From 28981b4878c9847bd57ba587622353ffec81cc05 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Sun, 18 Sep 2016 13:30:44 +0200 Subject: backport two upstream patches for n-m-strongswan 1.4 --- debian/changelog | 3 + .../05_network-manager-strongswan-1.4.patch | 72 ++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 76 insertions(+) create mode 100644 debian/patches/05_network-manager-strongswan-1.4.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 9dafcdb6a..74507cbdf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,9 @@ strongswan (5.5.0-2) UNRELEASED; urgency=medium * debian/control: - update debhelper dependency to a version which supports dbgsym migration. + * debian/patches: + - 05_network-manager-strongswan-1.4 added, backport two upstream patches + to support network-manager-strongswan 1.4 in charon-nm. closes: #838194 -- Yves-Alexis Perez Mon, 22 Aug 2016 16:09:44 +0200 diff --git a/debian/patches/05_network-manager-strongswan-1.4.patch b/debian/patches/05_network-manager-strongswan-1.4.patch new file mode 100644 index 000000000..6d5bb353d --- /dev/null +++ b/debian/patches/05_network-manager-strongswan-1.4.patch @@ -0,0 +1,72 @@ +From 9e74a0952e27e3ac0055b0831919aaddfef1e1b5 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Mon, 5 Sep 2016 10:54:07 +0200 +Subject: [PATCH] nm: Enforce min. length for PSKs in backend + +--- + src/charon-nm/nm/nm_service.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c +index 5991c24..c0c78ef 100644 +--- a/src/charon-nm/nm/nm_service.c ++++ b/src/charon-nm/nm/nm_service.c +@@ -428,6 +428,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, + { + user = identification_create_from_string((char*)str); + str = nm_setting_vpn_get_secret(vpn, "password"); ++ if (auth_class == AUTH_CLASS_PSK && ++ strlen(str) < 20) ++ { ++ g_set_error(err, NM_VPN_PLUGIN_ERROR, ++ NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, ++ "pre-shared key is too short."); ++ gateway->destroy(gateway); ++ user->destroy(user); ++ return FALSE; ++ } + priv->creds->set_username_password(priv->creds, user, (char*)str); + } + } +-- +1.9.1 + +From f201d86debb12731b634625a0278e289e3e05e10 Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Mon, 5 Sep 2016 14:34:07 +0200 +Subject: [PATCH] nm: Pass external gateway to NM + +This seems to be required by newer versions. +--- + src/charon-nm/nm/nm_service.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c +index c0c78ef..0fe10e0 100644 +--- a/src/charon-nm/nm/nm_service.c ++++ b/src/charon-nm/nm/nm_service.c +@@ -88,12 +88,19 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, + GValue *val; + GHashTable *config; + enumerator_t *enumerator; +- host_t *me; ++ host_t *me, *other; + nm_handler_t *handler; + + config = g_hash_table_new(g_str_hash, g_str_equal); + handler = priv->handler; + ++ /* NM apparently requires to know the gateway */ ++ val = g_slice_new0 (GValue); ++ g_value_init (val, G_TYPE_UINT); ++ other = ike_sa->get_other_host(ike_sa); ++ g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr); ++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val); ++ + /* NM requires a tundev, but netkey does not use one. Passing the physical + * interface does not work, as NM fiddles around with it. So we pass a dummy + * TUN device along for NM to play with... */ +-- +1.9.1 + + \ No newline at end of file diff --git a/debian/patches/series b/debian/patches/series index 6d7cc1dfa..dee08f6c2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 01_fix-manpages.patch 03_systemd-service.patch 04_disable-libtls-tests.patch +05_network-manager-strongswan-1.4.patch -- cgit v1.2.3