ocserv: added various patches

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile
index e5a31779b6b60dfcc0fe0d82f90ea32b984fd340..4a30551757206652090e1a43a99375d022c69807 100644 (file)
--- a/net/ocserv/Makefile
+++ b/net/ocserv/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ocserv
 PKG_VERSION:=0.8.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz

diff --git a/net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch b/net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch
new file mode 100644 (file)
index 0000000..783aa2b
--- /dev/null
+++ b/net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch
@@ -0,0 +1,24 @@
+From 9be381859d7c9077ed652a82ec06ef01494d413d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Fri, 8 Aug 2014 12:27:08 +0200
+Subject: [PATCH 01/10] worker: call sigprocmask() prior to entering main loop
+
+---
+ src/worker-vpn.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/worker-vpn.c b/src/worker-vpn.c
+index 1c30f14..55ab375 100644
+--- a/src/worker-vpn.c
++++ b/src/worker-vpn.c
+@@ -1856,6 +1856,7 @@ static int connect_handler(worker_st * ws)
+       bandwidth_init(&ws->b_tx, ws->config->tx_per_sec);
+ 
+       session_info_send(ws);
++      sigprocmask(SIG_BLOCK, &blockset, NULL);
+ 
+       /* worker main loop  */
+       for (;;) {
+-- 
+2.0.0
+

diff --git a/net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch b/net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch
new file mode 100644 (file)
index 0000000..0c5ea02
--- /dev/null
+++ b/net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch
@@ -0,0 +1,26 @@
+From c567a129f4dac88d1b3c4508484a2dffd78e1e5a Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Fri, 22 Aug 2014 11:57:15 +0200
+Subject: [PATCH 06/10] worker: when the UDP socket is updated, update the DTLS
+ session
+
+---
+ src/worker-misc.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/worker-misc.c b/src/worker-misc.c
+index 52be346..bde24d7 100644
+--- a/src/worker-misc.c
++++ b/src/worker-misc.c
+@@ -139,6 +139,8 @@ int handle_worker_commands(struct worker_st *ws)
+                                               close(fd);
+                                               return 0;
+                                       }
++                                      if (ws->dtls_session != NULL)
++                                              gnutls_transport_set_ptr(ws->dtls_session, (gnutls_transport_ptr_t)(long)fd);
+                               } else { /* received client hello */
+                                       ws->udp_state = UP_SETUP;
+                               }
+-- 
+2.0.0
+

diff --git a/net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch b/net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch
new file mode 100644 (file)
index 0000000..c16228a
--- /dev/null
+++ b/net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch
@@ -0,0 +1,76 @@
+From 817f757577ef78bcc19aecf73d6ecf1b11258c82 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Fri, 22 Aug 2014 15:23:16 +0200
+Subject: [PATCH 07/10] after fork restore the default signal mask
+
+---
+ src/main-user.c | 2 ++
+ src/main.c      | 5 +++--
+ src/main.h      | 1 +
+ 3 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/main-user.c b/src/main-user.c
+index bc16e3a..9b57e00 100644
+--- a/src/main-user.c
++++ b/src/main-user.c
+@@ -66,6 +66,8 @@ const char* script;
+               char local[64] = "";
+               char remote[64] = "";
+ 
++              sigprocmask(SIG_SETMASK, &sig_default_set, NULL);
++
+               snprintf(real, sizeof(real), "%u", (unsigned)proc->pid);
+               setenv("ID", real, 1);
+ 
+diff --git a/src/main.c b/src/main.c
+index 8bb3061..a71bde6 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -64,6 +64,7 @@ static unsigned int terminate = 0;
+ static unsigned int reload_conf = 0;
+ unsigned int need_maintenance = 0;
+ static unsigned int need_children_cleanup = 0;
++sigset_t sig_default_set;
+ 
+ static void ms_sleep(unsigned ms)
+ {
+@@ -974,7 +975,7 @@ int main(int argc, char** argv)
+               exit(1);
+       }
+ 
+-      sigprocmask(SIG_BLOCK, &blockset, NULL);
++      sigprocmask(SIG_BLOCK, &blockset, &sig_default_set);
+       alarm(MAINTAINANCE_TIME(s));
+ 
+       for (;;) {
+@@ -1061,6 +1062,7 @@ int main(int argc, char** argv)
+                                       /* close any open descriptors, and erase
+                                        * sensitive data before running the worker
+                                        */
++                                      sigprocmask(SIG_SETMASK, &sig_default_set, NULL);
+                                       close(cmd_fd[0]);
+                                       clear_lists(s);
+ 
+@@ -1096,7 +1098,6 @@ int main(int argc, char** argv)
+                                        * sensitive data have to be overwritten anyway. */
+                                       malloc_trim(0);
+ #endif
+-                                      sigprocmask(SIG_UNBLOCK, &blockset, NULL);
+                                       vpn_server(ws);
+                                       exit(0);
+                               } else if (pid == -1) {
+diff --git a/src/main.h b/src/main.h
+index de3d00c..cf5a0b1 100644
+--- a/src/main.h
++++ b/src/main.h
+@@ -39,6 +39,7 @@
+ 
+ #define COOKIE_KEY_SIZE 16
+ 
++extern sigset_t sig_default_set;
+ int cmd_parser (void *pool, int argc, char **argv, struct cfg_st** config);
+ void reload_cfg_file(void *pool, struct cfg_st* config);
+ void clear_cfg_file(struct cfg_st* config);
+-- 
+2.0.0
+

diff --git a/net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch b/net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch
new file mode 100644 (file)
index 0000000..33f03c6
--- /dev/null
+++ b/net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch
@@ -0,0 +1,25 @@
+diff --git a/src/worker-vpn.c b/src/worker-vpn.c
+index 55ab375..12cd3c8 100644
+--- a/src/worker-vpn.c
++++ b/src/worker-vpn.c
+@@ -1071,9 +1071,20 @@ static int dtls_mainloop(worker_st * ws, struct timespec *tnow)
+ {
+       int ret, l;
+ 
++#if GNUTLS_VERSION_NUMBER <= 0x030210
++      /* work-around an infinite loop caused by gnutls_record_recv()
++       * always succeeding by counting every error as a discarded packet.
++       */
++      ret = gnutls_record_get_discarded(ws->dtls_session);
++      if (ret > 1000) {
++              ws->udp_state = UP_DISABLED;
++              return 0;
++      }
++#endif
+       switch (ws->udp_state) {
+       case UP_ACTIVE:
+       case UP_INACTIVE:
++
+               ret =
+                   tls_recv_nb(ws->dtls_session, ws->buffer, ws->buffer_size);
+               oclog(ws, LOG_TRANSFER_DEBUG,