diff options
author | Timo Teräs <timo.teras@iki.fi> | 2012-08-23 14:58:18 +0300 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-01-30 06:53:37 +0000 |
commit | e20039bd99549ce64242e04536a2a2908b4165e7 (patch) | |
tree | 91187e9033b6a485fbc8d6f09fed6afd038da86c | |
parent | 1e300c240ad87fba477a3ad75e4d885b68aa62d0 (diff) | |
download | alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.tar.bz2 alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.tar.xz alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.zip |
main/ipsec-tools: cherry-pick fixes from upstream CVS
(cherry picked from commit 75708decfc9606471b2f84956c5aedbdc587b5c1)
-rw-r--r-- | main/ipsec-tools/01-privsep-fix.patch | 46 | ||||
-rw-r--r-- | main/ipsec-tools/02-pfkey-buffer-size-fix.patch | 65 | ||||
-rw-r--r-- | main/ipsec-tools/03-list-foreach-fixes.patch | 59 | ||||
-rw-r--r-- | main/ipsec-tools/04-splitnet-malloc-fix.patch | 36 | ||||
-rw-r--r-- | main/ipsec-tools/05-bignum-alloc-fix.patch | 25 | ||||
-rw-r--r-- | main/ipsec-tools/APKBUILD | 12 |
6 files changed, 242 insertions, 1 deletions
diff --git a/main/ipsec-tools/01-privsep-fix.patch b/main/ipsec-tools/01-privsep-fix.patch new file mode 100644 index 0000000000..a4842a8ac9 --- /dev/null +++ b/main/ipsec-tools/01-privsep-fix.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | Please note that diffs are not public domain; they are subject to the | ||
2 | copyright notices on the relevant files. | ||
3 | |||
4 | =================================================================== | ||
5 | RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/privsep.c,v | ||
6 | retrieving revision 1.21 | ||
7 | retrieving revision 1.21.2.1 | ||
8 | diff -u -p -r1.21 -r1.21.2.1 | ||
9 | --- ipsec-tools/src/racoon/privsep.c 2011/03/06 08:28:10 1.21 | ||
10 | +++ ipsec-tools/src/racoon/privsep.c 2011/08/12 05:46:06 1.21.2.1 | ||
11 | @@ -1,4 +1,4 @@ | ||
12 | -/* $NetBSD: privsep.c,v 1.21 2011/03/06 08:28:10 tteras Exp $ */ | ||
13 | +/* $NetBSD: privsep.c,v 1.21.2.1 2011/08/12 05:46:06 tteras Exp $ */ | ||
14 | |||
15 | /* Id: privsep.c,v 1.15 2005/08/08 11:23:44 vanhu Exp */ | ||
16 | |||
17 | @@ -67,6 +67,7 @@ | ||
18 | #include "admin.h" | ||
19 | #include "sockmisc.h" | ||
20 | #include "privsep.h" | ||
21 | +#include "session.h" | ||
22 | |||
23 | static int privsep_sock[2] = { -1, -1 }; | ||
24 | |||
25 | @@ -193,6 +194,13 @@ privsep_recv(sock, bufp, lenp) | ||
26 | return 0; | ||
27 | } | ||
28 | |||
29 | +static int | ||
30 | +privsep_do_exit(void *ctx, int fd) | ||
31 | +{ | ||
32 | + kill(getpid(), SIGTERM); | ||
33 | + return 0; | ||
34 | +} | ||
35 | + | ||
36 | int | ||
37 | privsep_init(void) | ||
38 | { | ||
39 | @@ -273,6 +281,7 @@ privsep_init(void) | ||
40 | strerror(errno)); | ||
41 | return -1; | ||
42 | } | ||
43 | + monitor_fd(privsep_sock[1], privsep_do_exit, NULL, 0); | ||
44 | |||
45 | return 0; | ||
46 | break; | ||
diff --git a/main/ipsec-tools/02-pfkey-buffer-size-fix.patch b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch new file mode 100644 index 0000000000..eb028304b8 --- /dev/null +++ b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch | |||
@@ -0,0 +1,65 @@ | |||
1 | Please note that diffs are not public domain; they are subject to the | ||
2 | copyright notices on the relevant files. | ||
3 | |||
4 | =================================================================== | ||
5 | RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c,v | ||
6 | retrieving revision 1.21 | ||
7 | retrieving revision 1.21.2.1 | ||
