- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized

object
2020-06-30 13:05:06 -06:00 · 2020-06-30 13:05:06 -06:00 · 059a531c27
commit 059a531c27
parent 444620748c
2 changed files with 21 additions and 2 deletions
--- a/libreswan-3.32-uninitialized.patch
+++ b/libreswan-3.32-uninitialized.patch
@ -0,0 +1,13 @@
+diff --git a/programs/pluto/ikev2_parent.c b/programs/pluto/ikev2_parent.c
+index 702c9a8..3772508 100644
+--- a/programs/pluto/ikev2_parent.c
+++ b/programs/pluto/ikev2_parent.c
+@@ -2150,7 +2150,7 @@ static stf_status ikev2_parent_inR1outI2_tail(struct state *pst, struct msg_dige
+ 					      struct pluto_crypto_req *r)
+ {
+ 	struct connection *const pc = pst->st_connection;	/* parent connection */
+-	struct ppk_id_payload ppk_id_p;
+	struct ppk_id_payload ppk_id_p = { };
+ 	struct ike_sa *ike = pexpect_ike_sa(pst);
+ 
+ 	if (!finish_dh_v2(pst, r, FALSE)) {
--- a/libreswan.spec
+++ b/libreswan.spec
@ -1,4 +1,4 @@
-%global _hardened_build 1
+%tchglobal _hardened_build 1
 # These are rpm macros and are 0 or 1
 %global with_efence 0
 %global with_development 0
@ -33,7 +33,7 @@ Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
 Version: 3.32
-Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist}
+Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
 Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -45,6 +45,7 @@ Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2

 Patch1: libreswan-3.30-s390x.patch
 Patch2: libreswan-3.32-nss-api.patch
+Patch3: libreswan-3.32-uninitialized.patch

 Requires(post): bash coreutils systemd
 Requires(preun): systemd
@ -101,6 +102,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
 %setup -q -n libreswan-%{version}%{?prever}
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 # Fedora should really figure this versioning out itself, not burden upstream
 sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/cert_verify/usage_test
@ -200,6 +202,10 @@ export NSS_DISABLE_HW_GCM=1
 %doc %{_mandir}/*/*

 %changelog
+* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 3.32-3
+- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized
+  object
+
 * Tue May 26 2020 Paul Wouters <pwouters@redhat.com> - 3.32-2
 - Backport NSS guarding fix for unannounced changed api in NSS causing segfault