Hello community,
here is the log from the commit of package novell-ipsec-tools for openSUSE:Factory
checked in at Thu Oct 14 00:49:23 CEST 2010.
--------
--- novell-ipsec-tools/novell-ipsec-tools.changes 2010-03-16 10:02:41.000000000 +0100
+++ /mounts/work_src_done/STABLE/novell-ipsec-tools/novell-ipsec-tools.changes 2010-10-12 10:00:27.000000000 +0200
@@ -1,0 +2,10 @@
+Mon Sep 27 04:22:07 UTC 2010 - bili@novell.com
+
+- Upgrade to 0.7.3, with various fixes.
+ - Fix closes a DoS vulnerability (found by Orange Labs) which
+ can be exploited with specific crafted packets.
+- Del the ipsec-overflow.patch cause already fixed in 0.7.3.
+- Modify nit-includes.patch which cause failed to support the
+ policy priority(bnc#632180).
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
ipsec-overflow.patch
ipsec-tools-0.7.1.tar.bz2
nit-includes.diff
New:
----
ipsec-tools-0.7.3.tar.bz2
novell-ipsec-tools_nit-includes.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ novell-ipsec-tools.spec ++++++
--- /var/tmp/diff_new_pack.R8zfqG/_old 2010-10-14 00:49:06.000000000 +0200
+++ /var/tmp/diff_new_pack.R8zfqG/_new 2010-10-14 00:49:06.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package novell-ipsec-tools (Version 0.7.1)
+# spec file for package novell-ipsec-tools (Version 0.7.3)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -20,8 +20,8 @@
Name: novell-ipsec-tools
BuildRequires: bison flex openssl-devel
-Version: 0.7.1
-Release: 6
+Version: 0.7.3
+Release: 1
License: BSD3c(or similar)
Group: Productivity/Networking/Security
PreReq: %insserv_prereq %fillup_prereq
@@ -39,8 +39,7 @@
Patch4: %{name}_plugins-cfparse.patch
Patch5: no_werror.patch
Patch6: novell-ipsec-tools_plugins-am111.patch
-Patch7: nit-includes.diff
-Patch8: ipsec-overflow.patch
+Patch7: novell-ipsec-tools_nit-includes.patch
Url: http://forge.novell.com/modules/xfmod/project/?turnpike
Prefix: /usr
Conflicts: ipsec-tools
@@ -119,8 +118,7 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
-%patch -P 7 -p1
-%patch8 -p0
+%patch7 -p1
ln -sf acracoon.m4 acinclude.m4
%build
@@ -155,7 +153,7 @@
cp -rv src/racoon/samples $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/
cp -v src/setkey/sample* $RPM_BUILD_ROOT/%{_defaultdocdir}/%{name}/
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}
-mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/%{name}
+#mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_sharedstatedir}/%{name}
install -m 0600 src/racoon/samples/psk.txt $RPM_BUILD_ROOT/%{_sysconfdir}
#install -m 0644 src/racoon/samples/racoon.conf $RPM_BUILD_ROOT/{_sysconfdir}
cp -v %{S:3} $RPM_BUILD_ROOT/%{_sysconfdir}/setkey.conf
++++++ ipsec-tools-0.7.1.tar.bz2 -> ipsec-tools-0.7.3.tar.bz2 ++++++
++++ 7736 lines of diff (skipped)
++++++ novell-ipsec-tools_nit-includes.patch ++++++
Index: ipsec-tools-0.7.3/configure.ac
===================================================================
--- ipsec-tools-0.7.3.orig/configure.ac
+++ ipsec-tools-0.7.3/configure.ac
@@ -75,7 +75,7 @@ case "$host_os" in
[ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
- [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
+ [ AC_CHECK_HEADER(linux/pfkeyv2.h,
KERNEL_INCLUDE=/usr/src/linux/include ,
[ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
AC_SUBST(KERNEL_INCLUDE)
@@ -87,7 +87,7 @@ case "$host_os" in
AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority,
[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
[Are PF_KEY policy priorities supported?])], [],
- [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
+ [#include ])
GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
++++++ novell-ipsec-tools_plugins-support-configure.patch ++++++
--- /var/tmp/diff_new_pack.R8zfqG/_old 2010-10-14 00:49:07.000000000 +0200
+++ /var/tmp/diff_new_pack.R8zfqG/_new 2010-10-14 00:49:07.000000000 +0200
@@ -1,7 +1,7 @@
-Index: ipsec-tools-0.7.1/configure.ac
+Index: ipsec-tools-0.7.3/configure.ac
===================================================================
---- ipsec-tools-0.7.1.orig/configure.ac
-+++ ipsec-tools-0.7.1/configure.ac
+--- ipsec-tools-0.7.3.orig/configure.ac
++++ ipsec-tools-0.7.3/configure.ac
@@ -794,6 +794,17 @@ if test "$enable_security_context" = "ye
fi
fi
@@ -20,15 +20,16 @@
CFLAGS="$CFLAGS $CFLAGS_ADD"
CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
-Index: ipsec-tools-0.7.1/ChangeLog
+Index: ipsec-tools-0.7.3/ChangeLog
===================================================================
---- ipsec-tools-0.7.1.orig/ChangeLog
-+++ ipsec-tools-0.7.1/ChangeLog
-@@ -1,3 +1,7 @@
-+2008-08-06 Bin Li
+--- ipsec-tools-0.7.3.orig/ChangeLog
++++ ipsec-tools-0.7.3/ChangeLog
+@@ -1,3 +1,8 @@
++2010-09-27 Bin Li
+ * configure.ac:
+ Add --enable-plugins-support features in configure.ac,
+ it'll define PLUGINS_SUPPORT Macro.
