695ee6  01-fix-deletion-notification.patch
-79b919ab23080f54dc3e7686877ca6bd  20-grekey-support.patch
+5f30dfa6997b32e89c0e86826a70f777  02-fix-xauth-double-free-on-reload.patch
+2dd6bc764a5464b811edd6b4847880eb  03-fix-sport-selection.patch
+a6efed1359bde30ea3652fdbe76d89c0  20-grekey-support.patch
 f97205eea3dc68d2437a2ad8720f4520  50-reverse-connect.patch
 94773c94233e14cdce0fa02ff780a43e  70-defer-isakmp-ident-handling.patch
 2d5d24c4a3684a38584f88720f71c7d6  75-racoonctl-rcvbuf.patch