Updated to 5.7.2 with CVE-2018-5388 patch

2025-02-23 14:02:51 +00:00 · 2019-03-15 18:07:26 +03:00 · 2019-03-15 18:07:26 +03:00 · c1e49cd3e9
commit c1e49cd3e9
parent f742a55ad3
4 changed files with 35 additions and 3 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,2 +1,4 @@
-sources:
+removed_sources:
  strongswan-5.6.0.tar.bz2: 97c1658791a13776c5d588649c2c8304f51f2a9f
+sources:
+  strongswan-5.7.2.tar.bz2: 307d4d7c7d5cf6e904b85ec735cb8eefc33bb9c2
--- a/strongswan-5.6.0-uintptr_t.patch
+++ b/strongswan-5.6.0-uintptr_t.patch
@ -0,0 +1,12 @@
+diff -Naur strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h
+--- strongswan-5.6.0-orig/src/libstrongswan/utils/utils/memory.h	2017-08-14 02:48:41.000000000 -0400
+++ strongswan-5.6.0/src/libstrongswan/utils/utils/memory.h	2017-09-12 01:15:29.690527667 -0400
+@@ -14,6 +14,8 @@
+  * for more details.
+  */
+ 
+#include <stdint.h> /* for uintptr_t */
+
+ /**
+  * @defgroup memory_i memory
+  * @{ @ingroup utils_i
--- a/strongswan-5.6.2-CVE-2018-5388.patch
+++ b/strongswan-5.6.2-CVE-2018-5388.patch
@ -0,0 +1,15 @@
+diff -Naur strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c
+--- strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c	2017-11-09 10:57:30.000000000 -0500
+++ strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c	2018-05-24 00:00:32.382953618 -0400
+@@ -628,6 +628,11 @@
+ 		return FALSE;
+ 	}
+ 
+	if (len < offsetof(stroke_msg_t, buffer))
+	{
+		DBG1(DBG_CFG, "invalid stroke message length %d", len);
+		return FALSE;
+	}
+ 	/* read message (we need an additional byte to terminate the buffer) */
+ 	msg = malloc(len + 1);
+ 	msg->length = len;
--- a/strongswan.spec
+++ b/strongswan.spec
@ -5,12 +5,14 @@

 Summary:	IPSEC implementation
 Name:		strongswan
-Version:	5.6.0
+Version:	5.7.2
 Release:	1
 License:	GPLv2+
 Group:		System/Servers
 Url:		https://www.strongswan.org/
 Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
+Patch1:         strongswan-5.6.0-uintptr_t.patch
+Patch3:         strongswan-5.6.2-CVE-2018-5388.patch
 Source100:	%{name}.rpmlintrc
 BuildRequires:	gettext-devel
 BuildRequires:	gmp-devel >= 4.1.4
@ -215,7 +217,8 @@ implementation possessing a standard IF-IMC/IMV interface.

 %prep
 %setup -q
-#apply_patches
+%patch1 -p1
+%patch3 -p1

 %build
 libtoolize --install --copy --force --automake