diff options
Diffstat (limited to 'main/ipsec-tools')
-rw-r--r-- | main/ipsec-tools/10-cmpsaddr-fix.patch | 421 | ||||
-rw-r--r-- | main/ipsec-tools/APKBUILD | 11 |
2 files changed, 4 insertions, 428 deletions
diff --git a/main/ipsec-tools/10-cmpsaddr-fix.patch b/main/ipsec-tools/10-cmpsaddr-fix.patch deleted file mode 100644 index af73c2e5e1..0000000000 --- a/main/ipsec-tools/10-cmpsaddr-fix.patch +++ /dev/null @@ -1,421 +0,0 @@ -Index: ipsec-tools-cvs-HEAD/src/racoon/grabmyaddr.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/grabmyaddr.c 2011-03-03 17:54:33.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/grabmyaddr.c 2011-03-03 18:45:24.000000000 +0200 -@@ -100,7 +100,7 @@ - return TRUE; - - LIST_FOREACH(cfg, &configured, chain) { -- if (cmpsaddr(addr, (struct sockaddr *) &cfg->addr) == 0) -+ if (cmpsaddr(addr, (struct sockaddr *) &cfg->addr) <= CMPSADDR_WILDPORT_MATCH) - return TRUE; - } - -@@ -116,7 +116,7 @@ - - /* Already open? */ - LIST_FOREACH(my, &opened, chain) { -- if (cmpsaddr(addr, (struct sockaddr *) &my->addr) == 0) -+ if (cmpsaddr(addr, (struct sockaddr *) &my->addr) <= CMPSADDR_WILDPORT_MATCH) - return TRUE; - } - -@@ -156,7 +156,7 @@ - - LIST_FOREACH(cfg, &configured, chain) { - if (addr != NULL && -- cmpsaddr(addr, (struct sockaddr *) &cfg->addr) != 0) -+ cmpsaddr(addr, (struct sockaddr *) &cfg->addr) > CMPSADDR_WILDPORT_MATCH) - continue; - if (!myaddr_open((struct sockaddr *) &cfg->addr, cfg->udp_encap)) - return FALSE; -@@ -262,7 +262,7 @@ - struct myaddr *my; - - LIST_FOREACH(my, &opened, chain) { -- if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0) -+ if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH) - return my->fd; - } - -@@ -276,7 +276,7 @@ - struct myaddr *my; - - LIST_FOREACH(my, &opened, chain) { -- if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0) -+ if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH) - return extract_port((struct sockaddr *) &my->addr); - } - -Index: ipsec-tools-cvs-HEAD/src/racoon/handler.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/handler.c 2011-03-03 17:54:33.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/handler.c 2011-03-03 18:48:10.000000000 +0200 -@@ -120,11 +120,11 @@ - LIST_FOREACH(p, &ph1tree, chain) { - if (sel != NULL) { - if (sel->local != NULL && -- cmpsaddr(sel->local, p->local) != 0) -+ cmpsaddr(sel->local, p->local) > CMPSADDR_WILDPORT_MATCH) - continue; - - if (sel->remote != NULL && -- cmpsaddr(sel->remote, p->remote) != 0) -+ cmpsaddr(sel->remote, p->remote) > CMPSADDR_WILDPORT_MATCH) - continue; - } - -@@ -300,8 +300,8 @@ - if (p->status < PHASE1ST_DYING) - continue; - -- if (cmpsaddr(iph1->local, p->local) == 0 -- && cmpsaddr(iph1->remote, p->remote) == 0) -+ if (cmpsaddr(iph1->local, p->local) == CMPSADDR_MATCH -+ && cmpsaddr(iph1->remote, p->remote) == CMPSADDR_MATCH) - migrate_ph12(p, iph1); - } - } -@@ -547,11 +547,11 @@ - continue; - - if (sel->src != NULL && -- cmpsaddr(sel->src, p->src) != 0) -+ cmpsaddr(sel->src, p->src) != CMPSADDR_MATCH) - continue; - - if (sel->dst != NULL && -- cmpsaddr(sel->dst, p->dst) != 0) -+ cmpsaddr(sel->dst, p->dst) != CMPSADDR_MATCH) - continue; - } - -@@ -615,8 +615,8 @@ - - LIST_FOREACH(p, &ph2tree, chain) { - if (spid == p->spid && -- cmpsaddr(src, p->src) == 0 && -- cmpsaddr(dst, p->dst) == 0){ -+ cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH && -+ cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){ - /* Sanity check to detect zombie handlers - * XXX Sould be done "somewhere" more interesting, - * because we have lots of getph2byxxxx(), but this one -@@ -643,8 +643,8 @@ - struct ph2handle *p; - - LIST_FOREACH(p, &ph2tree, chain) { -- if (cmpsaddr(src, p->src) == 0 && -- cmpsaddr(dst, p->dst) == 0) -+ if (cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH && -+ cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH) - return p; - } - -@@ -947,7 +947,7 @@ - struct contacted *p; - - LIST_FOREACH(p, &ctdtree, chain) { -- if (cmpsaddr(remote, p->remote) == 0) -+ if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) - return p; - } - -@@ -988,7 +988,7 @@ - struct contacted *p; - - LIST_FOREACH(p, &ctdtree, chain) { -- if (cmpsaddr(remote, p->remote) == 0) { -+ if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) { - LIST_REMOVE(p, chain); - racoon_free(p->remote); - racoon_free(p); -@@ -1042,7 +1042,7 @@ - /* - * the packet was processed before, but the remote address mismatches. - */ -- if (cmpsaddr(remote, r->remote) != 0) -+ if (cmpsaddr(remote, r->remote) != CMPSADDR_MATCH) - return 2; - - /* -Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/isakmp.c 2011-03-03 17:54:33.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/isakmp.c 2011-03-03 18:50:22.000000000 +0200 -@@ -468,8 +468,8 @@ - /* Floating ports for NAT-T */ - if (NATT_AVAILABLE(iph1) && - ! (iph1->natt_flags & NAT_PORTS_CHANGED) && -- ((cmpsaddr(iph1->remote, remote) != 0) || -- (cmpsaddr(iph1->local, local) != 0))) -+ ((cmpsaddr(iph1->remote, remote) != CMPSADDR_MATCH) || -+ (cmpsaddr(iph1->local, local) != CMPSADDR_MATCH))) - { - /* prevent memory leak */ - racoon_free(iph1->remote); -@@ -510,7 +510,7 @@ - #endif - - /* must be same addresses in one stream of a phase at least. */ -- if (cmpsaddr(iph1->remote, remote) != 0) { -+ if (cmpsaddr(iph1->remote, remote) != CMPSADDR_MATCH) { - char *saddr_db, *saddr_act; - - saddr_db = racoon_strdup(saddr2str(iph1->remote)); -@@ -636,7 +636,7 @@ - "exchange received.\n"); - return -1; - } -- if (cmpsaddr(iph1->remote, remote) != 0) { -+ if (cmpsaddr(iph1->remote, remote) != CMPSADDR_MATCH) { - plog(LLV_WARNING, LOCATION, remote, - "remote address mismatched. " - "db=%s\n", -@@ -3322,10 +3322,10 @@ - * Select only SAs where src == local and dst == remote (outgoing) - * or src == remote and dst == local (incoming). - */ -- if ((cmpsaddr(iph1->local, src) || -- cmpsaddr(iph1->remote, dst)) && -- (cmpsaddr(iph1->local, dst) || -- cmpsaddr(iph1->remote, src))) { -+ if ((cmpsaddr(iph1->local, src) != CMPSADDR_MATCH || -+ cmpsaddr(iph1->remote, dst) != CMPSADDR_MATCH) && -+ (cmpsaddr(iph1->local, dst) != CMPSADDR_MATCH || -+ cmpsaddr(iph1->remote, src) != CMPSADDR_MATCH)) { - msg = next; - continue; - } -Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp_inf.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/isakmp_inf.c 2011-03-03 17:54:34.