added 3 patches for libreswan-3.10
This commit is contained in:
Paul Wouters
parent
9a1635ae5e
commit
55a85124f7
80
libreswan-3.10-autoroute.patch
Normal file
80
libreswan-3.10-autoroute.patch
Normal file
@ -0,0 +1,80 @@
|
||||
commit dded96917330dc7726d2520ef74deff710ed7673
|
||||
Author: Paul Wouters <pwouters@redhat.com>
|
||||
Date: Mon Sep 8 20:38:32 2014 -0400
|
||||
|
||||
addconn: routing should happen after listen (bug introduced in 3.10)
|
||||
|
||||
This caused auto=route (auto=ondemand) connections to not load properly,
|
||||
because pluto wasn't listening yet so these connections could not orient.
|
||||
|
||||
diff --git a/programs/addconn/addconn.c b/programs/addconn/addconn.c
|
||||
index 5961a14..4c605a7 100644
|
||||
--- a/programs/addconn/addconn.c
|
||||
+++ b/programs/addconn/addconn.c
|
||||
@@ -1,8 +1,9 @@
|
||||
/*
|
||||
* A program to read the configuration file and load a single conn
|
||||
* Copyright (C) 2005 Michael Richardson <mcr@xelerance.com>
|
||||
- * Copyright (C) 2012 Paul Wouters <paul@libreswan.org>
|
||||
- * Copyright (C) 2012 Kim B. Heino <b@bbbs.net>
|
||||
+ * Copyright (C) 2012-2014 Paul Wouters <paul@libreswan.org>
|
||||
+ * Copyright (C) 2014 D. Hugh Redelmeier <hugh@mimosa.com>
|
||||
+ * Copyright (C) 2012-2013 Kim B. Heino <b@bbbs.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
@@ -725,19 +726,37 @@ int main(int argc, char *argv[])
|
||||
conn->desired_state == STARTUP_START) {
|
||||
if (verbose)
|
||||
printf(" %s", conn->name);
|
||||
- resolve_defaultroute(conn);
|
||||
starter_whack_add_conn(cfg, conn);
|
||||
}
|
||||
- if (conn->desired_state == STARTUP_ONDEMAND)
|
||||
- starter_whack_route_conn(cfg, conn);
|
||||
}
|
||||
|
||||
- /* We added all connections, let pluto listen, then startup our conns */
|
||||
+ /*
|
||||
+ * We loaded all connections. Now tell pluto to listen,
|
||||
+ * then route the conns and resolve default route.
|
||||
+ */
|
||||
starter_whack_listen(cfg);
|
||||
|
||||
if (verbose)
|
||||
- printf(" Pass #2: Initiating auto=start connections\n");
|
||||
+ printf(" Pass #2: Routing auto=route and auto=start connections\n");
|
||||
|
||||
+ for (conn = cfg->conns.tqh_first;
|
||||
+ conn != NULL;
|
||||
+ conn = conn->link.tqe_next) {
|
||||
+ if (conn->desired_state == STARTUP_ADD ||
|
||||
+ conn->desired_state == STARTUP_ONDEMAND ||
|
||||
+ conn->desired_state == STARTUP_START) {
|
||||
+ if (verbose)
|
||||
+ printf(" %s", conn->name);
|
||||
+ resolve_defaultroute(conn);
|
||||
+ if (conn->desired_state == STARTUP_ONDEMAND ||
|
||||
+ conn->desired_state == STARTUP_START) {
|
||||
+ starter_whack_route_conn(cfg, conn);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (verbose)
|
||||
+ printf(" Pass #3: Initiating auto=start connections\n");
|
||||
|
||||
for (conn = cfg->conns.tqh_first;
|
||||
conn != NULL;
|
||||
@@ -745,10 +764,10 @@ int main(int argc, char *argv[])
|
||||
if (conn->desired_state == STARTUP_START) {
|
||||
if (verbose)
|
||||
printf(" %s", conn->name);
|
||||
- resolve_defaultroute(conn);
|
||||
starter_whack_initiate_conn(cfg, conn);
|
||||
}
|
||||
}
|
||||
+
|
||||
if (verbose)
|
||||
printf("\n");
|
||||
} else {
|
||||
81
libreswan-3.10-coverity.patch
Normal file
81
libreswan-3.10-coverity.patch
Normal file
@ -0,0 +1,81 @@
|
||||
diff --git a/programs/pluto/ikev2_crypto.c b/programs/pluto/ikev2_crypto.c
|
||||
index 58c62c8..4a305c7 100644
|
||||
--- a/programs/pluto/ikev2_crypto.c
|
||||
+++ b/programs/pluto/ikev2_crypto.c
|
||||
@@ -65,8 +65,8 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
|
||||
st->st_ah.present? &st->st_ah :
|
||||
NULL;
|
||||
|
||||
- assert(ipi != NULL); /* ESP or AH must be present */
|
||||
- assert(st->st_esp.present != st->st_ah.present); /* only one */
|
||||
