rpms/libreswan
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized

Browse Source 
object
This commit is contained in:
Jeff Law 2020-06-30 13:05:06 -06:00
parent 444620748c
commit 059a531c27
2 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libreswan-3.32-uninitialized.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/programs/pluto/ikev2_parent.c b/programs/pluto/ikev2_parent.c
index 702c9a8..3772508 100644
--- a/programs/pluto/ikev2_parent.c
+++ b/programs/pluto/ikev2_parent.c
@@ -2150,7 +2150,7 @@ static stf_status ikev2_parent_inR1outI2_tail(struct state *pst, struct msg_dige
struct pluto_crypto_req *r)
{
struct connection *const pc = pst->st_connection; /* parent connection */
- struct ppk_id_payload ppk_id_p;
+ struct ppk_id_payload ppk_id_p = { };
struct ike_sa *ike = pexpect_ike_sa(pst);
if (!finish_dh_v2(pst, r, FALSE)) {

10
libreswan.spec
View File

@ -1,4 +1,4 @@
%global _hardened_build 1 %tchglobal _hardened_build 1
# These are rpm macros and are 0 or 1 # These are rpm macros and are 0 or 1
%global with_efence 0 %global with_efence 0
%global with_development 0 %global with_development 0
@ -33,7 +33,7 @@ Name: libreswan
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
# version is generated in the release script # version is generated in the release script
Version: 3.32 Version: 3.32
Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist} Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}
License: GPLv2 License: GPLv2
Url: https://libreswan.org/ Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz Source0: https://download.libreswan.org/%{?prever:development/}%{name}-%{version}%{?prever}.tar.gz
@ -45,6 +45,7 @@ Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
Patch1: libreswan-3.30-s390x.patch Patch1: libreswan-3.30-s390x.patch
Patch2: libreswan-3.32-nss-api.patch Patch2: libreswan-3.32-nss-api.patch
Patch3: libreswan-3.32-uninitialized.patch
Requires(post): bash coreutils systemd Requires(post): bash coreutils systemd
Requires(preun): systemd Requires(preun): systemd
@ -101,6 +102,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%setup -q -n libreswan-%{version}%{?prever} %setup -q -n libreswan-%{version}%{?prever}
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
# Fedora should really figure this versioning out itself, not burden upstream # Fedora should really figure this versioning out itself, not burden upstream
sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/cert_verify/usage_test sed -i "s:/usr/bin/python:/usr/bin/python3:" testing/cert_verify/usage_test
@ -200,6 +202,10 @@ export NSS_DISABLE_HW_GCM=1
%doc %{_mandir}/*/* %doc %{_mandir}/*/*
%changelog %changelog
* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 3.32-3
- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized
object
* Tue May 26 2020 Paul Wouters <pwouters@redhat.com> - 3.32-2 * Tue May 26 2020 Paul Wouters <pwouters@redhat.com> - 3.32-2
- Backport NSS guarding fix for unannounced changed api in NSS causing segfault - Backport NSS guarding fix for unannounced changed api in NSS causing segfault