main/ipsec-tools: cherry-pick fixes from upstream CVS

(cherry picked from commit 75708decfc9606471b2f84956c5aedbdc587b5c1)
author: Timo Teräs <timo.teras@iki.fi> 2012-08-23 14:58:18 +0300
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-01-30 06:53:37 +0000
commit: e20039bd99549ce64242e04536a2a2908b4165e7 (patch)
tree: 91187e9033b6a485fbc8d6f09fed6afd038da86c
parent: 1e300c240ad87fba477a3ad75e4d885b68aa62d0 (diff)
download: alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.tar.bz2
alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.tar.xz
alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.zip
6 files changed, 242 insertions, 1 deletions
diff --git a/main/ipsec-tools/01-privsep-fix.patch b/main/ipsec-tools/01-privsep-fix.patch
new file mode 100644
index 0000000000..a4842a8ac9
--- /dev/null
+++ b/main/ipsec-tools/01-privsep-fix.patch
@@ -0,0 +1,46 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/privsep.c,v
+retrieving revision 1.21
+retrieving revision 1.21.2.1
+diff -u -p -r1.21 -r1.21.2.1
+--- ipsec-tools/src/racoon/privsep.c    2011/03/06 08:28:10     1.21
+++ ipsec-tools/src/racoon/privsep.c    2011/08/12 05:46:06     1.21.2.1
+@@ -1,4 +1,4 @@
+-/*     $NetBSD: privsep.c,v 1.21 2011/03/06 08:28:10 tteras Exp $      */
+/*     $NetBSD: privsep.c,v 1.21.2.1 2011/08/12 05:46:06 tteras Exp $  */
+ 
+ /* Id: privsep.c,v 1.15 2005/08/08 11:23:44 vanhu Exp */
+ 
+@@ -67,6 +67,7 @@
+ #include "admin.h"
+ #include "sockmisc.h"
+ #include "privsep.h"
+#include "session.h"
+ 
+ static int privsep_sock[2] = { -1, -1 };
+ 
+@@ -193,6 +194,13 @@ privsep_recv(sock, bufp, lenp)
+        return 0;
+ }
+ 
+static int
+privsep_do_exit(void *ctx, int fd)
+{
+       kill(getpid(), SIGTERM);
+       return 0;
+}
+
+ int
+ privsep_init(void)
+ {
+@@ -273,6 +281,7 @@ privsep_init(void)
+                            strerror(errno));
+                        return -1;
+                }
+               monitor_fd(privsep_sock[1], privsep_do_exit, NULL, 0);
+ 
+                return 0;
+                break;
diff --git a/main/ipsec-tools/02-pfkey-buffer-size-fix.patch b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
new file mode 100644
index 0000000000..eb028304b8
--- /dev/null
+++ b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
@@ -0,0 +1,65 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c,v
+retrieving revision 1.21
+retrieving revision 1.21.2.1
+diff -u -p -r1.21 -r1.21.2.1
+--- ipsec-tools/src/libipsec/pfkey.c    2011/01/20 16:08:35     1.21
+++ ipsec-tools/src/libipsec/pfkey.c    2011/11/14 13:25:06     1.21.2.1
+@@ -1,4 +1,4 @@
+-/*     $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */
+/*     $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp $    */
+ 
+ /*     $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $  */
+ 
+@@ -1783,7 +1783,9 @@ int
+ pfkey_open(void)
+ {
+        int so;
+-       int bufsiz = 128 * 1024;        /*is 128K enough?*/
+       int bufsiz_current, bufsiz_wanted;
+       int ret;
+       socklen_t len;
+ 
+        if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
+                __ipsec_set_strerror(strerror(errno));
+@@ -1794,14 +1796,29 @@ pfkey_open(void)
+         * This is a temporary workaround for KAME PR 154.
+         * Don't really care even if it fails.