- ---------------------------------------------
++
+ 2009-08-13 tag ipsec-tools-0_7_3
- 0.7.1 released
+ 2009-08-13 Yvan Vanhullebus
++++++ novell-ipsec-tools_plugins-support-core.patch ++++++
--- /var/tmp/diff_new_pack.R8zfqG/_old 2010-10-14 00:49:07.000000000 +0200
+++ /var/tmp/diff_new_pack.R8zfqG/_new 2010-10-14 00:49:07.000000000 +0200
@@ -1,7 +1,7 @@
-Index: ipsec-tools-0.7.1/src/plugin_frame/common.h
+Index: ipsec-tools-0.7.3/src/plugin_frame/common.h
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/common.h
++++ ipsec-tools-0.7.3/src/plugin_frame/common.h
@@ -0,0 +1,160 @@
+
+/************************************************************************************
@@ -163,10 +163,10 @@
+ }
+
+#endif
-Index: ipsec-tools-0.7.1/src/plugin_frame/dispatch.c
+Index: ipsec-tools-0.7.3/src/plugin_frame/dispatch.c
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/dispatch.c
++++ ipsec-tools-0.7.3/src/plugin_frame/dispatch.c
@@ -0,0 +1,140 @@
+
+/************************************************************************************
@@ -308,10 +308,10 @@
+ }
+ return TPIKE_STATUS_SUCCESS;
+}
-Index: ipsec-tools-0.7.1/src/plugin_frame/error.h
+Index: ipsec-tools-0.7.3/src/plugin_frame/error.h
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/error.h
++++ ipsec-tools-0.7.3/src/plugin_frame/error.h
@@ -0,0 +1,53 @@
+
+/************************************************************************************
@@ -366,10 +366,10 @@
+#define TPIKE_OK(x) ((x) == TPIKE_STATUS_SUCCESS)
+
+#endif /* _PLUGIN_ERROR_H */
-Index: ipsec-tools-0.7.1/src/plugin_frame/framework.h
+Index: ipsec-tools-0.7.3/src/plugin_frame/framework.h
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/framework.h
++++ ipsec-tools-0.7.3/src/plugin_frame/framework.h
@@ -0,0 +1,87 @@
+
+/************************************************************************************
@@ -458,10 +458,10 @@
+void free_plugin_info_all(struct plugininfo *);
+
+#endif
-Index: ipsec-tools-0.7.1/src/plugin_frame/hashtable.c
+Index: ipsec-tools-0.7.3/src/plugin_frame/hashtable.c
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/hashtable.c
++++ ipsec-tools-0.7.3/src/plugin_frame/hashtable.c
@@ -0,0 +1,384 @@
+
+/************************************************************************************
@@ -847,10 +847,10 @@
+ }
+ return status;
+}
-Index: ipsec-tools-0.7.1/src/plugin_frame/hashtable.h
+Index: ipsec-tools-0.7.3/src/plugin_frame/hashtable.h
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/hashtable.h
++++ ipsec-tools-0.7.3/src/plugin_frame/hashtable.h
@@ -0,0 +1,57 @@
+
+/************************************************************************************
@@ -909,10 +909,10 @@
+int dump_hash(void);
+
+#endif
-Index: ipsec-tools-0.7.1/src/plugin_frame/position.h
+Index: ipsec-tools-0.7.3/src/plugin_frame/position.h
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/position.h
++++ ipsec-tools-0.7.3/src/plugin_frame/position.h
@@ -0,0 +1,175 @@
+
+/************************************************************************************
@@ -1089,10 +1089,10 @@
+
+#define MAKE_POS(exch, initorresp, sendorrecv, messageno, payload1, payload2) \
+ ( (u_int32_t) MAKE_POS2(exch, ((initorresp)|(sendorrecv)|(messageno)) , payload1, payload2) )
-Index: ipsec-tools-0.7.1/src/plugin_frame/registration.c
+Index: ipsec-tools-0.7.3/src/plugin_frame/registration.c
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/registration.c
++++ ipsec-tools-0.7.3/src/plugin_frame/registration.c
@@ -0,0 +1,357 @@
+
+/************************************************************************************
@@ -1451,10 +1451,10 @@
+ return (int) ((*getdata_fn)(ver, plugin->gprivdata, inlen, inbuf, outlen, outbuf));
+}
+
-Index: ipsec-tools-0.7.1/src/plugin_frame/Makefile.am
+Index: ipsec-tools-0.7.3/src/plugin_frame/Makefile.am
===================================================================
--- /dev/null
-+++ ipsec-tools-0.7.1/src/plugin_frame/Makefile.am
++++ ipsec-tools-0.7.3/src/plugin_frame/Makefile.am
@@ -0,0 +1,17 @@
+include_plugin_framedir = ${includedir}/plugin_frame
+
@@ -1473,20 +1473,20 @@
+ hashtable.h common.h framework.h error.h position.h
+
+libplugin_frame_la_LDFLAGS = -version-info 1:0:0 -static
-Index: ipsec-tools-0.7.1/src/Makefile.am
+Index: ipsec-tools-0.7.3/src/Makefile.am
===================================================================
---- ipsec-tools-0.7.1.orig/src/Makefile.am
-+++ ipsec-tools-0.7.1/src/Makefile.am
+--- ipsec-tools-0.7.3.orig/src/Makefile.am
++++ ipsec-tools-0.7.3/src/Makefile.am
@@ -1,3 +1,3 @@
-SUBDIRS = @INCLUDE_GLIBC@ libipsec setkey racoon
+SUBDIRS = @INCLUDE_GLIBC@ plugin_frame libipsec setkey racoon
-DIST_SUBDIRS = include-glibc libipsec setkey racoon
+DIST_SUBDIRS = include-glibc plugin_frame libipsec setkey racoon
-Index: ipsec-tools-0.7.1/src/racoon/admin.h
+Index: ipsec-tools-0.7.3/src/racoon/admin.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/admin.h
-+++ ipsec-tools-0.7.1/src/racoon/admin.h
+--- ipsec-tools-0.7.3.orig/src/racoon/admin.h
++++ ipsec-tools-0.7.3/src/racoon/admin.h
@@ -77,11 +77,22 @@ struct admin_com {
*/
#define ADMIN_ESTABLISH_SA_PSK 0x0203
@@ -1612,10 +1612,10 @@
+extern int add_default_policy_to_SPD(int);
+
#endif /* _ADMIN_H */
-Index: ipsec-tools-0.7.1/src/racoon/admin.c
+Index: ipsec-tools-0.7.3/src/racoon/admin.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/admin.c
-+++ ipsec-tools-0.7.1/src/racoon/admin.c
+--- ipsec-tools-0.7.3.orig/src/racoon/admin.c
++++ ipsec-tools-0.7.3/src/racoon/admin.c
@@ -5,7 +5,7 @@
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1715,16 +1715,16 @@
"phase 1 for %s -> %s not found\n", loc, rem);
} else {
if (iph1->status == PHASE1ST_ESTABLISHED)
-@@ -318,7 +341,7 @@ out2:
+@@ -320,7 +343,7 @@ out2:
+ user[len] = 0;
- user = (char *)(com + 1);
found = purgeph1bylogin(user);
- plog(LLV_INFO, LOCATION, NULL,
+ plog(LLV_INFO, LOCATION, NULL,
"deleted %d SA for user \"%s\"\n", found, user);
break;
-@@ -337,7 +360,7 @@ out2:
+@@ -339,7 +362,7 @@ out2:
rem = racoon_strdup(saddrwop2str(dst));
STRDUP_FATAL(rem);
@@ -1733,7 +1733,7 @@
"Flushing all SAs for peer %s\n", rem);
while ((iph1 = getph1bydstaddrwop(dst)) != NULL) {
-@@ -363,14 +386,14 @@ out2:
+@@ -365,14 +388,14 @@ out2:
com->ac_cmd = ADMIN_ESTABLISH_SA;
acp = (struct admin_com_psk *)
@@ -1750,7 +1750,7 @@
strerror(errno));
break;
}
-@@ -379,7 +402,7 @@ out2:
+@@ -381,7 +404,7 @@ out2:
if ((key = vmalloc(acp->key_len)) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -1759,7 +1759,7 @@
strerror(errno));
vfree(id);
id = NULL;
-@@ -453,7 +476,7 @@ out2:
+@@ -455,7 +478,7 @@ out2:
rmconf->xauth->pass = key;
}
#endif
@@ -1768,7 +1768,7 @@
plog(LLV_INFO, LOCATION, NULL,
"accept a request to establish IKE-SA: "
"%s\n", saddrwop2str(remote));
-@@ -479,6 +502,626 @@ out1:
+@@ -481,6 +504,626 @@ out1:
}
}
break;
@@ -2395,7 +2395,7 @@
default:
plog(LLV_ERROR, LOCATION, NULL,
-@@ -587,17 +1230,17 @@ admin_init()
+@@ -589,17 +1232,17 @@ admin_init()
}
if (chown(sunaddr.sun_path, adminsock_owner, adminsock_group) != 0) {
@@ -2418,7 +2418,7 @@
sunaddr.sun_path, adminsock_mode, strerror(errno));
(void)close(lcconf->sock_admin);
return -1;
-@@ -622,5 +1265,153 @@ admin_close()
