From 78378685d922260e2371955a9a88201b739dc927 Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Fri, 28 Jun 2013 15:20:51 -0400
Subject: [PATCH] Patch to fix a major crash issue when Freeradius loads

  attestatiom-imv and does not initialize libstrongswan which
  causes crash due to calls to PTS algorithms probing APIs.
  So this patch fixes the order of initialization. This issues
  does not occur with charon because libstrongswan gets
  initialized earlier.
- Patch that allows to outputs errors when there are permission
  issues when accessing strongswan.conf.
- Patch to make loading of modules configurable when libimcv
  is used in stand alone mode without charon with freeradius
  and wpa_supplicant.
---
 libimcv-attestatiom-imv-crash.patch           | 27 +++++++++++++++++
 libstrongswan-settings-debug.patch            | 30 +++++++++++++++++++
 ...40cac68f83c77d981368a4c041eb620310ed.patch | 26 ++++++++++++++++
 strongswan.spec                               | 21 ++++++++++++-
 4 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 libimcv-attestatiom-imv-crash.patch
 create mode 100644 libstrongswan-settings-debug.patch
 create mode 100644 strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch

diff --git a/libimcv-attestatiom-imv-crash.patch b/libimcv-attestatiom-imv-crash.patch
new file mode 100644
index 0000000..825ce81
--- /dev/null
+++ b/libimcv-attestatiom-imv-crash.patch
@@ -0,0 +1,27 @@
+diff -urNp strongswan-5.0.4-patched/src/libpts/plugins/imv_attestation/imv_attestation.c strongswan-5.0.4-current/src/libpts/plugins/imv_attestation/imv_attestation.c
+--- strongswan-5.0.4-patched/src/libpts/plugins/imv_attestation/imv_attestation.c	2013-05-01 15:50:51.331560749 -0400
++++ strongswan-5.0.4-current/src/libpts/plugins/imv_attestation/imv_attestation.c	2013-06-28 11:10:30.703893643 -0400
+@@ -90,11 +90,6 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID
+ 		DBG1(DBG_IMV, "IMV \"%s\" has already been initialized", imv_name);
+ 		return TNC_RESULT_ALREADY_INITIALIZED;
+ 	}
+-	if (!pts_meas_algo_probe(&supported_algorithms) ||
+-		!pts_dh_group_probe(&supported_dh_groups))
+-	{
+-		return TNC_RESULT_FATAL;
+-	}
+ 	imv_attestation = imv_agent_create(imv_name, msg_types, countof(msg_types),
+ 									   imv_id, actual_version);
+ 	if (!imv_attestation)
+@@ -104,6 +99,11 @@ TNC_Result TNC_IMV_Initialize(TNC_IMVID
+ 
+ 	libpts_init();
+ 
++	if (!pts_meas_algo_probe(&supported_algorithms) ||
++		!pts_dh_group_probe(&supported_dh_groups))
++	{
++		return TNC_RESULT_FATAL;
++	}
+ 	if (min_version > TNC_IFIMV_VERSION_1 || max_version < TNC_IFIMV_VERSION_1)
+ 	{
+ 		DBG1(DBG_IMV, "no common IF-IMV version");
diff --git a/libstrongswan-settings-debug.patch b/libstrongswan-settings-debug.patch
new file mode 100644
index 0000000..f7cb93f
--- /dev/null
+++ b/libstrongswan-settings-debug.patch
@@ -0,0 +1,30 @@
+diff -urNp strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c strongswan-5.0.4-current/src/libstrongswan/utils/settings.c
+--- strongswan-5.0.4-patched/src/libstrongswan/utils/settings.c	2013-05-01 15:50:51.337560745 -0400
++++ strongswan-5.0.4-current/src/libstrongswan/utils/settings.c	2013-06-18 13:13:27.801428152 -0400
+@@ -940,7 +940,7 @@ static bool parse_file(linked_list_t *co
+ 	{
+ 		if (errno == ENOENT)
+ 		{
+-			DBG2(DBG_LIB, "'%s' does not exist, ignored", file);
++			DBG1(DBG_LIB, "'%s' does not exist, ignored", file);
+ 			return TRUE;
+ 		}
+ 		DBG1(DBG_LIB, "failed to stat '%s': %s", file, strerror(errno));
