mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-05 02:50:46 +00:00
Remove ipsec-tools and umip
ipsec-tools is dead upstream and upstream recommends against using it: http://ipsec-tools.sourceforge.net/ More detailed explanation from the Debian maintainer: https://bugs.debian.org/917847 umip was the only package depending on ipsec-tools. umip is dormant upstream since 2013. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Adrian Bunk
Khem Raj
-26
@@ -1,26 +0,0 @@
|
||||
From a0ad5128d14b022239445e251cf4a9826e86aa96 Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Tue, 27 Jun 2017 07:48:31 -0700
|
||||
Subject: [PATCH] Add format string to fprintf() call
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
---
|
||||
src/vt.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/vt.c b/src/vt.c
|
||||
index 795d393..a533d3d 100644
|
||||
--- a/src/vt.c
|
||||
+++ b/src/vt.c
|
||||
@@ -499,7 +499,7 @@ static int vt_cmd_dump_candidates(const struct vt_handle *vh,
|
||||
}
|
||||
llen += cmdlen;
|
||||
|
||||
- ret = fprintf(vh->vh_stream, e->cmd);
|
||||
+ ret = fprintf(vh->vh_stream, "%s", e->cmd);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
--
|
||||
2.13.2
|
||||
|
||||
-38
@@ -1,38 +0,0 @@
|
||||
From f567740cf64978ac9db014c786b6d0267b244f33 Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Sun, 4 Mar 2018 22:30:30 -0800
|
||||
Subject: [PATCH 1/2] replace SIGCLD with SIGCHLD and include sys/types.h
|
||||
|
||||
Fixes
|
||||
main.c:129:10: error: 'SIGCLD' undeclared (first use in this function); did you mean 'SIGCHLD'?
|
||||
signal(SIGCLD, sig_child);
|
||||
^~~~~~
|
||||
SIGCHLD
|
||||
|
||||
main.c:125:2: warning: implicit declaration of function 'umask' [-Wimplicit-function-declaration]
|
||||
umask(0);
|
||||
^~~~~
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
---
|
||||
Upstream-Status: Pending
|
||||
|
||||
src/main.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
Index: git/src/main.c
|
||||
===================================================================
|
||||
--- git.orig/src/main.c
|
||||
+++ git/src/main.c
|
||||
@@ -133,9 +133,9 @@ static void daemon_start(int ignsigcld)
|
||||
|
||||
if (ignsigcld) {
|
||||
#ifdef SIGTSTP
|
||||
- signal(SIGCLD, sig_child);
|
||||
+ signal(SIGCHLD, sig_child);
|
||||
#else
|
||||
- signal(SIGCLD, SIG_IGN);
|
||||
+ signal(SIGCHLD, SIG_IGN);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
@@ -1,88 +0,0 @@
|
||||
From 62784e8b6df8ff3a907c1f816154808bea9d7064 Mon Sep 17 00:00:00 2001
|
||||
From: Hongxu Jia <hongxu.jia@windriver.com>
|
||||
Date: Tue, 25 Sep 2018 14:38:14 +0800
|
||||
Subject: [PATCH] support openssl 1.1.x
|
||||
|
||||
Long time no maintain from upstream since 2013
|
||||
(git://git.umip.org/umip/umip.git), backport a
|
||||
fix from openSUSE
|
||||
|
||||
Upstream-Status: Backport [openSUSE]
|
||||
http://ftp.gwdg.de/pub/opensuse/source/distribution/leap/15.0/repo/oss/src/mipv6d-2.0.2.umip.0.4-lp150.1.2.src.rpm
|
||||
|
||||
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
||||
---
|
||||
src/keygen.c | 12 ++++++++++++
|
||||
src/mh.c | 17 ++++++++++++++++-
|
||||
2 files changed, 28 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/keygen.c b/src/keygen.c
|
||||
index e434a38..b902644 100644
|
||||
--- a/src/keygen.c
|
||||
+++ b/src/keygen.c
|
||||
@@ -172,6 +172,7 @@ static void build_kgen_token(struct in6_addr *addr, uint8_t *nonce,
|
||||
uint8_t tmp[20];
|
||||
#ifdef HAVE_LIBCRYPTO
|
||||
unsigned int len = 20;
|
||||
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL
|
||||
HMAC_CTX ctx;
|
||||
|
||||
HMAC_CTX_init(&ctx);
|
||||
@@ -182,6 +183,17 @@ static void build_kgen_token(struct in6_addr *addr, uint8_t *nonce,
|
||||
HMAC_Final(&ctx, tmp, &len);
|
||||
HMAC_CTX_cleanup(&ctx);
|
||||
#else
|
||||
+ HMAC_CTX *ctx;
|
||||
+ ctx = HMAC_CTX_new();
|
||||
+ HMAC_Init_ex(ctx, key_cn, sizeof(key_cn), EVP_sha1(), NULL);
|
||||
+ HMAC_Update(ctx, (unsigned char *)addr, sizeof(*addr));
|
||||
+ HMAC_Update(ctx, nonce, NONCE_LENGTH);
|
||||
+ HMAC_Update(ctx, &id, sizeof(id));
|
||||
+ HMAC_Final(ctx, tmp, &len);
|
||||
+ HMAC_CTX_free(ctx);
|
||||
+#endif // End of defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL
|
||||
+
|
||||
+#else
|
||||
HMAC_SHA1_CTX ctx;
|
||||
|
||||
HMAC_SHA1_init(&ctx, key_cn, sizeof(key_cn));
|
||||
diff --git a/src/mh.c b/src/mh.c
|
||||
index cba9a33..212eb5a 100644
|
||||
--- a/src/mh.c
|
||||
+++ b/src/mh.c
|
||||
@@ -518,9 +518,10 @@ static int calculate_auth_data(const struct iovec *iov, int iovlen,
|
||||
|
||||
#ifdef HAVE_LIBCRYPTO
|
||||
unsigned int len = HMAC_SHA1_HASH_LEN;
|
||||
- HMAC_CTX ctx;
|
||||
const EVP_MD *evp_md = EVP_sha1();
|
||||
|
||||
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1010006fL
|
||||
+ HMAC_CTX ctx;
|
||||
HMAC_CTX_init(&ctx);
|
||||
HMAC_Init_ex(&ctx, key, HMAC_SHA1_KEY_SIZE, evp_md, NULL);
|
||||
|
||||
@@ -532,6 +533,20 @@ static int calculate_auth_data(const struct iovec *iov, int iovlen,
|
||||
HMAC_Final(&ctx, buf, &len);
|
||||
HMAC_CTX_cleanup(&ctx);
|
||||
#else
|
||||
+ HMAC_CTX *ctx;
|
||||
+ ctx = HMAC_CTX_new();
|
||||
+ HMAC_Init_ex(ctx, key, HMAC_SHA1_KEY_SIZE, evp_md, NULL);
|
||||
+
|
||||
+ HMAC_Update(ctx, (uint8_t *)coa, sizeof(*coa));
|
||||
+ HMAC_Update(ctx, (uint8_t *)cn, sizeof(*coa));
|
||||
+ for (i = 0; i < iovlen; i++) {
|
||||
+ HMAC_Update(ctx, (uint8_t *)iov[i].iov_base, iov[i].iov_len);
|
||||
+ }
|
||||
+ HMAC_Final(ctx, buf, &len);
|
||||
+ HMAC_CTX_free(ctx);
|
||||
+#endif
|
||||
+
|
||||
+#else
|
||||
HMAC_SHA1_CTX ctx;
|
||||
|
||||
HMAC_SHA1_init(&ctx, key, HMAC_SHA1_KEY_SIZE);
|
||||
--
|
||||
2.7.4
|
||||
|
||||
-143
@@ -1,143 +0,0 @@
|
||||
From 19b6cf8099e1974b5fc39086fc54103b0cbc2658 Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Sun, 4 Mar 2018 23:01:25 -0800
|
||||
Subject: [PATCH 2/2] replace PTHREAD_MUTEX_FAST_NP with PTHREAD_MUTEX_NORMAL
|
||||
|
||||
PTHREAD_MUTEX_FAST_NP is not available on non-posix systems
|
||||
e.g. musl
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
---
|
||||
Upstream-Status: Pending
|
||||
|
||||
src/ha.c | 2 +-
|
||||
src/icmp6.c | 2 +-
|
||||
src/mh.c | 2 +-
|
||||
src/mn.c | 2 +-
|
||||
src/movement.c | 2 +-
|
||||
src/mpdisc_ha.c | 2 +-
|
||||
src/mpdisc_mn.c | 2 +-
|
||||
src/tqueue.c | 2 +-
|
||||
src/tunnelctl.c | 2 +-
|
||||
9 files changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/ha.c b/src/ha.c
|
||||
index fbdcff0..b2f811e 100644
|
||||
--- a/src/ha.c
|
||||
+++ b/src/ha.c
|
||||
@@ -1246,7 +1246,7 @@ int ha_init(void)
|
||||
{
|
||||
pthread_mutexattr_t mattrs;
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&bu_worker_mutex, &mattrs) ||
|
||||
pthread_cond_init(&cond, NULL))
|
||||
return -1;
|
||||
diff --git a/src/icmp6.c b/src/icmp6.c
|
||||
index 3695135..6460634 100644
|
||||
--- a/src/icmp6.c
|
||||
+++ b/src/icmp6.c
|
||||
@@ -243,7 +243,7 @@ int icmp6_init(void)
|
||||
return -1;
|
||||
/* create ICMP listener thread */
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&icmp6_sock.send_mutex, &mattrs) ||
|
||||
pthread_rwlock_init(&handler_lock, NULL) ||
|
||||
pthread_create(&icmp6_listener, NULL, icmp6_listen, NULL))
|
||||
diff --git a/src/mh.c b/src/mh.c
|
||||
index 60e345e..7928f4c 100644
|
||||
--- a/src/mh.c
|
||||
+++ b/src/mh.c
|
||||
@@ -204,7 +204,7 @@ int mh_init(void)
|
||||
return -1;
|
||||
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&mh_sock.send_mutex, &mattrs) ||
|
||||
pthread_rwlock_init(&handler_lock, NULL) ||
|
||||
pthread_create(&mh_listener, NULL, mh_listen, NULL))