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/isakmp_inf.c 2011-03-03 18:51:05.000000000 +0200 -@@ -1177,7 +1177,7 @@ - - /* don't delete inbound SAs at the moment */ - /* XXX should we remove SAs with opposite direction as well? */ -- if (cmpsaddr(dst0, dst)) { -+ if (cmpsaddr(dst0, dst) != CMPSADDR_MATCH) { - msg = next; - continue; - } -@@ -1355,10 +1355,10 @@ - * ports. Correct thing to do is delete all entries with - * same identity. -TT - */ -- if ((cmpsaddr(iph1->local, src) != 0 || -- cmpsaddr(iph1->remote, dst) != 0) && -- (cmpsaddr(iph1->local, dst) != 0 || -- cmpsaddr(iph1->remote, src) != 0)) -+ if ((cmpsaddr(iph1->local, src) != CMPSADDR_MATCH || -+ cmpsaddr(iph1->remote, dst) != CMPSADDR_MATCH) && -+ (cmpsaddr(iph1->local, dst) != CMPSADDR_MATCH || -+ cmpsaddr(iph1->remote, src) != CMPSADDR_MATCH)) - continue; - - /* -Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp_quick.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/isakmp_quick.c 2011-03-03 17:54:34.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/isakmp_quick.c 2011-03-03 18:51:48.000000000 +0200 -@@ -629,7 +629,7 @@ - #endif - - if (cmpsaddr((struct sockaddr *) &proposed_addr, -- (struct sockaddr *) &got_addr) == 0) { -+ (struct sockaddr *) &got_addr) == CMPSADDR_MATCH) { - plog(LLV_DEBUG, LOCATION, NULL, - "IDci matches proposal.\n"); - #ifdef ENABLE_NATT -@@ -677,13 +677,13 @@ - #endif - - if (cmpsaddr((struct sockaddr *) &proposed_addr, -- (struct sockaddr *) &got_addr) == 0) { -+ (struct sockaddr *) &got_addr) == CMPSADDR_MATCH) { - plog(LLV_DEBUG, LOCATION, NULL, - "IDcr matches proposal.\n"); - #ifdef ENABLE_NATT - } else if (iph2->natoa_dst != NULL - && cmpsaddr(iph2->natoa_dst, -- (struct sockaddr *) &got_addr) == 0) { -+ (struct sockaddr *) &got_addr) == CMPSADDR_MATCH) { - plog(LLV_DEBUG, LOCATION, NULL, - "IDcr matches NAT-OAr.\n"); - #endif -Index: ipsec-tools-cvs-HEAD/src/racoon/nattraversal.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/nattraversal.c 2011-03-03 17:54:34.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/nattraversal.c 2011-03-03 18:52:20.000000000 +0200 -@@ -398,8 +398,8 @@ - struct natt_ka_addrs *ka = NULL, *new_addr; - - TAILQ_FOREACH (ka, &ka_tree, chain) { -- if (cmpsaddr(ka->src, src) == 0 && -- cmpsaddr(ka->dst, dst) == 0) { -+ if (cmpsaddr(ka->src, src) == CMPSADDR_MATCH && -+ cmpsaddr(ka->dst, dst) == CMPSADDR_MATCH) { - ka->in_use++; - plog (LLV_INFO, LOCATION, NULL, "KA found: %s (in_use=%u)\n", - saddr2str_fromto("%s->%s", src, dst), ka->in_use); -@@ -462,8 +462,8 @@ - plog (LLV_DEBUG, LOCATION, NULL, "KA tree dump: %s (in_use=%u)\n", - saddr2str_fromto("%s->%s", src, dst), ka->in_use); - -- if (cmpsaddr(ka->src, src) == 0 && -- cmpsaddr(ka->dst, dst) == 0 && -+ if (cmpsaddr(ka->src, src) == CMPSADDR_MATCH && -+ cmpsaddr(ka->dst, dst) == CMPSADDR_MATCH && - -- ka->in_use <= 0) { - - plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n"); -Index: ipsec-tools-cvs-HEAD/src/racoon/pfkey.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/pfkey.c 2011-03-03 17:54:34.