[Pkg-swan-devel] [strongswan] 04/05: backport two upstream patches for n-m-strongswan 1.4

Yves-Alexis Perez corsac at moszumanska.debian.org
Sun Sep 18 12:11:11 UTC 2016 

This is an automated email from the git hooks/post-receive script.

corsac pushed a commit to branch master
in repository strongswan.

commit 28981b4878c9847bd57ba587622353ffec81cc05
Author: Yves-Alexis Perez <corsac at debian.org>
Date:   Sun Sep 18 13:30:44 2016 +0200

    backport two upstream patches for n-m-strongswan 1.4
---
 debian/changelog                                   |  3 +
 .../05_network-manager-strongswan-1.4.patch        | 72 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 76 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 9dafcdb..74507cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,9 @@ strongswan (5.5.0-2) UNRELEASED; urgency=medium
   * debian/control:
     - update debhelper dependency to a version which supports dbgsym
       migration.
+  * debian/patches:
+    - 05_network-manager-strongswan-1.4 added, backport two upstream patches
+      to support network-manager-strongswan 1.4 in charon-nm.   closes: #838194
 
  -- Yves-Alexis Perez <corsac at debian.org>  Mon, 22 Aug 2016 16:09:44 +0200
 
diff --git a/debian/patches/05_network-manager-strongswan-1.4.patch b/debian/patches/05_network-manager-strongswan-1.4.patch
new file mode 100644
index 0000000..6d5bb35
--- /dev/null
+++ b/debian/patches/05_network-manager-strongswan-1.4.patch
@@ -0,0 +1,72 @@
+From 9e74a0952e27e3ac0055b0831919aaddfef1e1b5 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Mon, 5 Sep 2016 10:54:07 +0200
+Subject: [PATCH] nm: Enforce min. length for PSKs in backend
+
+---
+ src/charon-nm/nm/nm_service.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
+index 5991c24..c0c78ef 100644
+--- a/src/charon-nm/nm/nm_service.c
++++ b/src/charon-nm/nm/nm_service.c
+@@ -428,6 +428,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
+ 		{
+ 			user = identification_create_from_string((char*)str);
+ 			str = nm_setting_vpn_get_secret(vpn, "password");
++			if (auth_class == AUTH_CLASS_PSK &&
++				strlen(str) < 20)
++			{
++				g_set_error(err, NM_VPN_PLUGIN_ERROR,
++							NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS,
++							"pre-shared key is too short.");
++				gateway->destroy(gateway);
++				user->destroy(user);
++				return FALSE;
++			}
+ 			priv->creds->set_username_password(priv->creds, user, (char*)str);
+ 		}
+ 	}
+-- 
+1.9.1
+
+From f201d86debb12731b634625a0278e289e3e05e10 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Mon, 5 Sep 2016 14:34:07 +0200
+Subject: [PATCH] nm: Pass external gateway to NM
+
+This seems to be required by newer versions.
+---
+ src/charon-nm/nm/nm_service.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
+index c0c78ef..0fe10e0 100644
+--- a/src/charon-nm/nm/nm_service.c
++++ b/src/charon-nm/nm/nm_service.c
+@@ -88,12 +88,19 @@ static void signal_ipv4_config(NMVPNPlugin *plugin,
+ 	GValue *val;
+ 	GHashTable *config;
+ 	enumerator_t *enumerator;
+-	host_t *me;
++	host_t *me, *other;
+ 	nm_handler_t *handler;
+ 
+ 	config = g_hash_table_new(g_str_hash, g_str_equal);
+ 	handler = priv->handler;
+ 
++	/* NM apparently requires to know the gateway */
++	val = g_slice_new0 (GValue);
++	g_value_init (val, G_TYPE_UINT);
++	other = ike_sa->get_other_host(ike_sa);
++	g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr);
++	g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val);
++
+ 	/* NM requires a tundev, but netkey does not use one. Passing the physical
+ 	 * interface does not work, as NM fiddles around with it. So we pass a dummy
+ 	 * TUN device along for NM to play with... */
+-- 
+1.9.1
+
+
\ No newline at end of file
diff --git a/debian/patches/series b/debian/patches/series
index 6d7cc1d..dee08f6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 01_fix-manpages.patch
 03_systemd-service.patch
 04_disable-libtls-tests.patch
+05_network-manager-strongswan-1.4.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git

More information about the Pkg-swan-devel mailing list