main/ipsec-tools: cherry-pick fixes from upstream

author: Timo Teräs <timo.teras@iki.fi> 2013-02-05 13:41:25 +0200
committer: Timo Teräs <timo.teras@iki.fi> 2013-02-05 14:08:27 +0200
commit: 1de1a888ef752f36632c5fb29f4cc0aaded2f44f (patch)
tree: 10d251794064a6eaee4877ca2adc49b792f62645
parent: 86af588b81dcdae703e564789f90c54240fc54ab (diff)
download: alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.tar.bz2
alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.tar.xz
alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.zip
4 files changed, 55 insertions, 3 deletions
diff --git a/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch
new file mode 100644
index 0000000000..af3f7468be
--- /dev/null
+++ b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch
@@ -0,0 +1,19 @@
+--- a/src/racoon/isakmp_xauth.c 15 Nov 2011 13:51:23 -0000      1.24
+++ b/src/racoon/isakmp_xauth.c 5 Feb 2013 06:21:03 -0000
+@@ -458,10 +458,14 @@
+                        vfree(xauth_rad_config.acct_server_list[i].host);
+                        vfree(xauth_rad_config.acct_server_list[i].secret);
+                }
+-               if (radius_auth_state != NULL)
+               if (radius_auth_state != NULL) {
+                        rad_close(radius_auth_state);
+-               if (radius_acct_state != NULL)
+                       radius_auth_state = NULL;
+               }
+               if (radius_acct_state != NULL) {
+                        rad_close(radius_acct_state);
+                       radius_acct_state = NULL;
+               }
+        }
+ 
+        /* initialize radius config */
diff --git a/main/ipsec-tools/03-fix-sport-selection.patch b/main/ipsec-tools/03-fix-sport-selection.patch
new file mode 100644
index 0000000000..56cd999b39
--- /dev/null
+++ b/main/ipsec-tools/03-fix-sport-selection.patch
@@ -0,0 +1,29 @@
+--- a/src/racoon/grabmyaddr.c   14 Mar 2011 17:18:12 -0000      1.28
+++ b/src/racoon/grabmyaddr.c   5 Feb 2013 11:32:59 -0000
+@@ -274,13 +274,24 @@
+        struct sockaddr *addr;
+ {
+        struct myaddr *my;
+       int port = 0, wport;
+ 
+        LIST_FOREACH(my, &opened, chain) {
+-               if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH)
+               switch (cmpsaddr((struct sockaddr *) &my->addr, addr)) {
+               case CMPSADDR_MATCH:
+                        return extract_port((struct sockaddr *) &my->addr);
+               case CMPSADDR_WILDPORT_MATCH:
+                       wport = extract_port((struct sockaddr *) &my->addr);
+                       if (port == 0 || wport < port)
+                               port = wport;
+                       break;
+               }
+        }
+       
+       if (port == 0)
+               port = PORT_ISAKMP;
+ 
+-       return PORT_ISAKMP;
+       return port;
+ }
+ 
+ void
diff --git a/main/ipsec-tools/20-grekey-support.patch b/main/ipsec-tools/20-grekey-support.patch
index 17fea3e991..7651b8dbf2 100644
--- a/main/ipsec-tools/20-grekey-support.patch
+++ b/main/ipsec-tools/20-grekey-support.patch
@@ -499,7 +499,7 @@ Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c
        if (iph1hint == NULL || iph1hint->rmconf == NULL) {
 -               rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0);
 +               int flags = 0;
-+               uint32_t remoteid;
+               uint32_t remoteid = 0;
 +               if (nopassive)
 +                       flags |= GETRMCONF_F_NO_PASSIVE;
 +               if (iph2->sainfo != NULL) {
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 0d62f8078c..300c662799 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ipsec-tools
 pkgver=0.8.1
-pkgrel=1
+pkgrel=2
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 arch="all"
@@ -13,6 +13,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
        racoon.initd
        racoon.confd
        01-fix-deletion-notification.patch
+        02-fix-xauth-double-free-on-reload.patch
+        03-fix-sport-selection.patch
        20-grekey-support.patch
        50-reverse-connect.patch
        70-defer-isakmp-ident-handling.patch
@@ -62,7 +64,9 @@ md5sums="4d5d5ccc402c9c6bec0e87217e451fe5  ipsec-tools-0.8.1.tar.gz
 74f12ed04ed273a738229c0bfbf829cc  racoon.initd
 2d00250cf72da7f2f559c91b65a48747  racoon.confd
 c8b141e2c705c31af1c35d481e695ee6  01-fix-deletion-notification.patch
-79b919ab23080f54dc3e7686877ca6bd  20-grekey-support.patch
+5f30dfa6997b32e89c0e86826a70f777  02-fix-xauth-double-free-on-reload.patch
+2dd6bc764a5464b811edd6b4847880eb  03-fix-sport-selection.patch
+a6efed1359bde30ea3652fdbe76d89c0  20-grekey-support.patch
 f97205eea3dc68d2437a2ad8720f4520  50-reverse-connect.patch
 94773c94233e14cdce0fa02ff780a43e  70-defer-isakmp-ident-handling.patch
 2d5d24c4a3684a38584f88720f71c7d6  75-racoonctl-rcvbuf.patch
author	Timo Teräs <timo.teras@iki.fi>	2013-02-05 13:41:25 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2013-02-05 14:08:27 +0200
commit	1de1a888ef752f36632c5fb29f4cc0aaded2f44f (patch)
tree	10d251794064a6eaee4877ca2adc49b792f62645
parent	86af588b81dcdae703e564789f90c54240fc54ab (diff)
download	alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.tar.bz2 alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.tar.xz alpine_aports-1de1a888ef752f36632c5fb29f4cc0aaded2f44f.zip

