lp://staging/~zulcss/ubuntu/intrepid/ipsec-tools/src-374185
- Get this branch:
- bzr branch lp://staging/~zulcss/ubuntu/intrepid/ipsec-tools/src-374185
Branch merges
- Steve Beattie (community): Approve (sru)
-
Diff: 235 lines5 files modifieddebian/changelog (+25/-0)
src/racoon/crypto_openssl.c (+2/-0)
src/racoon/ipsec_doi.c (+41/-23)
src/racoon/isakmp_frag.c (+2/-1)
src/racoon/nattraversal.c (+11/-4)
Related source package recipes
Related bugs
Related blueprints
Branch information
- Owner:
- Chuck Short
- Status:
- Development
Recent revisions
- 20. By Chuck Short
-
src/racoon/
ipsec_doi. c: Patched to fix segfault when using
ipv6 addresses in sainfo section of racoon.conf. Thanks to
Fredrik Ljunggren. (LP: #374185) - 19. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via fragmented packets without a
payload.
- src/racoon/isakmp_ frag.c: validate size of payload data.
- http://cvsweb. netbsd. org/bsdweb. cgi/src/ crypto/ dist/ipsec- tools/src/ racoon/ isakmp_ frag.c. diff?r1= 1.4&r2= 1.4.6.1& f=h
- CVE-2009-1574
* SECURITY UPDATE: denial of service via multiple memory leaks.
- src/racoon/crypto_ openssl. c: call X509_free().
- src/racoon/nattraversal. c: add new natt_keepalive_ delete( ) function
that also frees ka->src and ka->dst.
- http://cvsweb. netbsd. org/bsdweb. cgi/src/ crypto/ dist/ipsec- tools/src/ racoon/ crypto_ openssl. c.diff? r1=1.11. 6.4&r2= 1.11.6. 5&f=u
- http://cvsweb. netbsd. org/bsdweb. cgi/src/ crypto/ dist/ipsec- tools/src/ racoon/ nattraversal. c.diff? r1=1.6& r2=1.6. 6.1&f=u
- CVE-2009-1632 - 18. By Mathias Gug
-
* Merge from debian unstable, remaining changes:
- debian/control:
- Set Ubuntu maintainer address.
- Depend on lsb-base.
- debian/ipsec-tools. setkey. init:
- LSB init script.
* Dropped:
- debian/ipsec-tools. setkey. init:
- restart method: stop then start.
- Use {} instead of () in usage (bash_completion).
- debian/racoon.init:
- Create /var/run/racoon.
- Use {} instead of () in usage (bash_completion).
* Bug fixed by this merge:
- fix XAuth with U-FQDN (LP: #234166).
* Enable build with hardened options:
- src/libipsec/policy_ token.c: don't check return code of fwrite.
- src/setkey/setkey. c: stop scanning stdin if fgets fails. - 17. By Mathias Gug
-
* Merge from debian unstable, remaining changes:
- debian/control:
- Set Ubuntu maintainer address.
- Depend on lsb-base.
- debian/ipsec-tools. setkey. init:
- LSB init script.
- restart method: stop then start.
- Use {} instead of () in usage (bash_completion).
- debian/racoon.init:
- Create /var/run/racoon.
- Use {} instead of () in usage (bash_completion).
* Dropped:
- src/racoon/isakmp_ inf.c: upstream fix for unecrypted ISAKMP packets.
- src/racoon/grabmyaddr. c: Define IFA_RTA and #include <linux/if_addr.h>. - 14. By Kees Cook
-
* Merge from debian unstable, remaining changes:
- src/racoon/isakmp_ inf.c: upstream fix for unecrypted ISAKMP packets.
- src/racoon/grabmyaddr. c: Define IFA_RTA and #include <linux/if_addr.h>.
- debian/control: Set Ubuntu maintainer address.
- LSB init script.
- debian/racoon.init: Create /var/run/racoon. - 13. By Kees Cook
-
* SECURITY UPDATE: remote ipsec tunnel disruption.
* src/racoon/isakmp_ inf.c: upstream fix for unecrypted ISAKMP packets
causing tunnels to be disconnected.
* References
CVE-2007-1841 - 12. By Matthias Klose
-
* Rebuild for changes in the amd64 toolchain.
* Set Ubuntu maintainer address. - 11. By Martin Pitt
-
* Merge from debian unstable.
- LSB init script.
- debian/racoon.init: Create /var/run/racoon.
* src/racoon/grabmyaddr. c: Define IFA_RTA and #include <linux/if_addr.h>.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar RepositoryFormatKnitPack6RichRoot (bzr 1.9)
- Stacked on:
- lp://staging/ubuntu/karmic/ipsec-tools