+         */
+-       (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
+-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+-       bufsiz = 256 * 1024;
+-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+-       bufsiz = 512 * 1024;
+-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+-       bufsiz = 1024 * 1024;
+-       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+       /* Try to have 128k. If we have more, do not lower it. */
+       bufsiz_wanted = 128 * 1024;
+       len = sizeof(bufsiz_current);
+       ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
+               &bufsiz_current, &len);
+       if ((ret < 0) || (bufsiz_current < bufsiz_wanted))
+               (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
+                       &bufsiz_wanted, sizeof(bufsiz_wanted));
+
+       /* Try to have have at least 2MB. If we have more, do not lower it. */
+       bufsiz_wanted = 2 * 1024 * 1024;
+       len = sizeof(bufsiz_current);
+       ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
+               &bufsiz_current, &len);
+       if (ret < 0)
+               bufsiz_current = 128 * 1024;
+
+       for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
+               if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
+                               &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
+                       break;
+       }
+
+        __ipsec_errcode = EIPSEC_NO_ERROR;
+        return so;
+ }
diff --git a/main/ipsec-tools/03-list-foreach-fixes.patch b/main/ipsec-tools/03-list-foreach-fixes.patch
new file mode 100644
index 0000000000..9851b63ceb
--- /dev/null
+++ b/main/ipsec-tools/03-list-foreach-fixes.patch
@@ -0,0 +1,59 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
+retrieving revision 1.39
+retrieving revision 1.40
+diff -u -p -r1.39 -r1.40
+--- ipsec-tools/src/racoon/handler.c    2011/03/14 17:18:12     1.39
+++ ipsec-tools/src/racoon/handler.c    2011/11/17 14:41:55     1.40
+@@ -1,4 +1,4 @@
+-/*     $NetBSD: handler.c,v 1.39 2011/03/14 17:18:12 tteras Exp $      */
+/*     $NetBSD: handler.c,v 1.40 2011/11/17 14:41:55 vanhu Exp $       */
+ 
+ /* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
+ 
+@@ -611,9 +611,11 @@ getph2byid(src, dst, spid)
+        struct sockaddr *src, *dst;
+        u_int32_t spid;
+ {
+-       struct ph2handle *p;
+       struct ph2handle *p, *next;
+
+       for (p = LIST_FIRST(&ph2tree); p; p = next) {
+               next = LIST_NEXT(p, chain);
+ 
+-       LIST_FOREACH(p, &ph2tree, chain) {
+                if (spid == p->spid &&
+                    cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH &&
+                    cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){
+@@ -985,9 +987,11 @@ void
+ remcontacted(remote)
+        struct sockaddr *remote;
+ {
+-       struct contacted *p;
+       struct contacted *p, *next;
+
+       for (p = LIST_FIRST(&ctdtree); p; p = next) {
+               next = LIST_NEXT(p, chain);
+ 
+-       LIST_FOREACH(p, &ctdtree, chain) {
+                if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) {
+                        LIST_REMOVE(p, chain);
+                        racoon_free(p->remote);
+@@ -1555,10 +1559,12 @@ int
+ purgeph1bylogin(login)
+        char *login;
+ {
+-       struct ph1handle *p;
+       struct ph1handle *p, *next;