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/pfkey.c 2011-03-03 18:52:50.000000000 +0200 -@@ -2882,8 +2882,8 @@ - u_int16_t port; - - /* Already up-to-date? */ -- if (cmpsaddr(iph1->local, ma->local) == 0 && -- cmpsaddr(iph1->remote, ma->remote) == 0) -+ if (cmpsaddr(iph1->local, ma->local) == CMPSADDR_MATCH && -+ cmpsaddr(iph1->remote, ma->remote) == CMPSADDR_MATCH) - return 0; - - if (iph1->status < PHASE1ST_ESTABLISHED) { -@@ -2983,8 +2983,8 @@ - migrate_ph1_ike_addresses(iph2->ph1, arg); - - /* Already up-to-date? */ -- if (cmpsaddr(iph2->src, ma->local) == 0 && -- cmpsaddr(iph2->dst, ma->remote) == 0) -+ if (cmpsaddr(iph2->src, ma->local) == CMPSADDR_MATCH && -+ cmpsaddr(iph2->dst, ma->remote) == CMPSADDR_MATCH) - return 0; - - /* save src/dst as sa_src/sa_dst before rewriting */ -@@ -3207,8 +3207,8 @@ - "changing address families (%d to %d) for endpoints.\n", - osaddr->sa_family, nsaddr->sa_family); - -- if (cmpsaddr(osaddr, (struct sockaddr *) &saidx->src) || -- cmpsaddr(odaddr, (struct sockaddr *) &saidx->dst)) { -+ if (cmpsaddr(osaddr, (struct sockaddr *) &saidx->src) != CMPSADDR_MATCH || -+ cmpsaddr(odaddr, (struct sockaddr *) &saidx->dst) != CMPSADDR_MATCH) { - plog(LLV_DEBUG, LOCATION, NULL, "SADB_X_MIGRATE: " - "mismatch of addresses in saidx and xisr.\n"); - return -1; -Index: ipsec-tools-cvs-HEAD/src/racoon/policy.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/policy.c 2011-03-03 17:54:34.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/policy.c 2011-03-03 19:09:42.000000000 +0200 -@@ -142,7 +142,7 @@ - plog(LLV_DEBUG, LOCATION, NULL, "src2: %s\n", - saddr2str((struct sockaddr *)&spidx->src)); - -- if (cmpsaddr(iph2->src, (struct sockaddr *) &spidx->src) || -+ if (cmpsaddr(iph2->src, (struct sockaddr *) &spidx->src) != CMPSADDR_MATCH || - spidx->prefs != prefixlen) - return NULL; - -@@ -151,7 +151,7 @@ - plog(LLV_DEBUG, LOCATION, NULL, "dst2: %s\n", - saddr2str((struct sockaddr *)&spidx->dst)); - -- if (cmpsaddr(iph2->dst, (struct sockaddr *) &spidx->dst) || -+ if (cmpsaddr(iph2->dst, (struct sockaddr *) &spidx->dst) != CMPSADDR_MATCH || - spidx->prefd != prefixlen) - return NULL; - -@@ -201,10 +201,10 @@ - return 1; - - if (cmpsaddr((struct sockaddr *) &a->src, -- (struct sockaddr *) &b->src)) -+ (struct sockaddr *) &b->src) != CMPSADDR_MATCH) - return 1; - if (cmpsaddr((struct sockaddr *) &a->dst, -- (struct sockaddr *) &b->dst)) -+ (struct sockaddr *) &b->dst) != CMPSADDR_MATCH) - return 1; - - #ifdef HAVE_SECCTX -@@ -261,7 +261,7 @@ - a, b->prefs, saddr2str((struct sockaddr *)&sa1)); - plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n", - b, b->prefs, saddr2str((struct sockaddr *)&sa2)); -- if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2)) -+ if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2) > CMPSADDR_WILDPORT_MATCH) - return 1; - - #ifndef __linux__ -@@ -279,7 +279,7 @@ - a, b->prefd, saddr2str((struct sockaddr *)&sa1)); - plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n", - b, b->prefd, saddr2str((struct sockaddr *)&sa2)); -- if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2)) -+ if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2) > CMPSADDR_WILDPORT_MATCH) - return 1; - - #ifdef HAVE_SECCTX -Index: ipsec-tools-cvs-HEAD/src/racoon/sockmisc.