Package: ipsec-tools / 1:0.8.2+20140711-8+deb9u1

Metadata

Package Version Patches format
ipsec-tools 1:0.8.2+20140711-8+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
automake options | (download)

configure.ac | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---
make peer_certfile dnssec validate dnssec | (download)

src/racoon/getcertsbyname.c | 19 19 + 0 - 0 !
1 file changed, 19 insertions(+)

---
ipsec str_error spelling.patch | (download)

src/libipsec/ipsec_strerror.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 trivial spelling error
 Code comment has a mis-spelled word.
Fix spelling error racoon.conf.5.patch | (download)

src/racoon/racoon.conf.5 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 spelling error
 Amend a common mis-spelling.
0001 extend setkey.8 manpage esp udp tcp md5.patch | (download)

src/setkey/setkey.8 | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

---
modify makefile to let initscript create var run directory.patch | (download)

src/racoon/Makefile.in | 3 0 + 3 - 0 !
1 file changed, 3 deletions(-)

---
move private libraries to subfolder.patch | (download)

ltmain.sh | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
FTBFS2_kfreebsd.patch | (download)

configure.ac | 9 8 + 1 - 0 !
src/libipsec/key_debug.c | 2 1 + 1 - 0 !
src/libipsec/policy_token.c | 2 1 + 1 - 0 !
src/libipsec/policy_token.l | 2 1 + 1 - 0 !
src/racoon/isakmp.c | 7 5 + 2 - 0 !
src/racoon/nattraversal.c | 2 1 + 1 - 0 !
src/racoon/pfkey.c | 2 1 + 1 - 0 !
src/setkey/token.c | 2 1 + 1 - 0 !
src/setkey/token.l | 2 1 + 1 - 0 !
9 files changed, 20 insertions(+), 10 deletions(-)

---
support iphone os main mode with psk.patch | (download)

src/racoon/localconf.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---
configure pass Wl with R.patch | (download)

configure.ac | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 always pass -wl,-rxyz rather than just -rxyz
 gcc used to return 0 on unknown flags, but now returns an error.  So
 test compilations fail because we are passing -R/lib.
include stdint.patch | (download)

src/libipsec/libpfkey.h | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

---
asn1_utf8.patch | (download)

src/racoon/crypto_openssl.c | 2 2 + 0 - 0 !
src/racoon/eaytest.c | 10 5 + 5 - 0 !
2 files changed, 7 insertions(+), 5 deletions(-)

 switch to b_asn1_utf8string

Only use UTF8 encoding in ASN.1 strings.
This is recommended by RFC2459 (2004), and has been made the default in
OpenSSL 1.0.1h. Fixes the FTBFS caused by the OpenSSL change.

ipv6literalaltname.patch | (download)

src/racoon/crypto_openssl.c | 59 40 + 19 - 0 !
1 file changed, 40 insertions(+), 19 deletions(-)

---
checkpoint xauth.patch | (download)

src/racoon/isakmp_cfg.c | 131 87 + 44 - 0 !
src/racoon/isakmp_xauth.c | 10 9 + 1 - 0 !
src/racoon/isakmp_xauth.h | 10 10 + 0 - 0 !
3 files changed, 106 insertions(+), 45 deletions(-)

---
bug785778 null pointer deref.patch | (download)

src/racoon/gssapi.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

---
bug777918 implicit int.patch | (download)

src/racoon/isakmp_xauth.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---
bug790244 glibc bsd source obsolete.patch | (download)

src/include-glibc/glibc-bugs.h | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

---
CVE 2016 10396.patch | (download)

src/racoon/handler.h | 3 2 + 1 - 0 !
src/racoon/isakmp.c | 2 2 + 0 - 0 !
src/racoon/isakmp_frag.c | 100 68 + 32 - 0 !
src/racoon/isakmp_inf.c | 1 1 + 0 - 0 !
4 files changed, 73 insertions(+), 33 deletions(-)

 fix remotely exploitable dos. http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10396
Source: vendor; https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
Bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867986