|
||||
diff --git a/src/mn.c b/src/mn.c
|
||||
index 092cfcb..8f7f448 100644
|
||||
--- a/src/mn.c
|
||||
+++ b/src/mn.c
|
||||
@@ -1478,7 +1478,7 @@ static struct home_addr_info *hai_copy(struct home_addr_info *conf_hai)
|
||||
if (hai != NULL) {
|
||||
pthread_mutexattr_t mattrs;
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
|
||||
memcpy(hai, conf_hai, sizeof(struct home_addr_info));
|
||||
|
||||
diff --git a/src/movement.c b/src/movement.c
|
||||
index d985937..6400448 100644
|
||||
--- a/src/movement.c
|
||||
+++ b/src/movement.c
|
||||
@@ -2013,7 +2013,7 @@ int md_init(void)
|
||||
int val;
|
||||
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&iface_lock, &mattrs))
|
||||
return -1;
|
||||
|
||||
diff --git a/src/mpdisc_ha.c b/src/mpdisc_ha.c
|
||||
index 40ba05f..fd7a90d 100644
|
||||
--- a/src/mpdisc_ha.c
|
||||
+++ b/src/mpdisc_ha.c
|
||||
@@ -559,7 +559,7 @@ int mpd_ha_init(void)
|
||||
{
|
||||
pthread_mutexattr_t mattrs;
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&mpa_lock, &mattrs) ||
|
||||
pthread_rwlock_init(&prefix_lock, NULL) ||
|
||||
hash_init(&mpa_hash, DOUBLE_ADDR, MPA_BUCKETS) < 0)
|
||||
diff --git a/src/mpdisc_mn.c b/src/mpdisc_mn.c
|
||||
index 4873bd6..ada02bd 100644
|
||||
--- a/src/mpdisc_mn.c
|
||||
+++ b/src/mpdisc_mn.c
|
||||
@@ -267,7 +267,7 @@ int mpd_mn_init(void)
|
||||
{
|
||||
pthread_mutexattr_t mattrs;
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&mps_lock, &mattrs))
|
||||
return -1;
|
||||
if (hash_init(&mps_hash, DOUBLE_ADDR, MPS_BUCKETS) < 0)
|
||||
diff --git a/src/tqueue.c b/src/tqueue.c
|
||||
index 2f7aa0b..9c185b8 100644
|
||||
--- a/src/tqueue.c
|
||||
+++ b/src/tqueue.c
|
||||
@@ -65,7 +65,7 @@ int taskqueue_init(void)
|
||||
{
|
||||
pthread_mutexattr_t mattrs;
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&mutex, &mattrs) ||
|
||||
pthread_cond_init(&cond, NULL) ||
|
||||
pthread_create(&tq_runner, NULL, runner, NULL))
|
||||
diff --git a/src/tunnelctl.c b/src/tunnelctl.c
|
||||
index 23fc20b..813b8ec 100644
|
||||
--- a/src/tunnelctl.c
|
||||
+++ b/src/tunnelctl.c
|
||||
@@ -433,7 +433,7 @@ int tunnelctl_init(void)
|
||||
return -1;
|
||||
|
||||
pthread_mutexattr_init(&mattrs);
|
||||
- pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_FAST_NP);
|
||||
+ pthread_mutexattr_settype(&mattrs, PTHREAD_MUTEX_NORMAL);
|
||||
if (pthread_mutex_init(&tnl_lock, &mattrs))
|
||||
return -1;
|
||||
|
||||
--
|
||||
2.16.2
|
||||
|
||||
-23
@@ -1,23 +0,0 @@
|
||||
When "make -j10", the compilation will fail,
|
||||
because scan.c has included gram.h, but gram.h was produced
|
||||
after scan.c was compiled
|
||||
|
||||
So add this dependency to ensure that gram.h is produced
|
||||
before scan.c is produced.
|
||||
|
||||
Upstream-Status: Inappropriate [upstream is not active]
|
||||
|
||||
Signed-off-by: Roy.Li <RongQing.Li@windriver.com>
|
||||
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
||||
---
|
||||
src/Makefile.am | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -81,3 +81,5 @@ CLEANFILES = gram.c gram.h \
|
||||
|
||||
DISTCLEANFILES = $(BUILT_SOURCES)
|
||||
MAINTAINERCLEANFILES = Makefile.in
|
||||
+
|
||||
+scan.c: gram.h
|
||||
@@ -1,112 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# mip6d Start script for the Mobile IPv6 daemon
|
||||
#
|
||||
# chkconfig: - 55 25
|
||||
# description: The mobile IPv6 daemon allows nodes to remain \
|
||||
# reachable while moving around in the IPv6 Internet.
|
||||
# processname: mip6d
|
||||
# config: /etc/mip6d.conf
|
||||
# config: /etc/sysconfig/mip6d
|
||||
#
|
||||
### BEGIN INIT INFO
|
||||
# Provides: mipv6-daemon
|
||||
# Required-Start: $local_fs $remote_fs $network $named
|
||||
# Required-Stop: $local_fs $remote_fs $network
|
||||
# Should-Start: $syslog
|
||||
# Should-Stop: $network $syslog
|
||||
# Default-Start:
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Start and stop Mobile IPV6 daemon
|
||||
# Description: The mobile IPv6 daemon allows nodes to remain
|
||||
# reachable while moving around in the IPv6 Internet.
|
||||
### END INIT INFO
|
||||
|
||||
# Source function library.
|
||||
. /etc/init.d/functions
|
||||
|
||||
if [ -f /etc/sysconfig/mip6d ]; then
|
||||
. /etc/sysconfig/mip6d
|
||||
fi
|
||||
|
||||
mip6d=/usr/sbin/mip6d
|
||||
prog="mip6d"
|
||||
lockfile=/var/lock/subsys/$prog
|
||||
|
||||
start() {
|
||||
[ -x $mip6d ] || exit 5
|
||||
echo -n $"Starting $prog: "
|
||||
start-stop-daemon -S -x ${mip6d} && success || failure
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && touch ${lockfile}
|
||||
return $retval
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
start-stop-daemon -K -x $mip6d
|
||||
retval=$?
|
||||
echo
|
||||
[ $retval -eq 0 ] && rm -f ${lockfile}
|
||||
return $retval
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
reload()
|
||||
{
|
||||
echo -n $"Reloading $prog configuration: "
|
||||
killproc $mip6d -HUP
|
||||
retval=$?
|
||||
echo
|
||||
return $retval
|
||||
}
|
||||
|
||||
force_reload() {
|
||||
restart
|
||||
}
|
||||
|
||||
rh_status() {
|
||||
status $prog
|
||||
}
|
||||
|
||||
rh_status_q() {
|
||||
rh_status > /dev/null 2>&1
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
rh_status_q && exit 0
|
||||
$1
|
||||
;;
|
||||
stop)
|
||||
rh_status_q || exit 0
|
||||
$1
|
||||
;;
|
||||
restart)
|
||||
$1
|
||||
;;
|
||||
reload)
|
||||
rh_status_q || exit 7
|
||||
$1
|
||||
;;
|
||||
force-reload)
|
||||
force_reload
|
||||
;;
|
||||
status)
|
||||
rh_status
|
||||
;;
|
||||
condrestart|try-restart)
|
||||
rh_status_q || exit 0
|
||||
restart
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $prog {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
|
||||
exit 2
|
||||
esac
|
||||
|
||||
exit $?
|
||||
@@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=MIPL Mobile IPv6
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-@SYSCONFDIR@/sysconfig/mip6d
|
||||
ExecStart=@SBINDIR@/mip6d $ARGS
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,46 +0,0 @@
|
||||
SUMMARY = "Mobile IPv6 and NEMO for Linux"
|
||||
DESCRIPTION = "UMIP is an open source implementation of Mobile IPv6 and NEMO \
|
||||
Basic Support for Linux. It is released under the GPLv2 license. It supports \
|
||||
the following IETF RFC: RFC6275 (Mobile IPv6), RFC3963 (NEMO), RFC3776 and \
|
||||
RFC4877 (IPsec and IKEv2)."
|
||||
HOMEPAGE = "http://umip.org/"
|
||||
SECTION = "System Environment/Base"
|
||||
LICENSE = "GPLv2"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=073dc31ccb2ebed70db54f1e8aeb4c33"
|
||||
DEPENDS = "openssl ipsec-tools radvd indent-native bison-native"
|
||||
|
||||
SRC_URI = "git://git.umip.org/umip/umip.git \
|
||||
file://add-dependency-to-support-parallel-compilation.patch \
|
||||
file://mip6d \
|
||||
file://mip6d.service \
|
||||
file://0001-Add-format-string-to-fprintf-call.patch \
|
||||
file://0001-replace-SIGCLD-with-SIGCHLD-and-include-sys-types.h.patch \
|
||||
file://0002-replace-PTHREAD_MUTEX_FAST_NP-with-PTHREAD_MUTEX_NOR.patch \
|
||||
file://0001-support-openssl-1.1.x.patch \
|
||||
"
|
||||
SRCREV = "cbd441c5db719db554ff2b4fcb02fef88ae2f791"
|
||||
|
||||
# Depends on ipsec-tools which is already MACHINE_ARCH (and also RRECOMMENDS kernel modules)
|
||||
PACKAGE_ARCH = "${MACHINE_ARCH}"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
EXTRA_OECONF = "--enable-vt"
|
||||
|
||||
inherit autotools-brokensep systemd update-rc.d
|
||||
|
||||
INITSCRIPT_NAME = "mip6d"
|
||||
INITSCRIPT_PARAMS = "start 64 . stop 36 0 1 2 3 4 5 6 ."
