forked from pool/strongswan
This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
ca63ce53ec
commit
f1c08d14e3
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:30e5acb5913882d1389b0133c3c3e9cfb5c2686058d56b7baf37c0740c0b6791
|
||||
size 2894019
|
||||
@ -1,9 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.6 (GNU/Linux)
|
||||
|
||||
iQCVAwUASLUlc9YbDnNAmVNZAQI4ZwP/TmmXOMo6lCUcLD2wJvZvotpCt6Tnrb1n
|
||||
4ZlUdZrqq2Br1A8t5CqTaqS+T5p3z+nvNU3x8GVTKtSDlPwbK+gGGXVdIrfGMv2O
|
||||
ToKjuiTU+ws4I74eFG5zjC1zAkavbH/P3zuTwwsZ2ahGWcCR+Wf3mmTH5pSauQM1
|
||||
doF73F0F0Ks=
|
||||
=qSNp
|
||||
-----END PGP SIGNATURE-----
|
||||
3
strongswan-4.2.8.tar.bz2
Normal file
3
strongswan-4.2.8.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3e5a291857d55dfa530d5618e27a9fd17d0fd1e9d24023199a46466f76a6b687
|
||||
size 2906030
|
||||
9
strongswan-4.2.8.tar.bz2.sig
Normal file
9
strongswan-4.2.8.tar.bz2.sig
Normal file
@ -0,0 +1,9 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.6 (GNU/Linux)
|
||||
|
||||
iQCVAwUASPP38NYbDnNAmVNZAQK+AQP9EZ6yw3ru3RpRiR04qH4asitAF/bxGOLb
|
||||
O5ZZrbdedw4zC9gXZI3zmCgxO8t5RQA3JjtlsUtSkITAVhhxoyQb3LLg+8dtF3EN
|
||||
+eawBteUG7xRl6Y+y3ESLwQ0Voma6FijN3GpqKFh7TJeFP+gSsV9Q0iZvDBxlCa/
|
||||
uVCvhbq+dcc=
|
||||
=H4YY
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,3 +1,20 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 20 09:27:06 CEST 2008 - mt@suse.de
|
||||
|
||||
- Updated to 4.2.8 release:
|
||||
* IKEv2 charon daemon supports authentication based on raw public
|
||||
keys stored in the SQL database backend. The ipsec listpubkeys
|
||||
command lists the available raw public keys via the stroke
|
||||
interface.
|
||||
* Several MOBIKE improvements: Detect changes in NAT mappings in
|
||||
DPD exchanges, handle events if kernel detects NAT mapping changes
|
||||
in UDP-encapsulated ESP packets (requires kernel patch), reuse old
|
||||
addesses in MOBIKE updates as long as possible and other fixes.
|
||||
* Fixed a bug in addr_in_subnet() which caused insertion of wrong
|
||||
source routes for destination subnets having netwmasks not being a
|
||||
multiple of 8 bits. Thanks go to Wolfgang Steudel, TU Ilmenau for
|
||||
reporting this bug.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 14 16:29:59 CEST 2008 - mt@suse.de
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#
|
||||
# spec file for package strongswan (Version 4.2.6)
|
||||
# spec file for package strongswan (Version 4.2.8)
|
||||
#
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
@ -19,10 +19,10 @@
|
||||
|
||||
|
||||
Name: strongswan
|
||||
%define upstream_version 4.2.6
|
||||
%define upstream_version 4.2.8
|
||||
%define strongswan_docdir %{_docdir}/%{name}
|
||||
Version: 4.2.6
|
||||
Release: 12
|
||||
Version: 4.2.8
|
||||
Release: 1
|
||||
License: GPL v2 or later
|
||||
Group: Productivity/Networking/Security
|
||||
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
|
||||
@ -40,8 +40,6 @@ Source3: %{name}-%{version}-rpmlintrc
|
||||
Patch1: %{name}_modprobe_syslog.dif
|
||||
Patch2: %{name}-%{upstream_version}.dif
|
||||
Patch3: %{name}_update-dns-server.dif
|
||||
Patch4: %{name}_DoS_changeset_r4345.diff
|
||||
Patch5: %{name}_addr_in_subnet.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildRequires: bison flex gmp-devel gperf pkg-config
|
||||
%if 0%{?suse_version} >= 1030
|
||||
@ -139,8 +137,6 @@ Authors:
|
||||
%patch1 -p0
|
||||
%patch2 -p0
|
||||
%patch3 -p0
|
||||
%patch4 -p2
|
||||
%patch5 -p0
|
||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||
< $RPM_SOURCE_DIR/strongswan.init.in \
|
||||
> strongswan.init
|
||||
@ -273,6 +269,20 @@ fi
|
||||
%{_mandir}/man8/starter.8*
|
||||
|
||||
%changelog
|
||||
* Mon Oct 20 2008 mt@suse.de
|
||||
- Updated to 4.2.8 release:
|
||||
* IKEv2 charon daemon supports authentication based on raw public
|
||||
keys stored in the SQL database backend. The ipsec listpubkeys
|
||||
command lists the available raw public keys via the stroke
|
||||
interface.
|
||||
* Several MOBIKE improvements: Detect changes in NAT mappings in
|
||||
DPD exchanges, handle events if kernel detects NAT mapping changes
|
||||
in UDP-encapsulated ESP packets (requires kernel patch), reuse old
|
||||
addesses in MOBIKE updates as long as possible and other fixes.
|
||||
* Fixed a bug in addr_in_subnet() which caused insertion of wrong
|
||||
source routes for destination subnets having netwmasks not being a
|
||||
multiple of 8 bits. Thanks go to Wolfgang Steudel, TU Ilmenau for
|
||||
reporting this bug.
