Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-3]: src Pull up the following revisions (requested by manu in tic...



details:   https://anonhg.NetBSD.org/src/rev/793311ad773a
branches:  netbsd-3
changeset: 577393:793311ad773a
user:      riz <riz%NetBSD.org@localhost>
date:      Fri Oct 21 17:08:16 2005 +0000

description:
Pull up the following revisions (requested by manu in ticket #894):
crypto/dist/ipsec-tools/ChangeLog                       1.28-1.30
crypto/dist/ipsec-tools/NEWS                            1.1.1.4
crypto/dist/ipsec-tools/configure.ac                    1.1.1.7
crypto/dist/ipsec-tools/src/libipsec/pfkey.c            1.7-1.8
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c       1.10
crypto/dist/ipsec-tools/src/libipsec/policy_parse.y     1.7
crypto/dist/ipsec-tools/src/racoon/cfparse.y            1.5-1.9
crypto/dist/ipsec-tools/src/racoon/evt.c                1.3
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c          1.11
crypto/dist/ipsec-tools/src/racoon/isakmp.c             1.10
crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c         1.5-1.6
crypto/dist/ipsec-tools/src/racoon/isakmp_base.c        1.3-1.4
crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c       1.3
crypto/dist/ipsec-tools/src/racoon/oakley.c             1.6
crypto/dist/ipsec-tools/src/racoon/pfkey.c              1.10
crypto/dist/ipsec-tools/src/racoon/policy.c             1.3
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5        1.21-1.23
crypto/dist/ipsec-tools/src/racoon/sockmisc.c           1.3
crypto/dist/ipsec-tools/src/racoon/sockmisc.h           1.5
crypto/dist/ipsec-tools/src/setkey/setkey.8             1.17
lib/libipsec/package_version.h                          1.15

        Update to ipsec-tools 0.6.2

diffstat:

 crypto/dist/ipsec-tools/ChangeLog                   |  66 +++++++++++++++++++++
 crypto/dist/ipsec-tools/NEWS                        |   3 +
 crypto/dist/ipsec-tools/configure.ac                |   8 +-
 crypto/dist/ipsec-tools/src/libipsec/pfkey.c        |   8 +-
 crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c   |   3 +-
 crypto/dist/ipsec-tools/src/libipsec/policy_parse.y |   4 +-
 crypto/dist/ipsec-tools/src/racoon/cfparse.y        |   3 +-
 crypto/dist/ipsec-tools/src/racoon/evt.c            |  22 ++++++-
 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c      |  17 ++++-
 crypto/dist/ipsec-tools/src/racoon/isakmp.c         |  14 +++-
 crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c     |  25 ++++++-
 crypto/dist/ipsec-tools/src/racoon/isakmp_base.c    |  14 +++-
 crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c   |   6 +-
 crypto/dist/ipsec-tools/src/racoon/oakley.c         |   4 +-
 crypto/dist/ipsec-tools/src/racoon/pfkey.c          |   6 +-
 crypto/dist/ipsec-tools/src/racoon/policy.c         |   4 +-
 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5    |   6 +-
 crypto/dist/ipsec-tools/src/racoon/sockmisc.c       |   4 +-
 crypto/dist/ipsec-tools/src/racoon/sockmisc.h       |   4 +-
 crypto/dist/ipsec-tools/src/setkey/setkey.8         |   6 +-
 lib/libipsec/package_version.h                      |   4 +-
 21 files changed, 185 insertions(+), 46 deletions(-)

diffs (truncated from 611 to 300 lines):

diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Fri Oct 21 17:08:16 2005 +0000
@@ -1,3 +1,69 @@
+---------------------------------------------
+
+       0.6.2 released
+
+2005-10-14  Yvan Vanhullebus  <vanhu%netasq.com@localhost>
+
+       * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
+         USER_FQDNs (problem reported by Bernhard Suttner).
+
+---------------------------------------------
+
+       0.6.2.beta3 released
+
+2005-09-05   Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       From Andreas Hasenack <ahasenack%terra.com.br@localhost>
+       * configure.ac: More build fixes for Linux
+
+---------------------------------------------
+
+       0.6.2.beta2 released
+
+2005-09-04  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       From Wilfried Weissmann
+       * src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c|oakley.c}
+         src/racoon/{sockmisc.c|sockmisc.h}: build fixes
+
+---------------------------------------------
+
+       0.6.2.beta1 released
+
+2005-09-03  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       From Francis Dupont <Francis.Dupont%enst-bretagne.fr@localhost>
+       * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions
+
+2005-08-26  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       * src/racoon/cfparse.y: handle xauth_login correctly
+       * src/racoon/isakmp.c: catch internal error
+       * src/raccon/isakmp_agg.c: fix racoon as Xauth client
+       * src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
+       * src/racoon/evt.c: Fix memory leak when event queue overflows
+
+2005-08-23  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       * src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
+         initialize NAT-T VID to avoid freeing unallocated stuff.
+
+2005-08-21  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       From Matthias Scheler <matthias.scheler%tadpole.com@localhost>
+       * src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
+         ISAKMP mode config without Xauth.
+
+2005-09-16  Yvan Vanhullebus  <vanhu%free.fr@localhost>
+
+       * src/racoon/policy.c: Do not parse all sptree in inssp() if we
+         don't use Policies priority.
+
+2005-08-15  Emmanuel Dreyfus  <manu%netbsd.org@localhost>
+
+       From: Thomas Klausner <wiz%netbsd.org@localhost>
+       src/setkey/setkey.8: Drop trailing spaces
+
 ---------------------------------------------
 