+        int found = 0;
+ 
+-       LIST_FOREACH(p, &ph1tree, chain) {
+       for (p = LIST_FIRST(&ph1tree); p; p = next) {
+               next = LIST_NEXT(p, chain);
+
+                if (p->mode_cfg == NULL)
+                        continue;
+                if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) {
diff --git a/main/ipsec-tools/04-splitnet-malloc-fix.patch b/main/ipsec-tools/04-splitnet-malloc-fix.patch
new file mode 100644
index 0000000000..5f7aa8b90a
--- /dev/null
+++ b/main/ipsec-tools/04-splitnet-malloc-fix.patch
@@ -0,0 +1,36 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_unity.c,v
+retrieving revision 1.9
+retrieving revision 1.9.18.1
+diff -u -p -r1.9 -r1.9.18.1
+--- ipsec-tools/src/racoon/isakmp_unity.c       2007/10/19 03:37:19     1.9
+++ ipsec-tools/src/racoon/isakmp_unity.c       2012/01/01 17:32:04     1.9.18.1
+@@ -1,4 +1,4 @@
+-/*     $NetBSD: isakmp_unity.c,v 1.9 2007/10/19 03:37:19 manu Exp $    */
+/*     $NetBSD: isakmp_unity.c,v 1.9.18.1 2012/01/01 17:32:04 tteras Exp $     */
+ 
+ /* Id: isakmp_unity.c,v 1.10 2006/07/31 04:49:23 manubsd Exp */
+ 
+@@ -387,8 +387,9 @@ char * splitnet_list_2str(list, splitnet
+                netentry = netentry->next;
+        }
+ 
+-       /* allocate network list string */
+-       str = racoon_malloc(len);
+       /* allocate network list string; we need the extra byte temporarily
+        * as sprintf() will write trailing 0-byte after the space. */
+       str = racoon_malloc(len + 1);
+        if (str == NULL)
+                return NULL;
+ 
+@@ -414,6 +415,7 @@ char * splitnet_list_2str(list, splitnet
+                netentry = netentry->next;
+        }
+ 
+       /* trim the string to not have trailing spaces */
+        str[len-1]=0;
+ 
+        return str;
diff --git a/main/ipsec-tools/05-bignum-alloc-fix.patch b/main/ipsec-tools/05-bignum-alloc-fix.patch
new file mode 100644
index 0000000000..90c330ff43
--- /dev/null
+++ b/main/ipsec-tools/05-bignum-alloc-fix.patch
@@ -0,0 +1,25 @@
+Please note that diffs are not public domain; they are subject to the
+copyright notices on the relevant files.
+===================================================================
+RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
+retrieving revision 1.20
+retrieving revision 1.21
+diff -u -p -r1.20 -r1.21
+--- ipsec-tools/src/racoon/crypto_openssl.c     2010/10/20 13:40:02     1.20
+++ ipsec-tools/src/racoon/crypto_openssl.c     2012/08/15 14:51:30     1.21
+@@ -1,4 +1,4 @@
+-/*     $NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $       */
+/*     $NetBSD: crypto_openssl.c,v 1.21 2012/08/15 14:51:30 manu Exp $ */
+ 
+ /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
+ 
+@@ -2501,7 +2501,7 @@ eay_bn2v(var, bn)
+        vchar_t **var;
+        BIGNUM *bn;
+ {
+-       *var = vmalloc(bn->top * BN_BYTES);
+       *var = vmalloc(BN_num_bytes(bn));
+        if (*var == NULL)
+                return(-1);
+ 
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
index 9076efd534..24b6d0485f 100644
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ipsec-tools
 pkgver=0.8.0
-pkgrel=4
+pkgrel=5
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 arch="all"
@@ -12,6 +12,11 @@ subpackages="$pkgname-doc $pkgname-dev"
 source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
        racoon.initd
        racoon.confd
+        01-privsep-fix.patch
