aboutsummaryrefslogtreecommitdiffstats
path: root/main/openswan/fix-natt.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/openswan/fix-natt.patch')
-rw-r--r--main/openswan/fix-natt.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/main/openswan/fix-natt.patch b/main/openswan/fix-natt.patch
new file mode 100644
index 0000000000..308bac816e
--- /dev/null
+++ b/main/openswan/fix-natt.patch
@@ -0,0 +1,39 @@
+https://github.com/xelerance/Openswan/commit/b6041cb5d1d07974596be79606a977e88dd9ec48.patch
+
+From b6041cb5d1d07974596be79606a977e88dd9ec48 Mon Sep 17 00:00:00 2001
+From: Patrick Naubert <patrickn@xelerance.com>
+Date: Fri, 28 Feb 2014 19:59:54 -0500
+Subject: [PATCH] Bring back NAT traversal that got mistakenly pulled out by
+ CVE-2014-2037 patch. Patch by Thomas Geulig
+
+---
+ lib/libopenswan/constants.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/lib/libopenswan/constants.c b/lib/libopenswan/constants.c
+index 932b205..09f7e80 100644
+--- a/lib/libopenswan/constants.c
++++ b/lib/libopenswan/constants.c
+@@ -167,9 +167,18 @@ const char *const payload_name_ikev2_main[] = {
+ NULL /* termination for bitnamesof() */
+ };
+
++const char *const payload_name_nat_d[] = {
++ "ISAKMP_NEXT_NAT-D",
++ "ISAKMP_NEXT_NAT-OA",
++ NULL
++};
++
++static enum_names payload_names_nat_d =
++{ ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL };
++
+ static enum_names payload_names_ikev2_main =
+ { ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2_main,
+- NULL };
++ &payload_names_nat_d };
+
+ const char *const payload_name_ikev2[] = {
+ "ISAKMP_NEXT_v2NONE", /* 33 */
+--
+1.9.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 16:43:08 +0000