8 | diff -u -p -r1.21 -r1.21.2.1 | ||
9 | --- ipsec-tools/src/libipsec/pfkey.c 2011/01/20 16:08:35 1.21 | ||
10 | +++ ipsec-tools/src/libipsec/pfkey.c 2011/11/14 13:25:06 1.21.2.1 | ||
11 | @@ -1,4 +1,4 @@ | ||
12 | -/* $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */ | ||
13 | +/* $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp $ */ | ||
14 | |||
15 | /* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */ | ||
16 | |||
17 | @@ -1783,7 +1783,9 @@ int | ||
18 | pfkey_open(void) | ||
19 | { | ||
20 | int so; | ||
21 | - int bufsiz = 128 * 1024; /*is 128K enough?*/ | ||
22 | + int bufsiz_current, bufsiz_wanted; | ||
23 | + int ret; | ||
24 | + socklen_t len; | ||
25 | |||
26 | if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) { | ||
27 | __ipsec_set_strerror(strerror(errno)); | ||
28 | @@ -1794,14 +1796,29 @@ pfkey_open(void) | ||
29 | * This is a temporary workaround for KAME PR 154. | ||
30 | * Don't really care even if it fails. | ||
31 | */ | ||
32 | - (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)); | ||
33 | - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); | ||
34 | - bufsiz = 256 * 1024; | ||
35 | - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); | ||
36 | - bufsiz = 512 * 1024; | ||
37 | - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); | ||
38 | - bufsiz = 1024 * 1024; | ||
39 | - (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); | ||
40 | + /* Try to have 128k. If we have more, do not lower it. */ | ||
41 | + bufsiz_wanted = 128 * 1024; | ||
42 | + len = sizeof(bufsiz_current); | ||
43 | + ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF, | ||
44 | + &bufsiz_current, &len); | ||
45 | + if ((ret < 0) || (bufsiz_current < bufsiz_wanted)) | ||
46 | + (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, | ||
47 | + &bufsiz_wanted, sizeof(bufsiz_wanted)); | ||
48 | + | ||
49 | + /* Try to have have at least 2MB. If we have more, do not lower it. */ | ||
50 | + bufsiz_wanted = 2 * 1024 * 1024; | ||
51 | + len = sizeof(bufsiz_current); | ||
52 | + ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF, | ||
53 | + &bufsiz_current, &len); | ||
54 | + if (ret < 0) | ||
55 | + bufsiz_current = 128 * 1024; | ||
56 | + | ||
57 | + for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) { | ||
58 | + if (setsockopt(so, SOL_SOCKET, SO_RCVBUF, | ||
59 | + &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0) | ||
60 | + break; | ||
61 | + } | ||
62 | + | ||
63 | __ipsec_errcode = EIPSEC_NO_ERROR; | ||
64 | return so; | ||
65 | } | ||
diff --git a/main/ipsec-tools/03-list-foreach-fixes.patch b/main/ipsec-tools/03-list-foreach-fixes.patch new file mode 100644 index 0000000000..9851b63ceb --- /dev/null +++ b/main/ipsec-tools/03-list-foreach-fixes.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | Please note that diffs are not public domain; they are subject to the | ||
2 | copyright notices on the relevant files. | ||
3 | |||
4 | =================================================================== | ||
5 | RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v | ||
6 | retrieving revision 1.39 | ||
7 | retrieving revision 1.40 | ||
8 | diff -u -p -r1.39 -r1.40 | ||
9 | --- ipsec-tools/src/racoon/handler.c 2011/03/14 17:18:12 1.39 | ||
10 | +++ ipsec-tools/src/racoon/handler.c 2011/11/17 14:41:55 1.40 | ||
11 | @@ -1,4 +1,4 @@ | ||
12 | -/* $NetBSD: handler.c,v 1.39 2011/03/14 17:18:12 tteras Exp $ */ | ||
13 | +/* $NetBSD: handler.c,v 1.40 2011/11/17 14:41:55 vanhu Exp $ */ | ||
14 | |||