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/sockmisc.c 2011-03-03 17:54:35.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/sockmisc.c 2011-03-03 18:55:01.000000000 +0200 -@@ -132,11 +132,13 @@ - return CMPSADDR_MISMATCH; - } - -- if (port1 == port2 || -- port1 == IPSEC_PORT_ANY || -- port2 == IPSEC_PORT_ANY) -+ if (port1 == port2) - return CMPSADDR_MATCH; - -+ if (port1 == IPSEC_PORT_ANY || -+ port2 == IPSEC_PORT_ANY) -+ return CMPSADDR_WILDPORT_MATCH; -+ - return CMPSADDR_WOP_MATCH; - } - -@@ -934,7 +936,7 @@ - free(a2); - free(a3); - } -- if (cmpsaddr(&sa, &naddr->sa.sa) == 0) -+ if (cmpsaddr(&sa, &naddr->sa.sa) <= CMPSADDR_WOP_MATCH) - return naddr->prefix + port_score; - - return -1; -Index: ipsec-tools-cvs-HEAD/src/racoon/sockmisc.h -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/sockmisc.h 2011-03-03 17:54:35.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/sockmisc.h 2011-03-03 18:40:30.000000000 +0200 -@@ -57,8 +57,9 @@ - extern const int niflags; - - #define CMPSADDR_MATCH 0 --#define CMPSADDR_WOP_MATCH 1 --#define CMPSADDR_MISMATCH 2 -+#define CMPSADDR_WILDPORT_MATCH 1 -+#define CMPSADDR_WOP_MATCH 2 -+#define CMPSADDR_MISMATCH 3 - - extern int cmpsaddr __P((const struct sockaddr *, const struct sockaddr *)); - -Index: ipsec-tools-cvs-HEAD/src/racoon/throttle.c -=================================================================== ---- ipsec-tools-cvs-HEAD.orig/src/racoon/throttle.c 2011-03-03 17:54:35.000000000 +0200 -+++ ipsec-tools-cvs-HEAD/src/racoon/throttle.c 2011-03-03 18:55:31.000000000 +0200 -@@ -104,7 +104,7 @@ - goto restart; - } - -- if (cmpsaddr(addr, (struct sockaddr *) &te->host) == 0) { -+ if (cmpsaddr(addr, (struct sockaddr *) &te->host) <= CMPSADDR_WOP_MATCH) { - found = 1; - break; - } diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 3e9609bb77..6e8341cb87 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD @@ -1,7 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ipsec-tools -pkgver=0.8.0_rc1 -_myver=0.8.0.RC +pkgver=0.8.0 pkgrel=0 pkgdesc="User-space IPsec tools for various IPsec implementations" url="http://ipsec-tools.sourceforge.net/" @@ -10,17 +9,16 @@ license="BSD" depends="" makedepends="openssl-dev bison flex" subpackages="$pkgname-doc $pkgname-dev" -source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz +source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz racoon.initd racoon.confd - 10-cmpsaddr-fix.patch 20-grekey-support.patch 50-reverse-connect.patch 70-defer-isakmp-ident-handling.patch 75-racoonctl-rcvbuf.patch " -_builddir="$srcdir"/$pkgname-$_myver +_builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" for i in ../*.patch; do @@ -57,10 +55,9 @@ package() { install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon } -md5sums="9473d0ce8746f16281fce1b75a9fffa3 ipsec-tools-0.8.0.RC.tar.gz +md5sums="c9a318cdbc0946f4e51464866d529739 ipsec-tools-0.8.0.tar.gz 74f12ed04ed273a738229c0bfbf829cc racoon.initd 2d00250cf72da7f2f559c91b65a48747 racoon.confd -e4c9ae678bf80518107690bde97dc14b 10-cmpsaddr-fix.patch 64a859d51f57206a11e52f6ad4830ec5 20-grekey-support.patch f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch 94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch |