Package: ipsec-tools
Version: 1:0.7-2.1
Severity: normal
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu intrepid ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
* Enable build with hardened options:
- src/libipsec/policy_token.c: don't check return code of fwrite.
- src/setkey/setkey.c: stop scanning stdin if fgets fails.
Starting from intrepid, hardening options have been enabled by default
in the toolchain [1]. That lead to a build failure for ipsec-tool due to
-D_FORTIFY_SOURCE=2. Attached is a patch that fixes this.
[1]: https://wiki.ubuntu.com/CompilerFlags
-- System Information:
Debian Release: lenny/sid
APT prefers hardy-updates
APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-19-server (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
only in patch2:
unchanged:
--- ipsec-tools-0.7.orig/src/setkey/setkey.c
+++ ipsec-tools-0.7/src/setkey/setkey.c
@@ -314,7 +314,8 @@
#else
char rbuf[1024];
rbuf[0] = '\0';
- fgets (rbuf, sizeof(rbuf), stdin);
+ if (!fgets (rbuf, sizeof(rbuf), stdin))
+ break;
if (!rbuf[0])
break;
if (rbuf[strlen(rbuf)-1] == '\n')
only in patch2:
unchanged:
--- ipsec-tools-0.7.orig/src/libipsec/policy_token.c
+++ ipsec-tools-0.7/src/libipsec/policy_token.c
@@ -625,7 +625,7 @@
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
*/
-#define ECHO (void) fwrite( yytext, yyleng, 1, yyout )
+#define ECHO if (fwrite( yytext, yyleng, 1, yyout )) {}
#endif
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