15 | /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */ | ||
16 | |||
17 | @@ -611,9 +611,11 @@ getph2byid(src, dst, spid) | ||
18 | struct sockaddr *src, *dst; | ||
19 | u_int32_t spid; | ||
20 | { | ||
21 | - struct ph2handle *p; | ||
22 | + struct ph2handle *p, *next; | ||
23 | + | ||
24 | + for (p = LIST_FIRST(&ph2tree); p; p = next) { | ||
25 | + next = LIST_NEXT(p, chain); | ||
26 | |||
27 | - LIST_FOREACH(p, &ph2tree, chain) { | ||
28 | if (spid == p->spid && | ||
29 | cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH && | ||
30 | cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){ | ||
31 | @@ -985,9 +987,11 @@ void | ||
32 | remcontacted(remote) | ||
33 | struct sockaddr *remote; | ||
34 | { | ||
35 | - struct contacted *p; | ||
36 | + struct contacted *p, *next; | ||
37 | + | ||
38 | + for (p = LIST_FIRST(&ctdtree); p; p = next) { | ||
39 | + next = LIST_NEXT(p, chain); | ||
40 | |||
41 | - LIST_FOREACH(p, &ctdtree, chain) { | ||
42 | if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) { | ||
43 | LIST_REMOVE(p, chain); | ||
44 | racoon_free(p->remote); | ||
45 | @@ -1555,10 +1559,12 @@ int | ||
46 | purgeph1bylogin(login) | ||
47 | char *login; | ||
48 | { | ||
49 | - struct ph1handle *p; | ||
50 | + struct ph1handle *p, *next; | ||
51 | int found = 0; | ||
52 | |||
53 | - LIST_FOREACH(p, &ph1tree, chain) { | ||
54 | + for (p = LIST_FIRST(&ph1tree); p; p = next) { | ||
55 | + next = LIST_NEXT(p, chain); | ||
56 | + | ||
57 | if (p->mode_cfg == NULL) | ||
58 | continue; | ||
59 | if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) { | ||
diff --git a/main/ipsec-tools/04-splitnet-malloc-fix.patch b/main/ipsec-tools/04-splitnet-malloc-fix.patch new file mode 100644 index 0000000000..5f7aa8b90a --- /dev/null +++ b/main/ipsec-tools/04-splitnet-malloc-fix.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | Please note that diffs are not public domain; they are subject to the | ||
2 | copyright notices on the relevant files. | ||
3 | |||
4 | =================================================================== | ||
5 | RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_unity.c,v | ||
6 | retrieving revision 1.9 | ||
7 | retrieving revision 1.9.18.1 | ||
8 | diff -u -p -r1.9 -r1.9.18.1 | ||
9 | --- ipsec-tools/src/racoon/isakmp_unity.c 2007/10/19 03:37:19 1.9 | ||
10 | +++ ipsec-tools/src/racoon/isakmp_unity.c 2012/01/01 17:32:04 1.9.18.1 | ||
11 | @@ -1,4 +1,4 @@ | ||
12 | -/* $NetBSD: isakmp_unity.c,v 1.9 2007/10/19 03:37:19 manu Exp $ */ | ||
13 | +/* $NetBSD: isakmp_unity.c,v 1.9.18.1 2012/01/01 17:32:04 tteras Exp $ */ | ||
14 | |||
15 | /* Id: isakmp_unity.c,v 1.10 2006/07/31 04:49:23 manubsd Exp */ | ||
16 | |||
17 | @@ -387,8 +387,9 @@ char * splitnet_list_2str(list, splitnet | ||
18 | netentry = netentry->next; | ||
19 | } | ||
20 | |||
21 | - /* allocate network list string */ | ||
22 | - str = racoon_malloc(len); | ||
23 | + /* allocate network list string; we need the extra byte temporarily | ||
24 | + * as sprintf() will write trailing 0-byte after the space. */ | ||
25 | + str = racoon_malloc(len + 1); | ||
26 | if (str == NULL) | ||
27 | return NULL; | ||
28 | |||
29 | @@ -414,6 +415,7 @@ char * splitnet_list_2str(list, splitnet | ||
30 | netentry = netentry->next; | ||
31 | } | ||
32 | |||
33 | + /* trim the string to not have trailing spaces */ | ||
34 | str[len-1]=0; | ||
35 | |||
36 | return str; | ||
