Patch to fix a major crash issue when Freeradius loads

attestatiom-imv and does not initialize libstrongswan which causes crash due to calls to PTS algorithms probing APIs. So this patch fixes the order of initialization. This issues does not occur with charon because libstrongswan gets initialized earlier. - Patch that allows to outputs errors when there are permission issues when accessing strongswan.conf. - Patch to make loading of modules configurable when libimcv is used in stand alone mode without charon with freeradius and wpa_supplicant.
2013-06-28 15:06:33 -04:00
parent 44d903a54a
commit 504a6c151f
4 changed files with 103 additions and 1 deletions
--- a/libimcv-attestatiom-imv-crash.patch
+++ b/libimcv-attestatiom-imv-crash.patch
@@ -0,0 +1,27 @@
 diff -urNp strongswan-5.0.4-patched/src/libpts/plugins/imv_attestation/imv_attestation.c strongswan-5.0.4-current/src/libpts/plugins/imv_attestation/imv_attestation.c
 --- strongswan-5.0.4-patched/src/libpts/plugins/imv_attestation/imv_attestation.c	2013-05-01 15:50:51.331560749 -0400
 +++ strongswan-5.0.4-current/src/libpts/plugins/imv_attestation/imv_attestation.c	2013-06-28 11:10:30.703893643 -0400
@@ -90,11 +90,6 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID
 		DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
 		return TNC_RESULT_ALREADY_INITIALIZED;
 	}
 -	if (!pts_meas_algo_probe(&supported_algorithms) ||
 -		!pts_dh_group_probe(&supported_dh_groups))
 -	{
 -		return TNC_RESULT_FATAL;
 -	}
 	imv_attestation = imv_agent_create(imv_name, msg_types, countof(msg_types),
 									   imv_id, actual_version);
 	if (!imv_attestation)
@@ -104,6 +99,11 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID
 	libpts_init();
 +	if (!pts_meas_algo_probe(&supported_algorithms) ||
 +		!pts_dh_group_probe(&supported_dh_groups))
 +	{
 +		return TNC_RESULT_FATAL;
 +	}
 	if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
 	{
 		DBG1(DBG_IMV, "no common IF-IMV version");
--- a/libstrongswan-settings-debug.patch
+++ b/libstrongswan-settings-debug.patch
@@ -0,0 +1,30 @@
 diff -urNp strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c strongswan-5.0.4-current/src/libstrongswan/utils/settings.c
 --- strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c	2013-05-01 15:50:51.337560745 -0400
 +++ strongswan-5.0.4-current/src/libstrongswan/utils/settings.c	2013-06-18 13:13:27.801428152 -0400
@@ -940,7 +940,7 @@ static bool parse_file(linked_list_t *co
 	{
 		if (errno == ENOENT)
 		{
 -			DBG2(DBG_LIB, "'%s' does not exist, ignored", file);
 +			DBG1(DBG_LIB, "'%s' does not exist, ignored", file);
 			return TRUE;
 		}
 		DBG1(DBG_LIB, "failed to stat '%s': %s", file, strerror(errno));
@@ -1003,7 +1003,7 @@ static bool parse_files(linked_list_t *c
 	if (!strlen(pattern))
 	{
 -		DBG2(DBG_LIB, "empty include pattern, ignored");
 +		DBG1(DBG_LIB, "empty include pattern, ignored");
 		return TRUE;
 	}
@@ -1035,7 +1035,7 @@ static bool parse_files(linked_list_t *c
 		status = glob(pat, GLOB_ERR, NULL, &buf);
 		if (status == GLOB_NOMATCH)
 		{
 -			DBG2(DBG_LIB, "no files found matching '%s', ignored", pat);
 +			DBG1(DBG_LIB, "no files found matching '%s', ignored", pat);
 		}
 		else if (status != 0)
 		{
--- a/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
+++ b/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
@@ -0,0 +1,26 @@
 From 71d740cac68f83c77d981368a4c041eb620310ed Mon Sep 17 00:00:00 2001
 From: Andreas Steffen <andreas.steffen@strongswan.org>
 Date: Fri, 24 May 2013 12:56:21 +0200
 Subject: [PATCH] Make plugins in standalone libimcv configurable
 ---
 src/libimcv/imcv.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
 diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
 index 6cee0ad..f9ecf79 100644
 --- a/src/libimcv/imcv.c
 +++ b/src/libimcv/imcv.c
@@ -118,7 +118,8 @@ bool libimcv_init(void)
 		openlog("imcv", 0, LOG_DAEMON);
 		if (!lib->plugins->load(lib->plugins, NULL,
 -							"sha1 sha2 random nonce gmp pubkey x509"))
 +				lib->settings->get_str(lib->settings, "libimcv.load",
 +					"random nonce gmp pubkey x509")))
 		{
 			library_deinit();
 			return FALSE;
 -- 
 1.7.4.1
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -1,6 +1,6 @@
 Name:           strongswan
 Version:        5.0.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        An OpenSource IPsec-based VPN Solution
 Group:          System Environment/Daemons
 License:        GPLv2+
@@ -9,6 +9,9 @@ Source0:        http://download.strongswan.org/%{name}-%{version}.tar.bz2
 Patch0:         strongswan-init.patch
 Patch1:         strongswan-pts-ecp-disable.patch
 Patch2:         libstrongswan-plugin.patch
 Patch3:         libstrongswan-settings-debug.patch
 Patch4:         strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
 Patch5:         libimcv-attestatiom-imv-crash.patch
 BuildRequires:  gmp-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  openldap-devel
@@ -59,6 +62,9 @@ IF-IMC/IMV interface.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
@@ -289,6 +295,19 @@ fi
 %endif
 %changelog
 * Fri Jun 28 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.4-3
 - Patch to fix a major crash issue when Freeradius loads
  attestatiom-imv and does not initialize libstrongswan which
  causes crash due to calls to PTS algorithms probing APIs.
  So this patch fixes the order of initialization. This issues
  does not occur with charon because libstrongswan gets
  initialized earlier.
 - Patch that allows to outputs errors when there are permission
  issues when accessing strongswan.conf.
 - Patch to make loading of modules configurable when libimcv
  is used in stand alone mode without charon with freeradius
  and wpa_supplicant.
 * Tue Jun 11 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.4-2
 - Enabled TNCCS 1.1 protocol
 - Fixed libxm2-devel build dependency