diff --git a/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch new file mode 100644 index 0000000000..af3f7468be --- /dev/null +++ b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch
@@ -0,0 +1,19 @@
		1	--- a/src/racoon/isakmp_xauth.c 15 Nov 2011 13:51:23 -0000 1.24
		2	+++ b/src/racoon/isakmp_xauth.c 5 Feb 2013 06:21:03 -0000
		3	@@ -458,10 +458,14 @@
		4	vfree(xauth_rad_config.acct_server_list[i].host);
		5	vfree(xauth_rad_config.acct_server_list[i].secret);
		6	}
		7	- if (radius_auth_state != NULL)
		8	+ if (radius_auth_state != NULL) {
		9	rad_close(radius_auth_state);
		10	- if (radius_acct_state != NULL)
		11	+ radius_auth_state = NULL;
		12	+ }
		13	+ if (radius_acct_state != NULL) {
		14	rad_close(radius_acct_state);
		15	+ radius_acct_state = NULL;
		16	+ }
		17	}
		18
		19	/* initialize radius config */


diff --git a/main/ipsec-tools/03-fix-sport-selection.patch b/main/ipsec-tools/03-fix-sport-selection.patch new file mode 100644 index 0000000000..56cd999b39 --- /dev/null +++ b/main/ipsec-tools/03-fix-sport-selection.patch
@@ -0,0 +1,29 @@
		1	--- a/src/racoon/grabmyaddr.c 14 Mar 2011 17:18:12 -0000 1.28
		2	+++ b/src/racoon/grabmyaddr.c 5 Feb 2013 11:32:59 -0000
		3	@@ -274,13 +274,24 @@
		4	struct sockaddr *addr;
		5	{
		6	struct myaddr *my;
		7	+ int port = 0, wport;
		8
		9	LIST_FOREACH(my, &opened, chain) {
		10	- if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH)
		11	+ switch (cmpsaddr((struct sockaddr *) &my->addr, addr)) {
		12	+ case CMPSADDR_MATCH:
		13	return extract_port((struct sockaddr *) &my->addr);
		14	+ case CMPSADDR_WILDPORT_MATCH:
		15	+ wport = extract_port((struct sockaddr *) &my->addr);
		16	+ if (port == 0 \|\| wport < port)
		17	+ port = wport;
		18	+ break;
		19	+ }
		20	}
		21	+
		22	+ if (port == 0)
		23	+ port = PORT_ISAKMP;
		24
		25	- return PORT_ISAKMP;
		26	+ return port;
		27	}
		28
		29	void


diff --git a/main/ipsec-tools/20-grekey-support.patch b/main/ipsec-tools/20-grekey-support.patch index 17fea3e991..7651b8dbf2 100644 --- a/main/ipsec-tools/20-grekey-support.patch +++ b/main/ipsec-tools/20-grekey-support.patch
@@ -499,7 +499,7 @@ Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c
499	if (iph1hint == NULL \|\| iph1hint->rmconf == NULL) {	499	if (iph1hint == NULL \|\| iph1hint->rmconf == NULL) {
500	- rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0);	500	- rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0);
501	+ int flags = 0;	501	+ int flags = 0;
502	+ uint32_t remoteid;	502	+ uint32_t remoteid = 0;
503	+ if (nopassive)	503	+ if (nopassive)
504	+ flags \|= GETRMCONF_F_NO_PASSIVE;	504	+ flags \|= GETRMCONF_F_NO_PASSIVE;
505	+ if (iph2->sainfo != NULL) {	505	+ if (iph2->sainfo != NULL) {


diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 0d62f8078c..300c662799 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=ipsec-tools	2	pkgname=ipsec-tools
3	pkgver=0.8.1	3	pkgver=0.8.1
4	pkgrel=1	4	pkgrel=2
5	pkgdesc="User-space IPsec tools for various IPsec implementations"	5	pkgdesc="User-space IPsec tools for various IPsec implementations"
6	url="http://ipsec-tools.sourceforge.net/"	6	url="http://ipsec-tools.sourceforge.net/"
7	arch="all"	7	arch="all"
@@ -13,6 +13,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
13	racoon.initd	13	racoon.initd
14	racoon.confd	14	racoon.confd
15	01-fix-deletion-notification.patch	15	01-fix-deletion-notification.patch
		16	02-fix-xauth-double-free-on-reload.patch
		17	03-fix-sport-selection.patch
16	20-grekey-support.patch	18	20-grekey-support.patch
17	50-reverse-connect.patch	19	50-reverse-connect.patch
18	70-defer-isakmp-ident-handling.patch	20	70-defer-isakmp-ident-handling.patch
@@ -62,7 +64,9 @@ md5sums="4d5d5ccc402c9c6bec0e87217e451fe5 ipsec-tools-0.8.1.tar.gz
62	74f12ed04ed273a738229c0bfbf829cc racoon.initd	64	74f12ed04ed273a738229c0bfbf829cc racoon.initd
63	2d00250cf72da7f2f559c91b65a48747 racoon.confd	65	2d00250cf72da7f2f559c91b65a48747 racoon.confd
64	c8b141e2c705c31af1c35d481e695ee6 01-fix-deletion-notification.patch	66	c8b141e2c705c31af1c35d481e695ee6 01-fix-deletion-notification.patch
65	79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch	67	5f30dfa6997b32e89c0e86826a70f777 02-fix-xauth-double-free-on-reload.patch
		68	2dd6bc764a5464b811edd6b4847880eb 03-fix-sport-selection.patch
		69	a6efed1359bde30ea3652fdbe76d89c0 20-grekey-support.patch
66	f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch	70	f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch
67	94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch	71	94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch
68	2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch	72	2d5d24c4a3684a38584f88720f71c7d6 75-racoonctl-rcvbuf.patch