diff --git a/strongswan-4.4.1-fix_notify_error_range.patch b/strongswan-4.4.1-fix_notify_error_range.patch new file mode 100644 index 0000000..79f2c2e --- /dev/null +++ b/strongswan-4.4.1-fix_notify_error_range.patch @@ -0,0 +1,22 @@ +From 30d8e8d04d132e046a19b6a29439e6efb8ff3e06 Mon Sep 17 00:00:00 2001 +From: Jiri Bohac +Date: Thu, 5 Aug 2010 17:13:38 +0200 +Subject: [PATCH] fix error-type range in parsing of NOTIFY payloads + + +diff --git a/src/libcharon/sa/tasks/ike_init.c b/src/libcharon/sa/tasks/ike_init.c +index 38fb572..dd4a5f5 100644 +--- a/src/libcharon/sa/tasks/ike_init.c ++++ b/src/libcharon/sa/tasks/ike_init.c +@@ -468,7 +468,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message) + } + default: + { +- if (type < 16383) ++ if (type <= 16383) + { + DBG1(DBG_IKE, "received %N notify error", + notify_type_names, type); +-- +1.7.1 + diff --git a/strongswan.changes b/strongswan.changes index 804a3fe..c90352f 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Tue Aug 10 10:56:34 UTC 2010 - mt@suse.de +Tue Aug 10 11:43:38 UTC 2010 - mt@suse.de - Updated to strongSwan 4.4.1 release, changes since 4.4.0 are: * Support of xfrm marks in IPsec SAs and IPsec policies introduced @@ -42,6 +42,9 @@ Tue Aug 10 10:56:34 UTC 2010 - mt@suse.de eap-simaka-pseudonym,eap-aka-3gpp2,md4,blowfish,addrblock plugins. - Enabled the mysql, sqlite, load-tester and test-vectors plugins, that are packaged into separate mysql,sqlite,tests sub packages. +- Disabled sqlite plugin on SLE-10 -- sqlite3 lib is too old there. +- Applied patch by Jiri Bohac fixing error-type range in parsing of + NOTIFY payloads (RFC 4306, section 3.10.1). ------------------------------------------------------------------- Fri Jul 2 15:40:17 UTC 2010 - mt@suse.de diff --git a/strongswan.spec b/strongswan.spec index dbb2b2d..e4eb9e8 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -38,6 +38,7 @@ Source2: %{name}.init.in Source3: %{name}-%{version}-rpmlintrc Source4: README.SUSE Patch1: %{name}_modprobe_syslog.patch +Patch2: %{name}-4.4.1-fix_notify_error_range.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gmp-devel gperf pkg-config BuildRequires: libcap-devel @@ -48,8 +49,9 @@ BuildRequires: curl-devel pam-devel %if 0%{suse_version} >= 1110 BuildRequires: libuuid-devel BuildRequires: NetworkManager-devel +BuildRequires: sqlite3-devel %endif -BuildRequires: libmysqlclient-devel sqlite3-devel +BuildRequires: libmysqlclient-devel %description StrongSwan is an OpenSource IPsec-based VPN Solution for Linux @@ -127,6 +129,8 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the strongswan mysql plugin. +%if 0%{suse_version} >= 1110 + %package sqlite License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -138,6 +142,8 @@ StrongSwan is an OpenSource IPsec-based VPN Solution for Linux This package provides the strongswan sqlite plugin. +%endif + %package tests License: GPLv2+ Summary: OpenSource IPsec-based VPN Solution @@ -224,6 +230,7 @@ NetworkManager-strongswan graphical user interface. %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p0 +%patch2 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -268,11 +275,11 @@ export RPM_OPT_FLAGS CFLAGS %if 0%{suse_version} >= 1110 --enable-gcrypt \ --enable-nm \ + --enable-sqlite \ %endif --enable-ldap \ --enable-curl \ --enable-mysql \ - --enable-sqlite \ --enable-load-tester \ --enable-test-vectors make %{?_smp_mflags:%_smp_mflags} @@ -493,10 +500,12 @@ fi %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-mysql.so +%if 0%{suse_version} >= 1110 %files sqlite %defattr(-,root,root) %dir %{strongswan_plugins} %{strongswan_plugins}/libstrongswan-sqlite.so +%endif %files tests %defattr(-,root,root)