+@@ -624,5 +1267,153 @@ admin_close()
close(lcconf->sock_admin);
return 0;
}
@@ -2572,10 +2572,10 @@
+ EVT_PUSH(0, 0, EVTT_ISAKMP_CFG_DONE, NULL);
+ return 0;
+}
-Index: ipsec-tools-0.7.1/src/racoon/algorithm.h
+Index: ipsec-tools-0.7.3/src/racoon/algorithm.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/algorithm.h
-+++ ipsec-tools-0.7.1/src/racoon/algorithm.h
+--- ipsec-tools-0.7.3.orig/src/racoon/algorithm.h
++++ ipsec-tools-0.7.3/src/racoon/algorithm.h
@@ -213,4 +213,6 @@ extern const char *alg_oakley_hashdef_na
extern const char *alg_oakley_dhdef_name __P((int));
extern const char *alg_oakley_authdef_name __P((int));
@@ -2583,10 +2583,10 @@
+extern int algdoi2type(int, int);
+
#endif /* _ALGORITHM_H */
-Index: ipsec-tools-0.7.1/src/racoon/algorithm.c
+Index: ipsec-tools-0.7.3/src/racoon/algorithm.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/algorithm.c
-+++ ipsec-tools-0.7.1/src/racoon/algorithm.c
+--- ipsec-tools-0.7.3.orig/src/racoon/algorithm.c
++++ ipsec-tools-0.7.3/src/racoon/algorithm.c
@@ -955,3 +955,20 @@ algclass2doi(class)
/*NOTREACHED*/
return -1;
@@ -2608,10 +2608,10 @@
+ }
+ return res;
+}
-Index: ipsec-tools-0.7.1/src/racoon/cfparse_proto.h
+Index: ipsec-tools-0.7.3/src/racoon/cfparse_proto.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/cfparse_proto.h
-+++ ipsec-tools-0.7.1/src/racoon/cfparse_proto.h
+--- ipsec-tools-0.7.3.orig/src/racoon/cfparse_proto.h
++++ ipsec-tools-0.7.3/src/racoon/cfparse_proto.h
@@ -39,4 +39,6 @@ extern int yyparse __P((void));
extern int cfparse __P((void));
extern int cfreparse __P((void));
@@ -2619,10 +2619,10 @@
+extern int cfreparse_withfname __P((char *fname));
+
#endif /* _CFPARSE_PROTO_H */
-Index: ipsec-tools-0.7.1/src/racoon/cfparse.y
+Index: ipsec-tools-0.7.3/src/racoon/cfparse.y
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/cfparse.y
-+++ ipsec-tools-0.7.1/src/racoon/cfparse.y
+--- ipsec-tools-0.7.3.orig/src/racoon/cfparse.y
++++ ipsec-tools-0.7.3/src/racoon/cfparse.y
@@ -1220,7 +1220,7 @@ sainfo_id
: IDENTIFIERTYPE ADDRSTRING prefix port ul_proto
{
@@ -2731,10 +2731,10 @@
#ifdef ENABLE_ADMINPORT
static void
adminsock_conf(path, owner, group, mode_dec)
-Index: ipsec-tools-0.7.1/src/racoon/handler.c
+Index: ipsec-tools-0.7.3/src/racoon/handler.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/handler.c
-+++ ipsec-tools-0.7.1/src/racoon/handler.c
+--- ipsec-tools-0.7.3.orig/src/racoon/handler.c
++++ ipsec-tools-0.7.3/src/racoon/handler.c
@@ -81,7 +81,12 @@
#include "gssapi.h"
#endif
++++++ novell-ipsec-tools_plugins-support-nortel.patch ++++++
--- /var/tmp/diff_new_pack.R8zfqG/_old 2010-10-14 00:49:07.000000000 +0200
+++ /var/tmp/diff_new_pack.R8zfqG/_new 2010-10-14 00:49:07.000000000 +0200
@@ -1,7 +1,7 @@
-Index: ipsec-tools-0.7.1/src/racoon/oakley.c
+Index: ipsec-tools-0.7.3/src/racoon/oakley.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/oakley.c
-+++ ipsec-tools-0.7.1/src/racoon/oakley.c
+--- ipsec-tools-0.7.3.orig/src/racoon/oakley.c
++++ ipsec-tools-0.7.3/src/racoon/oakley.c
@@ -96,6 +96,13 @@
#include "gssapi.h"
#endif
@@ -116,10 +116,10 @@
+ return status;
+}
+#endif // PLUGINS_SUPPORT
-Index: ipsec-tools-0.7.1/src/racoon/ipsec_doi.c
+Index: ipsec-tools-0.7.3/src/racoon/ipsec_doi.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/ipsec_doi.c
-+++ ipsec-tools-0.7.1/src/racoon/ipsec_doi.c
+--- ipsec-tools-0.7.3.orig/src/racoon/ipsec_doi.c
++++ ipsec-tools-0.7.3/src/racoon/ipsec_doi.c
@@ -97,6 +97,13 @@ static int switch_authmethod(int);
#endif
#endif
@@ -455,7 +455,7 @@
/*
* create sockaddr structure from ID payload (buf).
