diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch | 77 | ||||
| -rw-r--r-- | debian/patches/03_unit-tests-Fix-chunk-clear-armel.patch | 19 | ||||
| -rw-r--r-- | debian/patches/04_cve-2014-2338.patch | 36 | ||||
| -rw-r--r-- | debian/patches/series | 3 |
4 files changed, 0 insertions, 135 deletions
diff --git a/debian/patches/02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch b/debian/patches/02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch deleted file mode 100644 index beeb9e655..000000000 --- a/debian/patches/02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 0462304dbb5a9eba56a782d5da1f9ab71571ee40 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@strongswan.org> -Date: Thu, 27 Mar 2014 15:35:32 +0100 -Subject: [PATCH] unit-tests: Fix filtered enumerator tests on 64-bit - big-endian platforms - -In case of sizeof(void*) == 8 and sizeof(int) == 4 on big-endian hosts -the tests failed as the actual integer value got cut off. ---- - src/libstrongswan/tests/suites/test_enumerator.c | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/src/libstrongswan/tests/suites/test_enumerator.c b/src/libstrongswan/tests/suites/test_enumerator.c -index b5dde46..9bd6d24 100644 ---- a/src/libstrongswan/tests/suites/test_enumerator.c -+++ b/src/libstrongswan/tests/suites/test_enumerator.c -@@ -104,10 +104,10 @@ static void destroy_data(void *data) - * filtered test - */ - --static bool filter(void *data, int *v, int *vo, int *w, int *wo, -- int *x, int *xo, int *y, int *yo, int *z, int *zo) -+static bool filter(int *data, int **v, int *vo, int **w, int *wo, -+ int **x, int *xo, int **y, int *yo, int **z, int *zo) - { -- int val = *v; -+ int val = **v; - - *vo = val++; - *wo = val++; -@@ -118,21 +118,21 @@ static bool filter(void *data, int *v, int *vo, int *w, int *wo, - return TRUE; - } - --static bool filter_odd(void *data, int *item, int *out) -+static bool filter_odd(void *data, int **item, int *out) - { - fail_if(data != (void*)101, "data does not match '101' in filter function"); -- *out = *item; -- return *item % 2 == 0; -+ *out = **item; -+ return **item % 2 == 0; - } - - START_TEST(test_filtered) - { -- int round, v, w, x, y, z; -+ int data[5] = {1,2,3,4,5}, round, v, w, x, y, z; - linked_list_t *list; - enumerator_t *enumerator; - -- list = linked_list_create_with_items((void*)1, (void*)2, (void*)3, (void*)4, -- (void*)5, NULL); -+ list = linked_list_create_with_items(&data[0], &data[1], &data[2], &data[3], -+ &data[4], NULL); - - round = 1; - enumerator = enumerator_create_filter(list->create_enumerator(list), -@@ -155,12 +155,12 @@ END_TEST - - START_TEST(test_filtered_filter) - { -- int count, x; -+ int data[5] = {1,2,3,4,5}, count, x; - linked_list_t *list; - enumerator_t *enumerator; - -- list = linked_list_create_with_items((void*)1, (void*)2, (void*)3, (void*)4, -- (void*)5, NULL); -+ list = linked_list_create_with_items(&data[0], &data[1], &data[2], &data[3], -+ &data[4], NULL); - - count = 0; - /* should also work without destructor, so set this manually */ --- -1.9.1 - diff --git a/debian/patches/03_unit-tests-Fix-chunk-clear-armel.patch b/debian/patches/03_unit-tests-Fix-chunk-clear-armel.patch deleted file mode 100644 index eb92fac71..000000000 --- a/debian/patches/03_unit-tests-Fix-chunk-clear-armel.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/src/libstrongswan/tests/suites/test_chunk.c -+++ b/src/libstrongswan/tests/suites/test_chunk.c -@@ -117,10 +117,13 @@ START_TEST(test_chunk_clear) - } - chunk_clear(&chunk); - /* check memory area of freed chunk. We can't use ck_assert() for this -- * test directly, as it might allocate data at the freed area. */ -- for (i = 0; i < 64; i++) -+ * test directly, as it might allocate data at the freed area. comparing -+ * two bytes at once reduces the chances of conflicts if memory got -+ * overwritten already */ -+ for (i = 0; i < 64; i += 2) - { -- if (ptr[i] != 0 && ptr[i] == i) -+ if (ptr[i] != 0 && ptr[i] == i && -+ ptr[i+1] != 0 && ptr[i+1] == i+1) - { - cleared = FALSE; - break; diff --git a/debian/patches/04_cve-2014-2338.patch b/debian/patches/04_cve-2014-2338.patch deleted file mode 100644 index 688245ce8..000000000 --- a/debian/patches/04_cve-2014-2338.patch +++ /dev/null @@ -1,36 +0,0 @@ -From b980ba7757dcfedd756aa055b3271ea58cf85aa6 Mon Sep 17 00:00:00 2001 -From: Martin Willi <martin@revosec.ch> -Date: Thu, 20 Feb 2014 16:08:43 +0100 -Subject: [PATCH] ikev2: Reject CREATE_CHILD_SA exchange on unestablished - IKE_SAs - -Prevents a responder peer to trick us into established state by starting -IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH. - -Fixes CVE-2014-2338 for 5.x versions of strongSwan. ---- - src/libcharon/sa/ikev2/task_manager_v2.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c -index ac3be90..a5252ab 100644 ---- a/src/libcharon/sa/ikev2/task_manager_v2.c -+++ b/src/libcharon/sa/ikev2/task_manager_v2.c -@@ -778,6 +778,15 @@ static status_t process_request(private_task_manager_t *this, - case CREATE_CHILD_SA: - { /* FIXME: we should prevent this on mediation connections */ - bool notify_found = FALSE, ts_found = FALSE; -+ -+ if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || -+ this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING) -+ { -+ DBG1(DBG_IKE, "received CREATE_CHILD_SA request for " -+ "unestablished IKE_SA, rejected"); -+ return FAILED; -+ } -+ - enumerator = message->create_payload_enumerator(message); - while (enumerator->enumerate(enumerator, &payload)) - { --- -1.8.1.2 diff --git a/debian/patches/series b/debian/patches/series index 694043aa7..2cf256b6c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,4 +1 @@ 01_fix-manpages.patch -02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch -03_unit-tests-Fix-chunk-clear-armel.patch -04_cve-2014-2338.patch |