|
||||
|
||||
SYSTEMD_SERVICE_${PN} = "mip6d.service"
|
||||
SYSTEMD_AUTO_ENABLE = "disable"
|
||||
|
||||
do_install_append() {
|
||||
install -D -m 0755 ${WORKDIR}/mip6d ${D}${sysconfdir}/init.d/mip6d
|
||||
install -D -m 0644 ${WORKDIR}/mip6d.service ${D}${systemd_system_unitdir}/mip6d.service
|
||||
sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' \
|
||||
-e 's,@SBINDIR@,${sbindir},g' \
|
||||
${D}${systemd_system_unitdir}/mip6d.service
|
||||
}
|
||||
|
||||
RRECOMMENDS_${PN} = "kernel-module-mip6 kernel-module-ipv6"
|
||||
@@ -34,7 +34,7 @@ RDEPENDS_packagegroup-meta-networking-connectivity = "\
|
||||
openconnect ez-ipupdate mosquitto sethdlc crda \
|
||||
dibbler-server dibbler-client dibbler-requestor dibbler-relay \
|
||||
libdnet ufw civetweb freeradius kea daq \
|
||||
mbedtls relayd snort dhcpcd rdate vlan umip vpnc \
|
||||
mbedtls relayd snort dhcpcd rdate vlan vpnc \
|
||||
inetutils wolfssl lftp miniupnpd networkmanager \
|
||||
networkmanager-openvpn rdist nanomsg python-networkmanager \
|
||||
wireless-regdb \
|
||||
@@ -93,7 +93,7 @@ RDEPENDS_packagegroup-meta-networking-support = "\
|
||||
ncp ndisc6 mtr tinyproxy ssmping ntp \
|
||||
wpan-tools bridge-utils ifenslave celt051 pimd \
|
||||
nbd-client nbd-server nbd-trdump \
|
||||
phytool fwknop htpdate tcpreplay ipsec-tools \
|
||||
phytool fwknop htpdate tcpreplay \
|
||||
traceroute geoip-perl geoip geoipupdate esmtp \
|
||||
libtdb netcf dnsmasq curlpp openipmi drbd-utils \
|
||||
drbd tunctl dovecot ipvsadm stunnel chrony spice-protocol \
|
||||
|
||||
-86
@@ -1,86 +0,0 @@
|
||||
From 282d492e4cab7b4d9c7321f4c0c55b615948e280 Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Fri, 11 May 2018 14:09:17 -0700
|
||||
Subject: [PATCH] Disable gcc8 specific warnings
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
---
|
||||
src/libipsec/ipsec_dump_policy.c | 5 +++++
|
||||
src/libipsec/pfkey_dump.c | 5 +++++
|
||||
src/racoon/isakmp.c | 11 ++++++++++-
|
||||
3 files changed, 20 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libipsec/ipsec_dump_policy.c b/src/libipsec/ipsec_dump_policy.c
|
||||
index 4d0eb77..c3fc842 100644
|
||||
--- a/src/libipsec/ipsec_dump_policy.c
|
||||
+++ b/src/libipsec/ipsec_dump_policy.c
|
||||
@@ -275,6 +275,10 @@ ipsec_dump_policy1(policy, delimiter, withports)
|
||||
return buf;
|
||||
}
|
||||
|
||||
+#pragma GCC diagnostic push
|
||||
+#if defined(__GNUC__) && (__GNUC__ >= 8)
|
||||
+#pragma GCC diagnostic ignored "-Wformat-truncation"
|
||||
+#endif
|
||||
static char *
|
||||
ipsec_dump_ipsecrequest(buf, len, xisr, bound, withports)
|
||||
char *buf;
|
||||
@@ -419,3 +423,4 @@ set_address(buf, len, sa, withports)
|
||||
|
||||
return buf;
|
||||
}
|
||||
+#pragma GCC diagnostic pop
|
||||
diff --git a/src/libipsec/pfkey_dump.c b/src/libipsec/pfkey_dump.c
|
||||
index 4627ebc..451e535 100644
|
||||
--- a/src/libipsec/pfkey_dump.c
|
||||
+++ b/src/libipsec/pfkey_dump.c
|
||||
@@ -691,6 +691,10 @@ str_ipport(sa)
|
||||
/*
|
||||
* set "/prefix[port number]" to buffer.
|
||||
*/
|
||||
+#pragma GCC diagnostic push
|
||||
+#if defined(__GNUC__) && (__GNUC__ >= 8)
|
||||
+#pragma GCC diagnostic ignored "-Wformat-truncation"
|
||||
+#endif
|
||||
static char *
|
||||
str_prefport(family, pref, port, ulp)
|
||||
u_int family, pref, port, ulp;
|
||||
@@ -735,6 +739,7 @@ str_prefport(family, pref, port, ulp)
|
||||
|
||||
return buf;
|
||||
}
|
||||
+#pragma GCC diagnostic pop
|
||||
|
||||
static void
|
||||
str_upperspec(ulp, p1, p2)
|
||||
diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
|
||||
index 7ff53a3..4addf24 100644
|
||||
--- a/src/racoon/isakmp.c
|
||||
+++ b/src/racoon/isakmp.c
|
||||
@@ -3124,7 +3124,12 @@ script_hook(iph1, script)
|
||||
#endif
|
||||
|
||||
/* local address */
|
||||
+#pragma GCC diagnostic push
|
||||
+#if defined(__GNUC__) && (__GNUC__ >= 8)
|
||||
+#pragma GCC diagnostic ignored "-Wstringop-truncation"
|
||||
+#endif
|
||||
GETNAMEINFO(iph1->local, addrstr, portstr);
|
||||
+#pragma GCC diagnostic pop
|
||||
|
||||
if (script_env_append(&envp, &envc, "LOCAL_ADDR", addrstr) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL, "Cannot set LOCAL_ADDR\n");
|
||||
@@ -3138,8 +3143,12 @@ script_hook(iph1, script)
|
||||
|
||||
/* Peer address */
|
||||
if (iph1->remote != NULL) {
|
||||
+#pragma GCC diagnostic push
|
||||
+#if defined(__GNUC__) && (__GNUC__ >= 8)
|
||||
+#pragma GCC diagnostic ignored "-Wstringop-truncation"
|
||||
+#endif
|
||||
GETNAMEINFO(iph1->remote, addrstr, portstr);
|
||||
-
|
||||
+#pragma GCC diagnostic pop
|
||||
if (script_env_append(&envp, &envc,
|
||||
"REMOTE_ADDR", addrstr) != 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
-115
@@ -1,115 +0,0 @@
|
||||
From 9135ca401186fb14e5e5110bbb04d1ccc480360a Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Tue, 15 Nov 2016 04:15:44 +0000
|
||||
Subject: [PATCH] Fix build with clang
|
||||
|
||||
Fixes for following errors found by clang
|
||||
|
||||
src/racoon/eaytest.c:316:6: error: comparison of array 'dnstr_w1' not equal to a null pointer is always true
|
||||
[-Werror,-Wtautological-pointer-compare]
|
||||
if (dnstr_w1 != NULL) {
|
||||
^~~~~~~~ ~~~~
|
||||
src/racoon/eaytest.c:326:6: error: comparison of array 'dnstr_w1' not equal to a null pointer is always true
|
||||
[-Werror,-Wtautological-pointer-compare]
|
||||
if (dnstr_w1 != NULL) {
|
||||
^~~~~~~~ ~~~~
|
||||
|
||||
src/racoon/isakmp.c:1134:11: error: promoted type 'int' of K&R function parameter is not compatible with the
|
||||
parameter type 'u_int8_t' (aka 'unsigned char') declared in a previous prototype [-Werror,-Wknr-promoted-parameter]
|
||||
u_int8_t etype;
|
||||
^
|
||||
src/racoon/isakmp.c:184:48: note: previous declaration is here
|
||||
struct sockaddr *, struct sockaddr *, u_int8_t));
|
||||
^
|
||||
1 error generated.
|
||||
|
||||
src/racoon/racoonctl.c:1457:15: error: incompatible pointer types passing 'struct evt_async *' to parameter of type
|
||||
'caddr_t' (aka 'char *') [-Werror,-Wincompatible-pointer-types]
|
||||
print_cfg(ec, len);
|
||||
^~
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
---
|
||||
src/racoon/eaytest.c | 4 ++--
|
||||
src/racoon/isakmp.c | 10 +++++-----
|
||||
src/racoon/racoonctl.c | 7 +++----
|
||||
3 files changed, 10 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/racoon/eaytest.c b/src/racoon/eaytest.c
|
||||
index 1474bdc..d609e4f 100644
|
||||
--- a/src/racoon/eaytest.c
|
||||
+++ b/src/racoon/eaytest.c
|
||||
@@ -313,7 +313,7 @@ certtest(ac, av)
|
||||
|
||||
printf("exact match: succeed.\n");
|
||||
|
||||
- if (dnstr_w1 != NULL) {
|
||||
+ if (dnstr_w1[0] != '\0') {
|
||||
asn1dn = eay_str2asn1dn(dnstr_w1, strlen(dnstr_w1));
|
||||
if (asn1dn == NULL || asn1dn->l == asn1dn0.l)
|
||||
errx(1, "asn1dn length wrong for wildcard 1\n");
|
||||
@@ -323,7 +323,7 @@ certtest(ac, av)
|
||||
printf("wildcard 1 match: succeed.\n");
|
||||
}
|
||||
|
||||
- if (dnstr_w1 != NULL) {
|
||||
+ if (dnstr_w1[0] != '\0') {
|
||||
asn1dn = eay_str2asn1dn(dnstr_w2, strlen(dnstr_w2));
|
||||
if (asn1dn == NULL || asn1dn->l == asn1dn0.l)
|
||||
errx(1, "asn1dn length wrong for wildcard 2\n");
|
||||
diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
|
||||
index 2672f7a..da7ebe8 100644
|
||||
--- a/src/racoon/isakmp.c
|
||||
+++ b/src/racoon/isakmp.c
|
||||
@@ -567,7 +567,7 @@ isakmp_main(msg, remote, local)
|
||||
|
||||
/* it must be responder's 1st exchange. */
|
||||
if (isakmp_ph1begin_r(msg, remote, local,
|
||||
- isakmp->etype) < 0)
|
||||
+ (u_int8_t)isakmp->etype) < 0)
|
||||
return -1;
|
||||
break;
|
||||
|
||||
@@ -1128,10 +1128,10 @@ isakmp_ph1begin_i(rmconf, remote, local)
|
||||
|
||||
/* new negotiation of phase 1 for responder */
|
||||
static int
|
||||
-isakmp_ph1begin_r(msg, remote, local, etype)
|
||||
- vchar_t *msg;
|
||||
- struct sockaddr *remote, *local;
|
||||
- u_int8_t etype;
|
||||
+isakmp_ph1begin_r(vchar_t *msg,
|
||||
+ struct sockaddr *remote,
|
||||
+ struct sockaddr *local,
|
||||
+ u_int8_t etype)
|
||||
{
|
||||
struct isakmp *isakmp = (struct isakmp *)msg->v;
|
||||
struct ph1handle *iph1;
|
||||
diff --git a/src/racoon/racoonctl.c b/src/racoon/racoonctl.c
|
||||
index da28ecd..bbf068e 100644
|
||||
--- a/src/racoon/racoonctl.c
|
||||
+++ b/src/racoon/racoonctl.c
|
||||
@@ -1299,9 +1299,8 @@ print_evt(evtdump)
|
||||
* Print ISAKMP mode config info (IP and banner)
|
||||
*/
|
||||
void
|
||||
-print_cfg(buf, len)
|
||||
- caddr_t buf;
|
||||
- int len;
|
||||
+print_cfg(caddr_t buf,
|
||||
+ int len)
|
||||
{
|
||||
struct evt_async *evtdump = (struct evt_async *)buf;
|
||||
struct isakmp_data *attr;
|
||||
@@ -1454,7 +1453,7 @@ handle_recv(combuf)
|
||||
else if (evt_quit_event == ec->ec_type) {
|
||||
switch (ec->ec_type) {
|
||||
case EVT_PHASE1_MODE_CFG:
|
||||
- print_cfg(ec, len);
|
||||
+ print_cfg((caddr_t)ec, len);
|
||||
break;
|
||||
default:
|
||||
print_evt(ec);
|
||||
--
|
||||
1.9.1
|
||||
|
||||
-249
@@ -1,249 +0,0 @@
|
||||
From 7d9585be093c9cb2428b373c0b0088bb778942d0 Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Mon, 20 Mar 2017 21:37:47 -0700
|
||||
Subject: [PATCH] Fix header issues found with musl libc
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
---
|
||||
src/libipsec/ipsec_strerror.h | 3 +++
|
||||
src/libipsec/libpfkey.h | 4 +++-
|
||||
src/racoon/admin.c | 2 +-
|
||||
src/racoon/backupsa.c | 6 +++---
|
||||
src/racoon/cftoken.l | 4 ++++
|
||||
src/racoon/logger.h | 3 +++
|
||||
src/racoon/misc.h | 3 +++
|
||||
src/racoon/missing/crypto/sha2/sha2.h | 3 +++
|
||||
src/racoon/netdb_dnssec.h | 3 +++
|
||||
src/racoon/pfkey.c | 1 -
|
||||
src/racoon/plog.h | 2 ++
|
||||
src/racoon/str2val.h | 3 +++
|
||||
src/racoon/vmbuf.h | 3 +++
|
||||
src/setkey/extern.h | 3 ++-
|
||||
src/setkey/setkey.c | 1 -
|
||||
15 files changed, 36 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/libipsec/ipsec_strerror.h b/src/libipsec/ipsec_strerror.h
|
||||
index 2b4264f..dac66a1 100644
|
||||
--- a/src/libipsec/ipsec_strerror.h
|
||||
+++ b/src/libipsec/ipsec_strerror.h
|
||||
@@ -34,6 +34,9 @@
|
||||
#ifndef _IPSEC_STRERROR_H
|
||||
#define _IPSEC_STRERROR_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
extern int __ipsec_errcode;
|
||||
extern void __ipsec_set_strerror __P((const char *));
|
||||
|
||||
diff --git a/src/libipsec/libpfkey.h b/src/libipsec/libpfkey.h
|
||||
index 61d2f2a..f7991b7 100644
|
||||
--- a/src/libipsec/libpfkey.h
|
||||
+++ b/src/libipsec/libpfkey.h
|
||||
@@ -34,6 +34,9 @@
|
||||
#ifndef _LIBPFKEY_H
|
||||
#define _LIBPFKEY_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
#ifndef KAME_LIBPFKEY_H
|
||||
#define KAME_LIBPFKEY_H
|
||||
|
||||
@@ -43,7 +46,6 @@
|
||||
|
||||
#define PRIORITY_OFFSET_POSITIVE_MAX 0x3fffffff
|
||||
#define PRIORITY_OFFSET_NEGATIVE_MAX 0x40000000
|
||||
-
|
||||
struct sadb_msg;
|
||||
extern void pfkey_sadump __P((struct sadb_msg *));
|
||||
extern void pfkey_sadump_withports __P((struct sadb_msg *));
|
||||
diff --git a/src/racoon/admin.c b/src/racoon/admin.c
|
||||
index 4b1875b..03ea3f8 100644
|
||||
--- a/src/racoon/admin.c
|
||||
+++ b/src/racoon/admin.c
|
||||
@@ -36,7 +36,6 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <sys/socket.h>
|
||||
-#include <sys/signal.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/un.h>
|
||||
|
||||
@@ -46,6 +45,7 @@
|
||||
#include PATH_IPSEC_H
|
||||
|
||||
|
||||
+#include <signal.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
diff --git a/src/racoon/backupsa.c b/src/racoon/backupsa.c
|
||||
index 82d74ca..95307ca 100644
|
||||
--- a/src/racoon/backupsa.c
|
||||
+++ b/src/racoon/backupsa.c
|
||||
@@ -276,9 +276,9 @@ do { \
|
||||
GETNEXTNUM(sa_args.a_keylen, strtoul);
|
||||
GETNEXTNUM(sa_args.flags, strtoul);
|
||||
GETNEXTNUM(sa_args.l_alloc, strtoul);
|
||||
- GETNEXTNUM(sa_args.l_bytes, strtouq);
|
||||
- GETNEXTNUM(sa_args.l_addtime, strtouq);
|
||||
- GETNEXTNUM(sa_args.l_usetime, strtouq);
|
||||
+ GETNEXTNUM(sa_args.l_bytes, strtoull);
|
||||
+ GETNEXTNUM(sa_args.l_addtime, strtoull);
|
||||
+ GETNEXTNUM(sa_args.l_usetime, strtoull);
|
||||
GETNEXTNUM(sa_args.seq, strtoul);
|
||||
|
||||
#undef GETNEXTNUM
|
||||
diff --git a/src/racoon/cftoken.l b/src/racoon/cftoken.l
|
||||
index 1701922..787f4a9 100644
|
||||
--- a/src/racoon/cftoken.l
|
||||
+++ b/src/racoon/cftoken.l
|
||||
@@ -77,6 +77,10 @@
|
||||
|
||||
#include "cfparse.h"
|
||||
|
||||
+#ifndef GLOB_TILDE
|
||||
+#define GLOB_TILDE 0
|
||||
+#endif
|
||||
+
|
||||
int yyerrorcount = 0;
|
||||
|
||||
#if defined(YIPS_DEBUG)
|
||||
diff --git a/src/racoon/logger.h b/src/racoon/logger.h
|
||||
index 3fd3e94..67af5f0 100644
|
||||
--- a/src/racoon/logger.h
|
||||
+++ b/src/racoon/logger.h
|
||||
@@ -34,6 +34,9 @@
|
||||
#ifndef _LOGGER_H
|
||||
#define _LOGGER_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
struct log {
|
||||
int head;
|
||||
int siz;
|
||||
diff --git a/src/racoon/misc.h b/src/racoon/misc.h
|
||||
index 3e758d9..30d9825 100644
|
||||
--- a/src/racoon/misc.h
|
||||
+++ b/src/racoon/misc.h
|
||||
@@ -34,6 +34,9 @@
|
||||
#ifndef _MISC_H
|
||||
#define _MISC_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
#define BIT2STR(b) bit2str(b, sizeof(b)<<3)
|
||||
|
||||
#ifdef HAVE_FUNC_MACRO
|
||||
diff --git a/src/racoon/missing/crypto/sha2/sha2.h b/src/racoon/missing/crypto/sha2/sha2.h
|
||||
index 42bcc2a..c043dfe 100644
|
||||
--- a/src/racoon/missing/crypto/sha2/sha2.h
|
||||
+++ b/src/racoon/missing/crypto/sha2/sha2.h
|
||||
@@ -40,6 +40,9 @@
|
||||
#ifndef __SHA2_H__
|
||||
#define __SHA2_H__
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
diff --git a/src/racoon/netdb_dnssec.h b/src/racoon/netdb_dnssec.h
|
||||
index a11209d..98fd813 100644
|
||||
--- a/src/racoon/netdb_dnssec.h
|
||||
+++ b/src/racoon/netdb_dnssec.h
|
||||
@@ -34,6 +34,9 @@
|
||||
#ifndef _NETDB_DNSSEC_H
|
||||
#define _NETDB_DNSSEC_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
#ifndef T_CERT
|
||||
#define T_CERT 37 /* defined by RFC2538 section 2 */
|
||||
#endif
|
||||
diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c
|
||||
index 8f26c19..a06c30e 100644
|
||||
--- a/src/racoon/pfkey.c
|
||||
+++ b/src/racoon/pfkey.c
|
||||
@@ -59,7 +59,6 @@
|
||||
#include <sys/param.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/queue.h>
|
||||
-#include <sys/sysctl.h>
|
||||
|
||||
#include <net/route.h>
|
||||
#include <net/pfkeyv2.h>
|
||||
diff --git a/src/racoon/plog.h b/src/racoon/plog.h
|
||||
index ed43c8b..920c850 100644
|
||||
--- a/src/racoon/plog.h
|
||||
+++ b/src/racoon/plog.h
|
||||
@@ -34,6 +34,8 @@
|
||||
#ifndef _PLOG_H
|
||||
#define _PLOG_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
#ifdef HAVE_STDARG_H
|
||||
#include <stdarg.h>
|
||||
#else
|
||||
diff --git a/src/racoon/str2val.h b/src/racoon/str2val.h
|
||||
index 4a7cec1..d3d698e 100644
|
||||
--- a/src/racoon/str2val.h
|
||||
+++ b/src/racoon/str2val.h
|
||||
@@ -34,6 +34,9 @@
|
||||
#ifndef _STR2VAL_H
|
||||
#define _STR2VAL_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
extern caddr_t val2str __P((const char *, size_t));
|
||||
extern char *str2val __P((const char *, int, size_t *));
|
||||
|
||||
diff --git a/src/racoon/vmbuf.h b/src/racoon/vmbuf.h
|
||||
index 3f2f4ea..8287a00 100644
|
||||
--- a/src/racoon/vmbuf.h
|
||||
+++ b/src/racoon/vmbuf.h
|
||||
@@ -34,6 +34,9 @@
|
||||
#ifndef _VMBUF_H
|
||||
#define _VMBUF_H
|
||||
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
+
|
||||
/*
|
||||
* bp v
|
||||
* v v
|
||||
diff --git a/src/setkey/extern.h b/src/setkey/extern.h
|
||||
index 6f439fa..a1d9d14 100644
|
||||
--- a/src/setkey/extern.h
|
||||
+++ b/src/setkey/extern.h
|
||||
@@ -1,6 +1,7 @@
|
||||
/* $NetBSD: extern.h,v 1.5 2009/03/06 11:45:03 tteras Exp $ */
|
||||
|
||||
-
|
||||
+#undef __P
|
||||
+#define __P(protos) protos /* ANSI C prototypes */
|
||||
|
||||
void parse_init __P((void));
|
||||
int parse __P((FILE **));
|
||||
diff --git a/src/setkey/setkey.c b/src/setkey/setkey.c
|
||||
index c400faa..51f8b75 100644
|
||||
--- a/src/setkey/setkey.c
|
||||
+++ b/src/setkey/setkey.c
|
||||
@@ -40,7 +40,6 @@
|
||||
#include <sys/socket.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
||||
-#include <sys/sysctl.h>
|
||||
#include <err.h>
|
||||
#include <netinet/in.h>
|
||||
#include <net/pfkeyv2.h>
|
||||
--
|
||||
2.12.0
|
||||
|
||||
-1086
File diff suppressed because it is too large
Load Diff
-33
@@ -1,33 +0,0 @@
|
||||
From 738a9857be9c92ad2f70be88ccee238e3154a936 Mon Sep 17 00:00:00 2001
|
||||
From: Joe MacDonald <joe.macdonald@windriver.com>
|
||||
Date: Wed, 2 Oct 2013 14:20:37 -0400
|
||||
Subject: [PATCH] racoon/pfkey: avoid potential null-pointer dereference
|
||||
|
||||
Building with -Werror=maybe-uninitialized revealed that 'remote' from
|
||||
pk_recvmigrate() could be used with uninitialized data in
|
||||
migrate_sp_ike_addresses(). Ensure it is always at a minimum assigned
|
||||
NULL.
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
||||
---
|
||||
src/racoon/pfkey.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c
|
||||
index d00b166..e0dc1db 100644
|
||||
--- a/src/racoon/pfkey.c
|
||||
+++ b/src/racoon/pfkey.c
|
||||
@@ -3352,7 +3352,7 @@ pk_recvmigrate(mhp)
|
||||
struct sockaddr *old_saddr, *new_saddr;
|
||||
struct sockaddr *old_daddr, *new_daddr;
|
||||
struct sockaddr *old_local, *old_remote;
|
||||
- struct sockaddr *local, *remote;
|
||||
+ struct sockaddr *local, *remote = NULL;
|
||||
struct sadb_x_kmaddress *kmaddr;
|
||||
struct sadb_x_policy *xpl;
|
||||
struct sadb_x_ipsecrequest *xisr_list;
|
||||
--
|
||||
1.7.9.5
|
||||
|
||||
-87
@@ -1,87 +0,0 @@
|
||||
From e48b9097dce7bc2bfbb9e9c542124d3b5cebab39 Mon Sep 17 00:00:00 2001
|
||||
From: Paul Barker <paul@paulbarker.me.uk>
|
||||
Date: Wed, 5 Mar 2014 13:39:14 +0000
|
||||
Subject: [PATCH] Don't link against libfl
|
||||
|
||||
We can remove all references to yywrap by adding "%option noyywrap" statements
|
||||
to each flex source file that doesn't override yywrap. After this, we no longer
|
||||
need to link against libfl and so no longer get errors about undefined
|
||||
references to yylex.
|
||||
|
||||
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
|
||||
Upstream-status: Submitted 2014-03-11
|
||||
see http://sourceforge.net/p/ipsec-tools/mailman/ipsec-tools-devel/thread/CANyK_8ewmxGA3vBVJW6s1APXPmxPR%2BDFWZ61EL8pCt288aKQ6w%40mail.gmail.com/#msg32088797
|
||||
---
|
||||
src/libipsec/Makefile.am | 1 -
|
||||
src/racoon/Makefile.am | 2 +-
|
||||
src/racoon/cftoken.l | 2 ++
|
||||
src/setkey/Makefile.am | 1 -
|
||||
src/setkey/token.l | 2 ++
|
||||
5 files changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/libipsec/Makefile.am b/src/libipsec/Makefile.am
|
||||
index 6a4e3b3..df1e106 100644
|
||||
--- a/src/libipsec/Makefile.am
|
||||
+++ b/src/libipsec/Makefile.am
|
||||
@@ -26,7 +26,6 @@ libipsec_la_SOURCES = \
|
||||
# version is current:revision:age.
|
||||
# See: http://www.gnu.org/manual/libtool-1.4.2/html_chapter/libtool_6.html#SEC32
|
||||
libipsec_la_LDFLAGS = -version-info 0:1:0
|
||||
-libipsec_la_LIBADD = $(LEXLIB)
|
||||
|
||||
noinst_HEADERS = ipsec_strerror.h
|
||||
|
||||
diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am
|
||||
index dbaded9..0662957 100644
|
||||
--- a/src/racoon/Makefile.am
|
||||
+++ b/src/racoon/Makefile.am
|
||||
@@ -38,7 +38,7 @@ racoon_SOURCES = \
|
||||
cftoken.l cfparse.y prsa_tok.l prsa_par.y
|
||||
EXTRA_racoon_SOURCES = isakmp_xauth.c isakmp_cfg.c isakmp_unity.c throttle.c \
|
||||
isakmp_frag.c nattraversal.c security.c $(MISSING_ALGOS)
|
||||
-racoon_LDADD = $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(LEXLIB) \
|
||||
+racoon_LDADD = $(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) \
|
||||
$(SECCTX_OBJS) vmbuf.o sockmisc.o misc.o ../libipsec/libipsec.la
|
||||
racoon_DEPENDENCIES = \
|
||||
$(CRYPTOBJS) $(HYBRID_OBJS) $(NATT_OBJS) $(FRAG_OBJS) $(SECCTX_OBJS) \
|
||||
diff --git a/src/racoon/cftoken.l b/src/racoon/cftoken.l
|
||||
index 490242c..1701922 100644
|
||||
--- a/src/racoon/cftoken.l
|
||||
+++ b/src/racoon/cftoken.l
|
||||
@@ -106,6 +106,8 @@ static int incstackp = 0;
|
||||
static int yy_first_time = 1;
|
||||
%}
|
||||
|
||||
+%option noyywrap
|
||||
+
|
||||
/* common seciton */
|
||||
nl \n
|
||||
ws [ \t]+
|
||||
diff --git a/src/setkey/Makefile.am b/src/setkey/Makefile.am
|
||||
index 746c1f1..389e6cf 100644
|
||||
--- a/src/setkey/Makefile.am
|
||||
+++ b/src/setkey/Makefile.am
|
||||
@@ -13,7 +13,6 @@ setkey_SOURCES = \
|
||||
|
||||
setkey_LDFLAGS = ../libipsec/libipsec.la
|
||||
setkey_DEPENDENCIES = ../libipsec/libipsec.la
|
||||
-setkey_LDADD = $(LEXLIB)
|
||||
|
||||
noinst_HEADERS = vchar.h extern.h
|
||||
man8_MANS = setkey.8
|
||||
diff --git a/src/setkey/token.l b/src/setkey/token.l
|
||||
index ad3d843..eb23b76 100644
|
||||
--- a/src/setkey/token.l
|
||||
+++ b/src/setkey/token.l
|
||||
@@ -88,6 +88,8 @@
|
||||
#endif
|
||||
%}
|
||||
|
||||
+%option noyywrap
|
||||
+
|
||||
/* common section */
|
||||
nl \n
|
||||
ws [ \t]+
|
||||
--
|
||||
1.9.0
|
||||
|
||||
-30
@@ -1,30 +0,0 @@
|
||||
From a5c59f6a1479947d33dba5191724cc5fc88a614b Mon Sep 17 00:00:00 2001
|
||||
From: Khem Raj <raj.khem@gmail.com>
|
||||
Date: Sat, 22 Apr 2017 10:39:57 -0700
|
||||
Subject: [PATCH 2/2] cfparse: clear memory equal to size of array
|
||||
|
||||
Fixes compiler error
|
||||
cfparse.y: In function 'set_isakmp_proposal':
|
||||
cfparse.y:2567:3: error: 'memset' used with length equal to number of elements without multiplication by element size [-Werror=memset-elt-size]
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
---
|
||||
src/racoon/cfparse.y | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/racoon/cfparse.y b/src/racoon/cfparse.y
|
||||
index 0d9bd67..5d9c67b 100644
|
||||
--- a/src/racoon/cfparse.y
|
||||
+++ b/src/racoon/cfparse.y
|
||||
@@ -2564,7 +2564,7 @@ set_isakmp_proposal(rmconf)
|
||||
plog(LLV_DEBUG2, LOCATION, NULL,
|
||||
"encklen=%d\n", s->encklen);
|
||||
|
||||
- memset(types, 0, ARRAYLEN(types));
|
||||
+ memset(types, 0, sizeof(types));
|
||||
types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc];
|
||||
types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash];
|
||||
types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh];
|
||||
--
|
||||
2.12.2
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
Index: ipsec-tools-0.8.1/configure.ac
|
||||
===================================================================
|
||||
--- ipsec-tools-0.8.1.orig/configure.ac 2013-01-08 12:43:29.000000000 +0000
|
||||
+++ ipsec-tools-0.8.1/configure.ac 2014-07-18 07:51:30.045555880 +0000
|
||||
@@ -6,7 +6,7 @@
|
||||
AC_CONFIG_SRCDIR([configure.ac])
|
||||
AC_CONFIG_HEADERS(config.h)
|
||||
|
||||
-AM_INIT_AUTOMAKE(dist-bzip2)
|
||||
+AM_INIT_AUTOMAKE([foreign dist-bzip2])
|
||||
|
||||
AC_ENABLE_SHARED(no)
|
||||
|
||||
@@ -1,38 +0,0 @@
|
||||
[PATCH] fix CVE-2015-4047
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
CVE: CVE-2015-4047
|
||||
|
||||
http://www.openwall.com/lists/oss-security/2015/05/20/1
|
||||
|
||||
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
|
||||
a denial of service (NULL pointer dereference and IKE daemon crash) via
|
||||
a series of crafted UDP requests.
