From f869be90352c43cc0db49fb712d729454eb5c6b0 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 26 Apr 2013 11:47:16 +0200
Subject: Fix for CVE-2013-2944

* debian/patches:
  - 0001-Check-return-value-of-ECDSA_Verify-correctly added. Fix ECDSA
    signature verification when using openssl plugin (CVE-2013-2944).
---
 debian/changelog                                   |  8 +++++++
 ...ck-return-value-of-ECDSA_Verify-correctly.patch | 26 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 35 insertions(+)
 create mode 100644 debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch

diff --git a/debian/changelog b/debian/changelog
index d5fe43d03..c68645dc7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+strongswan (4.6.4-7) UNRELEASED; urgency=high
+
+  * debian/patches:
+    - 0001-Check-return-value-of-ECDSA_Verify-correctly added. Fix ECDSA
+      signature verification when using openssl plugin (CVE-2013-2944).
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Fri, 26 Apr 2013 11:35:38 +0200
+
 strongswan (4.6.4-6) unstable; urgency=low
 
   * debian/rules:
diff --git a/debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch b/debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch
new file mode 100644
index 000000000..abd1f1921
--- /dev/null
+++ b/debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch
@@ -0,0 +1,26 @@
+From 0faaab20cd9c4a519fb6269ab6c8be15d0b61864 Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin@revosec.ch>
+Date: Tue, 9 Apr 2013 10:56:09 +0200
+Subject: Check return value of ECDSA_Verify() correctly
+
+---
+ src/libstrongswan/plugins/openssl/openssl_ec_public_key.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+index c8a45f7..38cc8be 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
++++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+@@ -124,7 +124,7 @@ static bool verify_der_signature(private_openssl_ec_public_key_t *this,
+ 	if (openssl_hash_chunk(nid_hash, data, &hash))
+ 	{
+ 		valid = ECDSA_verify(0, hash.ptr, hash.len,
+-							 signature.ptr, signature.len, this->ec);
++							 signature.ptr, signature.len, this->ec) == 1;
+ 		free(hash.ptr);
+ 	}
+ 	return valid;
+-- 
+1.7.10.4
+
+
diff --git a/debian/patches/series b/debian/patches/series
index ff06f2f04..29c60134c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 02_add-LICENSE.patch
 03_Pass-lo-as-faked-tundev-to-NM-as-it-now-needs-a-vali.patch
 04-Fixed-IPv6-source-address-lookup.patch
+0001-Check-return-value-of-ECDSA_Verify-correctly.patch
-- 
cgit v1.2.3


From 7685d91210fdefb3515fdfbbfb420de510e89a94 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Tue, 30 Apr 2013 13:33:53 +0200
Subject: upload to sid

---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c68645dc7..3601e4932 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-strongswan (4.6.4-7) UNRELEASED; urgency=high
+strongswan (4.6.4-7) unstable; urgency=high
 
   * debian/patches:
     - 0001-Check-return-value-of-ECDSA_Verify-correctly added. Fix ECDSA
       signature verification when using openssl plugin (CVE-2013-2944).
 
- -- Yves-Alexis Perez <corsac@debian.org>  Fri, 26 Apr 2013 11:35:38 +0200
+ -- Yves-Alexis Perez <corsac@debian.org>  Tue, 30 Apr 2013 09:47:27 +0200
 
 strongswan (4.6.4-6) unstable; urgency=low
 
-- 
cgit v1.2.3


From 446ba31fdea68ac3c038495a2c59f9ada1427f81 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 17 May 2013 23:04:13 +0200
Subject: strongswan-ikev{1,2}: only depends on iproute on Linux arches
 (#708686)

---
 debian/changelog | 8 ++++++++
 debian/control   | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3601e4932..fd3b966f1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+strongswan (4.6.4-8) UNRELEASED; urgency=low
+
+  * debian/control:
+    - strongswan-ikev{1,2}: only depends on iproute on Linux arches.
+                                                                closes: #708686
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Fri, 17 May 2013 22:56:27 +0200
+
 strongswan (4.6.4-7) unstable; urgency=high
 
