diff options
author | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:25:16 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@corsac.net> | 2012-06-28 21:25:16 +0200 |
commit | b7208236cf8848fcc4783cd6bc43ca4d7df92fd2 (patch) | |
tree | ce2817eabcecdfe299176992181d3897a1e95826 | |
parent | 0a732508d993c6b66a9a419518528db7c844bd4e (diff) | |
download | vyos-strongswan-b7208236cf8848fcc4783cd6bc43ca4d7df92fd2.tar.gz vyos-strongswan-b7208236cf8848fcc4783cd6bc43ca4d7df92fd2.zip |
Prepare new upstream release.
* Non-maintainer upload.
* New upstream release.
* debian/patches:
- drop all patches, they're all included upstream now.
-rw-r--r-- | debian/changelog | 9 | ||||
-rw-r--r-- | debian/patches/0001-Added-support-for-the-resolvconf-framework-in-resolv.patch | 312 | ||||
-rw-r--r-- | debian/patches/0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch | 27 | ||||
-rw-r--r-- | debian/patches/0001-fix-fprintf-format.patch | 15 | ||||
-rw-r--r-- | debian/patches/series | 3 |
5 files changed, 9 insertions, 357 deletions
diff --git a/debian/changelog b/debian/changelog index 26d3a19cd..b99caa438 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +strongswan (4.6.4-0.1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * New upstream release. + * debian/patches: + - drop all patches, they're all included upstream now. + + -- Yves-Alexis Perez <corsac@debian.org> Thu, 28 Jun 2012 21:17:38 +0200 + strongswan (4.5.2-1.5) unstable; urgency=low * Non-maintainer upload. diff --git a/debian/patches/0001-Added-support-for-the-resolvconf-framework-in-resolv.patch b/debian/patches/0001-Added-support-for-the-resolvconf-framework-in-resolv.patch deleted file mode 100644 index f3a2d92db..000000000 --- a/debian/patches/0001-Added-support-for-the-resolvconf-framework-in-resolv.patch +++ /dev/null @@ -1,312 +0,0 @@ -From 1ad1c0f41311296d22fa183a7b7cba0b97dc03b3 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@strongswan.org> -Date: Mon, 26 Mar 2012 15:00:14 +0200 -Subject: [PATCH] Added support for the resolvconf framework in resolve plugin. - -If /sbin/resolvconf is found nameservers are not written directly to -/etc/resolv.conf but instead resolvconf is invoked. ---- - src/libhydra/plugins/resolve/resolve_handler.c | 201 ++++++++++++++++++------ - 1 files changed, 149 insertions(+), 52 deletions(-) - -diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c -index feb2fd0..21bc3af 100644 ---- a/src/libhydra/plugins/resolve/resolve_handler.c -+++ b/src/libhydra/plugins/resolve/resolve_handler.c -@@ -1,4 +1,5 @@ - /* -+ * Copyright (C) 2012 Tobias Brunner - * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil - * -@@ -15,12 +16,20 @@ - - #include "resolve_handler.h" - -+#include <sys/types.h> -+#include <sys/stat.h> - #include <unistd.h> - - #include <hydra.h> - #include <debug.h> - #include <threading/mutex.h> - -+/* path to resolvconf executable */ -+#define RESOLVCONF_EXEC "/sbin/resolvconf" -+ -+/* prefix used for resolvconf interfaces */ -+#define RESOLVCONF_PREFIX "lo.inet.ipsec." -+ - typedef struct private_resolve_handler_t private_resolve_handler_t; - - /** -@@ -39,49 +48,35 @@ struct private_resolve_handler_t { - char *file; - - /** -+ * use resolvconf instead of writing directly to resolv.conf -+ */ -+ bool use_resolvconf; -+ -+ /** - * Mutex to access file exclusively - */ - mutex_t *mutex; - }; - - /** -- * Implementation of attribute_handler_t.handle -+ * Writes the given nameserver to resolv.conf - */ --static bool handle(private_resolve_handler_t *this, identification_t *server, -- configuration_attribute_type_t type, chunk_t data) -+static bool write_nameserver(private_resolve_handler_t *this, -+ identification_t *server, host_t *addr) - { - FILE *in, *out; - char buf[1024]; -- host_t *addr; - size_t len; - bool handled = FALSE; - -- switch (type) -- { -- case INTERNAL_IP4_DNS: -- addr = host_create_from_chunk(AF_INET, data, 0); -- break; -- case INTERNAL_IP6_DNS: -- addr = host_create_from_chunk(AF_INET6, data, 0); -- break; -- default: -- return FALSE; -- } -- -- if (!addr || addr->is_anyaddr(addr)) -- { -- DESTROY_IF(addr); -- return FALSE; -- } -- this->mutex->lock(this->mutex); -- - in = fopen(this->file, "r"); - /* allows us to stream from in to out */ - unlink(this->file); - out = fopen(this->file, "w"); - if (out) - { -- fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, server); -+ fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, -+ server); - DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); - handled = TRUE; - -@@ -99,40 +94,17 @@ static bool handle(private_resolve_handler_t *this, identification_t *server, - { - fclose(in); - } -- this->mutex->unlock(this->mutex); -- addr->destroy(addr); -- -- if (!handled) -- { -- DBG1(DBG_IKE, "adding DNS server failed", this->file); -- } - return handled; - } - - /** -- * Implementation of attribute_handler_t.release -+ * Removes the given nameserver from resolv.conf - */ --static void release(private_resolve_handler_t *this, identification_t *server, -- configuration_attribute_type_t type, chunk_t data) -+static void remove_nameserver(private_resolve_handler_t *this, -+ identification_t *server, host_t *addr) - { - FILE *in, *out; - char line[1024], matcher[512]; -- host_t *addr; -- int family; -- -- switch (type) -- { -- case INTERNAL_IP4_DNS: -- family = AF_INET; -- break; -- case INTERNAL_IP6_DNS: -- family = AF_INET6; -- break; -- default: -- return; -- } -- -- this->mutex->lock(this->mutex); - - in = fopen(this->file, "r"); - if (in) -@@ -142,7 +114,6 @@ static void release(private_resolve_handler_t *this, identification_t *server, - out = fopen(this->file, "w"); - if (out) - { -- addr = host_create_from_chunk(family, data, 0); - snprintf(matcher, sizeof(matcher), - "nameserver %H # by strongSwan, from %Y\n", - addr, server); -@@ -160,13 +131,133 @@ static void release(private_resolve_handler_t *this, identification_t *server, - fputs(line, out); - } - } -- addr->destroy(addr); - fclose(out); - } - fclose(in); - } -+} - -+/** -+ * Add or remove the given nameserver by invoking resolvconf. -+ */ -+static bool invoke_resolvconf(private_resolve_handler_t *this, -+ identification_t *server, host_t *addr, -+ bool install) -+{ -+ char cmd[128]; -+ -+ /* we use the nameserver's IP address as part of the interface name to -+ * make them unique */ -+ if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC, -+ install ? "-a" : "-d", RESOLVCONF_PREFIX, addr) >= sizeof(cmd)) -+ { -+ return FALSE; -+ } -+ -+ if (install) -+ { -+ FILE *out; -+ -+ out = popen(cmd, "w"); -+ if (!out) -+ { -+ return FALSE; -+ } -+ DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); -+ fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, -+ server); -+ if (ferror(out) || pclose(out)) -+ { -+ return FALSE; -+ } -+ } -+ else -+ { -+ ignore_result(system(cmd)); -+ } -+ return TRUE; -+} -+ -+/** -+ * Implementation of attribute_handler_t.handle -+ */ -+static bool handle(private_resolve_handler_t *this, identification_t *server, -+ configuration_attribute_type_t type, chunk_t data) -+{ -+ host_t *addr; -+ bool handled; -+ -+ switch (type) -+ { -+ case INTERNAL_IP4_DNS: -+ addr = host_create_from_chunk(AF_INET, data, 0); -+ break; -+ case INTERNAL_IP6_DNS: -+ addr = host_create_from_chunk(AF_INET6, data, 0); -+ break; -+ default: -+ return FALSE; -+ } -+ -+ if (!addr || addr->is_anyaddr(addr)) -+ { -+ DESTROY_IF(addr); -+ return FALSE; -+ } -+ -+ this->mutex->lock(this->mutex); -+ if (this->use_resolvconf) -+ { -+ handled = invoke_resolvconf(this, server, addr, TRUE); -+ } -+ else -+ { -+ handled = write_nameserver(this, server, addr); -+ } - this->mutex->unlock(this->mutex); -+ addr->destroy(addr); -+ -+ if (!handled) -+ { -+ DBG1(DBG_IKE, "adding DNS server failed"); -+ } -+ return handled; -+} -+ -+/** -+ * Implementation of attribute_handler_t.release -+ */ -+static void release(private_resolve_handler_t *this, identification_t *server, -+ configuration_attribute_type_t type, chunk_t data) -+{ -+ host_t *addr; -+ int family; -+ -+ switch (type) -+ { -+ case INTERNAL_IP4_DNS: -+ family = AF_INET; -+ break; -+ case INTERNAL_IP6_DNS: -+ family = AF_INET6; -+ break; -+ default: -+ return; -+ } -+ addr = host_create_from_chunk(family, data, 0); -+ -+ this->mutex->lock(this->mutex); -+ if (this->use_resolvconf) -+ { -+ invoke_resolvconf(this, server, addr, FALSE); -+ } -+ else -+ { -+ remove_nameserver(this, server, addr); -+ } -+ this->mutex->unlock(this->mutex); -+ -+ addr->destroy(addr); - } - - /** -@@ -237,6 +328,7 @@ static void destroy(private_resolve_handler_t *this) - resolve_handler_t *resolve_handler_create() - { - private_resolve_handler_t *this = malloc_thing(private_resolve_handler_t); -+ struct stat st; - - this->public.handler.handle = (bool(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))handle; - this->public.handler.release = (void(*)(attribute_handler_t*, identification_t*, configuration_attribute_type_t, chunk_t))release; -@@ -247,6 +339,11 @@ resolve_handler_t *resolve_handler_create() - this->file = lib->settings->get_str(lib->settings, - "%s.plugins.resolve.file", RESOLV_CONF, hydra->daemon); - -+ if (stat(RESOLVCONF_EXEC, &st) == 0) -+ { -+ this->use_resolvconf = TRUE; -+ } -+ - return &this->public; - } - --- -1.7.4.1 - diff --git a/debian/patches/0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch b/debian/patches/0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch deleted file mode 100644 index 984696de9..000000000 --- a/debian/patches/0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5a858c3197bbda9acda5289003e9015bef560dc7 Mon Sep 17 00:00:00 2001 -From: Martin Willi <martin@revosec.ch> -Date: Mon, 7 May 2012 13:51:46 +0200 -Subject: [PATCH] Fix boolean return value if an empty RSA signature is - detected in gmp plugin - ---- - src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c -index a7ba801..898892f 100644 ---- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c -+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c -@@ -137,7 +137,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, - - if (signature.len == 0 || signature.len > this->k) - { -- return INVALID_ARG; -+ return FALSE; - } - - /* unpack signature */ --- -1.7.5.4 - - diff --git a/debian/patches/0001-fix-fprintf-format.patch b/debian/patches/0001-fix-fprintf-format.patch deleted file mode 100644 index 24ec36a82..000000000 --- a/debian/patches/0001-fix-fprintf-format.patch +++ /dev/null @@ -1,15 +0,0 @@ -Description: Fix FTBFS with gcc 4.6 -Author: Laurent Bigonville <bigon@debian.org> -Bug-Debian: http://bugs.debian.org/614486 - ---- a/src/libcharon/plugins/stroke/stroke_ca.c -+++ b/src/libcharon/plugins/stroke/stroke_ca.c -@@ -319,7 +319,7 @@ - { - if (first) - { -- fprintf(out, label); -+ fprintf(out, "%s", label); - first = FALSE; - } - else diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 0a5a7c8de..000000000 --- a/debian/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -0001-fix-fprintf-format.patch -0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i.patch -0001-Added-support-for-the-resolvconf-framework-in-resolv.patch |