|
||||
|
||||
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
|
||||
|
||||
Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
||||
---
|
||||
src/racoon/gssapi.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
|
||||
index e64b201..1ad3b42 100644
|
||||
--- a/src/racoon/gssapi.c
|
||||
+++ b/src/racoon/gssapi.c
|
||||
@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
|
||||
gss_name_t princ, canon_princ;
|
||||
OM_uint32 maj_stat, min_stat;
|
||||
|
||||
+ if (iph1->rmconf == NULL) {
|
||||
+ plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
|
||||
if (gps == NULL) {
|
||||
plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
|
||||
--
|
||||
1.9.1
|
||||
|
||||
@@ -1,207 +0,0 @@
|
||||
Upstream-Status: Backport [https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b]
|
||||
|
||||
CVE: CVE-2016-10396
|
||||
|
||||
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
||||
---
|
||||
Description: Fix remotely exploitable DoS. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10396
|
||||
Source: vendor; https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
|
||||
Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986
|
||||
|
||||
Index: pkg-ipsec-tools/src/racoon/isakmp_frag.c
|
||||
===================================================================
|
||||
--- pkg-ipsec-tools.orig/src/racoon/isakmp_frag.c
|
||||
+++ pkg-ipsec-tools/src/racoon/isakmp_frag.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $NetBSD: isakmp_frag.c,v 1.5 2009/04/22 11:24:20 tteras Exp $ */
|
||||
+/* $NetBSD: isakmp_frag.c,v 1.5.36.1 2017/04/21 16:50:42 bouyer Exp $ */
|
||||
|
||||
/* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
|
||||
|
||||
@@ -173,6 +173,43 @@ vendorid_frag_cap(gen)
|
||||
return ntohl(hp[MD5_DIGEST_LENGTH / sizeof(*hp)]);
|
||||
}
|
||||
|
||||
+static int
|
||||
+isakmp_frag_insert(struct ph1handle *iph1, struct isakmp_frag_item *item)
|
||||
+{
|
||||
+ struct isakmp_frag_item *pitem = NULL;
|
||||
+ struct isakmp_frag_item *citem = iph1->frag_chain;
|
||||
+
|
||||
+ /* no frag yet, just insert at beginning of list */
|
||||
+ if (iph1->frag_chain == NULL) {
|
||||
+ iph1->frag_chain = item;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ do {
|
||||
+ /* duplicate fragment number, abort (CVE-2016-10396) */
|
||||
+ if (citem->frag_num == item->frag_num)
|
||||
+ return -1;
|
||||
+
|
||||
+ /* need to insert before current item */
|
||||
+ if (citem->frag_num > item->frag_num) {
|
||||
+ if (pitem != NULL)
|
||||
+ pitem->frag_next = item;
|
||||
+ else
|
||||
+ /* insert at the beginning of the list */
|
||||
+ iph1->frag_chain = item;
|
||||
+ item->frag_next = citem;
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ pitem = citem;
|
||||
+ citem = citem->frag_next;
|
||||
+ } while (citem != NULL);
|
||||
+
|
||||
+ /* we reached the end of the list, insert */
|
||||
+ pitem->frag_next = item;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
int
|
||||
isakmp_frag_extract(iph1, msg)
|
||||
struct ph1handle *iph1;
|
||||
@@ -224,39 +261,43 @@ isakmp_frag_extract(iph1, msg)
|
||||
item->frag_next = NULL;
|
||||
item->frag_packet = buf;
|
||||
|
||||
- /* Look for the last frag while inserting the new item in the chain */
|
||||
- if (item->frag_last)
|
||||
- last_frag = item->frag_num;
|
||||
+ /* Check for the last frag before inserting the new item in the chain */
|
||||
+ if (item->frag_last) {
|
||||
+ /* if we have the last fragment, indices must match */
|
||||
+ if (iph1->frag_last_index != 0 &&
|
||||
+ item->frag_last != iph1->frag_last_index) {
|
||||
+ plog(LLV_ERROR, LOCATION, NULL,
|
||||
+ "Repeated last fragment index mismatch\n");
|
||||
+ racoon_free(item);
|
||||
+ vfree(buf);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
- if (iph1->frag_chain == NULL) {
|
||||
- iph1->frag_chain = item;
|
||||
- } else {
|
||||
- struct isakmp_frag_item *current;
|
||||
+ last_frag = iph1->frag_last_index = item->frag_num;
|
||||
+ }
|
||||
|
||||
- current = iph1->frag_chain;
|
||||
- while (current->frag_next) {
|
||||
- if (current->frag_last)
|
||||
- last_frag = item->frag_num;
|
||||
- current = current->frag_next;
|
||||
- }
|
||||
- current->frag_next = item;
|
||||
+ /* insert fragment into chain */
|
||||
+ if (isakmp_frag_insert(iph1, item) == -1) {
|
||||
+ plog(LLV_ERROR, LOCATION, NULL,
|
||||
+ "Repeated fragment index mismatch\n");
|
||||
+ racoon_free(item);
|
||||
+ vfree(buf);
|
||||
+ return -1;
|
||||
}
|
||||
|
||||
- /* If we saw the last frag, check if the chain is complete */
|
||||
+ /* If we saw the last frag, check if the chain is complete
|
||||
+ * we have a sorted list now, so just walk through */
|
||||
if (last_frag != 0) {
|
||||
+ item = iph1->frag_chain;
|
||||
for (i = 1; i <= last_frag; i++) {
|
||||
- item = iph1->frag_chain;
|
||||
- do {
|
||||
- if (item->frag_num == i)
|
||||
- break;
|
||||
- item = item->frag_next;
|
||||
- } while (item != NULL);
|
||||
-
|
||||
+ if (item->frag_num != i)
|
||||
+ break;
|
||||
+ item = item->frag_next;
|
||||
if (item == NULL) /* Not found */
|
||||
break;
|
||||
}
|
||||
|
||||
- if (item != NULL) /* It is complete */
|
||||
+ if (i > last_frag) /* It is complete */
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -291,15 +332,9 @@ isakmp_frag_reassembly(iph1)
|
||||
}
|
||||
data = buf->v;
|
||||
|
||||
+ item = iph1->frag_chain;
|
||||
for (i = 1; i <= frag_count; i++) {
|
||||
- item = iph1->frag_chain;
|
||||
- do {
|
||||
- if (item->frag_num == i)
|
||||
- break;
|
||||
- item = item->frag_next;
|
||||
- } while (item != NULL);
|
||||
-
|
||||
- if (item == NULL) {
|
||||
+ if (item->frag_num != i) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Missing fragment #%d\n", i);
|
||||
vfree(buf);
|
||||
@@ -308,6 +343,7 @@ isakmp_frag_reassembly(iph1)
|
||||
}
|
||||
memcpy(data, item->frag_packet->v, item->frag_packet->l);
|
||||
data += item->frag_packet->l;
|
||||
+ item = item->frag_next;
|
||||
}
|
||||
|
||||
out:
|
||||
Index: pkg-ipsec-tools/src/racoon/isakmp_inf.c
|
||||
===================================================================
|
||||
--- pkg-ipsec-tools.orig/src/racoon/isakmp_inf.c
|
||||
+++ pkg-ipsec-tools/src/racoon/isakmp_inf.c
|
||||
@@ -720,6 +720,7 @@ isakmp_info_send_nx(isakmp, remote, loca
|
||||
#endif
|
||||
#ifdef ENABLE_FRAG
|
||||
iph1->frag = 0;
|
||||
+ iph1->frag_last_index = 0;
|
||||
iph1->frag_chain = NULL;
|
||||
#endif
|
||||
|
||||
Index: pkg-ipsec-tools/src/racoon/isakmp.c
|
||||
===================================================================
|
||||
--- pkg-ipsec-tools.orig/src/racoon/isakmp.c
|
||||
+++ pkg-ipsec-tools/src/racoon/isakmp.c
|
||||
@@ -1072,6 +1072,7 @@ isakmp_ph1begin_i(rmconf, remote, local)
|
||||
iph1->frag = 1;
|
||||
else
|
||||
iph1->frag = 0;
|
||||
+ iph1->frag_last_index = 0;
|
||||
iph1->frag_chain = NULL;
|
||||
#endif
|
||||
iph1->approval = NULL;
|
||||
@@ -1176,6 +1177,7 @@ isakmp_ph1begin_r(msg, remote, local, et
|
||||
#endif
|
||||
#ifdef ENABLE_FRAG
|
||||
iph1->frag = 0;
|
||||
+ iph1->frag_last_index = 0;
|
||||
iph1->frag_chain = NULL;
|
||||
#endif
|
||||
iph1->approval = NULL;
|
||||
Index: pkg-ipsec-tools/src/racoon/handler.h
|
||||
===================================================================
|
||||
--- pkg-ipsec-tools.orig/src/racoon/handler.h
|
||||
+++ pkg-ipsec-tools/src/racoon/handler.h
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $NetBSD: handler.h,v 1.25 2010/11/17 10:40:41 tteras Exp $ */
|
||||
+/* $NetBSD: handler.h,v 1.26 2017/01/24 19:23:56 christos Exp $ */
|
||||
|
||||
/* Id: handler.h,v 1.19 2006/02/25 08:25:12 manubsd Exp */
|
||||
|
||||
@@ -141,6 +141,7 @@ struct ph1handle {
|
||||
#endif
|
||||
#ifdef ENABLE_FRAG
|
||||
int frag; /* IKE phase 1 fragmentation */
|
||||
+ int frag_last_index;
|
||||
struct isakmp_frag_item *frag_chain; /* Received fragments */
|
||||
#endif
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
squahes below warning
|
||||
warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
|
||||
|
||||
Seen with glibc 2.20
|
||||
|
||||
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
||||
Upstream-Status: Pending
|
||||
Index: ipsec-tools-0.8.2/src/include-glibc/glibc-bugs.h
|
||||
===================================================================
|
||||
--- ipsec-tools-0.8.2.orig/src/include-glibc/glibc-bugs.h 2006-09-09 09:22:08.000000000 -0700
|
||||
+++ ipsec-tools-0.8.2/src/include-glibc/glibc-bugs.h 2014-09-03 22:27:22.551563888 -0700
|
||||
@@ -4,7 +4,11 @@
|
||||
#define __GLIBC_BUGS_H__ 1
|
||||
|
||||
#define _XOPEN_SOURCE 500
|
||||
+/* Legacy feature macro.*/
|
||||
#define _BSD_SOURCE
|
||||
+/* New feature macro that provides everything _BSD_SOURCE and
|
||||
+ * _SVID_SOURCE provided and possibly more. */
|
||||
+#define _DEFAULT_SOURCE
|
||||
|
||||
#include <features.h>
|
||||
#include <sys/types.h>
|
||||
-220
@@ -1,220 +0,0 @@
|
||||
racoon: Resend UPDATE message when received EINTR message
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
While kernel is processing the UPDATE message which is sent from racoon,
|
||||
it maybe interrupted by system signal and if this case happens,
|
||||
kernel responds with an EINTR message to racoon and kernel fails to
|
||||
establish the corresponding SA.