        0.6.1 released
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/NEWS
--- a/crypto/dist/ipsec-tools/NEWS      Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/NEWS      Fri Oct 21 17:08:16 2005 +0000
@@ -1,5 +1,8 @@
 Version history:
 ----------------
+0.6.2  - 14 October 2005
+       o ISAKMP mode config works without Xauth
+
 0.6.1  - 10 august 2005
        o NAT-T fixes for situations where NAT-T is not used
        o OpenSSL 0.9.8 support
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/configure.ac
--- a/crypto/dist/ipsec-tools/configure.ac      Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/configure.ac      Fri Oct 21 17:08:16 2005 +0000
@@ -1,8 +1,8 @@
 dnl -*- mode: m4 -*-
-dnl Id: configure.ac,v 1.47.2.24 2005/08/19 22:46:45 manubsd Exp
+dnl Id: configure.ac,v 1.47.2.29 2005/10/14 09:24:43 manubsd Exp
 
 AC_PREREQ(2.52)
-AC_INIT(ipsec-tools, 0.6.1)
+AC_INIT(ipsec-tools, 0.6.2)
 AC_CONFIG_SRCDIR([configure.ac])
 AM_CONFIG_HEADER(config.h)
 
@@ -294,6 +294,8 @@
        # Check if iconv 2nd argument needs const 
        AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
        AC_MSG_CHECKING([if iconv second argument needs const])
+       saved_CFLAGS=$CFLAGS
+       CFLAGS="$CFLAGS -Wall -Werror"
        AC_TRY_COMPILE([
                #include <iconv.h>
                #include <stdio.h>
@@ -308,7 +310,7 @@
        ], [AC_MSG_RESULT(yes)
            AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
        ], [AC_MSG_RESULT(no)])
-
+       CFLAGS=$saved_CFLAGS
 fi
 
 AC_MSG_CHECKING([if --enable-hybrid option is specified])
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/libipsec/pfkey.c
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey.c      Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey.c      Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pfkey.c,v 1.1.1.2.2.2 2005/09/03 07:03:49 snj Exp $    */
+/*     $NetBSD: pfkey.c,v 1.1.1.2.2.3 2005/10/21 17:08:17 riz Exp $    */
 
 /*     $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $  */
 
@@ -1667,7 +1667,7 @@
        }
        ep = ((caddr_t)(void *)newmsg) + len;
 
-       p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, (u_int)len,
+       p = pfkey_setsadbmsg((void *)newmsg, ep, type, (u_int)len,
            SADB_SATYPE_UNSPEC, seq, getpid());
        if (!p) {
                free(newmsg);
@@ -1968,6 +1968,10 @@
 #ifdef SADB_X_EXT_TAG
                case SADB_X_EXT_TAG:
 #endif
+#ifdef SADB_X_EXT_PACKET
+               case SADB_X_EXT_PACKET:
+#endif
+
                        mhp[ext->sadb_ext_type] = (void *)ext;
                        break;
                default:
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pfkey_dump.c,v 1.1.1.2.2.4 2005/09/03 07:03:49 snj Exp $       */
+/*     $NetBSD: pfkey_dump.c,v 1.1.1.2.2.5 2005/10/21 17:08:17 riz Exp $       */
 
 /*     $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $     */
 
@@ -271,7 +271,6 @@
        if (natt_type && natt_type->sadb_x_nat_t_type_type)
                use_natt = 1;
 #endif
-
        /* source address */
        if (m_saddr == NULL) {
                printf("no ADDRESS_SRC extension.\n");
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/libipsec/policy_parse.y
--- a/crypto/dist/ipsec-tools/src/libipsec/policy_parse.y       Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/policy_parse.y       Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: policy_parse.y,v 1.1.1.2.2.3 2005/09/03 07:03:49 snj Exp $     */
+/*     $NetBSD: policy_parse.y,v 1.1.1.2.2.4 2005/10/21 17:08:17 riz Exp $     */
 
