rpms/ipsec-tools/F-8 ipsec-tools-0.7-splitcidr.patch, NONE, 1.1 ipsec-tools.spec, 1.49, 1.50
Steve Conklin (sconklin)
fedora-extras-commits at redhat.com
Mon Mar 24 14:09:16 UTC 2008
Author: sconklin
Update of /cvs/pkgs/rpms/ipsec-tools/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30312
Modified Files:
ipsec-tools.spec
Added Files:
ipsec-tools-0.7-splitcidr.patch
Log Message:
Added patch for bz273261
ipsec-tools-0.7-splitcidr.patch:
--- NEW FILE ipsec-tools-0.7-splitcidr.patch ---
diff -NarU5 ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_cfg.c ipsec-tools-0.7-cvs071018/src/racoon/isakmp_cfg.c
--- ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_cfg.c 2007-06-07 16:04:26.000000000 -0400
+++ ipsec-tools-0.7-cvs071018/src/racoon/isakmp_cfg.c 2007-10-18 16:33:07.000000000 -0400
@@ -1875,10 +1875,11 @@
int *envc;
{
char addrstr[IP_MAX];
char addrlist[IP_MAX * MAXNS + MAXNS];
char *splitlist = addrlist;
+ char *splitlist_cidr;
char defdom[MAXPATHLEN + 1];
int cidr, tmp;
char cidrstr[4];
int i, p;
int test;
@@ -2015,37 +2016,61 @@
"Cannot set DEFAULT_DOMAIN\n");
return -1;
}
/* Split networks */
- if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE)
- splitlist = splitnet_list_2str(iph1->mode_cfg->split_include);
- else {
+ if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_INCLUDE) {
+ splitlist =
+ splitnet_list_2str(iph1->mode_cfg->split_include, 0);
+ splitlist_cidr =
+ splitnet_list_2str(iph1->mode_cfg->split_include, 1);
+ } else {
splitlist = addrlist;
+ splitlist_cidr = addrlist;
addrlist[0] = '\0';
}
if (script_env_append(envp, envc, "SPLIT_INCLUDE", splitlist) != 0) {
plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_INCLUDE\n");
return -1;
}
+ if (script_env_append(envp, envc,
+ "SPLIT_INCLUDE_CIDR", splitlist_cidr) != 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Cannot set SPLIT_INCLUDE_CIDR\n");
+ return -1;
+ }
if (splitlist != addrlist)
racoon_free(splitlist);
+ if (splitlist_cidr != addrlist)
+ racoon_free(splitlist_cidr);
- if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL)
- splitlist = splitnet_list_2str(iph1->mode_cfg->split_local);
- else {
+ if (iph1->mode_cfg->flags & ISAKMP_CFG_GOT_SPLIT_LOCAL) {
+ splitlist =
+ splitnet_list_2str(iph1->mode_cfg->split_local, 0);
+ splitlist_cidr =
+ splitnet_list_2str(iph1->mode_cfg->split_local, 1);
+ } else {
splitlist = addrlist;
+ splitlist_cidr = addrlist;
addrlist[0] = '\0';
}
if (script_env_append(envp, envc, "SPLIT_LOCAL", splitlist) != 0) {
plog(LLV_ERROR, LOCATION, NULL, "Cannot set SPLIT_LOCAL\n");
return -1;
}
+ if (script_env_append(envp, envc,
+ "SPLIT_LOCAL_CIDR", splitlist_cidr) != 0) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Cannot set SPLIT_LOCAL_CIDR\n");
+ return -1;
+ }
if (splitlist != addrlist)
racoon_free(splitlist);
+ if (splitlist_cidr != addrlist)
+ racoon_free(splitlist_cidr);
return 0;
}
int
diff -NarU5 ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.c ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.c
--- ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.c 2007-09-19 15:20:25.000000000 -0400
+++ ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.c 2007-10-18 18:11:19.000000000 -0400
@@ -361,12 +361,13 @@
netentry = netentry->next;
racoon_free(delentry);
}
}
-char * splitnet_list_2str(list)
+char * splitnet_list_2str(list, do_cidr)
struct unity_netentry * list;
+ int do_cidr;
{
struct unity_netentry * netentry;
char tmp1[40];
char tmp2[40];
char * str;
@@ -396,12 +397,21 @@
netentry = list;
while (netentry != NULL) {
inet_ntop(AF_INET, &netentry->network.addr4, tmp1, 40);
inet_ntop(AF_INET, &netentry->network.mask4, tmp2, 40);
-
- len += sprintf(str+len, "%s/%s ", tmp1, tmp2);
+ if (do_cidr) {
+ uint32_t tmp3;
+ int cidrmask;
+
+ tmp3 = ntohl(netentry->network.mask4.s_addr);
+ for (cidrmask = 0; tmp3 != 0; cidrmask++)
+ tmp3 <<= 1;
+ len += sprintf(str+len, "%s/%d ", tmp1, cidrmask);
+ } else {
+ len += sprintf(str+len, "%s/%s ", tmp1, tmp2);
+ }
netentry = netentry->next;
}
str[len-1]=0;
diff -NarU5 ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.h ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.h
--- ipsec-tools-0.7-cvs071018.orig/src/racoon/isakmp_unity.h 2006-09-09 12:22:09.000000000 -0400
+++ ipsec-tools-0.7-cvs071018/src/racoon/isakmp_unity.h 2007-10-18 14:31:34.000000000 -0400
@@ -64,9 +64,9 @@
struct unity_netentry *next;
};
int splitnet_list_add(struct unity_netentry **, struct unity_network *, int *);
void splitnet_list_free(struct unity_netentry *, int *);
-char * splitnet_list_2str(struct unity_netentry *);
+char * splitnet_list_2str(struct unity_netentry *, int);
vchar_t *isakmp_unity_req(struct ph1handle *, struct isakmp_data *);
void isakmp_unity_reply(struct ph1handle *, struct isakmp_data *);
Index: ipsec-tools.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ipsec-tools/F-8/ipsec-tools.spec,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- ipsec-tools.spec 25 Feb 2008 16:39:01 -0000 1.49
+++ ipsec-tools.spec 24 Mar 2008 14:08:38 -0000 1.50
@@ -1,6 +1,6 @@
Name: ipsec-tools
Version: 0.7
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: Tools for configuring and using IPSEC
License: BSD
Group: System Environment/Base
@@ -20,6 +20,7 @@
# and these
Patch7: ipsec-tools-0.7-contextsize.patch
Patch8: ipsec-tools-0.7-newcookie-alen.patch
+Patch9: ipsec-tools-0.7-splitcidr.patch
BuildRequires: openssl-devel, krb5-devel, bison, flex, automake, libtool
BuildRequires: libselinux-devel >= 1.30.28-2
@@ -45,6 +46,7 @@
%patch6 -p1 -b .dupsplit
%patch7 -p1 -b .ctxsize
%patch8 -p1 -b .newcookie-alen
+%patch9 -p1 -b .splitcidr
./bootstrap
@@ -122,6 +124,10 @@
%config(noreplace) /etc/racoon/racoon.conf
%changelog
+* Mon Mar 24 2008 Steve Conklin <sconklin at redhat.com> - 0.7-8
+- Resolves bz#273261 remote-access client connection to Cisco ASA
+- (was filed against rawhide)
+
* Mon Feb 25 2008 Steve Conklin <sconklin at redhat.com> - 0.7-7
- Bump for spec file error
More information about the fedora-extras-commits
mailing list