diff options
author | Timo Teräs <timo.teras@iki.fi> | 2013-02-05 13:41:25 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2013-02-05 14:08:27 +0200 |
commit | 1de1a888ef752f36632c5fb29f4cc0aaded2f44f (patch) | |
tree | 10d251794064a6eaee4877ca2adc49b792f62645 | |
parent | 86af588b81dcdae703e564789f90c54240fc54ab (diff) | |
download | alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.tar.bz2 alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.tar.xz alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.zip |
main/ipsec-tools: cherry-pick fixes from upstream
-rw-r--r-- | main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch | 19 | ||||
-rw-r--r-- | main/ipsec-tools/03-fix-sport-selection.patch | 29 | ||||
-rw-r--r-- | main/ipsec-tools/20-grekey-support.patch | 2 | ||||
-rw-r--r-- | main/ipsec-tools/APKBUILD | 8 |
4 files changed, 55 insertions, 3 deletions
diff --git a/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch new file mode 100644 index 0000000000..af3f7468be --- /dev/null +++ b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch | |||
@@ -0,0 +1,19 @@ | |||
1 | --- a/src/racoon/isakmp_xauth.c 15 Nov 2011 13:51:23 -0000 1.24 | ||
2 | +++ b/src/racoon/isakmp_xauth.c 5 Feb 2013 06:21:03 -0000 | ||
3 | @@ -458,10 +458,14 @@ | ||
4 | vfree(xauth_rad_config.acct_server_list[i].host); | ||
5 | vfree(xauth_rad_config.acct_server_list[i].secret); | ||
6 | } | ||
7 | - if (radius_auth_state != NULL) | ||
8 | + if (radius_auth_state != NULL) { | ||
9 | rad_close(radius_auth_state); | ||
10 | - if (radius_acct_state != NULL) | ||
11 | + radius_auth_state = NULL; | ||
12 | + } | ||
13 | + if (radius_acct_state != NULL) { | ||
14 | rad_close(radius_acct_state); | ||
15 | + radius_acct_state = NULL; | ||
16 | + } | ||
17 | } | ||
18 | |||
19 | /* initialize radius config */ | ||
diff --git a/main/ipsec-tools/03-fix-sport-selection.patch b/main/ipsec-tools/03-fix-sport-selection.patch new file mode 100644 index 0000000000..56cd999b39 --- /dev/null +++ b/main/ipsec-tools/03-fix-sport-selection.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | --- a/src/racoon/grabmyaddr.c 14 Mar 2011 17:18:12 -0000 1.28 | ||
2 | +++ b/src/racoon/grabmyaddr.c 5 Feb 2013 11:32:59 -0000 | ||
3 | @@ -274,13 +274,24 @@ | ||
4 | struct sockaddr *addr; | ||
5 | { | ||
6 | struct myaddr *my; | ||
7 | + int port = 0, wport; | ||
8 | |||
9 | LIST_FOREACH(my, &opened, chain) { | ||
10 | - if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH) | ||
11 | + switch (cmpsaddr((struct sockaddr *) &my->addr, addr)) { | ||
12 | + case CMPSADDR_MATCH: | ||
13 | return extract_port((struct sockaddr *) &my->addr); | ||
14 | + case CMPSADDR_WILDPORT_MATCH: | ||
15 | + wport = extract_port((struct sockaddr *) &my->addr); | ||
16 | + if (port == 0 || wport < port) | ||
17 | + port = wport; | ||
18 | + break; | ||
19 | + } | ||
20 | } | ||
21 | + | ||
22 | + if (port == 0) | ||
23 | + port = PORT_ISAKMP; | ||
24 | |||
25 | - return PORT_ISAKMP; | ||
26 | + return port; | ||
27 | } | ||
28 | |||
29 | void | ||
diff --git a/main/ipsec-tools/20-grekey-support.patch b/main/ipsec-tools/20-grekey-support.patch index 17fea3e991..7651b8dbf2 100644 --- a/main/ipsec-tools/20-grekey-support.patch +++ b/main/ipsec-tools/20-grekey-support.patch | |||
@@ -499,7 +499,7 @@ Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c | |||
499 | if (iph1hint == NULL || iph1hint->rmconf == NULL) { | 499 | if (iph1hint == NULL || iph1hint->rmconf == NULL) { |
500 | - rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0); | 500 | - rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0); |
501 | + int flags = 0; | 501 | + int flags = 0; |
502 | + uint32_t remoteid; | 502 | + uint32_t remoteid = 0; |
503 | + if (nopassive) | 503 | + if (nopassive) |
504 | + flags |= GETRMCONF_F_NO_PASSIVE; | 504 | + flags |= GETRMCONF_F_NO_PASSIVE; |
505 | + if (iph2->sainfo != NULL) { | 505 | + if (iph2->sainfo != NULL) { |
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 0d62f8078c..300c662799 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=ipsec-tools | 2 | pkgname=ipsec-tools |
3 | pkgver=0.8.1 | 3 | pkgver=0.8.1 |
4 | pkgrel=1 | 4 | pkgrel=2 |
5 | pkgdesc="User-space IPsec tools for various IPsec implementations" | 5 | pkgdesc="User-space IPsec tools for various IPsec implementations" |
6 | url="http://ipsec-tools.sourceforge.net/" | 6 | url="http://ipsec-tools.sourceforge.net/" |
7 | arch="all" | 7 | arch="all" |
@@ -13,6 +13,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz | |||
13 | racoon.initd | 13 | racoon.initd |
14 | racoon.confd | 14 | racoon.confd |
15 | 01-fix-deletion-notification.patch | 15 | 01-fix-deletion-notification.patch |
16 | 02-fix-xauth-double-free-on-reload.patch | ||
17 | 03-fix-sport-selection.patch | ||
16 | 20-grekey-support.patch | 18 | 20-grekey-support.patch |
17 | 50-reverse-connect.patch | 19 | 50-reverse-connect.patch |
18 | 70-defer-isakmp-ident-handling.patch | 20 | 70-defer-isakmp-ident-handling.patch |
@@ -62,7 +64,9 @@ md5sums="4d5d5ccc402c9c6bec0e87217e451fe5 ipsec-tools-0.8.1.tar.gz | |||
62 | 74f12ed04ed273a738229c0bfbf829cc racoon.initd | 64 | 74f12ed04ed273a738229c0bfbf829cc racoon.initd |
63 | 2d00250cf72da7f2f559c91b65a48747 racoon.confd | 65 | 2d00250cf72da7f2f559c91b65a48747 racoon.confd |
64 | c8b141e2c705c31af1c35d481e695ee6 01-fix-deletion-notification.patch | 66 | c8b141e2c705c31af1c35d481e695ee6 01-fix-deletion-notification.patch |
65 | 79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch | 67 | 5f30dfa6997b32e89c0e86826a70f777 02-fix-xauth-double-free-on-reload.patch |
68 | 2dd6bc764a5464b811edd6b4847880eb 03-fix-sport-selection.patch | ||
69 | a6efed1359bde30ea3652fdbe76d89c0 20-grekey-support.patch | ||
66 | f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch | 70 | f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch |
67 | 94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch | 71 | 94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch |
68 | 2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch | 72 | 2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch |