Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src Pull up the following revisions (requested by manu in tic...
details: https://anonhg.NetBSD.org/src/rev/793311ad773a
branches: netbsd-3
changeset: 577393:793311ad773a
user: riz <riz%NetBSD.org@localhost>
date: Fri Oct 21 17:08:16 2005 +0000
description:
Pull up the following revisions (requested by manu in ticket #894):
crypto/dist/ipsec-tools/ChangeLog 1.28-1.30
crypto/dist/ipsec-tools/NEWS 1.1.1.4
crypto/dist/ipsec-tools/configure.ac 1.1.1.7
crypto/dist/ipsec-tools/src/libipsec/pfkey.c 1.7-1.8
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c 1.10
crypto/dist/ipsec-tools/src/libipsec/policy_parse.y 1.7
crypto/dist/ipsec-tools/src/racoon/cfparse.y 1.5-1.9
crypto/dist/ipsec-tools/src/racoon/evt.c 1.3
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c 1.11
crypto/dist/ipsec-tools/src/racoon/isakmp.c 1.10
crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c 1.5-1.6
crypto/dist/ipsec-tools/src/racoon/isakmp_base.c 1.3-1.4
crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c 1.3
crypto/dist/ipsec-tools/src/racoon/oakley.c 1.6
crypto/dist/ipsec-tools/src/racoon/pfkey.c 1.10
crypto/dist/ipsec-tools/src/racoon/policy.c 1.3
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 1.21-1.23
crypto/dist/ipsec-tools/src/racoon/sockmisc.c 1.3
crypto/dist/ipsec-tools/src/racoon/sockmisc.h 1.5
crypto/dist/ipsec-tools/src/setkey/setkey.8 1.17
lib/libipsec/package_version.h 1.15
Update to ipsec-tools 0.6.2
diffstat:
crypto/dist/ipsec-tools/ChangeLog | 66 +++++++++++++++++++++
crypto/dist/ipsec-tools/NEWS | 3 +
crypto/dist/ipsec-tools/configure.ac | 8 +-
crypto/dist/ipsec-tools/src/libipsec/pfkey.c | 8 +-
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c | 3 +-
crypto/dist/ipsec-tools/src/libipsec/policy_parse.y | 4 +-
crypto/dist/ipsec-tools/src/racoon/cfparse.y | 3 +-
crypto/dist/ipsec-tools/src/racoon/evt.c | 22 ++++++-
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c | 17 ++++-
crypto/dist/ipsec-tools/src/racoon/isakmp.c | 14 +++-
crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c | 25 ++++++-
crypto/dist/ipsec-tools/src/racoon/isakmp_base.c | 14 +++-
crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c | 6 +-
crypto/dist/ipsec-tools/src/racoon/oakley.c | 4 +-
crypto/dist/ipsec-tools/src/racoon/pfkey.c | 6 +-
crypto/dist/ipsec-tools/src/racoon/policy.c | 4 +-
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 | 6 +-
crypto/dist/ipsec-tools/src/racoon/sockmisc.c | 4 +-
crypto/dist/ipsec-tools/src/racoon/sockmisc.h | 4 +-
crypto/dist/ipsec-tools/src/setkey/setkey.8 | 6 +-
lib/libipsec/package_version.h | 4 +-
21 files changed, 185 insertions(+), 46 deletions(-)
diffs (truncated from 611 to 300 lines):
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/ChangeLog
--- a/crypto/dist/ipsec-tools/ChangeLog Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/ChangeLog Fri Oct 21 17:08:16 2005 +0000
@@ -1,3 +1,69 @@
+---------------------------------------------
+
+ 0.6.2 released
+
+2005-10-14 Yvan Vanhullebus <vanhu%netasq.com@localhost>
+
+ * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
+ USER_FQDNs (problem reported by Bernhard Suttner).
+
+---------------------------------------------
+
+ 0.6.2.beta3 released
+
+2005-09-05 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Andreas Hasenack <ahasenack%terra.com.br@localhost>
+ * configure.ac: More build fixes for Linux
+
+---------------------------------------------
+
+ 0.6.2.beta2 released
+
+2005-09-04 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Wilfried Weissmann
+ * src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c|oakley.c}
+ src/racoon/{sockmisc.c|sockmisc.h}: build fixes
+
+---------------------------------------------
+
+ 0.6.2.beta1 released
+
+2005-09-03 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Francis Dupont <Francis.Dupont%enst-bretagne.fr@localhost>
+ * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions
+
+2005-08-26 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ * src/racoon/cfparse.y: handle xauth_login correctly
+ * src/racoon/isakmp.c: catch internal error
+ * src/raccon/isakmp_agg.c: fix racoon as Xauth client
+ * src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
+ * src/racoon/evt.c: Fix memory leak when event queue overflows
+
+2005-08-23 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ * src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
+ initialize NAT-T VID to avoid freeing unallocated stuff.
+
+2005-08-21 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From Matthias Scheler <matthias.scheler%tadpole.com@localhost>
+ * src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
+ ISAKMP mode config without Xauth.
+
+2005-09-16 Yvan Vanhullebus <vanhu%free.fr@localhost>
+
+ * src/racoon/policy.c: Do not parse all sptree in inssp() if we
+ don't use Policies priority.
+
+2005-08-15 Emmanuel Dreyfus <manu%netbsd.org@localhost>
+
+ From: Thomas Klausner <wiz%netbsd.org@localhost>
+ src/setkey/setkey.8: Drop trailing spaces
+
---------------------------------------------
0.6.1 released
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/NEWS
--- a/crypto/dist/ipsec-tools/NEWS Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/NEWS Fri Oct 21 17:08:16 2005 +0000
@@ -1,5 +1,8 @@
Version history:
----------------
+0.6.2 - 14 October 2005
+ o ISAKMP mode config works without Xauth
+
0.6.1 - 10 august 2005
o NAT-T fixes for situations where NAT-T is not used
o OpenSSL 0.9.8 support
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/configure.ac
--- a/crypto/dist/ipsec-tools/configure.ac Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/configure.ac Fri Oct 21 17:08:16 2005 +0000
@@ -1,8 +1,8 @@
dnl -*- mode: m4 -*-
-dnl Id: configure.ac,v 1.47.2.24 2005/08/19 22:46:45 manubsd Exp
+dnl Id: configure.ac,v 1.47.2.29 2005/10/14 09:24:43 manubsd Exp
AC_PREREQ(2.52)
-AC_INIT(ipsec-tools, 0.6.1)
+AC_INIT(ipsec-tools, 0.6.2)
AC_CONFIG_SRCDIR([configure.ac])
AM_CONFIG_HEADER(config.h)
@@ -294,6 +294,8 @@
# Check if iconv 2nd argument needs const
AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
AC_MSG_CHECKING([if iconv second argument needs const])
+ saved_CFLAGS=$CFLAGS
+ CFLAGS="$CFLAGS -Wall -Werror"
AC_TRY_COMPILE([
#include <iconv.h>
#include <stdio.h>
@@ -308,7 +310,7 @@
], [AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
], [AC_MSG_RESULT(no)])
-
+ CFLAGS=$saved_CFLAGS
fi
AC_MSG_CHECKING([if --enable-hybrid option is specified])
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/libipsec/pfkey.c
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey.c Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey.c Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey.c,v 1.1.1.2.2.2 2005/09/03 07:03:49 snj Exp $ */
+/* $NetBSD: pfkey.c,v 1.1.1.2.2.3 2005/10/21 17:08:17 riz Exp $ */
/* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */
@@ -1667,7 +1667,7 @@
}
ep = ((caddr_t)(void *)newmsg) + len;
- p = pfkey_setsadbmsg((caddr_t)newmsg, ep, type, (u_int)len,
+ p = pfkey_setsadbmsg((void *)newmsg, ep, type, (u_int)len,
SADB_SATYPE_UNSPEC, seq, getpid());
if (!p) {
free(newmsg);
@@ -1968,6 +1968,10 @@
#ifdef SADB_X_EXT_TAG
case SADB_X_EXT_TAG:
#endif
+#ifdef SADB_X_EXT_PACKET
+ case SADB_X_EXT_PACKET:
+#endif
+
mhp[ext->sadb_ext_type] = (void *)ext;
break;
default:
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey_dump.c,v 1.1.1.2.2.4 2005/09/03 07:03:49 snj Exp $ */
+/* $NetBSD: pfkey_dump.c,v 1.1.1.2.2.5 2005/10/21 17:08:17 riz Exp $ */
/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */
@@ -271,7 +271,6 @@
if (natt_type && natt_type->sadb_x_nat_t_type_type)
use_natt = 1;
#endif
-
/* source address */
if (m_saddr == NULL) {
printf("no ADDRESS_SRC extension.\n");
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/libipsec/policy_parse.y
--- a/crypto/dist/ipsec-tools/src/libipsec/policy_parse.y Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/policy_parse.y Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: policy_parse.y,v 1.1.1.2.2.3 2005/09/03 07:03:49 snj Exp $ */
+/* $NetBSD: policy_parse.y,v 1.1.1.2.2.4 2005/10/21 17:08:17 riz Exp $ */
/* $KAME: policy_parse.y,v 1.21 2003/12/12 08:01:26 itojun Exp $ */