-@@ -4913,3 +5035,101 @@ switch_authmethod(authmethod)
+@@ -4931,3 +5053,101 @@ switch_authmethod(authmethod)
return authmethod;
}
#endif
@@ -557,10 +557,10 @@
+ return status;
+}
+#endif
-Index: ipsec-tools-0.7.1/src/racoon/ipsec_doi.h
+Index: ipsec-tools-0.7.3/src/racoon/ipsec_doi.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/ipsec_doi.h
-+++ ipsec-tools-0.7.1/src/racoon/ipsec_doi.h
+--- ipsec-tools-0.7.3.orig/src/racoon/ipsec_doi.h
++++ ipsec-tools-0.7.3/src/racoon/ipsec_doi.h
@@ -34,6 +34,8 @@
#ifndef _IPSEC_DOI_H
#define _IPSEC_DOI_H
@@ -579,10 +579,10 @@
extern vchar_t *ipsecdoi_setph1proposal __P((struct isakmpsa *));
extern int ipsecdoi_setph2proposal __P((struct ph2handle *));
-Index: ipsec-tools-0.7.1/src/racoon/isakmp_agg.c
+Index: ipsec-tools-0.7.3/src/racoon/isakmp_agg.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/isakmp_agg.c
-+++ ipsec-tools-0.7.1/src/racoon/isakmp_agg.c
+--- ipsec-tools-0.7.3.orig/src/racoon/isakmp_agg.c
++++ ipsec-tools-0.7.3/src/racoon/isakmp_agg.c
@@ -95,6 +95,13 @@
#include "gssapi.h"
#endif
@@ -766,10 +766,10 @@
iph1->sendbuf = isakmp_plist_set_all (&plist, iph1);
#ifdef HAVE_PRINT_ISAKMP_C
-Index: ipsec-tools-0.7.1/src/racoon/nattraversal.h
+Index: ipsec-tools-0.7.3/src/racoon/nattraversal.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/nattraversal.h
-+++ ipsec-tools-0.7.1/src/racoon/nattraversal.h
+--- ipsec-tools-0.7.3.orig/src/racoon/nattraversal.h
++++ ipsec-tools-0.7.3/src/racoon/nattraversal.h
@@ -79,9 +79,19 @@ vchar_t *natt_hash_addr (struct ph1handl
int natt_compare_addr_hash (struct ph1handle *iph1, vchar_t *natd_received, int natd_seq);
int natt_udp_encap (int encmode);
@@ -790,10 +790,10 @@
struct payload_list *
isakmp_plist_append_natt_vids (struct payload_list *plist, vchar_t *vid_natt[MAX_NATT_VID_COUNT]);
-Index: ipsec-tools-0.7.1/src/racoon/nattraversal.c
+Index: ipsec-tools-0.7.3/src/racoon/nattraversal.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/nattraversal.c
-+++ ipsec-tools-0.7.1/src/racoon/nattraversal.c
+--- ipsec-tools-0.7.3.orig/src/racoon/nattraversal.c
++++ ipsec-tools-0.7.3/src/racoon/nattraversal.c
@@ -68,6 +68,13 @@
#include "nattraversal.h"
#include "grabmyaddr.h"
@@ -877,8 +877,8 @@
natt_handle_vendorid (struct ph1handle *iph1, int vid_numeric)
{
if (! iph1->natt_options)
-@@ -319,6 +381,31 @@ natt_handle_vendorid (struct ph1handle *
- iph1->natt_flags |= NAT_ANNOUNCED;
+@@ -328,6 +390,31 @@ natt_keepalive_delete (struct natt_ka_ad
+ racoon_free (ka);
}
+#ifdef PLUGINS_SUPPORT
@@ -909,10 +909,10 @@
/* NAT keepalive functions */
static void
natt_keepalive_send (void *param)
-Index: ipsec-tools-0.7.1/src/racoon/pfkey.c
+Index: ipsec-tools-0.7.3/src/racoon/pfkey.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/pfkey.c
-+++ ipsec-tools-0.7.1/src/racoon/pfkey.c
+--- ipsec-tools-0.7.3.orig/src/racoon/pfkey.c
++++ ipsec-tools-0.7.3/src/racoon/pfkey.c
@@ -100,6 +100,15 @@
#include "crypto_openssl.h"
#include "grabmyaddr.h"
@@ -1157,10 +1157,10 @@
/* sanity check */
if (mhp[SADB_EXT_ADDRESS_SRC] == NULL
|| mhp[SADB_EXT_ADDRESS_DST] == NULL
-Index: ipsec-tools-0.7.1/src/racoon/pfkey.h
+Index: ipsec-tools-0.7.3/src/racoon/pfkey.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/pfkey.h
-+++ ipsec-tools-0.7.1/src/racoon/pfkey.h
+--- ipsec-tools-0.7.3.orig/src/racoon/pfkey.h
++++ ipsec-tools-0.7.3/src/racoon/pfkey.h
@@ -44,6 +44,8 @@ extern const int pfkey_nsatypes;
extern int pfkey_handler __P((void));
@@ -1170,10 +1170,10 @@
extern void pfkey_flush_sadb __P((u_int));
extern int pfkey_init __P((void));
-Index: ipsec-tools-0.7.1/src/racoon/remoteconf.h
