Security bump for buffer underrun. See bug #84479.

Package-Manager: portage-2.0.51.19
author: Peter Johanson <latexer@gentoo.org> 2005-03-14 19:08:05 +0000
committer: Peter Johanson <latexer@gentoo.org> 2005-03-14 19:08:05 +0000
commit: 5fe804ccc0da27f1c4cde1435a7519b9418126a0 (patch)
tree: e072688807d1629a1b1aa156b9d307107905985c
parent: Version bump. Closing bug #78472. (diff)
download: historical-5fe804ccc0da27f1c4cde1435a7519b9418126a0.tar.gz
historical-5fe804ccc0da27f1c4cde1435a7519b9418126a0.tar.bz2
historical-5fe804ccc0da27f1c4cde1435a7519b9418126a0.zip
7 files changed, 147 insertions, 2 deletions
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog
index f467ca858e12..bed09097fd58 100644
--- a/net-firewall/ipsec-tools/ChangeLog
+++ b/net-firewall/ipsec-tools/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-firewall/ipsec-tools
 # Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.21 2005/03/10 23:33:39 latexer Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.22 2005/03/14 19:08:05 latexer Exp $
+
+*ipsec-tools-0.4-r1 (14 Mar 2005)
+
+  14 Mar 2005; Peter Johanson <latexer@gentoo.org>
+  +files/ipsec-tools-0.5-isakmp-underrun.diff, +ipsec-tools-0.4-r1.ebuild,
+  +ipsec-tools-0.5-r1.ebuild:
+  Security bump for buffer underrun. See bug #84479.
 
   10 Mar 2005; Peter Johanson <latexer@gentoo.org>
   -ipsec-tools-0.5_rc1.ebuild:
diff --git a/net-firewall/ipsec-tools/Manifest b/net-firewall/ipsec-tools/Manifest
index 91d74b8cd2fa..5692ab41a377 100644
--- a/net-firewall/ipsec-tools/Manifest
+++ b/net-firewall/ipsec-tools/Manifest
@@ -2,15 +2,20 @@ MD5 3bea640757c6791162949ac65fec1ef6 ipsec-tools-0.5.ebuild 1507
 MD5 8ab0f354384bf0af0ac5f036bf870678 ipsec-tools-0.3.1.ebuild 1601
 MD5 1e8b9993c9d4f8bc53955cf690469564 ipsec-tools-0.4.ebuild 1692
 MD5 a428291d8a22a606eda6e16845741e9a ipsec-tools-0.2.5.ebuild 1549
+MD5 eb035599c29bfdcf58d786410c56c6bc ipsec-tools-0.5-r1.ebuild 1580
 MD5 20913a445c3eac38edca0ae43e36b1de ipsec-tools-0.3.3.ebuild 1599
-MD5 1a3d8f54f02e7add13d87fc7a085b600 ChangeLog 3768
+MD5 ea137c0936a2c06cb6cdd6fae16853cb ChangeLog 4013
 MD5 c58d4bbba473ea6b78a0e815b29b2aa6 metadata.xml 286
+MD5 c7b563174d5c0747d84401694e7a1902 ipsec-tools-0.4-r1.ebuild 1746
 MD5 84cffb83a2579976f872a29d42767714 files/ipsec.conf.sample 260
 MD5 2060a9a972f7975e1fdc755eec1d7791 files/digest-ipsec-tools-0.4 67
 MD5 da6f1a46fe846d9a36c49865af536935 files/digest-ipsec-tools-0.5 68
+MD5 2060a9a972f7975e1fdc755eec1d7791 files/digest-ipsec-tools-0.4-r1 67
+MD5 da6f1a46fe846d9a36c49865af536935 files/digest-ipsec-tools-0.5-r1 68
 MD5 6ed9fbfd1bce8915be1e87a159802c46 files/digest-ipsec-tools-0.2.5 69
 MD5 25ac1660a8d1d054bb9c848a21ad907a files/digest-ipsec-tools-0.3.1 69
 MD5 c35a69d989ddc45b7a7e30909479d91e files/digest-ipsec-tools-0.3.3 69
 MD5 788e3de82c1c6532dab0dc0c19c1bf40 files/racoon.conf.d 621
