Revision: 7519
http://sourceforge.net/p/ipcop/svn/7519
Author: owes
Date: 2014-05-04 18:32:13 +0000 (Sun, 04 May 2014)
Log Message:
-----------
Add openswan patch from upstream to fix problems for some nat-t situations.
Modified Paths:
--------------
ipcop/trunk/lfs/openswan
ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6
Added Paths:
-----------
ipcop/trunk/src/patches/openswan-2.6.41_fix-natt.patch
Modified: ipcop/trunk/lfs/openswan
===================================================================
--- ipcop/trunk/lfs/openswan 2014-05-04 18:25:51 UTC (rev 7518)
+++ ipcop/trunk/lfs/openswan 2014-05-04 18:32:13 UTC (rev 7519)
@@ -87,6 +87,7 @@
$(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -p1 -i $(DIR_PATCHES)/$(THISAPP)_fix-natt.patch
# Remove Python verify script and patch in an old Perl version
cd $(DIR_APP) && rm programs/verify/verify.in
Added: ipcop/trunk/src/patches/openswan-2.6.41_fix-natt.patch
===================================================================
--- ipcop/trunk/src/patches/openswan-2.6.41_fix-natt.patch
(rev 0)
+++ ipcop/trunk/src/patches/openswan-2.6.41_fix-natt.patch 2014-05-04
18:32:13 UTC (rev 7519)
@@ -0,0 +1,37 @@
+From b6041cb5d1d07974596be79606a977e88dd9ec48 Mon Sep 17 00:00:00 2001
+From: Patrick Naubert <patri...@xelerance.com>
+Date: Fri, 28 Feb 2014 19:59:54 -0500
+Subject: [PATCH] Bring back NAT traversal that got mistakenly pulled out by
+ CVE-2014-2037 patch. Patch by Thomas Geulig
+
+---
+ lib/libopenswan/constants.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/lib/libopenswan/constants.c b/lib/libopenswan/constants.c
+index 932b205..09f7e80 100644
+--- a/lib/libopenswan/constants.c
++++ b/lib/libopenswan/constants.c
+@@ -167,9 +167,18 @@ const char *const payload_name_ikev2_main[] = {
+ NULL /* termination for bitnamesof() */
+ };
+
++const char *const payload_name_nat_d[] = {
++ "ISAKMP_NEXT_NAT-D",
++ "ISAKMP_NEXT_NAT-OA",
++ NULL
++};
++
++static enum_names payload_names_nat_d =
++{ ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL
};
++
+ static enum_names payload_names_ikev2_main =
+ { ISAKMP_NEXT_v2SA, ISAKMP_NEXT_v2EAP, payload_name_ikev2_main,
+- NULL };
++ &payload_names_nat_d };
+
+ const char *const payload_name_ikev2[] = {
+ "ISAKMP_NEXT_v2NONE", /* 33 */
+--
+1.9.1
+
Modified: ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6
===================================================================
--- ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6 2014-05-04 18:25:51 UTC
(rev 7518)
+++ ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6 2014-05-04 18:32:13 UTC
(rev 7519)
@@ -3,6 +3,12 @@
/etc/logrotate.d/squidGuard
/home/httpd/cgi-bin/proxy.cgi
##
+## openswan patched
+/usr/libexec/ipsec/addconn
+/usr/libexec/ipsec/pluto
+/usr/libexec/ipsec/showhostkey
+/usr/libexec/ipsec/spi
+##
## squid-3.4.5
/usr/lib/squid/basic_ldap_auth
/usr/lib/squid/basic_msnt_auth
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