   * debian/patches:
diff --git a/debian/control b/debian/control
index 8751c213d..e0d5f2195 100644
--- a/debian/control
+++ b/debian/control
@@ -79,7 +79,7 @@ Architecture: linux-any
 Pre-Depends: debconf | debconf-2.0
 Depends: ${shlibs:Depends}, ${misc:Depends}, 
   libstrongswan (= ${binary:Version}), strongswan-starter, bsdmainutils,
-  debianutils (>=1.7), ipsec-tools, host, iproute
+  debianutils (>=1.7), ipsec-tools, host, iproute [linux-any]
 Suggests: curl
 Provides: ike-server
 Conflicts: freeswan (<< 2.04-12), openswan, strongswan (<< 4.2.12-1)
@@ -99,7 +99,7 @@ Architecture: any
 Pre-Depends: debconf | debconf-2.0
 Depends: ${shlibs:Depends}, ${misc:Depends}, 
   libstrongswan (= ${binary:Version}), strongswan-starter | strongswan-nm,
-  bsdmainutils, debianutils (>=1.7), ipsec-tools, host, iproute
+  bsdmainutils, debianutils (>=1.7), ipsec-tools, host, iproute [linux-any]
 Suggests: curl
 Provides: ike-server
 Conflicts: freeswan (<< 2.04-12), openswan, strongswan (<< 4.2.12-1)
-- 
cgit v1.2.3


From 4365b4efbca64b0674b8acd2dcc85d7dfa69e2ea Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Fri, 17 May 2013 23:10:08 +0200
Subject: upload to unstable

---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index fd3b966f1..ae29a049c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-strongswan (4.6.4-8) UNRELEASED; urgency=low
+strongswan (4.6.4-8) unstable; urgency=low
 
   * debian/control:
     - strongswan-ikev{1,2}: only depends on iproute on Linux arches.
                                                                 closes: #708686
 
- -- Yves-Alexis Perez <corsac@debian.org>  Fri, 17 May 2013 22:56:27 +0200
+ -- Yves-Alexis Perez <corsac@debian.org>  Fri, 17 May 2013 23:04:15 +0200
 
 strongswan (4.6.4-7) unstable; urgency=high
 
-- 
cgit v1.2.3


From f1ab2a6b77ddc4df929395f3858b5ee910a0030e Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 26 Jun 2013 21:36:05 +0200
Subject: Fix dependencies on !linux arch for strongswan-ikev1

* debian/control:
  - protect strongswan-ikev1 dependencies using linux-any since it's only
    available there.
  - switch strongswan package to arch:any because of that change.
---
 debian/changelog | 9 +++++++++
 debian/control   | 6 +++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ae29a049c..1d4cabfa5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+strongswan (4.6.4-9) UNRELEASED; urgency=low
+
+  * debian/control:
+    - protect strongswan-ikev1 dependencies using linux-any since it's only
+      available there.
+    - switch strongswan package to arch:any because of that change. 
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Wed, 26 Jun 2013 21:05:57 +0200
+
 strongswan (4.6.4-8) unstable; urgency=low
 
   * debian/control:
diff --git a/debian/control b/debian/control
index e0d5f2195..6847cb5e4 100644
--- a/debian/control
+++ b/debian/control
@@ -16,8 +16,8 @@ Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.2), libtool, libgmp3-dev,
 Homepage: http://www.strongswan.org
 
 Package: strongswan
-Architecture: all
-Depends: ${misc:Depends}, strongswan-ikev1, strongswan-ikev2
+Architecture: any
+Depends: ${misc:Depends}, strongswan-ikev1 [linux-any], strongswan-ikev2
 Suggests: network-manager-strongswan
 Description: IPsec VPN solution metapackage
  The strongSwan VPN suite is based on the IPsec stack in standard Linux 2.6
@@ -61,7 +61,7 @@ Description: strongSwan library and binaries - debugging symbols
 Package: strongswan-starter
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, 
-  libstrongswan (= ${binary:Version}), strongswan-ikev1 | strongswan-ikev2, 
+  libstrongswan (= ${binary:Version}), strongswan-ikev1 [linux-any] | strongswan-ikev2, 
   adduser
 Conflicts: strongswan (<< 4.2.12-1)
 Description: strongSwan daemon starter and configuration file parser
-- 
cgit v1.2.3


From 90be687b22ec146050c59a0797679ff627b33cb3 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 26 Jun 2013 21:36:21 +0200
Subject: update standards version to 3.9.4.

