main/ipsec-tools: cherry-pick fixes from upstream

2026-05-04 20:06:43 +02:00 · 2013-02-05 13:41:25 +02:00 · 2013-02-05 13:41:25 +02:00 · ba39f71b2a
commit ba39f71b2a
parent 4382b60ad0
4 changed files with 55 additions and 3 deletions
--- a/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch
+++ b/main/ipsec-tools/02-fix-xauth-double-free-on-reload.patch
@ -0,0 +1,19 @@
+--- a/src/racoon/isakmp_xauth.c	15 Nov 2011 13:51:23 -0000	1.24
+++ b/src/racoon/isakmp_xauth.c	5 Feb 2013 06:21:03 -0000
+@@ -458,10 +458,14 @@
+ 			vfree(xauth_rad_config.acct_server_list[i].host);
+ 			vfree(xauth_rad_config.acct_server_list[i].secret);
+ 		}
+-		if (radius_auth_state != NULL)
+		if (radius_auth_state != NULL) {
+ 			rad_close(radius_auth_state);
+-		if (radius_acct_state != NULL)
+			radius_auth_state = NULL;
+		}
+		if (radius_acct_state != NULL) {
+ 			rad_close(radius_acct_state);
+			radius_acct_state = NULL;
+		}
+ 	}
+ 
+ 	/* initialize radius config */
--- a/main/ipsec-tools/03-fix-sport-selection.patch
+++ b/main/ipsec-tools/03-fix-sport-selection.patch
@ -0,0 +1,29 @@
+--- a/src/racoon/grabmyaddr.c	14 Mar 2011 17:18:12 -0000	1.28
+++ b/src/racoon/grabmyaddr.c	5 Feb 2013 11:32:59 -0000
+@@ -274,13 +274,24 @@
+ 	struct sockaddr *addr;
+ {
+ 	struct myaddr *my;
+	int port = 0, wport;
+ 
+ 	LIST_FOREACH(my, &opened, chain) {
+-		if (cmpsaddr((struct sockaddr *) &my->addr, addr) <= CMPSADDR_WILDPORT_MATCH)
+		switch (cmpsaddr((struct sockaddr *) &my->addr, addr)) {
+		case CMPSADDR_MATCH:
+ 			return extract_port((struct sockaddr *) &my->addr);
+		case CMPSADDR_WILDPORT_MATCH:
+			wport = extract_port((struct sockaddr *) &my->addr);
+			if (port == 0 || wport < port)
+				port = wport;
+			break;
+		}
+ 	}
+	
+	if (port == 0)
+		port = PORT_ISAKMP;
+ 
+-	return PORT_ISAKMP;
+	return port;
+ }
+ 
+ void
--- a/main/ipsec-tools/20-grekey-support.patch
+++ b/main/ipsec-tools/20-grekey-support.patch
@ -499,7 +499,7 @@ Index: ipsec-tools-cvs-HEAD/src/racoon/isakmp.c
 	if (iph1hint == NULL || iph1hint->rmconf == NULL) {
 -		rmconf = getrmconf(iph2->dst, nopassive ? GETRMCONF_F_NO_PASSIVE : 0);
 +		int flags = 0;
-+		uint32_t remoteid;
+		uint32_t remoteid = 0;
 +		if (nopassive)
 +			flags |= GETRMCONF_F_NO_PASSIVE;
 +		if (iph2->sainfo != NULL) {
--- a/main/ipsec-tools/APKBUILD
+++ b/main/ipsec-tools/APKBUILD
@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ipsec-tools
 pkgver=0.8.1
-pkgrel=1
+pkgrel=2
 pkgdesc="User-space IPsec tools for various IPsec implementations"
 url="http://ipsec-tools.sourceforge.net/"
 arch="all"
@ -13,6 +13,8 @@ source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
 	racoon.initd
 	racoon.confd
 	01-fix-deletion-notification.patch
+	02-fix-xauth-double-free-on-reload.patch
+	03-fix-sport-selection.patch
 	20-grekey-support.patch
 	50-reverse-connect.patch
 	70-defer-isakmp-ident-handling.patch
@ -62,7 +64,9 @@ md5sums="4d5d5ccc402c9c6bec0e87217e451fe5  ipsec-tools-0.8.1.tar.gz
 74f12ed04ed273a738229c0bfbf829cc  racoon.initd
 2d00250cf72da7f2f559c91b65a48747  racoon.confd
 c8b141e2c705c31af1c35d481e695ee6  01-fix-deletion-notification.patch
-79b919ab23080f54dc3e7686877ca6bd  20-grekey-support.patch
+5f30dfa6997b32e89c0e86826a70f777  02-fix-xauth-double-free-on-reload.patch
+2dd6bc764a5464b811edd6b4847880eb  03-fix-sport-selection.patch
+a6efed1359bde30ea3652fdbe76d89c0  20-grekey-support.patch
 f97205eea3dc68d2437a2ad8720f4520  50-reverse-connect.patch
 94773c94233e14cdce0fa02ff780a43e  70-defer-isakmp-ident-handling.patch
 2d5d24c4a3684a38584f88720f71c7d6  75-racoonctl-rcvbuf.patch