+        02-pfkey-buffer-size-fix.patch
+        03-list-foreach-fixes.patch
+        04-splitnet-malloc-fix.patch
+        05-bignum-alloc-fix.patch
        20-grekey-support.patch
        50-reverse-connect.patch
        70-defer-isakmp-ident-handling.patch
@@ -60,6 +65,11 @@ package() {
 md5sums="c9a318cdbc0946f4e51464866d529739  ipsec-tools-0.8.0.tar.gz
 74f12ed04ed273a738229c0bfbf829cc  racoon.initd
 2d00250cf72da7f2f559c91b65a48747  racoon.confd
+518349f275fafcabed7751b943a5cfaf  01-privsep-fix.patch
+44171d829782105d368cd0c99b784da9  02-pfkey-buffer-size-fix.patch
+fc3ac8a58b50bc231e3d45bd619b199e  03-list-foreach-fixes.patch
+272ca19929bdf387fe9e3fab7ab3e270  04-splitnet-malloc-fix.patch
+51e9065f0267afdd91705f78bf27a337  05-bignum-alloc-fix.patch
 79b919ab23080f54dc3e7686877ca6bd  20-grekey-support.patch
 f97205eea3dc68d2437a2ad8720f4520  50-reverse-connect.patch
 94773c94233e14cdce0fa02ff780a43e  70-defer-isakmp-ident-handling.patch
author	Timo Teräs <timo.teras@iki.fi>	2012-08-23 14:58:18 +0300
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-01-30 06:53:37 +0000
commit	e20039bd99549ce64242e04536a2a2908b4165e7 (patch)
tree	91187e9033b6a485fbc8d6f09fed6afd038da86c
parent	1e300c240ad87fba477a3ad75e4d885b68aa62d0 (diff)
download	alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.tar.bz2 alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.tar.xz alpine_aports-e20039bd99549ce64242e04536a2a2908b4165e7.zip

diff --git a/main/ipsec-tools/01-privsep-fix.patch b/main/ipsec-tools/01-privsep-fix.patch new file mode 100644 index 0000000000..a4842a8ac9 --- /dev/null +++ b/main/ipsec-tools/01-privsep-fix.patch
@@ -0,0 +1,46 @@
		1	Please note that diffs are not public domain; they are subject to the
		2	copyright notices on the relevant files.
		3
		4	===================================================================
		5	RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/privsep.c,v
		6	retrieving revision 1.21
		7	retrieving revision 1.21.2.1
		8	diff -u -p -r1.21 -r1.21.2.1
		9	--- ipsec-tools/src/racoon/privsep.c 2011/03/06 08:28:10 1.21
		10	+++ ipsec-tools/src/racoon/privsep.c 2011/08/12 05:46:06 1.21.2.1
		11	@@ -1,4 +1,4 @@
		12	-/* $NetBSD: privsep.c,v 1.21 2011/03/06 08:28:10 tteras Exp $ */
		13	+/* $NetBSD: privsep.c,v 1.21.2.1 2011/08/12 05:46:06 tteras Exp $ */
		14
		15	/* Id: privsep.c,v 1.15 2005/08/08 11:23:44 vanhu Exp */
		16
		17	@@ -67,6 +67,7 @@
		18	#include "admin.h"
		19	#include "sockmisc.h"
		20	#include "privsep.h"
		21	+#include "session.h"
		22
		23	static int privsep_sock[2] = { -1, -1 };
		24
		25	@@ -193,6 +194,13 @@ privsep_recv(sock, bufp, lenp)
		26	return 0;
		27	}
		28
		29	+static int
		30	+privsep_do_exit(void *ctx, int fd)
		31	+{
		32	+ kill(getpid(), SIGTERM);
		33	+ return 0;
		34	+}
		35	+
		36	int
		37	privsep_init(void)
		38	{
		39	@@ -273,6 +281,7 @@ privsep_init(void)
		40	strerror(errno));
		41	return -1;
		42	}
		43	+ monitor_fd(privsep_sock[1], privsep_do_exit, NULL, 0);
		44
		45	return 0;
		46	break;


diff --git a/main/ipsec-tools/02-pfkey-buffer-size-fix.patch b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch new file mode 100644 index 0000000000..eb028304b8 --- /dev/null +++ b/main/ipsec-tools/02-pfkey-buffer-size-fix.patch
@@ -0,0 +1,65 @@
		1	Please note that diffs are not public domain; they are subject to the
		2	copyright notices on the relevant files.
