rpms/ipsec-tools/devel ipsec-tools-0.6.5-CVE-2007-1841.patch, NONE, 1.1 ipsec-tools.spec, 1.40, 1.41
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 25 16:30:58 UTC 2007
- Previous message (by thread): rpms/kernel/devel patch-2.6.21-rc7-git8.bz2.sign, NONE, 1.1 .cvsignore, 1.613, 1.614 kernel-2.6.spec, 1.3110, 1.3111 sources, 1.576, 1.577 upstream, 1.504, 1.505 patch-2.6.21-rc7-git7.bz2.sign, 1.1, NONE
- Next message (by thread): rpms/ipsec-tools/devel ipsec-tools.spec,1.41,1.42
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jantill
Update of /cvs/dist/rpms/ipsec-tools/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv17199
Modified Files:
ipsec-tools.spec
Added Files:
ipsec-tools-0.6.5-CVE-2007-1841.patch
Log Message:
* Mon Apr 23 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-8
- Upstream fix for Racoon DOS, informational delete must be encrypted
- Resolves: rhbz#235388 - CVE-2007-1841 ipsec-tools racoon DoS
ipsec-tools-0.6.5-CVE-2007-1841.patch:
isakmp_inf.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE ipsec-tools-0.6.5-CVE-2007-1841.patch ---
Index: src/racoon/isakmp_inf.c
===================================================================
RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_inf.c,v
retrieving revision 1.14.4.9
diff -u -p -r1.14.4.9 isakmp_inf.c
--- src/racoon/isakmp_inf.c 2 Aug 2005 15:09:26 -0000 1.14.4.9
+++ src/racoon/isakmp_inf.c 2 Apr 2007 12:52:07 -0000
@@ -267,12 +267,12 @@ isakmp_info_recv(iph1, msg0)
switch (np) {
case ISAKMP_NPTYPE_N:
- if (isakmp_info_recv_n(iph1, msg) < 0)
- goto end;
+ if ( encrypted )
+ isakmp_info_recv_n(iph1, msg);
break;
case ISAKMP_NPTYPE_D:
- if (isakmp_info_recv_d(iph1, msg) < 0)
- goto end;
+ if ( encrypted )
+ isakmp_info_recv_d(iph1, msg);
break;
case ISAKMP_NPTYPE_NONCE:
/* XXX to be 6.4.2 ike-01.txt */
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/dist/rpms/ipsec-tools/devel/ipsec-tools.spec,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- ipsec-tools.spec 14 Apr 2007 21:02:15 -0000 1.40
+++ ipsec-tools.spec 25 Apr 2007 16:30:51 -0000 1.41
@@ -20,13 +20,15 @@
Patch10: ipsec-tools-0.6.5-ctx.patch
Patch11: ipsec-tools-0.6.5-acquires.patch
Patch12: ipsec-tools-0.6.5-loopback.patch
-Patch13: ipsec-tools-0.6.5-context-increase.patch
-Patch14: ipsec-tools-0.6.5-leak.patch
-
+#Patch13: ipsec-tools-0.6.5-context-increase.patch
+#Patch14: ipsec-tools-0.6.5-leak.patch
+Patch13: ipsec-tools-0.6.5-CVE-2007-1841.patch
+
BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
BuildRequires: libselinux-devel >= 1.30.28-2
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: initscripts >= 7.31.11.EL-1
+BuildRequires: audit-libs-devel >= 1.3.1
%description
This is the IPsec-Tools package. You need this package in order to
@@ -46,8 +48,7 @@
%patch10 -p1 -b .hctx
%patch11 -p1 -b .acquires
%patch12 -p1 -b .loopback
-%patch13 -p1 -b .context
-%patch14 -p1 -b .leak
+%patch13 -p0 -b .CVE-2007-1841
mkdir -p kernel-headers/linux
cp %{SOURCE1} %{SOURCE2} %{SOURCE5} %{SOURCE6} kernel-headers/linux
@@ -66,7 +67,8 @@
--enable-gssapi \
--enable-natt \
--enable-security-context \
- --enable-racoon-over-loopback
+ --enable-racoon-over-loopback \
+ --enable-audit
make
%install
@@ -107,6 +109,16 @@
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Mon Apr 23 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-8
+- Upstream fix for Racoon DOS, informational delete must be encrypted
+- Resolves: rhbz#235388 - CVE-2007-1841 ipsec-tools racoon DoS
+
+* Fri Apr 20 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-7
+- Resolves: #218386 labeled ipsec does not work over loopback
+
+* Mon Apr 16 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.6
+- Related: #232508 add auditing to racoon
+
* Sat Apr 14 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.6-6%{?dist}
- Resolves: #235680 racoon socket descriptor exhaustion
- Previous message (by thread): rpms/kernel/devel patch-2.6.21-rc7-git8.bz2.sign, NONE, 1.1 .cvsignore, 1.613, 1.614 kernel-2.6.spec, 1.3110, 1.3111 sources, 1.576, 1.577 upstream, 1.504, 1.505 patch-2.6.21-rc7-git7.bz2.sign, 1.1, NONE
- Next message (by thread): rpms/ipsec-tools/devel ipsec-tools.spec,1.41,1.42
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list