---
 debian/changelog | 1 +
 debian/control   | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 1d4cabfa5..75279ef1d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ strongswan (4.6.4-9) UNRELEASED; urgency=low
     - protect strongswan-ikev1 dependencies using linux-any since it's only
       available there.
     - switch strongswan package to arch:any because of that change. 
+    - update standards version to 3.9.4. 
 
  -- Yves-Alexis Perez <corsac@debian.org>  Wed, 26 Jun 2013 21:05:57 +0200
 
diff --git a/debian/control b/debian/control
index 6847cb5e4..085fb3809 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: net
 Priority: optional
 Maintainer: Rene Mayrhofer <rmayr@debian.org>
 Uploaders: Yves-Alexis Perez <corsac@debian.org>
-Standards-Version: 3.9.3
+Standards-Version: 3.9.4
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary
 Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git
 Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.2), libtool, libgmp3-dev, 
-- 
cgit v1.2.3


From b3af89138abeaed5200a0f97552ed7d498ba234b Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 26 Jun 2013 21:37:44 +0200
Subject: Update config.{guess,sub} at build time

* debian/control:
  - add build-dep on autotools-dev
* debian/rules:
  - use autotools-dev addon to update config.{guess,sub}.
---
 debian/changelog | 3 +++
 debian/control   | 2 +-
 debian/rules     | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 75279ef1d..2594687e8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,9 @@ strongswan (4.6.4-9) UNRELEASED; urgency=low
       available there.
     - switch strongswan package to arch:any because of that change. 
     - update standards version to 3.9.4. 
+    - add build-dep on autotools-dev
+  * debian/rules:
+    - use autotools-dev addon to update config.{guess,sub}. 
 
  -- Yves-Alexis Perez <corsac@debian.org>  Wed, 26 Jun 2013 21:05:57 +0200
 
diff --git a/debian/control b/debian/control
index 085fb3809..36a02f757 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.2), libtool, libgmp3-dev,
   hardening-wrapper, libfcgi-dev, clearsilver-dev,
   libxml2-dev, libsqlite3-dev, network-manager-dev (>= 0.7) [linux-any], 
   libnm-glib-vpn-dev (>= 0.7) [linux-any], libnm-util-dev (>= 0.7) [linux-any], 
-  gperf, libcap-dev [linux-any]
+  gperf, libcap-dev [linux-any], autotools-dev
 Homepage: http://www.strongswan.org
 
 Package: strongswan
diff --git a/debian/rules b/debian/rules
index dabf6794a..bca7751bc 100755
--- a/debian/rules
+++ b/debian/rules
@@ -145,4 +145,4 @@ override_dh_installlogcheck:
 	dh_installlogcheck --name strongswan
 
 %:
-	dh $@ --parallel
+	dh $@ --parallel --with autotools-dev
-- 
cgit v1.2.3


From 104f57d4b0fb6d7547d6898352eaa5fb4b222010 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 26 Jun 2013 22:12:27 +0200
Subject: upload to unstable

---
 debian/changelog | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 2594687e8..3e052ade7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-strongswan (4.6.4-9) UNRELEASED; urgency=low
+strongswan (4.6.4-9) unstable; urgency=low
 
   * debian/control:
     - protect strongswan-ikev1 dependencies using linux-any since it's only
@@ -9,7 +9,7 @@ strongswan (4.6.4-9) UNRELEASED; urgency=low
   * debian/rules:
     - use autotools-dev addon to update config.{guess,sub}. 
 