+Index: ipsec-tools-0.7.3/src/racoon/remoteconf.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/remoteconf.h
-+++ ipsec-tools-0.7.1/src/racoon/remoteconf.h
+--- ipsec-tools-0.7.3.orig/src/racoon/remoteconf.h
++++ ipsec-tools-0.7.3/src/racoon/remoteconf.h
@@ -146,9 +146,14 @@ struct isakmpsa {
#ifdef HAVE_GSSAPI
vchar_t *gssid;
@@ -1189,10 +1189,10 @@
struct isakmpsa *next; /* next transform */
struct remoteconf *rmconf; /* backpointer to remoteconf */
};
-Index: ipsec-tools-0.7.1/src/racoon/sainfo.h
+Index: ipsec-tools-0.7.3/src/racoon/sainfo.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/sainfo.h
-+++ ipsec-tools-0.7.1/src/racoon/sainfo.h
+--- ipsec-tools-0.7.3.orig/src/racoon/sainfo.h
++++ ipsec-tools-0.7.3/src/racoon/sainfo.h
@@ -71,6 +71,7 @@ struct sainfoalg {
extern struct sainfo *getsainfo __P((const vchar_t *,
const vchar_t *, const vchar_t *, int));
@@ -1209,10 +1209,10 @@
extern const char * sainfo2str __P((const struct sainfo *));
extern void save_sainfotree __P((void));
-Index: ipsec-tools-0.7.1/src/racoon/sainfo.c
+Index: ipsec-tools-0.7.3/src/racoon/sainfo.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/sainfo.c
-+++ ipsec-tools-0.7.1/src/racoon/sainfo.c
+--- ipsec-tools-0.7.3.orig/src/racoon/sainfo.c
++++ ipsec-tools-0.7.3/src/racoon/sainfo.c
@@ -90,39 +90,39 @@ getsainfo(loc, rmt, peer, remoteid)
/* debug level output */
if(loglevel >= LLV_DEBUG) {
@@ -1370,10 +1370,10 @@
const char *
sainfo2str(si)
const struct sainfo *si;
-Index: ipsec-tools-0.7.1/src/racoon/isakmp_quick.c
+Index: ipsec-tools-0.7.3/src/racoon/isakmp_quick.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/isakmp_quick.c
-+++ ipsec-tools-0.7.1/src/racoon/isakmp_quick.c
+--- ipsec-tools-0.7.3.orig/src/racoon/isakmp_quick.c
++++ ipsec-tools-0.7.3/src/racoon/isakmp_quick.c
@@ -87,11 +87,26 @@
#include "admin.h"
#include "strnames.h"
@@ -1520,10 +1520,10 @@
/* Do UPDATE as responder */
plog(LLV_DEBUG, LOCATION, NULL, "call pk_sendupdate\n");
if (pk_sendupdate(iph2) < 0) {
-Index: ipsec-tools-0.7.1/src/racoon/isakmp_var.h
+Index: ipsec-tools-0.7.3/src/racoon/isakmp_var.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/isakmp_var.h
-+++ ipsec-tools-0.7.1/src/racoon/isakmp_var.h
+--- ipsec-tools-0.7.3.orig/src/racoon/isakmp_var.h
++++ ipsec-tools-0.7.3/src/racoon/isakmp_var.h
@@ -111,6 +111,12 @@ extern struct payload_list *isakmp_plist
extern vchar_t *isakmp_plist_set_all __P((struct payload_list **plist,
struct ph1handle *iph1));
@@ -1537,10 +1537,10 @@
#ifdef HAVE_PRINT_ISAKMP_C
extern void isakmp_printpacket __P((vchar_t *, struct sockaddr *,
struct sockaddr *, int));
-Index: ipsec-tools-0.7.1/src/racoon/isakmp_inf.c
+Index: ipsec-tools-0.7.3/src/racoon/isakmp_inf.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/isakmp_inf.c
-+++ ipsec-tools-0.7.1/src/racoon/isakmp_inf.c
+--- ipsec-tools-0.7.3.orig/src/racoon/isakmp_inf.c
++++ ipsec-tools-0.7.3/src/racoon/isakmp_inf.c
@@ -98,6 +98,13 @@
#include "nattraversal.h"
#endif
@@ -1555,7 +1555,7 @@
/* information exchange */
static int isakmp_info_recv_n (struct ph1handle *, struct isakmp_pl_n *, u_int32_t, int);
static int isakmp_info_recv_d (struct ph1handle *, struct isakmp_pl_d *, u_int32_t, int);
-@@ -423,6 +430,12 @@ isakmp_info_recv_n(iph1, notify, msgid,
+@@ -418,6 +425,12 @@ isakmp_info_recv_n(iph1, notify, msgid,
racoon_free(spi);
}
@@ -1568,7 +1568,7 @@
/* Send the message data to the logs */
if(type >= ISAKMP_NTYPE_MINERROR &&
type <= ISAKMP_NTYPE_MAXERROR) {
-@@ -799,6 +812,37 @@ isakmp_info_send_n1(iph1, type, data)
+@@ -794,6 +807,37 @@ isakmp_info_send_n1(iph1, type, data)
* by cookie and SPI has no meaning, 0 <= SPI size <= 16.