@@ -536,7 +536,7 @@
{
struct sadb_x_ipsecrequest *p;
int reqlen;
- caddr_t n;
+ u_int8_t *n;
reqlen = sizeof(*p)
+ (src ? sysdep_sa_len(src) : 0)
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/cfparse.y
--- a/crypto/dist/ipsec-tools/src/racoon/cfparse.y Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/cfparse.y Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cfparse.y,v 1.1.1.4.2.2 2005/09/03 07:03:49 snj Exp $ */
+/* $NetBSD: cfparse.y,v 1.1.1.4.2.3 2005/10/21 17:08:17 riz Exp $ */
/* Id: cfparse.y,v 1.37.2.4 2005/05/10 09:45:45 manubsd Exp */
@@ -1259,6 +1259,7 @@
{
#ifdef ENABLE_HYBRID
/* formerly identifier type login */
+ cur_rmconf->idvtype = IDTYPE_LOGIN;
if (set_identifier(&cur_rmconf->idv, IDTYPE_LOGIN, $2) != 0) {
yyerror("failed to set identifer.\n");
return -1;
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/evt.c
--- a/crypto/dist/ipsec-tools/src/racoon/evt.c Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/evt.c Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: evt.c,v 1.1.1.2.2.1 2005/09/03 07:03:49 snj Exp $ */
+/* $NetBSD: evt.c,v 1.1.1.2.2.2 2005/10/21 17:08:17 riz Exp $ */
/* Id: evt.c,v 1.2 2004/11/29 23:30:39 manubsd Exp */
@@ -63,6 +63,23 @@
struct evt *evt;
size_t len;
+ /* If we are above the limit, don't record anything */
+ if (evtlist_len > EVTLIST_MAX) {
+ plog(LLV_DEBUG, LOCATION, NULL,
+ "Cannot record event: event queue overflowed\n");
+ return;
+ }
+
+ /* If we hit the limit, record an overflow event instead */
+ if (evtlist_len == EVTLIST_MAX) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Cannot record event: event queue overflow\n");
+ src = NULL;
+ dst = NULL;
+ type = EVTT_OVERFLOW;
+ optdata = NULL;
+ }
+
len = sizeof(*evtdump);
if (optdata)
len += optdata->l;
@@ -94,8 +111,7 @@
evt->dump = evtdump;
TAILQ_INSERT_TAIL(&evtlist, evt, next);
- if (evtlist_len++ == EVTLIST_MAX)
- evt_push(NULL, NULL, EVTT_OVERFLOW, NULL);
+ evtlist_len++;
return;
}
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
--- a/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_doi.c,v 1.1.1.2.2.6 2005/09/03 07:03:49 snj Exp $ */
+/* $NetBSD: ipsec_doi.c,v 1.1.1.2.2.7 2005/10/21 17:08:17 riz Exp $ */
/* Id: ipsec_doi.c,v 1.26.2.12 2005/07/12 11:50:15 manubsd Exp */
@@ -782,7 +782,7 @@
sa->gssid = vmalloc(len / 2);
- src = (const char *)(d + 1);
+ src = (__iconv_const char *)(d + 1);
srcleft = len;
dst = sa->gssid->v;
@@ -3563,12 +3563,23 @@
vchar_t *new = NULL;
/* simply return if value is null. */
- if (!value)
+ if (!value){
+ if( type == IDTYPE_FQDN || type == IDTYPE_USERFQDN){
+ plog(LLV_ERROR, LOCATION, NULL,
+ "No %s\n", type == IDTYPE_FQDN ? "fqdn":"user fqdn");
+ return -1;
+ }
return 0;
+ }
switch (type) {
case IDTYPE_FQDN:
case IDTYPE_USERFQDN:
+ if(value->l <= 1){
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Empty %s\n", type == IDTYPE_FQDN ? "fqdn":"user fqdn");
+ return -1;
+ }
#ifdef ENABLE_HYBRID
case IDTYPE_LOGIN:
#endif
diff -r 368891b04a93 -r 793311ad773a crypto/dist/ipsec-tools/src/racoon/isakmp.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp.c Fri Oct 21 13:18:47 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp.c Fri Oct 21 17:08:16 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.1.1.3.2.7 2005/09/03 07:03:49 snj Exp $ */
+/* $NetBSD: isakmp.c,v 1.1.1.3.2.8 2005/10/21 17:08:17 riz Exp $ */
/* Id: isakmp.c,v 1.34.2.19 2005/08/11 14:58:51 vanhu Exp */
@@ -2853,13 +2853,21 @@
vchar_t *
isakmp_plist_set_all (struct payload_list **plist, struct ph1handle *iph1)
{
- struct payload_list *ptr = *plist, *first;
+ struct payload_list *ptr, *first;
size_t tlen = sizeof (struct isakmp), n = 0;
Home |
Main Index |
Thread Index |
Old Index