		3
		4	===================================================================
		5	RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/libipsec/pfkey.c,v
		6	retrieving revision 1.21
		7	retrieving revision 1.21.2.1
		8	diff -u -p -r1.21 -r1.21.2.1
		9	--- ipsec-tools/src/libipsec/pfkey.c 2011/01/20 16:08:35 1.21
		10	+++ ipsec-tools/src/libipsec/pfkey.c 2011/11/14 13:25:06 1.21.2.1
		11	@@ -1,4 +1,4 @@
		12	-/* $NetBSD: pfkey.c,v 1.21 2011/01/20 16:08:35 vanhu Exp $ */
		13	+/* $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp $ */
		14
		15	/* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */
		16
		17	@@ -1783,7 +1783,9 @@ int
		18	pfkey_open(void)
		19	{
		20	int so;
		21	- int bufsiz = 128 * 1024; /is 128K enough?/
		22	+ int bufsiz_current, bufsiz_wanted;
		23	+ int ret;
		24	+ socklen_t len;
		25
		26	if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
		27	__ipsec_set_strerror(strerror(errno));
		28	@@ -1794,14 +1796,29 @@ pfkey_open(void)
		29	* This is a temporary workaround for KAME PR 154.
		30	* Don't really care even if it fails.
		31	*/
		32	- (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
		33	- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
		34	- bufsiz = 256 * 1024;
		35	- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
		36	- bufsiz = 512 * 1024;
		37	- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
		38	- bufsiz = 1024 * 1024;
		39	- (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
		40	+ /* Try to have 128k. If we have more, do not lower it. */
		41	+ bufsiz_wanted = 128 * 1024;
		42	+ len = sizeof(bufsiz_current);
		43	+ ret = getsockopt(so, SOL_SOCKET, SO_SNDBUF,
		44	+ &bufsiz_current, &len);
		45	+ if ((ret < 0) \|\| (bufsiz_current < bufsiz_wanted))
		46	+ (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF,
		47	+ &bufsiz_wanted, sizeof(bufsiz_wanted));
		48	+
		49	+ /* Try to have have at least 2MB. If we have more, do not lower it. */
		50	+ bufsiz_wanted = 2 * 1024 * 1024;
		51	+ len = sizeof(bufsiz_current);
		52	+ ret = getsockopt(so, SOL_SOCKET, SO_RCVBUF,
		53	+ &bufsiz_current, &len);
		54	+ if (ret < 0)
		55	+ bufsiz_current = 128 * 1024;
		56	+
		57	+ for (; bufsiz_wanted > bufsiz_current; bufsiz_wanted /= 2) {
		58	+ if (setsockopt(so, SOL_SOCKET, SO_RCVBUF,
		59	+ &bufsiz_wanted, sizeof(bufsiz_wanted)) == 0)
		60	+ break;
		61	+ }
		62	+
		63	__ipsec_errcode = EIPSEC_NO_ERROR;
		64	return so;
		65	}


diff --git a/main/ipsec-tools/03-list-foreach-fixes.patch b/main/ipsec-tools/03-list-foreach-fixes.patch new file mode 100644 index 0000000000..9851b63ceb --- /dev/null +++ b/main/ipsec-tools/03-list-foreach-fixes.patch
@@ -0,0 +1,59 @@
		1	Please note that diffs are not public domain; they are subject to the
		2	copyright notices on the relevant files.