- -- Yves-Alexis Perez <corsac@debian.org>  Wed, 26 Jun 2013 21:05:57 +0200
+ -- Yves-Alexis Perez <corsac@debian.org>  Wed, 26 Jun 2013 21:57:53 +0200
 
 strongswan (4.6.4-8) unstable; urgency=low
 
-- 
cgit v1.2.3


From 4fabe46b04a6d8ff1aa884e2bebe0f82ba3c24a3 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 17 Oct 2013 21:30:48 +0200
Subject: remove obsolete patch

---
 ...ck-return-value-of-ECDSA_Verify-correctly.patch | 26 ----------------------
 1 file changed, 26 deletions(-)
 delete mode 100644 debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch

diff --git a/debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch b/debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch
deleted file mode 100644
index abd1f1921..000000000
--- a/debian/patches/0001-Check-return-value-of-ECDSA_Verify-correctly.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 0faaab20cd9c4a519fb6269ab6c8be15d0b61864 Mon Sep 17 00:00:00 2001
-From: Martin Willi <martin@revosec.ch>
-Date: Tue, 9 Apr 2013 10:56:09 +0200
-Subject: Check return value of ECDSA_Verify() correctly
-
----
- src/libstrongswan/plugins/openssl/openssl_ec_public_key.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
-index c8a45f7..38cc8be 100644
---- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
-+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
-@@ -124,7 +124,7 @@ static bool verify_der_signature(private_openssl_ec_public_key_t *this,
- 	if (openssl_hash_chunk(nid_hash, data, &hash))
- 	{
- 		valid = ECDSA_verify(0, hash.ptr, hash.len,
--							 signature.ptr, signature.len, this->ec);
-+							 signature.ptr, signature.len, this->ec) == 1;
- 		free(hash.ptr);
- 	}
- 	return valid;
--- 
-1.7.10.4
-
-
-- 
cgit v1.2.3


From d780a093afe7cc6f8834f938ee37b1868b02cb64 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 17 Oct 2013 21:31:25 +0200
Subject: strongswan-ike: only depends on iproute on linux arches.

---
 debian/changelog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5fc499a19..2e8a7862e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+strongswan (5.1.0-2) UNRELEASED; urgency=low
+
+  * debian/control:
+    - strongswan-ike: only depends on iproute on linux arches.
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Thu, 17 Oct 2013 21:30:59 +0200
+
 strongswan (5.1.0-1) unstable; urgency=low
 
   * New upstream release.
-- 
cgit v1.2.3


From e57cde5b5d03b838d08da2605bcab68d8aa3b502 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Thu, 17 Oct 2013 21:51:40 +0200
Subject: upload

---
 debian/changelog                                   |   6 +-
 .../tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql~   | 852 ---------------------
 2 files changed, 4 insertions(+), 854 deletions(-)
 delete mode 100644 testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql~

diff --git a/debian/changelog b/debian/changelog
index 2e8a7862e..77bf2a952 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,11 @@
-strongswan (5.1.0-2) UNRELEASED; urgency=low
+strongswan (5.1.0-2) unstable; urgency=medium
 
+  * urgency=medium since we already spent 16 days in unstable and the fix is
+    trivial
   * debian/control:
     - strongswan-ike: only depends on iproute on linux arches.
 
- -- Yves-Alexis Perez <corsac@debian.org>  Thu, 17 Oct 2013 21:30:59 +0200
+ -- Yves-Alexis Perez <corsac@debian.org>  Thu, 17 Oct 2013 21:40:35 +0200
 