|
||||
Fix this problem by resend the UPDATE message when EINTR(Interrupted
|
||||
system call) error happens.
|
||||
|
||||
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
|
||||
---
|
||||
--- a/src/libipsec/libpfkey.h
|
||||
+++ b/src/libipsec/libpfkey.h
|
||||
@@ -92,6 +92,12 @@
|
||||
u_int16_t ctxstrlen; /* length of security context string */
|
||||
};
|
||||
|
||||
+struct update_msg_info {
|
||||
+ struct sadb_msg *update_msg;
|
||||
+ int so;
|
||||
+ int len;
|
||||
+};
|
||||
+
|
||||
/* The options built into libipsec */
|
||||
extern int libipsec_opt;
|
||||
#define LIBIPSEC_OPT_NATT 0x01
|
||||
--- a/src/libipsec/pfkey.c
|
||||
+++ b/src/libipsec/pfkey.c
|
||||
@@ -1219,7 +1219,8 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
-
|
||||
+struct update_msg_info update_msg_send = {NULL, 0, 0};
|
||||
+
|
||||
/* sending SADB_ADD or SADB_UPDATE message to the kernel */
|
||||
static int
|
||||
pfkey_send_x1(struct pfkey_send_sa_args *sa_parms)
|
||||
@@ -1483,10 +1484,24 @@
|
||||
|
||||
/* send message */
|
||||
len = pfkey_send(sa_parms->so, newmsg, len);
|
||||
- free(newmsg);
|
||||
|
||||
- if (len < 0)
|
||||
- return -1;
|
||||
+ if (newmsg->sadb_msg_type == SADB_UPDATE) {
|
||||
+ if (update_msg_send.update_msg)
|
||||
+ free(update_msg_send.update_msg);
|
||||
+ update_msg_send.update_msg = newmsg;
|
||||
+ update_msg_send.so = sa_parms->so;
|
||||
+ update_msg_send.len = len;
|
||||
+
|
||||
+ if (len < 0) {
|
||||
+ free(update_msg_send.update_msg);
|
||||
+ update_msg_send.update_msg = NULL;
|
||||
+ return -1;
|
||||
+ }
|
||||
+ } else {
|
||||
+ free(newmsg);
|
||||
+ if (len < 0)
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
__ipsec_errcode = EIPSEC_NO_ERROR;
|
||||
return len;
|
||||
--- a/src/racoon/session.c
|
||||
+++ b/src/racoon/session.c
|
||||
@@ -100,6 +100,8 @@
|
||||
|
||||
#include "sainfo.h"
|
||||
|
||||
+extern struct update_msg_info update_msg_send;
|
||||
+
|
||||
struct fd_monitor {
|
||||
int (*callback)(void *ctx, int fd);
|
||||
void *ctx;
|
||||
@@ -348,6 +350,11 @@
|
||||
close_sockets();
|
||||
backupsa_clean();
|
||||
|
||||
+ if (update_msg_send.update_msg) {
|
||||
+ free(update_msg_send.update_msg);
|
||||
+ update_msg_send.update_msg = NULL;
|
||||
+ }
|
||||
+
|
||||
plog(LLV_INFO, LOCATION, NULL, "racoon process %d shutdown\n", getpid());
|
||||
|
||||
exit(0);
|
||||
--- a/src/racoon/pfkey.c
|
||||
+++ b/src/racoon/pfkey.c
|
||||
@@ -103,10 +103,12 @@
|
||||
#include "crypto_openssl.h"
|
||||
#include "grabmyaddr.h"
|
||||
+#include "../libipsec/libpfkey.h"
|
||||
|
||||
#if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
|
||||
#define SADB_X_EALG_AESCBC SADB_X_EALG_RIJNDAELCBC
|
||||
#endif
|
||||
|
||||
+extern struct update_msg_info update_msg_send;
|
||||
/* prototype */
|
||||
static u_int ipsecdoi2pfkey_aalg __P((u_int));
|
||||
static u_int ipsecdoi2pfkey_ealg __P((u_int));
|
||||
@@ -253,6 +255,13 @@
|
||||
s_pfkey_type(msg->sadb_msg_type),
|
||||
strerror(msg->sadb_msg_errno));
|
||||
|
||||
+ if (msg->sadb_msg_errno == EINTR &&
|
||||
+ update_msg_send.update_msg) {
|
||||
+ plog(LLV_DEBUG, LOCATION, NULL,
|
||||
+ "pfkey update resend\n");
|
||||
+ send(update_msg_send.so, (void *)update_msg_send.update_msg, (socklen_t)update_msg_send.len, 0);
|
||||
+ }
|
||||
+
|
||||
goto end;
|
||||
}
|
||||
|
||||
@@ -498,6 +507,11 @@
|
||||
{
|
||||
flushsp();
|
||||
|
||||
+ if (update_msg_send.update_msg) {
|
||||
+ free(update_msg_send.update_msg);
|
||||
+ update_msg_send.update_msg = NULL;
|
||||
+ }
|
||||
+
|
||||
if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"libipsec sending spddump failed: %s\n",
|
||||
@@ -1295,6 +1309,8 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
+int update_received = 0;
|
||||
+
|
||||
static int
|
||||
pk_recvupdate(mhp)
|
||||
caddr_t *mhp;
|
||||
@@ -1307,6 +1323,13 @@
|
||||
int incomplete = 0;
|
||||
struct saproto *pr;
|
||||
|
||||
+ update_received = 1;
|
||||
+
|
||||
+ if (update_msg_send.update_msg) {
|
||||
+ free(update_msg_send.update_msg);
|
||||
+ update_msg_send.update_msg = NULL;
|
||||
+ }
|
||||
+
|
||||
/* ignore this message because of local test mode. */
|
||||
if (f_local)
|
||||
return 0;
|
||||
@@ -4163,3 +4186,8 @@
|
||||
|
||||
return buf;
|
||||
}
|
||||
+
|
||||
+int receive_from_isakmp()
|
||||
+{
|
||||
+ return pfkey_handler(NULL, lcconf->sock_pfkey);
|
||||
+}
|
||||
--- a/src/racoon/pfkey.h
|
||||
+++ b/src/racoon/pfkey.h
|
||||
@@ -71,5 +71,6 @@
|
||||
extern u_int32_t pk_getseq __P((void));
|
||||
extern const char *sadbsecas2str
|
||||
__P((struct sockaddr *, struct sockaddr *, int, u_int32_t, int));
|
||||
+extern int receive_from_isakmp __P((void));
|
||||
|
||||
#endif /* _PFKEY_H */
|
||||
--- a/src/racoon/isakmp_quick.c
|
||||
+++ b/src/racoon/isakmp_quick.c
|
||||
@@ -774,6 +774,8 @@
|
||||
return error;
|
||||
}
|
||||
|
||||
+extern int update_received;
|
||||
+
|
||||
/*
|
||||
* send to responder
|
||||
* HDR*, HASH(3)
|
||||
@@ -892,6 +894,11 @@
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
|
||||
|
||||
+ while (!update_received)
|
||||
+ receive_from_isakmp();
|
||||
+
|
||||
+ update_received = 0;
|
||||
+
|
||||
/* Do ADD for responder */
|
||||
if (pk_sendadd(iph2) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
|
||||
@@ -1035,6 +1042,11 @@
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
|
||||
|
||||
+ while (!update_received)
|
||||
+ receive_from_isakmp();
|
||||
+
|
||||
+ update_received = 0;
|
||||
+
|
||||
/* Do ADD for responder */
|
||||
if (pk_sendadd(iph2) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
|
||||
@@ -1989,6 +2001,11 @@
|
||||
}
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
|
||||
|
||||
+ while (!update_received)
|
||||
+ receive_from_isakmp();
|
||||
+
|
||||
+ update_received = 0;
|
||||
+
|
||||
/* Do ADD for responder */
|
||||
if (pk_sendadd(iph2) < 0) {
|
||||
plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
|
||||
-26
@@ -1,26 +0,0 @@
|
||||
Subject: [PATCH] ipsec-tools: racoon: check several invalid ivm
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
Add checking for invalid ivm, or it will crash racoon.
|
||||
|
||||
Signed-off-by: Ming Liu <ming.liu@windriver.com>
|
||||
---
|
||||
isakmp_cfg.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
|
||||
--- a/src/racoon/isakmp_cfg.c
|
||||
+++ b/src/racoon/isakmp_cfg.c
|
||||
@@ -171,6 +171,11 @@ isakmp_cfg_r(iph1, msg)
|
||||
iph1->mode_cfg->last_msgid != packet->msgid )
|
||||
iph1->mode_cfg->ivm =
|
||||
isakmp_cfg_newiv(iph1, packet->msgid);
|
||||
+ if(iph1->mode_cfg->ivm == NULL) {
|
||||
+ plog(LLV_ERROR, LOCATION, NULL,
|
||||
+ "failed to create new IV\n");
|
||||
+ return;
|
||||
+ }
|
||||
ivm = iph1->mode_cfg->ivm;
|
||||
|
||||
dmsg = oakley_do_decrypt(iph1, msg, ivm->iv, ivm->ive);
|
||||
-61
@@ -1,61 +0,0 @@
|
||||
Subject: [PATCH] ipsec-tools: racoon: check several invalid pointers
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
Add checking for invalid pointers, or it will crash racoon.