+@@ -1003,7 +1003,7 @@ static bool parse_files(linked_list_t *c
+ 
+ 	if (!strlen(pattern))
+ 	{
+-		DBG2(DBG_LIB, "empty include pattern, ignored");
++		DBG1(DBG_LIB, "empty include pattern, ignored");
+ 		return TRUE;
+ 	}
+ 
+@@ -1035,7 +1035,7 @@ static bool parse_files(linked_list_t *c
+ 		status = glob(pat, GLOB_ERR, NULL, &buf);
+ 		if (status == GLOB_NOMATCH)
+ 		{
+-			DBG2(DBG_LIB, "no files found matching '%s', ignored", pat);
++			DBG1(DBG_LIB, "no files found matching '%s', ignored", pat);
+ 		}
+ 		else if (status != 0)
+ 		{
diff --git a/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch b/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
new file mode 100644
index 0000000..d58cc00
--- /dev/null
+++ b/strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
@@ -0,0 +1,26 @@
+From 71d740cac68f83c77d981368a4c041eb620310ed Mon Sep 17 00:00:00 2001
+From: Andreas Steffen <andreas.steffen@strongswan.org>
+Date: Fri, 24 May 2013 12:56:21 +0200
+Subject: [PATCH] Make plugins in standalone libimcv configurable
+
+---
+ src/libimcv/imcv.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c
+index 6cee0ad..f9ecf79 100644
+--- a/src/libimcv/imcv.c
++++ b/src/libimcv/imcv.c
+@@ -118,7 +118,8 @@ bool libimcv_init(void)
+ 		openlog("imcv", 0, LOG_DAEMON);
+ 
+ 		if (!lib->plugins->load(lib->plugins, NULL,
+-							"sha1 sha2 random nonce gmp pubkey x509"))
++				lib->settings->get_str(lib->settings, "libimcv.load",
++					"random nonce gmp pubkey x509")))
+ 		{
+ 			library_deinit();
+ 			return FALSE;
+-- 
+1.7.4.1
+
diff --git a/strongswan.spec b/strongswan.spec
index a2e3612..6a2fe20 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -1,6 +1,6 @@
 Name:           strongswan
 Version:        5.0.4
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        An OpenSource IPsec-based VPN Solution
 Group:          System Environment/Daemons
 License:        GPLv2+
@@ -9,6 +9,9 @@ Source0:        http://download.strongswan.org/%{name}-%{version}.tar.bz2
 Patch0:         strongswan-init.patch
 Patch1:         strongswan-pts-ecp-disable.patch
 Patch2:         libstrongswan-plugin.patch
+Patch3:         libstrongswan-settings-debug.patch
+Patch4:         strongswan.git-71d740cac68f83c77d981368a4c041eb620310ed.patch
+Patch5:         libimcv-attestatiom-imv-crash.patch
 BuildRequires:  gmp-devel
 BuildRequires:  libcurl-devel
 BuildRequires:  openldap-devel
@@ -59,6 +62,9 @@ IF-IMC/IMV interface.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 echo "For migration from 4.6 to 5.0 see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1" > README.Fedora
 
@@ -289,6 +295,19 @@ fi
 %endif
 
 %changelog
+* Fri Jun 28 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.4-3
+- Patch to fix a major crash issue when Freeradius loads
+  attestatiom-imv and does not initialize libstrongswan which
+  causes crash due to calls to PTS algorithms probing APIs.
+  So this patch fixes the order of initialization. This issues
+  does not occur with charon because libstrongswan gets
+  initialized earlier.
+- Patch that allows to outputs errors when there are permission
+  issues when accessing strongswan.conf.
+- Patch to make loading of modules configurable when libimcv
+  is used in stand alone mode without charon with freeradius
+  and wpa_supplicant.
+
 * Tue Jun 11 2013 Avesh Agarwal <avagarwa@redhat.com> - 5.0.4-2
 - Enabled TNCCS 1.1 protocol
 - Fixed libxm2-devel build dependency