* RFC2407 4.6.3.3, INITIAL-CONTACT is required to set to 16.
*/
@@ -1606,7 +1606,7 @@
if (type == ISAKMP_NTYPE_INITIAL_CONTACT)
spisiz = sizeof(isakmp_index);
else
-@@ -827,7 +871,19 @@ isakmp_info_send_n1(iph1, type, data)
+@@ -822,7 +866,19 @@ isakmp_info_send_n1(iph1, type, data)
memcpy((caddr_t)(n + 1) + spisiz, data->v, data->l);
error = isakmp_info_send_common(iph1, payload, ISAKMP_NPTYPE_N, iph1->flags);
@@ -1627,10 +1627,10 @@
return error;
}
-Index: ipsec-tools-0.7.1/src/racoon/isakmp_ident.c
+Index: ipsec-tools-0.7.3/src/racoon/isakmp_ident.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/isakmp_ident.c
-+++ ipsec-tools-0.7.1/src/racoon/isakmp_ident.c
+--- ipsec-tools-0.7.3.orig/src/racoon/isakmp_ident.c
++++ ipsec-tools-0.7.3/src/racoon/isakmp_ident.c
@@ -90,6 +90,13 @@
#include "isakmp_frag.h"
#endif
@@ -1765,10 +1765,10 @@
#endif
/* check SA payload and set approval SA for use */
-Index: ipsec-tools-0.7.1/src/racoon/isakmp_cfg.c
+Index: ipsec-tools-0.7.3/src/racoon/isakmp_cfg.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/isakmp_cfg.c
-+++ ipsec-tools-0.7.1/src/racoon/isakmp_cfg.c
+--- ipsec-tools-0.7.3.orig/src/racoon/isakmp_cfg.c
++++ ipsec-tools-0.7.3/src/racoon/isakmp_cfg.c
@@ -105,6 +105,13 @@
#include "admin.h"
#include "privsep.h"
@@ -1984,7 +1984,7 @@
plog(LLV_DEBUG, LOCATION, NULL,
"Sending MODE_CFG ACK\n");
-@@ -2155,3 +2270,166 @@ isakmp_cfg_init(cold)
+@@ -2157,3 +2272,166 @@ isakmp_cfg_init(cold)
return 0;
}
@@ -2151,10 +2151,10 @@
+ return status; //should return status returned by plugin
+}
+#endif
-Index: ipsec-tools-0.7.1/src/racoon/localconf.c
+Index: ipsec-tools-0.7.3/src/racoon/localconf.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/localconf.c
-+++ ipsec-tools-0.7.1/src/racoon/localconf.c
+--- ipsec-tools-0.7.3.orig/src/racoon/localconf.c
++++ ipsec-tools-0.7.3/src/racoon/localconf.c
@@ -126,6 +126,19 @@ setdefault()
lcconf->natt_ka_interval = LC_DEFAULT_NATT_KA_INTERVAL;
}
@@ -2175,10 +2175,10 @@
/*
* get PSK by string.
