rpms/ipsec-tools/devel ipsec-tools-0.7.2-natt-linux.patch, NONE, 1.1 ipsec-tools-0.7.1-dpd-fixes.patch, 1.2, 1.3 ipsec-tools.spec, 1.63, 1.64 ipsec-tools-0.7.1-leaks.patch, 1.1, NONE ipsec-tools-0.7.1-natt-linux.patch, 1.1, NONE
Tomáš Mráz
tmraz at fedoraproject.org
Thu Apr 23 13:30:14 UTC 2009
- Previous message (by thread): rpms/selinux-policy/F-11 policy-20090105.patch, 1.98, 1.99 selinux-policy.spec, 1.833, 1.834
- Next message (by thread): rpms/vlgothic-fonts/F-9 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 vlgothic-fonts.spec, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/ipsec-tools/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20446
Modified Files:
ipsec-tools-0.7.1-dpd-fixes.patch ipsec-tools.spec
Added Files:
ipsec-tools-0.7.2-natt-linux.patch
Removed Files:
ipsec-tools-0.7.1-leaks.patch
ipsec-tools-0.7.1-natt-linux.patch
Log Message:
* Thu Apr 23 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.2-1
- Update to a new upstream version
ipsec-tools-0.7.2-natt-linux.patch:
--- NEW FILE ipsec-tools-0.7.2-natt-linux.patch ---
diff -up ipsec-tools-0.7.2/src/racoon/isakmp_inf.c.natt-linux ipsec-tools-0.7.2/src/racoon/isakmp_inf.c
--- ipsec-tools-0.7.2/src/racoon/isakmp_inf.c.natt-linux 2009-04-20 15:35:36.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/isakmp_inf.c 2009-04-23 14:46:55.000000000 +0200
@@ -1144,7 +1144,6 @@ purge_ipsec_spi(dst0, proto, spi, n)
caddr_t mhp[SADB_EXT_MAX + 1];
#ifdef ENABLE_NATT
struct sadb_x_nat_t_type *natt_type;
- struct sadb_x_nat_t_port *natt_port;
#endif
plog(LLV_DEBUG2, LOCATION, NULL,
@@ -1200,17 +1199,8 @@ purge_ipsec_spi(dst0, proto, spi, n)
}
#ifdef ENABLE_NATT
natt_type = (void *)mhp[SADB_X_EXT_NAT_T_TYPE];
- if (natt_type && natt_type->sadb_x_nat_t_type_type) {
- /* NAT-T is enabled for this SADB entry; copy
- * the ports from NAT-T extensions */
- natt_port = (void *)mhp[SADB_X_EXT_NAT_T_SPORT];
- if (extract_port(src) == 0 && natt_port != NULL)
- set_port(src, ntohs(natt_port->sadb_x_nat_t_port_port));
-
- natt_port = (void *)mhp[SADB_X_EXT_NAT_T_DPORT];
- if (extract_port(dst) == 0 && natt_port != NULL)
- set_port(dst, ntohs(natt_port->sadb_x_nat_t_port_port));
- }else{
+ if (natt_type == NULL ||
+ ! natt_type->sadb_x_nat_t_type_type) {
/* Force default UDP ports, so CMPSADDR will match SAs with NO encapsulation
*/
set_port(src, PORT_ISAKMP);
diff -up ipsec-tools-0.7.2/src/racoon/pfkey.c.natt-linux ipsec-tools-0.7.2/src/racoon/pfkey.c
--- ipsec-tools-0.7.2/src/racoon/pfkey.c.natt-linux 2009-04-23 14:40:08.000000000 +0200
+++ ipsec-tools-0.7.2/src/racoon/pfkey.c 2009-04-23 14:40:08.000000000 +0200
@@ -290,6 +290,13 @@ pfkey_dump_sadb(satype)
struct sadb_msg *msg = NULL;
size_t bl, ml;
int len;
+#if defined(__linux__) && defined(ENABLE_NATT)
+ caddr_t mhp[SADB_EXT_MAX + 1];
+ struct sadb_sa *sa;
+ struct sockaddr *src, *dst;
+ struct sadb_x_nat_t_type *natt_type;
+ struct sadb_x_nat_t_port *natt_port;
+#endif
if ((s = privsep_pfkey_open()) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -325,6 +332,45 @@ pfkey_dump_sadb(satype)
continue;
}
+#if defined(__linux__) && defined(ENABLE_NATT)
+ /*
+ * NetBSD returns the NAT-T ports in the src and dst sockaddrs
+ * in addition to the SADB_X_EXT_NAT_T_*PORT structs.
+ *
+ * Linux only returns them in the SADB_X_EXT_NAT_T_*PORT
+ * structs. The racoon codebase is making the assumption that
+ * the NAT-T ports are reflected by the ports in the src and
+ * dst sockaddrs. We stick that information into those structs
+ * here to meet the assumptions elsewhere.