diff --git a/main/ipsec-tools/05-bignum-alloc-fix.patch b/main/ipsec-tools/05-bignum-alloc-fix.patch new file mode 100644 index 0000000000..90c330ff43 --- /dev/null +++ b/main/ipsec-tools/05-bignum-alloc-fix.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | Please note that diffs are not public domain; they are subject to the | ||
2 | copyright notices on the relevant files. | ||
3 | |||
4 | =================================================================== | ||
5 | RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v | ||
6 | retrieving revision 1.20 | ||
7 | retrieving revision 1.21 | ||
8 | diff -u -p -r1.20 -r1.21 | ||
9 | --- ipsec-tools/src/racoon/crypto_openssl.c 2010/10/20 13:40:02 1.20 | ||
10 | +++ ipsec-tools/src/racoon/crypto_openssl.c 2012/08/15 14:51:30 1.21 | ||
11 | @@ -1,4 +1,4 @@ | ||
12 | -/* $NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $ */ | ||
13 | +/* $NetBSD: crypto_openssl.c,v 1.21 2012/08/15 14:51:30 manu Exp $ */ | ||
14 | |||
15 | /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ | ||
16 | |||
17 | @@ -2501,7 +2501,7 @@ eay_bn2v(var, bn) | ||
18 | vchar_t **var; | ||
19 | BIGNUM *bn; | ||
20 | { | ||
21 | - *var = vmalloc(bn->top * BN_BYTES); | ||
22 | + *var = vmalloc(BN_num_bytes(bn)); | ||
23 | if (*var == NULL) | ||
24 | return(-1); | ||
25 | |||
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 9076efd534..24b6d0485f 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=ipsec-tools | 2 | pkgname=ipsec-tools |
3 | pkgver=0.8.0 | 3 | pkgver=0.8.0 |
4 | pkgrel=4 | 4 | pkgrel=5 |
5 | pkgdesc="User-space IPsec tools for various IPsec implementations" | 5 | pkgdesc="User-space IPsec tools for various IPsec implementations" |
6 | url="http://ipsec-tools.sourceforge.net/" | 6 | url="http://ipsec-tools.sourceforge.net/" |
7 | arch="all" | 7 | arch="all" |
@@ -12,6 +12,11 @@ subpackages="$pkgname-doc $pkgname-dev" | |||
12 | source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz | 12 | source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz |
13 | racoon.initd | 13 | racoon.initd |
14 | racoon.confd | 14 | racoon.confd |
15 | 01-privsep-fix.patch | ||
16 | 02-pfkey-buffer-size-fix.patch | ||
17 | 03-list-foreach-fixes.patch | ||
18 | 04-splitnet-malloc-fix.patch | ||
19 | 05-bignum-alloc-fix.patch | ||
15 | 20-grekey-support.patch | 20 | 20-grekey-support.patch |
16 | 50-reverse-connect.patch | 21 | 50-reverse-connect.patch |
17 | 70-defer-isakmp-ident-handling.patch | 22 | 70-defer-isakmp-ident-handling.patch |
@@ -60,6 +65,11 @@ package() { | |||
60 | md5sums="c9a318cdbc0946f4e51464866d529739 ipsec-tools-0.8.0.tar.gz | 65 | md5sums="c9a318cdbc0946f4e51464866d529739 ipsec-tools-0.8.0.tar.gz |
61 | 74f12ed04ed273a738229c0bfbf829cc racoon.initd | 66 | 74f12ed04ed273a738229c0bfbf829cc racoon.initd |
62 | 2d00250cf72da7f2f559c91b65a48747 racoon.confd | 67 | 2d00250cf72da7f2f559c91b65a48747 racoon.confd |
68 | 518349f275fafcabed7751b943a5cfaf 01-privsep-fix.patch | ||
69 | 44171d829782105d368cd0c99b784da9 02-pfkey-buffer-size-fix.patch | ||
70 | fc3ac8a58b50bc231e3d45bd619b199e 03-list-foreach-fixes.patch | ||
71 | 272ca19929bdf387fe9e3fab7ab3e270 04-splitnet-malloc-fix.patch | ||
72 | 51e9065f0267afdd91705f78bf27a337 05-bignum-alloc-fix.patch | ||
63 | 79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch | 73 | 79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch |
64 | f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch | 74 | f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch |
65 | 94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch | 75 | 94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch |