Djam/strongswan
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/strongswan.git synced 2025-02-23 14:02:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated to 5.7.2 with CVE-2018-5388 patch

Browse source
This commit is contained in:
Denis Silakov 2019-03-15 18:07:26 +03:00
parent f742a55ad3
commit c1e49cd3e9
4 changed files with 35 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.abf.yml
View file

@ -1,2 +1,4 @@
sources: removed_sources:
strongswan-5.6.0.tar.bz2: 97c1658791a13776c5d588649c2c8304f51f2a9f strongswan-5.6.0.tar.bz2: 97c1658791a13776c5d588649c2c8304f51f2a9f
sources:
strongswan-5.7.2.tar.bz2: 307d4d7c7d5cf6e904b85ec735cb8eefc33bb9c2

12
strongswan-5.6.0-uintptr_t.patch Normal file
View file

@ -0,0 +1,12 @@
diff -Naur strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h
--- strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h 2017-08-14 02:48:41.000000000 -0400
+++ strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h 2017-09-12 01:15:29.690527667 -0400
@@ -14,6 +14,8 @@
* for more details.
*/
+#include <stdint.h> /* for uintptr_t */
+
/**
* @defgroup memory_i memory
* @{ @ingroup utils_i

15
strongswan-5.6.2-CVE-2018-5388.patch Normal file
View file

@ -0,0 +1,15 @@
diff -Naur strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c
--- strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c 2017-11-09 10:57:30.000000000 -0500
+++ strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c 2018-05-24 00:00:32.382953618 -0400
@@ -628,6 +628,11 @@
return FALSE;
}
+ if (len < offsetof(stroke_msg_t, buffer))
+ {
+ DBG1(DBG_CFG, "invalid stroke message length %d", len);
+ return FALSE;
+ }
/* read message (we need an additional byte to terminate the buffer) */
msg = malloc(len + 1);
msg->length = len;

7
strongswan.spec
View file

@ -5,12 +5,14 @@
Summary: IPSEC implementation Summary: IPSEC implementation
Name: strongswan Name: strongswan
Version: 5.6.0 Version: 5.7.2
Release: 1 Release: 1
License: GPLv2+ License: GPLv2+
Group: System/Servers Group: System/Servers
Url: https://www.strongswan.org/ Url: https://www.strongswan.org/
Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2 Source0: http://download.strongswan.org/%{name}-%{version}.tar.bz2
Patch1: strongswan-5.6.0-uintptr_t.patch
Patch3: strongswan-5.6.2-CVE-2018-5388.patch
Source100: %{name}.rpmlintrc Source100: %{name}.rpmlintrc
BuildRequires: gettext-devel BuildRequires: gettext-devel
BuildRequires: gmp-devel >= 4.1.4 BuildRequires: gmp-devel >= 4.1.4
@ -215,7 +217,8 @@ implementation possessing a standard IF-IMC/IMV interface.
%prep %prep
%setup -q %setup -q
#apply_patches %patch1 -p1
%patch3 -p1
%build %build
libtoolize --install --copy --force --automake libtoolize --install --copy --force --automake