		3
		4	===================================================================
		5	RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/handler.c,v
		6	retrieving revision 1.39
		7	retrieving revision 1.40
		8	diff -u -p -r1.39 -r1.40
		9	--- ipsec-tools/src/racoon/handler.c 2011/03/14 17:18:12 1.39
		10	+++ ipsec-tools/src/racoon/handler.c 2011/11/17 14:41:55 1.40
		11	@@ -1,4 +1,4 @@
		12	-/* $NetBSD: handler.c,v 1.39 2011/03/14 17:18:12 tteras Exp $ */
		13	+/* $NetBSD: handler.c,v 1.40 2011/11/17 14:41:55 vanhu Exp $ */
		14
		15	/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
		16
		17	@@ -611,9 +611,11 @@ getph2byid(src, dst, spid)
		18	struct sockaddr src, dst;
		19	u_int32_t spid;
		20	{
		21	- struct ph2handle *p;
		22	+ struct ph2handle p, next;
		23	+
		24	+ for (p = LIST_FIRST(&ph2tree); p; p = next) {
		25	+ next = LIST_NEXT(p, chain);
		26
		27	- LIST_FOREACH(p, &ph2tree, chain) {
		28	if (spid == p->spid &&
		29	cmpsaddr(src, p->src) <= CMPSADDR_WILDPORT_MATCH &&
		30	cmpsaddr(dst, p->dst) <= CMPSADDR_WILDPORT_MATCH){
		31	@@ -985,9 +987,11 @@ void
		32	remcontacted(remote)
		33	struct sockaddr *remote;
		34	{
		35	- struct contacted *p;
		36	+ struct contacted p, next;
		37	+
		38	+ for (p = LIST_FIRST(&ctdtree); p; p = next) {
		39	+ next = LIST_NEXT(p, chain);
		40
		41	- LIST_FOREACH(p, &ctdtree, chain) {
		42	if (cmpsaddr(remote, p->remote) <= CMPSADDR_WILDPORT_MATCH) {
		43	LIST_REMOVE(p, chain);
		44	racoon_free(p->remote);
		45	@@ -1555,10 +1559,12 @@ int
		46	purgeph1bylogin(login)
		47	char *login;
		48	{
		49	- struct ph1handle *p;
		50	+ struct ph1handle p, next;
		51	int found = 0;
		52
		53	- LIST_FOREACH(p, &ph1tree, chain) {
		54	+ for (p = LIST_FIRST(&ph1tree); p; p = next) {
		55	+ next = LIST_NEXT(p, chain);
		56	+
		57	if (p->mode_cfg == NULL)
		58	continue;
		59	if (strncmp(p->mode_cfg->login, login, LOGINLEN) == 0) {


diff --git a/main/ipsec-tools/04-splitnet-malloc-fix.patch b/main/ipsec-tools/04-splitnet-malloc-fix.patch new file mode 100644 index 0000000000..5f7aa8b90a --- /dev/null +++ b/main/ipsec-tools/04-splitnet-malloc-fix.patch
@@ -0,0 +1,36 @@
		1	Please note that diffs are not public domain; they are subject to the
		2	copyright notices on the relevant files.
		3
		4	===================================================================
		5	RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/isakmp_unity.c,v
		6	retrieving revision 1.9
		7	retrieving revision 1.9.18.1
		8	diff -u -p -r1.9 -r1.9.18.1
		9	--- ipsec-tools/src/racoon/isakmp_unity.c 2007/10/19 03:37:19 1.9
		10	+++ ipsec-tools/src/racoon/isakmp_unity.c 2012/01/01 17:32:04 1.9.18.1
		11	@@ -1,4 +1,4 @@
		12	-/* $NetBSD: isakmp_unity.c,v 1.9 2007/10/19 03:37:19 manu Exp $ */
		13	+/* $NetBSD: isakmp_unity.c,v 1.9.18.1 2012/01/01 17:32:04 tteras Exp $ */
		14
		15	/* Id: isakmp_unity.c,v 1.10 2006/07/31 04:49:23 manubsd Exp */
		16
		17	@@ -387,8 +387,9 @@ char * splitnet_list_2str(list, splitnet
		18	netentry = netentry->next;
		19	}
		20
		21	- /* allocate network list string */
		22	- str = racoon_malloc(len);
		23	+ /* allocate network list string; we need the extra byte temporarily
		24	+ * as sprintf() will write trailing 0-byte after the space. */
		25	+ str = racoon_malloc(len + 1);
		26	if (str == NULL)
		27	return NULL;
		28
		29	@@ -414,6 +415,7 @@ char * splitnet_list_2str(list, splitnet
		30	netentry = netentry->next;
		31	}
		32
		33	+ /* trim the string to not have trailing spaces */
		34	str[len-1]=0;
		35
		36	return str;


diff --git a/main/ipsec-tools/05-bignum-alloc-fix.patch b/main/ipsec-tools/05-bignum-alloc-fix.patch new file mode 100644 index 0000000000..90c330ff43 --- /dev/null +++ b/main/ipsec-tools/05-bignum-alloc-fix.patch
@@ -0,0 +1,25 @@
		1	Please note that diffs are not public domain; they are subject to the
		2	copyright notices on the relevant files.
