From ba39f71b2a8dfd155684df4b01f098039b68389e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Tue, 5 Feb 2013 13:41:25 +0200 Subject: main/ipsec-tools: cherry-pick fixes from upstream --- .../02-fix-xauth-double-free-on-reload.patch | 19 ++++++++++++++ main/ipsec-tools/03-fix-sport-selection.patch | 29 ++++++++++++++++++++++ main/ipsec-tools/20-grekey-support.patch | 2 +- main/ipsec-tools/APKBUILD | 8 ++++-- 4 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch create mode 100644 main/ipsec-tools/03-fix-sport-selection.patch (limited to 'main/ipsec-tools') diff --git a/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch new file mode 100644 index 0000000000..af3f7468be --- /dev/null +++ b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch @@ -0,0 +1,19 @@ +--- a/src/racoon/isakmp_xauth.c 15 Nov 2011 13:51:23 -0000 1.24 ++++ b/src/racoon/isakmp_xauth.c 5 Feb 2013 06:21:03 -0000 +@@ -458,10 +458,14 @@ + vfree(xauth_rad_config.acct_server_list[i].host); + vfree(xauth_rad_config.acct_server_list[i].secret); + } +- if (radius_auth_state != NULL) ++ if (radius_auth_state != NULL) { + rad_close(radius_auth_state); +- if (radius_acct_state != NULL) ++ radius_auth_state = NULL; ++ } ++ if (radius_acct_state != NULL) { + rad_close(radius_acct_state); ++ radius_acct_state = NULL; ++ } + } + + /* initialize radius config */ diff --git a/main/ipsec-tools/03-fix-sport-selection.patch b/main/ipsec-tools/03-fix-sport-selection.patch new file mode 100644 index 0000000000..56cd999b39 --- /dev/null +++ b/main/ipsec-tools/03-fix-sport-selection.patch @@ -0,0 +1,29 @@ +--- a/src/racoon/grabmyaddr.c 14 Mar 2011 17:18:12 -0000 1.28 ++++ b/src/racoon/grabmyaddr.c 5 Feb 2013 11:32:59 -0000 +@@ -274,13 +274,24 @@ + struct sockaddr *addr; + { + struct myaddr *my; ++ int port = 0, wport; + + LIST_FOREACH(my, &opened, chain) { +- if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH) ++ switch (cmpsaddr((struct sockaddr *) &my->addr, addr)) { ++ case CMPSADDR_MATCH: + return extract_port((struct sockaddr *) &my->addr); ++ case CMPSADDR_WILDPORT_MATCH: ++ wport = extract_port((struct sockaddr *) &my->addr); ++ if (port == 0 || wport < port) ++ port = wport; ++ break; ++ } + } ++ ++ if (port == 0) ++ port = PORT_ISAKMP; + +- return PORT_ISAKMP; ++ return port; + } + + void diff --git a/main/ipsec-tools/20-grekey-support.patch b/main/ipsec-tools/20-grekey-support.patch index 17fea3e991..7651b8dbf2 100644 --- a/main/ipsec-tools/20-grekey-support.patch +++ b/main/ipsec-tools/20-grekey-support.patch @@ -499,7 +499,7 @@ Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c if (iph1hint == NULL || iph1hint->rmconf == NULL) { - rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0); + int flags = 0; -+ uint32_t remoteid; ++ uint32_t remoteid = 0; + if (nopassive) + flags |= GETRMCONF_F_NO_PASSIVE; + if (iph2->sainfo != NULL) { diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 0d62f8078c..300c662799 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=ipsec-tools pkgver=0.8.1 -pkgrel=1 +pkgrel=2 pkgdesc="User-space IPsec tools for various IPsec implementations" url="http://ipsec-tools.sourceforge.net/" arch="all" @@ -13,6 +13,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz racoon.initd racoon.confd 01-fix-deletion-notification.patch + 02-fix-xauth-double-free-on-reload.patch + 03-fix-sport-selection.patch 20-grekey-support.patch 50-reverse-connect.patch 70-defer-isakmp-ident-handling.patch @@ -62,7 +64,9 @@ md5sums="4d5d5ccc402c9c6bec0e87217e451fe5 ipsec-tools-0.8.1.tar.gz 74f12ed04ed273a738229c0bfbf829cc racoon.initd 2d00250cf72da7f2f559c91b65a48747 racoon.confd c8b141e2c705c31af1c35d481e695ee6 01-fix-deletion-notification.patch -79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch +5f30dfa6997b32e89c0e86826a70f777 02-fix-xauth-double-free-on-reload.patch +2dd6bc764a5464b811edd6b4847880eb 03-fix-sport-selection.patch +a6efed1359bde30ea3652fdbe76d89c0 20-grekey-support.patch f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch 94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch 2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch -- cgit v1.2.3