[Swan-commit] Changes to ref refs/heads/fragmentation

Paul Wouters paul at vault.libreswan.fi
Fri Feb 8 06:14:19 EET 2013 

New commits:
commit 3789f664446e6be4d48099a5b1e380d32be2dc9b
Merge: dc05619 eaeb0a7
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Feb 7 23:14:11 2013 -0500

    Merge branch 'master' into fragmentation

commit eaeb0a735d08e17ae46fb424cb30230190d433a4
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Feb 7 14:21:05 2013 -0500

    * XAUTH: Example file to authenticate against PAM over HTTPS (eg FAS)

commit 0824fa962a9c10d70877350eef82a4a927b579e6
Merge: 648fc1e 6bee4c2
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Feb 7 23:02:28 2013 -0500

    Merge branch 'master' of vault.foobar.fi:/srv/src/libreswan

commit 648fc1eed4decbfe3520f69927e12ad4af34b3e3
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Feb 7 23:01:39 2013 -0500

    * XAUTH: Added xauthfail=hard|soft option
    
    Also some minor fixes of #ifdef XAUTH

commit 2626f3254ff002f6a50f605e9ffb44dd7e537b18
Author: Paul Wouters <pwouters at redhat.com>
Date:   Thu Feb 7 23:01:31 2013 -0500

    * updated changes

commit a32ff76095b100f9c0fdd4e98a15803ffec30866
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Feb 6 16:42:31 2013 -0500

    * pluto: remove unneccessary and incomplete check for msg.xauthby

commit 79a86c3ecf6b10c034164c7645392c6e0b1acf30
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Feb 6 16:41:34 2013 -0500

    * whack: add labeled ipsec options to whack usage

commit 0d059db5cdb639d8f1869a70ab9ad5941b1c1a3f
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Feb 6 16:38:50 2013 -0500

    * pluto: Show labeled IPsec information in ipsec auto --status

commit a7966d0db6311022a69671b4cd46409f6d6f745d
Author: Paul Wouters <pwouters at redhat.com>
Date:   Mon Feb 4 22:44:05 2013 -0500

    * mtustr was capped at 8 chars, not 16
    
    As the compiler wisely told us:
    
    In function ‘snprintf’,
        inlined from ‘show_one_connection’ at /source/programs/pluto/connections.c:3458:10:
    /usr/include/bits/stdio2.h:65:3: warning: call to __builtin___snprintf_chk will always overflow destination buffer [enabled by default]
    
    This cannot be exploited other than by whomever can edit the local ipsec
    config, at which point you can already set leftupdown=/some/script that
    runs as root. Still, not good :/

commit abddae19625495f5de4d8a8e56cbd45ed9a96a22
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Feb 6 16:31:51 2013 -0500

    * plutomain: factor out pluto_init_nss() in static function

commit 967e300896d74986b7d59a45f7f2481418814bd0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Feb 6 16:25:36 2013 -0500

    * X509: Allow CRLs to be on TLS/SSL resources
    
    We were initiating libcurl without SSL support.

More information about the Swan-commit mailing list