 strongswan (5.1.0-1) unstable; urgency=low
 
diff --git a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql~ b/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql~
deleted file mode 100644
index 7373dd4b6..000000000
--- a/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/pts/data.sql~
+++ /dev/null
@@ -1,852 +0,0 @@
-/* Products */
-
-INSERT INTO products (			/*  1 */
-  name
-) VALUES (
- 'Debian 6.0 i686'
-);
-
-INSERT INTO products (			/*  2 */
-  name
-) VALUES (
- 'Debian 6.0 x86_64'
-);
-
-INSERT INTO products (			/*  3 */
-  name
-) VALUES (
- 'Debian 7.0 i686'
-);
-
-INSERT INTO products (			/*  4 */
-  name
-) VALUES (
- 'Debian 7.0 x86_64'
-);
-
-INSERT INTO products (			/*  5 */
-  name
-) VALUES (
- 'Debian 8.0 i686'
-);
-
-INSERT INTO products (			/*  6 */
-  name
-) VALUES (
- 'Debian 8.0 x86_64'
-);
-
-INSERT INTO products (			/*  7 */
-  name
-) VALUES (
- 'Ubuntu 10.04 i686'
-);
-
-INSERT INTO products (			/*  8 */
-  name
-) VALUES (
- 'Ubuntu 10.04 x86_64'
-);
-
-INSERT INTO products (			/*  9 */
-  name
-) VALUES (
- 'Ubuntu 10.10 i686'
-);
-
-INSERT INTO products (			/* 10 */
-  name
-) VALUES (
- 'Ubuntu 10.10 x86_64'
-);
-
-INSERT INTO products (			/* 11 */
-  name
-) VALUES (
- 'Ubuntu 11.04 i686'
-);
-
-INSERT INTO products (			/* 12 */
-  name
-) VALUES (
- 'Ubuntu 11.04 x86_64'
-);
-
-INSERT INTO products (			/* 13 */
-  name
-) VALUES (
- 'Ubuntu 11.10 i686'
-);
-
-INSERT INTO products (			/* 14 */
-  name
-) VALUES (
- 'Ubuntu 11.10 x86_64'
-);
-
-INSERT INTO products (			/* 15 */
-  name
-) VALUES (
- 'Ubuntu 12.04 i686'
-);
-
-INSERT INTO products (			/* 16 */
-  name
-) VALUES (
- 'Ubuntu 12.04 x86_64'
-);
-
-INSERT INTO products (			/* 17 */
-  name
-) VALUES (
- 'Ubuntu 12.10 i686'
-);
-
-INSERT INTO products (			/* 18 */
-  name
-) VALUES (
- 'Ubuntu 12.10 x86_64'
-);
-
-INSERT INTO products (			/* 19 */
-  name
-) VALUES (
- 'Ubuntu 13.04 i686'
-);
-
-INSERT INTO products (			/* 20 */
-  name
-) VALUES (
- 'Ubuntu 13.04 x86_64'
-);
-
-INSERT INTO products (			/* 21 */
-  name
-) VALUES (
- 'Android 4.1.1'
-);
-
-INSERT INTO products (			/* 22 */
-  name
-) VALUES (
- 'Android 4.2.1'
-);
-
-/* Directories */
-
-INSERT INTO directories (		/*  1 */
-  path
-) VALUES (
- '/bin'
-);
-
-INSERT INTO directories (		/*  2 */
-  path
-) VALUES (
- '/etc'
-);
-
-INSERT INTO directories (		/*  3 */
-  path
-) VALUES (
- '/lib'
-);
-
-INSERT INTO directories (		/*  4 */
-  path
-) VALUES (
- '/lib/i386-linux-gnu'
-);
-
-INSERT INTO directories (		/*  5 */
-  path
-) VALUES (
- '/lib/x86_64-linux-gnu'
-);
-
-INSERT INTO directories (		/*  6 */
-  path
-) VALUES (
- '/lib/xtables'
-);
-
-INSERT INTO directories (		/*  7 */
-  path
-) VALUES (
- '/sbin'
-);
-
-INSERT INTO directories (		/*  8 */
-  path
-) VALUES (
- '/usr/bin'
-);
-
-INSERT INTO directories (		/*  9 */
-  path
-) VALUES (
- '/usr/lib'
-);
-
-INSERT INTO directories (		/* 10 */
-  path
-) VALUES (
- '/usr/lib/i386-linux-gnu'
-);
-
-INSERT INTO directories (		/* 11 */
-  path
-) VALUES (
- '/usr/lib/x86_64-linux-gnu'
-);
-
-INSERT INTO directories (		/* 12 */
-  path
-) VALUES (
- '/usr/sbin'
-);
-
-INSERT INTO directories (		/* 13 */
-  path
-) VALUES (
- '/system/bin'
-);
-
-INSERT INTO directories (		/* 14 */
-  path
-) VALUES (
- '/system/lib'
-);
-
-/* Files */
-
-INSERT INTO files (				/*  1 */
-  name, dir
-) VALUES (
- 'libcrypto.so.1.0.0', 5
-);
-
-INSERT INTO files (				/*  2 */
-  name, dir
-) VALUES (
- 'libcrypto.so.1.0.0', 11
-);
-
-INSERT INTO files (				/*  3 */
-  name, dir
-) VALUES (
- 'libssl.so.1.0.0', 5
-);
-
-INSERT INTO files (				/*  4 */
-  name, dir
-) VALUES (
- 'libssl.so.1.0.0', 11
-);
-
-INSERT INTO files (				/*  5 */
