From e90e26659383d1702bdeb9be143f3a11f3783488 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Thu, 24 Jan 2013 08:51:04 +0200
Subject: main/ipsec-tools: apply a security fix from upstream commit

---
 main/ipsec-tools/01-fix-deletion-notification.patch | 12 ++++++++++++
 main/ipsec-tools/APKBUILD                           |  4 +++-
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 main/ipsec-tools/01-fix-deletion-notification.patch

(limited to 'main')

diff --git a/main/ipsec-tools/01-fix-deletion-notification.patch b/main/ipsec-tools/01-fix-deletion-notification.patch
new file mode 100644
index 0000000000..c81846289d
--- /dev/null
+++ b/main/ipsec-tools/01-fix-deletion-notification.patch
@@ -0,0 +1,12 @@
+diff -u -r1.48 isakmp_inf.c
+--- a/src/racoon/isakmp_inf.c	29 Aug 2012 12:01:30 -0000	1.48
++++ b/src/racoon/isakmp_inf.c	24 Jan 2013 06:46:45 -0000
+@@ -492,7 +492,7 @@
+ 		"delete payload for protocol %s\n",
+ 		s_ipsecdoi_proto(delete->proto_id));
+ 
+-	if(!iph1->rmconf->weak_phase1_check && !encrypted) {
++	if((iph1 == NULL || !iph1->rmconf->weak_phase1_check) && !encrypted) {
+ 		plog(LLV_WARNING, LOCATION, iph1->remote,
+ 			"Ignoring unencrypted delete payload "
+ 			"(check the weak_phase1_check option)\n");
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index e62082f80d..0d62f8078c 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ipsec-tools
 pkgver=0.8.1
-pkgrel=0
+pkgrel=1
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 arch="all"
@@ -12,6 +12,7 @@ subpackages="$pkgname-doc $pkgname-dev"
 source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
 	racoon.initd
 	racoon.confd
+	01-fix-deletion-notification.patch
 	20-grekey-support.patch
 	50-reverse-connect.patch
 	70-defer-isakmp-ident-handling.patch
@@ -60,6 +61,7 @@ package() {
 md5sums="4d5d5ccc402c9c6bec0e87217e451fe5  ipsec-tools-0.8.1.tar.gz
 74f12ed04ed273a738229c0bfbf829cc  racoon.initd
 2d00250cf72da7f2f559c91b65a48747  racoon.confd
+c8b141e2c705c31af1c35d481e695ee6  01-fix-deletion-notification.patch
 79b919ab23080f54dc3e7686877ca6bd  20-grekey-support.patch
 f97205eea3dc68d2437a2ad8720f4520  50-reverse-connect.patch
 94773c94233e14cdce0fa02ff780a43e  70-defer-isakmp-ident-handling.patch
-- 
cgit v1.2.3