|
||||
* Tue Oct 14 2008 mt@suse.de
|
||||
- Applied fix for addr_in_subnet() extracted from strongswan-4.2.8
|
||||
which caused insertion of wrong source routes for destination
|
||||
|
||||
@ -1,103 +0,0 @@
|
||||
Index: /trunk/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
|
||||
===================================================================
|
||||
--- /trunk/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4317)
|
||||
+++ /trunk/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c (revision 4345)
|
||||
@@ -94,9 +94,13 @@
|
||||
mpz_powm(c, m, this->e, this->n);
|
||||
|
||||
- encrypted.len = this->k;
|
||||
- encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
|
||||
+ encrypted.len = this->k;
|
||||
+ encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
|
||||
+ if (encrypted.ptr == NULL)
|
||||
+ {
|
||||
+ encrypted.len = 0;
|
||||
+ }
|
||||
|
||||
mpz_clear(c);
|
||||
- mpz_clear(m);
|
||||
+ mpz_clear(m);
|
||||
|
||||
return encrypted;
|
||||
Index: /trunk/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
|
||||
===================================================================
|
||||
--- /trunk/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 3806)
|
||||
+++ /trunk/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c (revision 4345)
|
||||
@@ -344,5 +344,5 @@
|
||||
*/
|
||||
mpz_t g;
|
||||
-
|
||||
+
|
||||
/**
|
||||
* My private value.
|
||||
@@ -354,5 +354,5 @@
|
||||
*/
|
||||
mpz_t ya;
|
||||
-
|
||||
+
|
||||
/**
|
||||
* Other public value.
|
||||
@@ -374,5 +374,5 @@
|
||||
*/
|
||||
size_t p_len;
|
||||
-
|
||||
+
|
||||
/**
|
||||
* True if shared secret is computed and stored in my_public_value.
|
||||
@@ -441,5 +441,9 @@
|
||||
}
|
||||
value->len = this->p_len;
|
||||
- value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb);
|
||||
+ value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb);
|
||||
+ if (value->ptr == NULL)
|
||||
+ {
|
||||
+ return FAILED;
|
||||
+ }
|
||||
return SUCCESS;
|
||||
}
|
||||
@@ -452,4 +456,8 @@
|
||||
value->len = this->p_len;
|
||||
value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya);
|
||||
+ if (value->ptr == NULL)
|
||||
+ {
|
||||
+ value->len = 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
@@ -464,5 +472,9 @@
|
||||
}
|
||||
secret->len = this->p_len;
|
||||
- secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz);
|
||||
+ secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz);
|
||||
+ if (secret->ptr == NULL)
|
||||
+ {
|
||||
+ return FAILED;
|
||||
+ }
|
||||
return SUCCESS;
|
||||
}
|
||||
Index: /trunk/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
|
||||
===================================================================
|
||||
--- /trunk/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4317)
|
||||
+++ /trunk/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c (revision 4345)
|
||||
@@ -192,4 +192,8 @@
|
||||
decrypted.len = this->k;
|
||||
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
|
||||
+ if (decrypted.ptr == NULL)
|
||||
+ {
|
||||
+ decrypted.len = 0;
|
||||
+ }
|
||||
|
||||
mpz_clear_randomized(t1);
|
||||
Index: /trunk/src/openac/openac.c
|
||||
===================================================================
|
||||
--- /trunk/src/openac/openac.c (revision 4318)
|
||||
+++ /trunk/src/openac/openac.c (revision 4345)
|
||||
@@ -104,4 +104,8 @@
|
||||
chunk.len = 1 + mpz_sizeinbase(number, 2)/BITS_PER_BYTE;
|
||||
chunk.ptr = mpz_export(NULL, NULL, 1, chunk.len, 1, 0, number);
|
||||
+ if (chunk.ptr == NULL)
|
||||
+ {
|
||||
+ chunk.len = 0;
|
||||
+ }
|
||||
return chunk;
|
||||
}
|
||||
@ -1,43 +0,0 @@
|
||||
--- src/charon/kernel/kernel_interface.c
|
||||
+++ src/charon/kernel/kernel_interface.c 2008/10/14 14:10:13
|
||||
@@ -1643,26 +1643,29 @@ static status_t manage_rule(private_kern
|
||||
*/
|
||||
static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
|
||||
{
|
||||
- int bit, byte;
|
||||
+ static const u_char mask[] = { 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe };
|
||||
+ int byte = 0;
|
||||
|
||||
- if (addr.len != net.len)
|
||||
+ if (addr.len != net.len || net_len > 8 * net.len )
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
- /* scan through all bits, beginning in the front */
|
||||
- for (byte = 0; byte < addr.len; byte++)
|
||||
+
|
||||
+ /* scan through all bytes in network order */
|
||||
+ while (net_len > 0)
|
||||
{
|
||||
- for (bit = 7; bit >= 0; bit--)
|
||||
+ if (net_len < 8)
|
||||
{
|
||||
- /* check if bits are equal (or we reached the end of the net) */
|
||||
- if (bit + byte * 8 > net_len)
|
||||
- {
|
||||
- return TRUE;
|
||||
- }
|
||||
- if (((1<<bit) & addr.ptr[byte]) != ((1<<bit) & net.ptr[byte]))
|
||||
+ return (mask[net_len] & addr.ptr[byte]) == (mask[net_len] & net.ptr[byte]);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ if (addr.ptr[byte] != net.ptr[byte])
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
+ byte++;
|
||||
+ net_len -= 8;
|
||||
}
|
||||
}
|
||||
return TRUE;
|
||||
Loading…
Reference in New Issue
Block a user