Hello community, here is the log from the commit of package ipsec-tools for openSUSE:Factory checked in at Fri Jun 12 20:21:32 CEST 2009. -------- --- ipsec-tools/ipsec-tools.changes 2009-05-06 16:45:34.000000000 +0200 +++ ipsec-tools/ipsec-tools.changes 2009-06-11 18:57:12.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Jun 11 17:45:45 CEST 2009 - jbohac@suse.cz + +- fix_sockaddr_overflow_in_ipsec_doi.c.diff (bnc#506710) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- fix_sockaddr_overflow_in_ipsec_doi.c.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipsec-tools.spec ++++++ --- /var/tmp/diff_new_pack.y12807/_old 2009-06-12 20:19:18.000000000 +0200 +++ /var/tmp/diff_new_pack.y12807/_new 2009-06-12 20:19:18.000000000 +0200 @@ -21,7 +21,7 @@ Name: ipsec-tools BuildRequires: bison flex kernel-source krb5-devel openldap2-devel openssl-devel pam pam-devel readline-devel Version: 0.7.2 -Release: 1 +Release: 2 License: BSD 3-Clause Group: Productivity/Networking/Security Provides: racoon @@ -30,6 +30,7 @@ Summary: IPsec Utilities Source: http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-%{version}.tar.bz2 Patch0: no_werror.patch +Patch1: fix_sockaddr_overflow_in_ipsec_doi.c.diff Patch3: racoon.conf_macros.patch Source1: racoon.init Source2: sysconfig.racoon @@ -65,6 +66,7 @@ %prep %setup %patch0 -p1 +%patch1 -p1 %patch3 -p1 %build @@ -157,6 +159,8 @@ %{_mandir}/man*/* %changelog +* Thu Jun 11 2009 jbohac@suse.cz +- fix_sockaddr_overflow_in_ipsec_doi.c.diff (bnc#506710) * Wed May 06 2009 jbohac@suse.cz - Upgrade to 0.7.2 - fixed some rpmlint warnings/errors ++++++ fix_sockaddr_overflow_in_ipsec_doi.c.diff ++++++ References: bnc#506710 Acked-by: Jiri Bohac <jbohac@suse.cz> http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/i... =================================================================== RCS file: /ftp/cvs/cvsroot/src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c,v retrieving revision 1.36 retrieving revision 1.37 diff -u -p -r1.36 -r1.37 --- a/src/racoon/ipsec_doi.c 2008/07/14 05:45:15 1.36 +++ a/src/racoon/ipsec_doi.c 2008/10/29 18:49:45 1.37 @@ -4486,20 +4486,29 @@ ipsecdoi_id2str(id) char *dat; static char buf[BUFLEN]; struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id->v; - struct sockaddr saddr; + struct sockaddr_storage saddr_storage; + struct sockaddr *saddr; + struct sockaddr_in *saddr_in; + struct sockaddr_in6 *saddr_in6; u_int plen = 0; + saddr = (struct sockaddr *)&saddr_storage; + saddr_in = (struct sockaddr_in *)&saddr_storage; + saddr_in6 = (struct sockaddr_in6 *)&saddr_storage; + + switch (id_b->type) { case IPSECDOI_ID_IPV4_ADDR: case IPSECDOI_ID_IPV4_ADDR_SUBNET: case IPSECDOI_ID_IPV4_ADDR_RANGE: #ifndef __linux__ - saddr.sa_len = sizeof(struct sockaddr_in); + saddr->sa_len = sizeof(struct sockaddr_in); #endif - saddr.sa_family = AF_INET; - ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; - memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, + saddr->sa_family = AF_INET; + + saddr_in->sin_port = IPSEC_PORT_ANY; + memcpy(&saddr_in->sin_addr, id->v + sizeof(*id_b), sizeof(struct in_addr)); break; #ifdef INET6 @@ -4508,12 +4517,17 @@ ipsecdoi_id2str(id) case IPSECDOI_ID_IPV6_ADDR_RANGE: #ifndef __linux__ - saddr.sa_len = sizeof(struct sockaddr_in6); + saddr->sa_len = sizeof(struct sockaddr_in6); #endif - saddr.sa_family = AF_INET6; - ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; - memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, + saddr->sa_family = AF_INET6; + + saddr_in6->sin6_port = IPSEC_PORT_ANY; + memcpy(&saddr_in6->sin6_addr, id->v + sizeof(*id_b), sizeof(struct in6_addr)); + saddr_in6->sin6_scope_id = + (IN6_IS_ADDR_LINKLOCAL(&saddr_in6->sin6_addr) + ? ((struct sockaddr_in6 *)id_b)->sin6_scope_id + : 0); break; #endif } @@ -4523,7 +4537,7 @@ ipsecdoi_id2str(id) #ifdef INET6 case IPSECDOI_ID_IPV6_ADDR: #endif - len = snprintf( buf, BUFLEN, "%s", saddrwop2str(&saddr)); + len = snprintf( buf, BUFLEN, "%s", saddrwop2str(saddr)); break; case IPSECDOI_ID_IPV4_ADDR_SUBNET: @@ -4579,42 +4593,46 @@ ipsecdoi_id2str(id) plen += l; } - len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(&saddr), plen); + len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(saddr), plen); } break; case IPSECDOI_ID_IPV4_ADDR_RANGE: - len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); + len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(saddr)); #ifndef __linux__ - saddr.sa_len = sizeof(struct sockaddr_in); + saddr->sa_len = sizeof(struct sockaddr_in); #endif - saddr.sa_family = AF_INET; - ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; - memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, + saddr->sa_family = AF_INET; + saddr_in->sin_port = IPSEC_PORT_ANY; + memcpy(&saddr_in->sin_addr, id->v + sizeof(*id_b) + sizeof(struct in_addr), sizeof(struct in_addr)); - len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); + len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(saddr)); break; #ifdef INET6 case IPSECDOI_ID_IPV6_ADDR_RANGE: - len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); + len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(saddr)); #ifndef __linux__ - saddr.sa_len = sizeof(struct sockaddr_in6); + saddr->sa_len = sizeof(struct sockaddr_in6); #endif - saddr.sa_family = AF_INET6; - ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; - memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, + saddr->sa_family = AF_INET6; + saddr_in6->sin6_port = IPSEC_PORT_ANY; + memcpy(&saddr_in6->sin6_addr, id->v + sizeof(*id_b) + sizeof(struct in6_addr), sizeof(struct in6_addr)); + saddr_in6->sin6_scope_id = + (IN6_IS_ADDR_LINKLOCAL(&saddr_in6->sin6_addr) + ? ((struct sockaddr_in6 *)id_b)->sin6_scope_id + : 0); - len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); + len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(saddr)); break; #endif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org