projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75d8f09)
ipsec-tools: fix null dereference in racoon
authorNicolas Thill <nico@openwrt.org>
Sun, 24 May 2015 18:38:44 +0000 (20:38 +0200)
committerNicolas Thill <nico@openwrt.org>
Sun, 24 May 2015 18:38:44 +0000 (20:38 +0200)
 * add a patch to fix a null pointer dereference in src/racoon/gssapi.c (CVE-2015-4047)
 * refresh patches
 * bumb release number

Signed-off-by: Nicolas Thill <nico@openwrt.org>
net/ipsec-tools/Makefile patch | blob | history
net/ipsec-tools/patches/002-patch8-utmp.patch patch | blob | history
net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch patch | blob | history
net/ipsec-tools/patches/007-force_have_policy_fwd.patch [new file with mode: 0644] patch | blob
net/ipsec-tools/patches/008-racoon-fix_dereference_crash.patch [new file with mode: 0644] patch | blob
net/ipsec-tools/patches/force_HAVE_POLICY_FWD [deleted file] patch | blob | history

diff --git a/net/ipsec-tools/Makefile b/net/ipsec-tools/Makefile
index ae9c83c00d75abea47ef2e1995e0df9aa3c2e663..d758b36237d5fe46406d2f4b4d0878dbc78af944 100644 (file)
--- a/net/ipsec-tools/Makefile
+++ b/net/ipsec-tools/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006-2011 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
 #               2014 Noah Meyerhans <frodo@morgul.net>
 #
 # This is free software, licensed under the GNU General Public License v2.
@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ipsec-tools
 PKG_VERSION:=0.8.2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_MAINTAINER := "Noah Meyerhans <frodo@morgul.net>"
 PKG_LICENSE := BSD-3-Clause
 
diff --git a/net/ipsec-tools/patches/002-patch8-utmp.patch b/net/ipsec-tools/patches/002-patch8-utmp.patch
index 16dc9237c97f1e0553e1c2c2a1b7d605ac70f559..547539043401faf66ef90c16e35418660bdac882 100644 (file)
--- a/net/ipsec-tools/patches/002-patch8-utmp.patch
+++ b/net/ipsec-tools/patches/002-patch8-utmp.patch
@@ -9,7 +9,7 @@
  #if defined(__APPLE__) && defined(__MACH__)
  #include <util.h>
  #endif
-@@ -1661,7 +1661,8 @@ isakmp_cfg_accounting_system(port, raddr
+@@ -1664,7 +1664,8 @@ isakmp_cfg_accounting_system(port, raddr
        int inout;
  {
        int error = 0;
@@ -19,7 +19,7 @@
        char addr[NI_MAXHOST];
        
        if (usr == NULL || usr[0]=='\0') {
-@@ -1670,34 +1671,37 @@ isakmp_cfg_accounting_system(port, raddr
+@@ -1673,34 +1674,37 @@ isakmp_cfg_accounting_system(port, raddr
                return -1;
        }
  
diff --git a/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch b/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
index 443d38d5e37f8a3ad827d35f94c9af999d61ef24..7174300da05e11d1315e729297e08605bc9860af 100644 (file)
--- a/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
+++ b/net/ipsec-tools/patches/003-microsoft-fqdn-in-main.patch
@@ -1,6 +1,6 @@
 --- a/src/racoon/ipsec_doi.c
 +++ b/src/racoon/ipsec_doi.c
-@@ -3582,8 +3582,8 @@ ipsecdoi_checkid1(iph1)
+@@ -3581,8 +3581,8 @@ ipsecdoi_checkid1(iph1)
            iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) {
                 if (id_b->type != IPSECDOI_ID_IPV4_ADDR
                  && id_b->type != IPSECDOI_ID_IPV6_ADDR) {
diff --git a/net/ipsec-tools/patches/007-force_have_policy_fwd.patch b/net/ipsec-tools/patches/007-force_have_policy_fwd.patch
new file mode 100644 (file)
index 0000000..69cd1c0
--- /dev/null
+++ b/net/ipsec-tools/patches/007-force_have_policy_fwd.patch
@@ -0,0 +1,12 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -732,7 +732,8 @@ case $host in
+                       ],
+                       [AC_MSG_RESULT(yes)
+                        AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
+-                      [AC_MSG_RESULT(no)])
++                      [AC_MSG_RESULT(forced)
++                       AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])])
+               ;;
+       *)
+               AC_MSG_RESULT(no)
diff --git a/net/ipsec-tools/patches/008-racoon-fix_dereference_crash.patch b/net/ipsec-tools/patches/008-racoon-fix_dereference_crash.patch
new file mode 100644 (file)
index 0000000..5e3a2d4
--- /dev/null
+++ b/net/ipsec-tools/patches/008-racoon-fix_dereference_crash.patch
@@ -0,0 +1,16 @@
+Fix null dereference in racoon/gssapi.c (CVE-2015-4047)
+
+--- a/src/racoon/gssapi.c
++++ b/src/racoon/gssapi.c
+@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
+       gss_name_t princ, canon_princ;
+       OM_uint32 maj_stat, min_stat;
++      if (iph1->rmconf == NULL) {
++              plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
++              return -1;
++      }
++
+       gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
+       if (gps == NULL) {
+               plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
diff --git a/net/ipsec-tools/patches/force_HAVE_POLICY_FWD b/net/ipsec-tools/patches/force_HAVE_POLICY_FWD
deleted file mode 100644 (file)
index 24e6445..0000000
--- a/net/ipsec-tools/patches/force_HAVE_POLICY_FWD
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 8506245..eca8895 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -724,7 +724,8 @@ case $host in
-                       ],
-                       [AC_MSG_RESULT(yes)
-                        AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
--                      [AC_MSG_RESULT(no)])
-+                      [AC_MSG_RESULT(forced)
-+                       AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])])
-               ;;
-       *)
-               AC_MSG_RESULT(no)
Mirror of packages feed