 MD5 0e62b8655b5b72cb0b312b710b28e471 files/ipsec-tools-0.4-gcc34.diff 1008
 MD5 fa8e82259951e612a6d684983daefc3d files/racoon.init.d 1274
+MD5 b847486c75c3d9d4a1bef744e05ae006 files/ipsec-tools-0.5-isakmp-underrun.diff 714
diff --git a/net-firewall/ipsec-tools/files/digest-ipsec-tools-0.4-r1 b/net-firewall/ipsec-tools/files/digest-ipsec-tools-0.4-r1
new file mode 100644
index 000000000000..0855393d1461
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/digest-ipsec-tools-0.4-r1
@@ -0,0 +1 @@
+MD5 dceea3b72328a580cf156d74cbee6f80 ipsec-tools-0.4.tar.gz 915420
diff --git a/net-firewall/ipsec-tools/files/digest-ipsec-tools-0.5-r1 b/net-firewall/ipsec-tools/files/digest-ipsec-tools-0.5-r1
new file mode 100644
index 000000000000..7102f1922f21
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/digest-ipsec-tools-0.5-r1
@@ -0,0 +1 @@
+MD5 5447480467377ef8f7b9fda109ff2877 ipsec-tools-0.5.tar.bz2 646397
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools-0.5-isakmp-underrun.diff b/net-firewall/ipsec-tools/files/ipsec-tools-0.5-isakmp-underrun.diff
new file mode 100644
index 000000000000..87453d98421f
--- /dev/null
+++ b/net-firewall/ipsec-tools/files/ipsec-tools-0.5-isakmp-underrun.diff
@@ -0,0 +1,22 @@
+? configure.lineno
+? src/racoon/kmpstat.lo
+? src/racoon/libracoon.la
+? src/racoon/misc.lo
+? src/racoon/sockmisc.lo
+? src/racoon/vmbuf.lo
+Index: src/racoon/isakmp.c
+===================================================================
+RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp.c,v
+retrieving revision 1.36
+diff -u -r1.36 isakmp.c
+--- src/racoon/isakmp.c	7 Mar 2005 00:30:37 -0000	1.36
++++ src/racoon/isakmp.c	7 Mar 2005 16:31:24 -0000
+@@ -1352,7 +1352,7 @@
+ 
+ 		p->type = np;
+ 		p->len = ntohs(gen->len);
+-		if (p->len == 0 || p->len > tlen) {
++		if (p->len < sizeof(struct isakmp_gen) || p->len > tlen) {
+ 			plog(LLV_DEBUG, LOCATION, NULL,
+ 				"invalid length of payload\n");
+ 			vfree(result);
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.4-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.4-r1.ebuild
new file mode 100644
index 000000000000..0abf2283ea65
--- /dev/null
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.4-r1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.4-r1.ebuild,v 1.1 2005/03/14 19:08:05 latexer Exp $
+
+inherit eutils
+
+DESCRIPTION="IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation."
+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+LICENSE="BSD"
+KEYWORDS="~x86 ~amd64 ~sparc"
+SLOT="0"
+IUSE="selinux"
+DEPEND="virtual/libc
+	>=dev-libs/openssl-0.9.6"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-ipsec-tools )"
+
+pkg_setup() {
+	my_KV=`echo ${KV} | cut -f-2 -d "."`
+	if [ ${my_KV} != "2.6" ] ; then
+		echo; eerror "You need a 2.6.x kernel to use the ipsec tools!"; die "You need a 2.6 kernel to use ipsec-tools!"