|
||||
|
||||
Signed-off-by: Ming Liu <ming.liu@windriver.com>
|
||||
---
|
||||
ipsec_doi.c | 5 +++--
|
||||
isakmp_cfg.c | 7 +++++++
|
||||
isakmp_quick.c | 6 ++++--
|
||||
3 files changed, 14 insertions(+), 4 deletions(-)
|
||||
|
||||
diff -urpN a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
|
||||
--- a/src/racoon/ipsec_doi.c
|
||||
+++ b/src/racoon/ipsec_doi.c
|
||||
@@ -3374,8 +3374,9 @@ ipsecdoi_chkcmpids( idt, ids, exact )
|
||||
|
||||
/* handle wildcard IDs */
|
||||
|
||||
- if (idt == NULL || ids == NULL)
|
||||
- {
|
||||
+ if (idt == NULL || ids == NULL ||
|
||||
+ idt->v == NULL || idt->l == 0 ||
|
||||
+ ids->v == NULL || ids->l == 0) {
|
||||
if( !exact )
|
||||
{
|
||||
plog(LLV_DEBUG, LOCATION, NULL,
|
||||
diff -urpN a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
|
||||
--- a/src/racoon/isakmp_cfg.c
|
||||
+++ b/src/racoon/isakmp_cfg.c
|
||||
@@ -1138,6 +1138,13 @@ isakmp_cfg_newiv(iph1, msgid)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (iph1->ivm == NULL || iph1->ivm->iv == NULL ||
|
||||
+ iph1->ivm->iv->v == NULL || iph1->ivm->iv->l == 0) {
|
||||
+ plog(LLV_ERROR, LOCATION, NULL,
|
||||
+ "isakmp_cfg_newiv called with invalid IV management\n");
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
if (ics->ivm != NULL)
|
||||
oakley_delivm(ics->ivm);
|
||||
|
||||
diff -urpN a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
|
||||
--- a/src/racoon/isakmp_quick.c
|
||||
+++ b/src/racoon/isakmp_quick.c
|
||||
@@ -2243,8 +2243,10 @@ get_proposal_r(iph2)
|
||||
int error = ISAKMP_INTERNAL_ERROR;
|
||||
|
||||
/* check the existence of ID payload */
|
||||
- if ((iph2->id_p != NULL && iph2->id == NULL)
|
||||
- || (iph2->id_p == NULL && iph2->id != NULL)) {
|
||||
+ if ((iph2->id_p != NULL &&
|
||||
+ (iph2->id == NULL || iph2->id->v == NULL || iph2->id->l == 0)) ||
|
||||
+ (iph2->id != NULL &&
|
||||
+ (iph2->id_p == NULL || iph2->id_p->v == NULL || iph2->id_p->l == 0))) {
|
||||
plog(LLV_ERROR, LOCATION, NULL,
|
||||
"Both IDs wasn't found in payload.\n");
|
||||
return ISAKMP_NTYPE_INVALID_ID_INFORMATION;
|
||||
@@ -1,8 +0,0 @@
|
||||
# Defaults for racoon service
|
||||
# sourced by racoon.service
|
||||
# installed at /etc/default/racoon by the maintainer scripts
|
||||
#
|
||||
# This is a POSIX shell fragment
|
||||
#
|
||||
# Arguments to pass to racoon
|
||||
RACOON_ARGS=""
|
||||
@@ -1,40 +0,0 @@
|
||||
#
|
||||
# NOTE: This file will not be used if you use racoon-tool(8) to manage your
|
||||
# IPsec connections. racoon-tool will process racoon-tool.conf(5) and
|
||||
# generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead
|
||||
# of this file.
|
||||
#
|
||||
# Simple racoon.conf
|
||||
#
|
||||
#
|
||||
# Please look in /usr/share/doc/racoon/examples for
|
||||
# examples that come with the source.
|
||||
#
|
||||
# Please read racoon.conf(5) for details, and alsoread setkey(8).
|
||||
#
|
||||
#
|
||||
# Also read the Linux IPSEC Howto up at
|
||||
# http://www.ipsec-howto.org/t1.html
|
||||
#
|
||||
log notify;
|
||||
path pre_shared_key "/etc/racoon/psk.txt";
|
||||
path certificate "/etc/racoon/certs";
|
||||
|
||||
#remote 172.31.1.1 {
|
||||
# exchange_mode main,aggressive;
|
||||
# proposal {
|
||||
# encryption_algorithm 3des;
|
||||
# hash_algorithm sha1;
|
||||
# authentication_method pre_shared_key;
|
||||
# dh_group modp1024;
|
||||
# }
|
||||
# generate_policy off;
|
||||
#}
|
||||
#
|
||||
#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any {
|
||||
# pfs_group modp768;
|
||||
# encryption_algorithm 3des;
|
||||
# authentication_algorithm hmac_md5;
|
||||
# compression_algorithm deflate;
|
||||
#}
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
[Unit]
|
||||
Description=Racoon IKEv1 key management daemon for IPSEC
|
||||
After=syslog.target network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
EnvironmentFile=-@SYSCONFDIR@/default/racoon
|
||||
ExecStart=@SBINDIR@/racoon $RACOON_ARGS
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@@ -1,98 +0,0 @@
|
||||
DESCRIPTION = "IPsec-Tools is a port of KAME's IPsec utilities to the \
|
||||
Linux-2.6 IPsec implementation."
|
||||
HOMEPAGE = "http://ipsec-tools.sourceforge.net/"
|
||||
SECTION = "net"
|
||||
LICENSE = "BSD"
|
||||
LIC_FILES_CHKSUM = "file://src/libipsec/pfkey.c;beginline=6;endline=31;md5=bc9b7ff40beff19fe6bc6aef26bd2b24"
|
||||
|
||||
DEPENDS = "virtual/kernel openssl readline flex-native bison-native"
|
||||
|
||||
PACKAGE_ARCH = "${MACHINE_ARCH}"
|
||||
|
||||
SRC_URI = "http://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV}.tar.bz2 \
|
||||
file://0002-Don-t-link-against-libfl.patch \
|
||||
file://configure.patch \
|
||||
file://0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch \
|
||||
file://racoon-check-invalid-pointers.patch \
|
||||
file://racoon-check-invalid-ivm.patch \
|
||||
file://glibc-2.20.patch \
|
||||
file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
|
||||
file://racoon.conf.sample \
|
||||
file://racoon.conf \
|
||||
file://racoon.service \
|
||||
file://fix-CVE-2015-4047.patch \
|
||||
file://0001-Fix-build-with-clang.patch \
|
||||
file://0001-Fix-header-issues-found-with-musl-libc.patch \
|
||||
file://0002-cfparse-clear-memory-equal-to-size-of-array.patch \
|
||||
file://fix-CVE-2016-10396.patch \
|
||||
file://0001-Disable-gcc8-specific-warnings.patch \
|
||||
file://0001-ipsec-tools-add-openssl-1.1-support.patch \
|
||||
"
|
||||
SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
|
||||
SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
|
||||
|
||||
inherit autotools systemd
|
||||
|
||||
# Options:
|
||||
# --enable-adminport enable admin port
|
||||
# --enable-rc5 enable RC5 encryption (patented)
|
||||
# --enable-idea enable IDEA encryption (patented)
|
||||
# --enable-gssapi enable GSS-API authentication
|
||||
# --enable-hybrid enable hybrid, both mode-cfg and xauth support
|
||||
# --enable-frag enable IKE fragmentation payload support
|
||||
# --enable-stats enable statistics logging function
|
||||
# --enable-dpd enable dead peer detection
|
||||
# --enable-samode-unspec enable to use unspecified a mode of SA
|
||||
# --disable-ipv6 disable ipv6 support
|
||||
# --enable-natt enable NAT-Traversal (yes/no/kernel)
|
||||
# --enable-natt-versions=list list of supported NAT-T versions delimited by coma.
|
||||
# --with-kernel-headers=/lib/modules/<uname>/build/include
|
||||
# where your Linux Kernel headers are installed
|
||||
# --with-readline support readline input (yes by default)
|
||||
# --with-flex use directiory (default: no)
|
||||
# --with-flexlib=<LIB> specify flex library.
|
||||
# --with-openssl=DIR specify OpenSSL directory
|
||||
# --with-libradius=DIR specify libradius path (like/usr/pkg)
|
||||
# --with-libpam=DIR specify libpam path (like/usr/pkg)
|
||||
#
|
||||
# Note: if you give it the actual kernel headers it won't build, it actually
|
||||
# needs to point at the linux-libc-headers version of the kernel headers.
|
||||
#
|
||||
EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
|
||||
--with-readline \
|
||||
--with-openssl=${STAGING_LIBDIR}/.. \
|
||||
--without-libradius \
|
||||
--disable-security-context \
|
||||
--enable-shared \
|
||||
--enable-dpd \
|
||||
--enable-natt=yes \
|
||||
--sysconfdir=${sysconfdir}/racoon \
|
||||
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
|
||||
|
||||
# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
|
||||
CFLAGS += "-fno-strict-aliasing"
|
||||
|
||||
PACKAGECONFIG ??= ""
|
||||
PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
|
||||
PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"
|
||||
|
||||
SYSTEMD_SERVICE_${PN} = "racoon.service"
|
||||
|
||||
do_install_append() {
|
||||
install -d ${D}${sysconfdir}/racoon
|
||||
install -m 0644 ${WORKDIR}/racoon.conf.sample ${D}${sysconfdir}/racoon/racoon.conf
|
||||
|
||||
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
|
||||
install -d ${D}${systemd_unitdir}/system
|
||||
install -m 0644 ${WORKDIR}/racoon.service ${D}${systemd_unitdir}/system
|
||||
|
||||
sed -i -e 's#@SYSCONFDIR@#${sysconfdir}#g' ${D}${systemd_unitdir}/system/racoon.service
|
||||
sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/racoon.service
|
||||
|
||||
install -d ${D}${sysconfdir}/default/
|
||||
install -m 0644 ${WORKDIR}/racoon.conf ${D}${sysconfdir}/default/racoon
|
||||
fi
|
||||
}
|
||||
|
||||
FILES_${PN} += "${sysconfdir}/racoon/racoon.conf \
|
||||
${sysconfdir}/default/racoon"
|
||||
Reference in New Issue
Block a user