 /*     $KAME: policy_parse.y,v 1.21 2003/12/12 08:01:26 itojun Exp $   */
 
@@ -536,7 +536,7 @@
 {
        struct sadb_x_ipsecrequest *p;
        int reqlen;
-       caddr_t n;
+       u_int8_t *n;
 
        reqlen = sizeof(*p)
                + (src ? sysdep_sa_len(src) : 0)
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/cfparse.y
--- a/crypto/dist/ipsec-tools/src/racoon/cfparse.y      Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cfparse.y      Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cfparse.y,v 1.1.1.4.2.2 2005/09/03 07:03:49 snj Exp $  */
+/*     $NetBSD: cfparse.y,v 1.1.1.4.2.3 2005/10/21 17:08:17 riz Exp $  */
 
 /* Id: cfparse.y,v 1.37.2.4 2005/05/10 09:45:45 manubsd Exp */
 
@@ -1259,6 +1259,7 @@
                {
 #ifdef ENABLE_HYBRID
                        /* formerly identifier type login */
+                       cur_rmconf->idvtype = IDTYPE_LOGIN;
                        if (set_identifier(&cur_rmconf->idv, IDTYPE_LOGIN, $2) != 0) {
                                yyerror("failed to set identifer.\n");
                                return -1;
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/evt.c
--- a/crypto/dist/ipsec-tools/src/racoon/evt.c  Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/evt.c  Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: evt.c,v 1.1.1.2.2.1 2005/09/03 07:03:49 snj Exp $      */
+/*     $NetBSD: evt.c,v 1.1.1.2.2.2 2005/10/21 17:08:17 riz Exp $      */
 
 /* Id: evt.c,v 1.2 2004/11/29 23:30:39 manubsd Exp */
 
@@ -63,6 +63,23 @@
        struct evt *evt;
        size_t len;
 
+       /* If we are above the limit, don't record anything */
+       if (evtlist_len > EVTLIST_MAX) {
+               plog(LLV_DEBUG, LOCATION, NULL, 
+                   "Cannot record event: event queue overflowed\n");
+               return;
+       }
+
+       /* If we hit the limit, record an overflow event instead */
+       if (evtlist_len == EVTLIST_MAX) {
+               plog(LLV_ERROR, LOCATION, NULL, 
+                   "Cannot record event: event queue overflow\n");
+               src = NULL;
+               dst = NULL;
+               type = EVTT_OVERFLOW;
+               optdata = NULL;
+       }
+
        len = sizeof(*evtdump);
        if (optdata)
                len += optdata->l;
@@ -94,8 +111,7 @@
        evt->dump = evtdump;
        TAILQ_INSERT_TAIL(&evtlist, evt, next);
 
-       if (evtlist_len++ == EVTLIST_MAX)
-               evt_push(NULL, NULL, EVTT_OVERFLOW, NULL);
+       evtlist_len++;
 
        return;
 }
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
--- a/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c    Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c    Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_doi.c,v 1.1.1.2.2.6 2005/09/03 07:03:49 snj Exp $        */
+/*     $NetBSD: ipsec_doi.c,v 1.1.1.2.2.7 2005/10/21 17:08:17 riz Exp $        */
 
 /* Id: ipsec_doi.c,v 1.26.2.12 2005/07/12 11:50:15 manubsd Exp */
 
@@ -782,7 +782,7 @@
 
                        sa->gssid = vmalloc(len / 2);
 
-                       src = (const char *)(d + 1);
+                       src = (__iconv_const char *)(d + 1);
                        srcleft = len;
 
                        dst = sa->gssid->v;
@@ -3563,12 +3563,23 @@
        vchar_t *new = NULL;
 
        /* simply return if value is null. */
-       if (!value)
+       if (!value){
+               if( type == IDTYPE_FQDN || type == IDTYPE_USERFQDN){
+                       plog(LLV_ERROR, LOCATION, NULL,
+                                "No %s\n", type == IDTYPE_FQDN ? "fqdn":"user fqdn");
+                       return -1;
+               }
                return 0;
+       }
 
        switch (type) {
        case IDTYPE_FQDN:
        case IDTYPE_USERFQDN:
+               if(value->l <= 1){
+                       plog(LLV_ERROR, LOCATION, NULL,
+                                "Empty %s\n", type == IDTYPE_FQDN ? "fqdn":"user fqdn");
+                       return -1;
+               }
 #ifdef ENABLE_HYBRID
        case IDTYPE_LOGIN:
 #endif
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c       Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: isakmp.c,v 1.1.1.3.2.7 2005/09/03 07:03:49 snj Exp $   */
+/*     $NetBSD: isakmp.c,v 1.1.1.3.2.8 2005/10/21 17:08:17 riz Exp $   */
 
 /* Id: isakmp.c,v 1.34.2.19 2005/08/11 14:58:51 vanhu Exp */
 
@@ -2853,13 +2853,21 @@
 vchar_t * 
 isakmp_plist_set_all (struct payload_list **plist, struct ph1handle *iph1)
 {
-       struct payload_list *ptr = *plist, *first;
+       struct payload_list *ptr, *first;
        size_t tlen = sizeof (struct isakmp), n = 0;



Home | Main Index | Thread Index | Old Index