From c1e49cd3e92dc14562e10d8115f77d750d1c9b92 Mon Sep 17 00:00:00 2001
From: Denis Silakov <dsilakov@virtuozzo.com>
Date: Fri, 15 Mar 2019 18:07:26 +0300
Subject: [PATCH] Updated to 5.7.2 with CVE-2018-5388 patch

---
 .abf.yml                             |  4 +++-
 strongswan-5.6.0-uintptr_t.patch     | 12 ++++++++++++
 strongswan-5.6.2-CVE-2018-5388.patch | 15 +++++++++++++++
 strongswan.spec                      |  7 +++++--
 4 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 strongswan-5.6.0-uintptr_t.patch
 create mode 100644 strongswan-5.6.2-CVE-2018-5388.patch

diff --git a/.abf.yml b/.abf.yml
index 6b75c64..10d2e69 100644
--- a/.abf.yml
+++ b/.abf.yml
@@ -1,2 +1,4 @@
-sources:
+removed_sources:
   strongswan-5.6.0.tar.bz2: 97c1658791a13776c5d588649c2c8304f51f2a9f
+sources:
+  strongswan-5.7.2.tar.bz2: 307d4d7c7d5cf6e904b85ec735cb8eefc33bb9c2
diff --git a/strongswan-5.6.0-uintptr_t.patch b/strongswan-5.6.0-uintptr_t.patch
new file mode 100644
index 0000000..dbf90aa
--- /dev/null
+++ b/strongswan-5.6.0-uintptr_t.patch
@@ -0,0 +1,12 @@
+diff -Naur strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h
+--- strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h	2017-08-14 02:48:41.000000000 -0400
++++ strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h	2017-09-12 01:15:29.690527667 -0400
+@@ -14,6 +14,8 @@
+  * for more details.
+  */
+ 
++#include <stdint.h> /* for uintptr_t */
++
+ /**
+  * @defgroup memory_i memory
+  * @{ @ingroup utils_i
diff --git a/strongswan-5.6.2-CVE-2018-5388.patch b/strongswan-5.6.2-CVE-2018-5388.patch
new file mode 100644
index 0000000..e932fe2
--- /dev/null
+++ b/strongswan-5.6.2-CVE-2018-5388.patch
@@ -0,0 +1,15 @@
+diff -Naur strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c
+--- strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c	2017-11-09 10:57:30.000000000 -0500
++++ strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c	2018-05-24 00:00:32.382953618 -0400
+@@ -628,6 +628,11 @@
+ 		return FALSE;
+ 	}
+ 
++	if (len < offsetof(stroke_msg_t, buffer))
++	{
++		DBG1(DBG_CFG, "invalid stroke message length %d", len);
++		return FALSE;
++	}
+ 	/* read message (we need an additional byte to terminate the buffer) */
+ 	msg = malloc(len + 1);
+ 	msg->length = len;
diff --git a/strongswan.spec b/strongswan.spec
index 959c6ab..a2730e3 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -5,12 +5,14 @@
 
 Summary:	IPSEC implementation
 Name:		strongswan
-Version:	5.6.0
+Version:	5.7.2
 Release:	1
 License:	GPLv2+
 Group:		System/Servers
 Url:		https://www.strongswan.org/
 Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
+Patch1:         strongswan-5.6.0-uintptr_t.patch
+Patch3:         strongswan-5.6.2-CVE-2018-5388.patch
 Source100:	%{name}.rpmlintrc
 BuildRequires:	gettext-devel
 BuildRequires:	gmp-devel >= 4.1.4
@@ -215,7 +217,8 @@ implementation possessing a standard IF-IMC/IMV interface.
 
 %prep
 %setup -q
-#apply_patches
+%patch1 -p1
+%patch3 -p1
 
 %build
 libtoolize --install --copy --force --automake