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	epatch ${FILESDIR}/${P}-gcc34.diff
+	epatch ${FILESDIR}/${PN}-0.5-isakmp-underrun.diff
+}
+
+src_compile() {
+	unset CC
+	./configure --prefix=/usr --sysconfdir=/etc --with-kernel-headers=/usr/src/linux/include || die
+	sed -e 's:AM_CFLAGS = :AM_CFLAGS = -include /usr/src/linux/include/linux/compiler.h :' -i src/setkey/Makefile || die
+	sed -e 's:CPPFLAGS=:CPPFLAGS = -include /usr/src/linux/include/linux/compiler.h :' -i src/racoon/Makefile || die
+	sed -e 's:va_copy:__va_copy:g' -i src/racoon/plog.c || die # GCC 2 Fix
+	emake || die
+}
+
+src_install() {
+	einstall || die
+	rm ${D}/usr/bin
+	dosbin src/racoon/racoon
+	insinto /etc && doins ${FILESDIR}/ipsec.conf.sample
+	insinto /etc/conf.d && newins ${FILESDIR}/racoon.conf.d racoon
+	exeinto /etc/init.d && newexe ${FILESDIR}/racoon.init.d racoon
+
+	dodoc ChangeLog README NEWS
+	dodoc ${S}/src/racoon/samples/racoon.conf.sample*
+}
diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.5-r1.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.5-r1.ebuild
new file mode 100644
index 000000000000..515456662058
--- /dev/null
+++ b/net-firewall/ipsec-tools/ipsec-tools-0.5-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.5-r1.ebuild,v 1.1 2005/03/14 19:08:05 latexer Exp $
+
+inherit eutils flag-o-matic
+
+MY_P=${P/_/-}
+
+DESCRIPTION="IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation."
+HOMEPAGE="http://ipsec-tools.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.bz2"
+LICENSE="BSD"
+KEYWORDS="~x86 ~amd64"
+SLOT="0"
+IUSE="ipv6 selinux"
+S=${WORKDIR}/${MY_P}
+DEPEND="virtual/libc
+	|| ( >=sys-kernel/linux-headers-2.6 sys-kernel/linux26-headers )
+	>=dev-libs/openssl-0.9.6"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-ipsec-tools )"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+	sed -i 's:#include <sys/sysctl.h>::' src/racoon/pfkey.c src/setkey/setkey.c
+	epatch ${FILESDIR}/${P}-isakmp-underrun.diff || die "epatch failed!"
+	epunt_cxx
+}
+
+src_compile() {
+	# Filter the c3 flag for now. Probably a GCC problem, but we'll
+	# avoid it here for now. See bug #61025
+	filter-flags -march=c3
+
+	econf	\
+		--enable-hybrid \
+		--enable-dpd \
+		--enable-natt \
+		--enable-adminport \
+		--enable-frag \
+		$(use_enable ipv6) \
+		|| die
+		# Removed due to some problems
+		# --enable-samode-unspec \
+	emake -j1 || die
+}
+
+src_install() {
+	einstall || die
+	keepdir /var/lib/racoon
+	insinto /etc/conf.d && newins ${FILESDIR}/racoon.conf.d racoon
+	exeinto /etc/init.d && newexe ${FILESDIR}/racoon.init.d racoon
+
+	dodoc ChangeLog README NEWS
+	dodoc ${S}/src/racoon/samples/racoon.conf.sample*
+}
author	Peter Johanson <latexer@gentoo.org>	2005-03-14 19:08:05 +0000
committer	Peter Johanson <latexer@gentoo.org>	2005-03-14 19:08:05 +0000
commit	5fe804ccc0da27f1c4cde1435a7519b9418126a0 (patch)
tree	e072688807d1629a1b1aa156b9d307107905985c
parent	Version bump. Closing bug #78472. (diff)
download	historical-5fe804ccc0da27f1c4cde1435a7519b9418126a0.tar.gz historical-5fe804ccc0da27f1c4cde1435a7519b9418126a0.tar.bz2 historical-5fe804ccc0da27f1c4cde1435a7519b9418126a0.zip