+ */
+ if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "pfkey_check (%s)\n", ipsec_strerror());
+ goto no_fixup;
+ }
+
+ sa = (struct sadb_sa *)(mhp[SADB_EXT_SA]);
+ if (!sa || !mhp[SADB_EXT_ADDRESS_SRC] || !mhp[SADB_EXT_ADDRESS_DST]) {
+ goto no_fixup;
+ }
+
+ src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+
+ natt_type = (struct sadb_x_nat_t_type *)(mhp[SADB_X_EXT_NAT_T_TYPE]);
+
+ if (natt_type && natt_type->sadb_x_nat_t_type_type) {
+ /* set the src and dst ports */
+ natt_port = (struct sadb_x_nat_t_port *)(mhp[SADB_X_EXT_NAT_T_SPORT]);
+ if (natt_port != NULL && extract_port(src) == 0)
+ set_port(src, ntohs(natt_port->sadb_x_nat_t_port_port));
+
+ natt_port = (void *)mhp[SADB_X_EXT_NAT_T_DPORT];
+ if (natt_port != NULL && extract_port(dst) == 0)
+ set_port(dst, ntohs(natt_port->sadb_x_nat_t_port_port));
+ }
+no_fixup:
+#endif /* __linux__ && ENABLE_NATT */
ml = msg->sadb_msg_len << 3;
bl = buf ? buf->l : 0;
ipsec-tools-0.7.1-dpd-fixes.patch:
Index: ipsec-tools-0.7.1-dpd-fixes.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools-0.7.1-dpd-fixes.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ipsec-tools-0.7.1-dpd-fixes.patch 10 Nov 2008 12:03:31 -0000 1.2
+++ ipsec-tools-0.7.1-dpd-fixes.patch 23 Apr 2009 13:30:13 -0000 1.3
@@ -1,15 +1,3 @@
-diff -up ipsec-tools-0.7.1/src/racoon/isakmp_inf.c.dpd-fixes ipsec-tools-0.7.1/src/racoon/isakmp_inf.c
---- ipsec-tools-0.7.1/src/racoon/isakmp_inf.c.dpd-fixes 2008-11-10 12:56:46.000000000 +0100
-+++ ipsec-tools-0.7.1/src/racoon/isakmp_inf.c 2008-11-10 12:56:46.000000000 +0100
-@@ -1202,7 +1202,7 @@ purge_ipsec_spi(dst0, proto, spi, n)
-
- /* don't delete inbound SAs at the moment */
- /* XXX should we remove SAs with opposite direction as well? */
-- if (CMPSADDR(dst0, dst)) {
-+ if (cmpsaddrwop(dst0, dst)) {
- msg = next;
- continue;
- }
diff -up ipsec-tools-0.7.1/src/racoon/pfkey.c.dpd-fixes ipsec-tools-0.7.1/src/racoon/pfkey.c
--- ipsec-tools-0.7.1/src/racoon/pfkey.c.dpd-fixes 2008-11-10 12:56:46.000000000 +0100
+++ ipsec-tools-0.7.1/src/racoon/pfkey.c 2008-11-10 12:57:45.000000000 +0100
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/devel/ipsec-tools.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- ipsec-tools.spec 25 Feb 2009 07:46:48 -0000 1.63
+++ ipsec-tools.spec 23 Apr 2009 13:30:13 -0000 1.64
@@ -1,6 +1,6 @@
Name: ipsec-tools
-Version: 0.7.1
-Release: 8%{?dist}
+Version: 0.7.2
+Release: 1%{?dist}
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
@@ -16,9 +16,8 @@
Patch5: ipsec-tools-0.7-iface.patch
Patch6: ipsec-tools-0.7-dupsplit.patch
Patch9: ipsec-tools-0.7-splitcidr.patch
-Patch10: ipsec-tools-0.7.1-natt-linux.patch
+Patch10: ipsec-tools-0.7.2-natt-linux.patch
Patch11: ipsec-tools-0.7.1-pie.patch
-Patch12: ipsec-tools-0.7.1-leaks.patch
Patch13: ipsec-tools-0.7.1-dpd-fixes.patch
BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
@@ -44,7 +43,6 @@
%patch9 -p1 -b .splitcidr
%patch10 -p1 -b .natt-linux
%patch11 -p1 -b .pie
-%patch12 -p1 -b .leaks
%patch13 -p1 -b .dpd-fixes
./bootstrap
@@ -124,6 +122,9 @@
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Thu Apr 23 2009 Tomas Mraz <tmraz at redhat.com> - 0.7.2-1
+- Update to a new upstream version
+
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.7.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
--- ipsec-tools-0.7.1-leaks.patch DELETED ---
--- ipsec-tools-0.7.1-natt-linux.patch DELETED ---
- Previous message (by thread): rpms/selinux-policy/F-11 policy-20090105.patch, 1.98, 1.99 selinux-policy.spec, 1.833, 1.834
- Next message (by thread): rpms/vlgothic-fonts/F-9 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 vlgothic-fonts.spec, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list