+ passert(ipi != NULL); /* ESP or AH must be present */
|
||||
+ passert(st->st_esp.present != st->st_ah.present); /* only one */
|
||||
|
||||
/* ??? there is no kernel_alg_ah_info */
|
||||
ipi->attrs.transattrs.ei = kernel_alg_esp_info(
|
||||
@@ -142,14 +142,6 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
|
||||
v2genbytes(&rkeymat, ipi->keymat_len,
|
||||
"responder keys", &childsacalc);
|
||||
|
||||
- /* This should really be role == O_INITIATOR, but then our keys are
|
||||
- * installed reversed. This is a workaround until we locate the
|
||||
- * real problem. It's better not to release copies of our code
|
||||
- * that will be incompatible with everything else, including our
|
||||
- * own updated version
|
||||
- * Found by Herbert Xu
|
||||
- * if(role == O_INITIATOR) {
|
||||
- */
|
||||
if (role != O_INITIATOR) {
|
||||
DBG(DBG_CRYPT, {
|
||||
DBG_dump_chunk("our keymat", ikeymat);
|
||||
@@ -167,4 +159,3 @@ void ikev2_derive_child_keys(struct state *st, enum phase1_role role)
|
||||
}
|
||||
|
||||
}
|
||||
-
|
||||
diff --git a/programs/pluto/pluto_crypt.c b/programs/pluto/pluto_crypt.c
|
||||
index 7bf3a2a..080d2a0 100644
|
||||
--- a/programs/pluto/pluto_crypt.c
|
||||
+++ b/programs/pluto/pluto_crypt.c
|
||||
@@ -657,7 +657,7 @@ static void kill_helper(struct pluto_crypto_worker *w)
|
||||
}
|
||||
|
||||
void log_crypto_workers(void) {
|
||||
- bool first_time = TRUE;
|
||||
+ static bool first_time = TRUE;
|
||||
int i;
|
||||
|
||||
if (!first_time)
|
||||
diff --git a/programs/pluto/rcv_whack.c b/programs/pluto/rcv_whack.c
|
||||
index 483f34c..9c6fb11 100644
|
||||
--- a/programs/pluto/rcv_whack.c
|
||||
+++ b/programs/pluto/rcv_whack.c
|
||||
@@ -690,7 +690,7 @@ bool whack_prompt_for(int whackfd,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
- if (strlen(ansbuf) == 0) {
|
||||
+ if (n == 0) {
|
||||
whack_log(RC_LOG_SERIOUS, "no %s entered, aborted", prompt2);
|
||||
return FALSE;
|
||||
}
|
||||
diff --git a/programs/rsasigkey/rsasigkey.c b/programs/rsasigkey/rsasigkey.c
|
||||
index f3f0194..d853365 100644
|
||||
--- a/programs/rsasigkey/rsasigkey.c
|
||||
+++ b/programs/rsasigkey/rsasigkey.c
|
||||
@@ -321,7 +321,14 @@ int main(int argc, char *argv[])
|
||||
device = optarg;
|
||||
break;
|
||||
case 'H': /* set hostname for output */
|
||||
- strcpy(outputhostname, optarg);
|
||||
+ {
|
||||
+ size_t full_len = strlen(optarg);
|
||||
+ bool oflow = sizeof(outputhostname) - 1 < full_len;
|
||||
+ size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
|
||||
+
|
||||
+ memcpy(outputhostname, optarg, copy_len);
|
||||
+ outputhostname[copy_len] = '\0';
|
||||
+ }
|
||||
break;
|
||||
case 'h': /* help */
|
||||
printf("Usage:\t%s\n", usage);
|
||||
21
libreswan-3.10-snprintf.patch
Normal file
21
libreswan-3.10-snprintf.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff -Naur libreswan-3.10-orig/programs/pluto/kernel.c libreswan-3.10/programs/pluto/kernel.c
|
||||
--- libreswan-3.10-orig/programs/pluto/kernel.c 2014-09-01 17:44:22.000000000 -0400
|
||||
+++ libreswan-3.10/programs/pluto/kernel.c 2014-09-08 09:10:29.173718430 -0400
|
||||
@@ -441,7 +441,7 @@
|
||||
"PLUTO_STACK='%s' "
|
||||
"%s" /* optional metric */
|
||||
"%s" /* optional mtu */
|
||||
- "PLUTO_ADDTIME='%lu' "
|
||||
+ "PLUTO_ADDTIME='%" PRIu64 "' "
|
||||
"PLUTO_CONN_POLICY='%s' "
|
||||
"PLUTO_CONN_ADDRFAMILY='ipv%d' "
|
||||
"XAUTH_FAILED=%d "
|
||||
@@ -479,7 +479,7 @@
|
||||
kernel_ops->kern_name,
|
||||
metric_str,
|
||||
connmtu_str,
|
||||
- st == NULL ? 0 : st->st_esp.add_time,
|
||||
+ (u_int64_t)(st == NULL ? 0U : st->st_esp.add_time),
|
||||
prettypolicy(c->policy),
|
||||
(c->addr_family == AF_INET) ? 4 : 6,
|
||||
(st && st->st_xauth_soft) ? 1 : 0,
|
||||
Loading…
Reference in New Issue
Block a user