		3
		4	===================================================================
		5	RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c,v
		6	retrieving revision 1.20
		7	retrieving revision 1.21
		8	diff -u -p -r1.20 -r1.21
		9	--- ipsec-tools/src/racoon/crypto_openssl.c 2010/10/20 13:40:02 1.20
		10	+++ ipsec-tools/src/racoon/crypto_openssl.c 2012/08/15 14:51:30 1.21
		11	@@ -1,4 +1,4 @@
		12	-/* $NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $ */
		13	+/* $NetBSD: crypto_openssl.c,v 1.21 2012/08/15 14:51:30 manu Exp $ */
		14
		15	/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
		16
		17	@@ -2501,7 +2501,7 @@ eay_bn2v(var, bn)
		18	vchar_t **var;
		19	BIGNUM *bn;
		20	{
		21	- var = vmalloc(bn->top BN_BYTES);
		22	+ *var = vmalloc(BN_num_bytes(bn));
		23	if (*var == NULL)
		24	return(-1);
		25


diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD index 9076efd534..24b6d0485f 100644 --- a/main/ipsec-tools/APKBUILD +++ b/main/ipsec-tools/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=ipsec-tools	2	pkgname=ipsec-tools
3	pkgver=0.8.0	3	pkgver=0.8.0
4	pkgrel=4	4	pkgrel=5
5	pkgdesc="User-space IPsec tools for various IPsec implementations"	5	pkgdesc="User-space IPsec tools for various IPsec implementations"
6	url="http://ipsec-tools.sourceforge.net/"	6	url="http://ipsec-tools.sourceforge.net/"
7	arch="all"	7	arch="all"
@@ -12,6 +12,11 @@ subpackages="$pkgname-doc $pkgname-dev"
12	source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz	12	source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
13	racoon.initd	13	racoon.initd
14	racoon.confd	14	racoon.confd
		15	01-privsep-fix.patch
		16	02-pfkey-buffer-size-fix.patch
		17	03-list-foreach-fixes.patch
		18	04-splitnet-malloc-fix.patch
		19	05-bignum-alloc-fix.patch
15	20-grekey-support.patch	20	20-grekey-support.patch
16	50-reverse-connect.patch	21	50-reverse-connect.patch
17	70-defer-isakmp-ident-handling.patch	22	70-defer-isakmp-ident-handling.patch
@@ -60,6 +65,11 @@ package() {
60	md5sums="c9a318cdbc0946f4e51464866d529739 ipsec-tools-0.8.0.tar.gz	65	md5sums="c9a318cdbc0946f4e51464866d529739 ipsec-tools-0.8.0.tar.gz
61	74f12ed04ed273a738229c0bfbf829cc racoon.initd	66	74f12ed04ed273a738229c0bfbf829cc racoon.initd
62	2d00250cf72da7f2f559c91b65a48747 racoon.confd	67	2d00250cf72da7f2f559c91b65a48747 racoon.confd
		68	518349f275fafcabed7751b943a5cfaf 01-privsep-fix.patch
		69	44171d829782105d368cd0c99b784da9 02-pfkey-buffer-size-fix.patch
		70	fc3ac8a58b50bc231e3d45bd619b199e 03-list-foreach-fixes.patch
		71	272ca19929bdf387fe9e3fab7ab3e270 04-splitnet-malloc-fix.patch
		72	51e9065f0267afdd91705f78bf27a337 05-bignum-alloc-fix.patch
63	79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch	73	79b919ab23080f54dc3e7686877ca6bd 20-grekey-support.patch
64	f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch	74	f97205eea3dc68d2437a2ad8720f4520 50-reverse-connect.patch
65	94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch	75	94773c94233e14cdce0fa02ff780a43e 70-defer-isakmp-ident-handling.patch