Gentoo Archives: gentoo-security

From: Marlon de Boer <marlon@××××××××××××××××××××××.nl>
To: gentoo-security@l.g.o
Subject: [gentoo-security] freeswan patch with gentoo-sources kernel
Date: Thu, 01 Jul 2004 10:48:28
Message-Id: 000901c45f58$de99f910$0300000a@mobilefun
1 I noticed that latest gentoo-sources kernel (gentoo-sources-2.4.26-r3) is
2 still shipped with the 04-01.superFreeSWAN-1.99.8.patch.
3
4 I wanted to upgrade to openswan after the latest exploits in freeswan ([
5 GLSA 200406-20 ] FreeS/WAN, Openswan, strongSwan: Vulnerabilities in
6 certificate handling), so I downloaded the gentoo-sources and patched the
7 kernel with all patches by hand without the freeswan patch.
8
9 Next I patched the kernel for NAT-T support with make nattpatch | (cd
10 /usr/src/linux && patch -p1) and did make KERNELSRC=/usr/src/linux module &&
11 make KERNELSRC=/usr/src/linux minstall in the openswan sources dir which
12 provides a new openswan compatible ipsec.o module.
13
14 So in my opinion the 04-01.superFreeSWAN-1.99.8.patch should be removed from
15 the gentoo-sources and replaced with the NAT-T patch if we are forced to use
16 openswan instead of freeswan.
17
18 Regards,
19
20 Marlon.
21
22
23 --
24 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] freeswan patch with gentoo-sources kernel Kurt Lieber <klieber@g.o>