-  name, dir
-) VALUES (
-  'openssl', 8
-);
-
-INSERT INTO files (				/*  6 */
-  name, dir
-) VALUES (
-  'tnc_config', 2
-);
-
-/* Algorithms */
-
-INSERT INTO algorithms (
-  id, name
-) VALUES (
-  65536, 'SHA1-IMA' 
-);
-
-INSERT INTO algorithms (
-  id, name
-) VALUES (
-  32768, 'SHA1' 
-);
-
-INSERT INTO algorithms (
-  id, name
-) VALUES (
-  16384, 'SHA256' 
-);
-
-INSERT INTO algorithms (
-  id, name
-) VALUES (
-  8192, 'SHA384' 
-);
-
-/* File Hashes */
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' 
-);
-
-INSERT INTO file_hashes (
-  product, file, algo, hash
-) VALUES (
-  18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' 
-);
-
-/* Packages */
-
-INSERT INTO packages (			/*  1 */
-  name
-) VALUES (
- 'libssl-dev'
-);
-
-INSERT INTO packages (			/*  2 */
-  name
-) VALUES (
- 'libssl1.0.0'
-);
-
-INSERT INTO packages (			/*  3 */
-  name
-) VALUES (
- 'libssl1.0.0-dbg'
-);
-
-INSERT INTO packages (			/*  4 */
-  name
-) VALUES (
- 'openssl'
-);
-
-/* Versions */
-
-INSERT INTO versions (
-  package, product, release, time
-) VALUES (
-  1, 4, '1.0.1e-2', 1366531494
-);
-
-INSERT INTO versions (
-  package, product, release, time
-) VALUES (
-  2, 4, '1.0.1e-2', 1366531494
-);
-
-INSERT INTO versions (
-  package, product, release, time
-) VALUES (
-  3, 4, '1.0.1e-2', 1366531494
-);
-
-INSERT INTO versions (
-  package, product, release, time
-) VALUES (
-  4, 4, '1.0.1e-2', 1366531494
-);
-
-/* Components */
-
-INSERT INTO components (
-  vendor_id, name, qualifier
-) VALUES (
-  36906, 1, 33  /* ITA TGRUB */
-);
-
-INSERT INTO components (
-  vendor_id, name, qualifier
-) VALUES (
-  36906, 2, 33  /* ITA TBOOT */
-);
-
-INSERT INTO components (
-  vendor_id, name, qualifier
-) VALUES (
-  36906, 3, 33  /* ITA IMA - Trusted Platform */
-);
-
-INSERT INTO components (
-  vendor_id, name, qualifier
-) VALUES (
-  36906, 3, 34  /* ITA IMA - Operating System */
-);
-
-/* Groups */
-
-INSERT INTO groups (			/*  1 */
-  name
-) VALUES (
-  'Default'
-);
-
-INSERT INTO groups (			/*  2 */
-  name, parent
-) VALUES (
-  'Linux', 1
-);
-
-INSERT INTO groups (			/*  3 */
-  name, parent
-) VALUES (
-  'Android', 1
-);
-
-INSERT INTO groups (			/*  4 */
-  name, parent
-) VALUES (
-  'Debian i686', 2
-);
-
-INSERT INTO groups (			/*  5 */
-  name, parent
-) VALUES (
-  'Debian x86_64', 2
-);
-
-INSERT INTO groups (			/*  6 */
-  name, parent
-) VALUES (
-  'Ubuntu i686', 2
-);
-
-INSERT INTO groups (			/*  7 */
-  name, parent
-) VALUES (
-  'Ubuntu x86_64', 2
-);
-
-INSERT INTO groups (			/*  8 */
-  name
-) VALUES (
-  'Reference'
-);
-
-INSERT INTO groups (			/*  9 */
-  name, parent
-) VALUES (
-  'Ref. Android', 8
-);
-
-INSERT INTO groups (			/* 10 */
-  name, parent
-) VALUES (
-  'Ref. Linux', 8
-);
-
-/* Default Product Groups */
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  4, 1
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  4, 3
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  4, 5
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  5, 2
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  5, 4
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  5, 6
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  6, 7
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  6, 9
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  6, 11
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  6, 13
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  6, 15
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  6, 17
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  6, 19
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  7, 8
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  7, 10