*/
-Index: ipsec-tools-0.7.1/src/racoon/localconf.h
+Index: ipsec-tools-0.7.3/src/racoon/localconf.h
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/localconf.h
-+++ ipsec-tools-0.7.1/src/racoon/localconf.h
+--- ipsec-tools-0.7.3.orig/src/racoon/localconf.h
++++ ipsec-tools-0.7.3/src/racoon/localconf.h
@@ -34,6 +34,8 @@
#ifndef _LOCALCONF_H
#define _LOCALCONF_H
@@ -2208,11 +2208,11 @@
extern vchar_t *getpskbyname __P((vchar_t *));
extern vchar_t *getpskbyaddr __P((struct sockaddr *));
extern void getpathname __P((char *, int, int, const char *));
-Index: ipsec-tools-0.7.1/src/racoon/main.c
+Index: ipsec-tools-0.7.3/src/racoon/main.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/main.c
-+++ ipsec-tools-0.7.1/src/racoon/main.c
-@@ -334,7 +334,7 @@ parse(ac, av)
+--- ipsec-tools-0.7.3.orig/src/racoon/main.c
++++ ipsec-tools-0.7.3/src/racoon/main.c
+@@ -340,7 +340,7 @@ parse(ac, av)
exit(1);
#endif
case 'f':
@@ -2221,10 +2221,10 @@
break;
case 'l':
plogset(optarg);
-Index: ipsec-tools-0.7.1/src/racoon/Makefile.am
+Index: ipsec-tools-0.7.3/src/racoon/Makefile.am
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/Makefile.am
-+++ ipsec-tools-0.7.1/src/racoon/Makefile.am
+--- ipsec-tools-0.7.3.orig/src/racoon/Makefile.am
++++ ipsec-tools-0.7.3/src/racoon/Makefile.am
@@ -4,7 +4,8 @@ sbin_PROGRAMS = racoon racoonctl plainrs
noinst_PROGRAMS = eaytest
include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
@@ -2256,16 +2256,16 @@
racoon_DEPENDENCIES = \
$(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(SECCTX_OBJS) \
vmbuf.o sockmisc.o misc.o
-Index: ipsec-tools-0.7.1/configure.ac
+Index: ipsec-tools-0.7.3/configure.ac
===================================================================
---- ipsec-tools-0.7.1.orig/configure.ac
-+++ ipsec-tools-0.7.1/configure.ac
+--- ipsec-tools-0.7.3.orig/configure.ac
++++ ipsec-tools-0.7.3/configure.ac
@@ -2,7 +2,7 @@ dnl -*- mode: m4 -*-
dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
AC_PREREQ(2.52)
--AC_INIT(ipsec-tools, 0.7.1)
-+AC_INIT(novell-ipsec-tools, 0.7.1)
+-AC_INIT(ipsec-tools, 0.7.3)
++AC_INIT(novell-ipsec-tools, 0.7.3)
AC_CONFIG_SRCDIR([configure.ac])
AM_CONFIG_HEADER(config.h)
@@ -2317,10 +2317,10 @@
src/racoon/Makefile
src/racoon/samples/psk.txt
src/racoon/samples/racoon.conf
-Index: ipsec-tools-0.7.1/src/racoon/isakmp.c
+Index: ipsec-tools-0.7.3/src/racoon/isakmp.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/isakmp.c
-+++ ipsec-tools-0.7.1/src/racoon/isakmp.c
+--- ipsec-tools-0.7.3.orig/src/racoon/isakmp.c
++++ ipsec-tools-0.7.3/src/racoon/isakmp.c
@@ -107,6 +107,13 @@
#include
@@ -2349,7 +2349,7 @@
/* ignore a packet */
if (iph1->status == PHASE1ST_ESTABLISHED)
return 0;
-@@ -849,32 +863,54 @@ ph1_main(iph1, msg)
+@@ -853,32 +867,54 @@ ph1_main(iph1, msg)
#ifdef ENABLE_STATS
gettimeofday(&iph1->end, NULL);
syslog(LOG_NOTICE, "%s(%s): %8.6f",
@@ -2422,7 +2422,7 @@
}
}
#endif
-@@ -887,14 +923,14 @@ ph1_main(iph1, msg)
+@@ -891,14 +927,14 @@ ph1_main(iph1, msg)
/* INITIAL-CONTACT processing */
/* don't anything if local test mode. */
if (!f_local
@@ -2439,7 +2439,7 @@
/* ignore */
}
}
-@@ -908,22 +944,22 @@ ph1_main(iph1, msg)
+@@ -912,22 +948,22 @@ ph1_main(iph1, msg)
* case it is done when we receive the configuration.
*/
if ((iph1->status == PHASE1ST_ESTABLISHED) &&
@@ -2476,7 +2476,7 @@
}
}
}
-@@ -3619,3 +3655,111 @@ setscopeid(sp_addr0, sa_addr0)
+@@ -3626,3 +3662,111 @@ setscopeid(sp_addr0, sa_addr0)
return 0;
}
#endif
@@ -2588,10 +2588,10 @@
+}
+
+#endif
-Index: ipsec-tools-0.7.1/src/racoon/remoteconf.c
+Index: ipsec-tools-0.7.3/src/racoon/remoteconf.c
===================================================================
---- ipsec-tools-0.7.1.orig/src/racoon/remoteconf.c
-+++ ipsec-tools-0.7.1/src/racoon/remoteconf.c
+--- ipsec-tools-0.7.3.orig/src/racoon/remoteconf.c
++++ ipsec-tools-0.7.3/src/racoon/remoteconf.c
@@ -302,10 +302,15 @@ delrmconf(rmconf)
if (rmconf->xauth)
xauth_rmconf_delete(&rmconf->xauth);
++++++ racoon.init ++++++
--- /var/tmp/diff_new_pack.R8zfqG/_old 2010-10-14 00:49:07.000000000 +0200
+++ /var/tmp/diff_new_pack.R8zfqG/_new 2010-10-14 00:49:07.000000000 +0200
@@ -15,6 +15,7 @@
# Required-Stop: $remote_fs $named $syslog
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
+# Short-Description: IPsec key management daemon
# Description: IPsec key management daemon
### END INIT INFO
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org