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  7, 12
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  7, 14
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  7, 16
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  7, 18
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  7, 20
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  3, 21
-);
-
-INSERT INTO groups_product_defaults (
-  group_id, product_id
-) VALUES (
-  3, 22
-);
-
-/* Policies */
-
-INSERT INTO policies (			/*  1 */
-  type, name, rec_fail, rec_noresult
-) VALUES (
-  1, 'Installed Packages', 2, 2
-);
-
-INSERT INTO policies (			/*  2 */
-  type, name, rec_fail, rec_noresult
-) VALUES (
-  2, 'Unknown Source', 2, 2
-);
-
-INSERT INTO policies (			/*  3 */
-  type, name, rec_fail, rec_noresult
-) VALUES (
-  3, 'IP Forwarding Enabled', 1, 1 
-);
-
-INSERT INTO policies (			/*  4 */
-  type, name, rec_fail, rec_noresult
-) VALUES (
-  4, 'Default Factory Password Enabled', 1, 1
-);
-
-INSERT INTO policies (			/*  5 */
-  type, name, file, rec_fail, rec_noresult
-) VALUES (
-  6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2
-);
-
-INSERT INTO policies (			/*  6 */
-  type, name, file, rec_fail, rec_noresult
-) VALUES (
-  6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2
-);
-
-INSERT INTO policies (			/*  7 */
-  type, name, file, rec_fail, rec_noresult
-) VALUES (
-  6, 'Measure /usr/bin/openssl', 5, 2, 2
-);
-
-INSERT INTO policies (			/*  8 */
-  type, name, rec_fail, rec_noresult
-) VALUES (
-  11, 'No Open TCP Ports', 1, 1
-);
-
-INSERT INTO policies (			/*  9 */
-  type, name, argument, rec_fail, rec_noresult
-) VALUES (
-  13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1
-);
-
-INSERT INTO policies (			/* 10 */
-  type, name, file, rec_fail, rec_noresult
-) VALUES (
-  7, 'Metadata of /etc/tnc_config', 6, 0, 0
-);
-
-INSERT INTO policies (			/* 11 */
-  type, name, dir, rec_fail, rec_noresult
-) VALUES (
-  8, 'Get /bin', 1, 0, 0
-);
-
-INSERT INTO policies (			/*  12 */
-  type, name, file, rec_fail, rec_noresult
-) VALUES (
-  6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2
-);
-
-INSERT INTO policies (			/* 13 */
-  type, name, file, rec_fail, rec_noresult
-) VALUES (
-  6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2
-);
-
-INSERT INTO policies (			/* 14 */
-  type, name, dir, rec_fail, rec_noresult
-) VALUES (
-  8, 'Get /system/bin', 13, 0, 0
-);
-
-INSERT INTO policies (			/* 15 */
-  type, name, dir, rec_fail, rec_noresult
-) VALUES (
-  8, 'Get /system/lib', 14, 0, 0
-);
-
-INSERT INTO policies (                  /* 16 */
-  type, name, dir, rec_fail, rec_noresult
-) VALUES (
-  9, 'Measure /bin', 1, 2, 2
-);
-
-/* Enforcements */
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  1, 1, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  2, 3, 0
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age, rec_fail, rec_noresult
-) VALUES (
-  3, 2, 0, 2, 2
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  5, 7, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  6, 7, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  7, 2, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  8, 1, 60
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  9, 1, 60
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  10, 2, 60
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  11, 10, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  12, 5, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  13, 5, 86400
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  14, 9, 0
-);
-
-INSERT INTO enforcements (
-  policy, group_id, max_age
-) VALUES (
-  15, 9, 0
-);
-
-- 
cgit v1.2.3