FreeBSD Bugzilla – Attachment 246891 Details for
Bug 275620
security/strongswan: Update to 5.9.13
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/strongswan: Update to 5.9.13
strongswan.patch (text/plain), 2.82 KB, created by
Jose Luis Duran
on 2023-12-08 03:54:33 UTC
(
hide
)
Description:
security/strongswan: Update to 5.9.13
Filename:
MIME Type:
Creator:
Jose Luis Duran
Created:
2023-12-08 03:54:33 UTC
Size:
2.82 KB
patch
obsolete
>diff --git Makefile Makefile >index c7972b9..b6bf781 100644 >--- Makefile >+++ Makefile >@@ -1,11 +1,8 @@ > PORTNAME= strongswan >-DISTVERSION= 5.9.11 >-PORTREVISION= 3 >+DISTVERSION= 5.9.13 > CATEGORIES= security net-vpn > MASTER_SITES= https://download.strongswan.org/ \ > https://download2.strongswan.org/ >-PATCH_SITES= https://github.com/strongswan/strongswan/commit/ >-PATCHFILES= a619356b5f21bfe3c13f1576eb1d16c015532ceb.patch:-p1 > > MAINTAINER= strongswan@nanoteq.com > COMMENT= Open Source IKEv2 IPsec-based VPN solution >diff --git distinfo distinfo >index 1cccf53..b243475 100644 >--- distinfo >+++ distinfo >@@ -1,5 +1,3 @@ >-TIMESTAMP = 1690493412 >-SHA256 (strongswan-5.9.11.tar.bz2) = ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d >-SIZE (strongswan-5.9.11.tar.bz2) = 4786552 >-SHA256 (a619356b5f21bfe3c13f1576eb1d16c015532ceb.patch) = 31ba77932b88b611f1f1d54478b7d3a024f40e0bcea0b3249f2d62274e1df19f >-SIZE (a619356b5f21bfe3c13f1576eb1d16c015532ceb.patch) = 3344 >+TIMESTAMP = 1702006969 >+SHA256 (strongswan-5.9.13.tar.bz2) = 56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55 >+SIZE (strongswan-5.9.13.tar.bz2) = 4825644 >diff --git files/patch-src_swanctl_charon-tkm_src_tkm_tkm_diffie_hellman.c files/patch-src_swanctl_charon-tkm_src_tkm_tkm_diffie_hellman.c >deleted file mode 100644 >index f70c024..0000000 >--- files/patch-src_swanctl_charon-tkm_src_tkm_tkm_diffie_hellman.c >+++ /dev/null >@@ -1,42 +0,0 @@ >-From 027421cbd2e6e628f5f959c74d722afadc477485 Mon Sep 17 00:00:00 2001 >-From: Tobias Brunner <tobias@strongswan.org> >-Date: Tue, 11 Jul 2023 12:12:25 +0200 >-Subject: [PATCH] charon-tkm: Validate DH public key to fix potential buffer >- overflow >- >-Seems this was forgotten in the referenced commit and actually could lead >-to a buffer overflow. Since charon-tkm is untrusted this isn't that >-much of an issue but could at least be easily exploited for a DoS attack >-as DH public values are set when handling IKE_SA_INIT requests. >- >-Fixes: 0356089d0f94 ("diffie-hellman: Verify public DH values in backends") >-Fixes: CVE-2023-41913 >---- >- src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 7 ++++++- >- 1 file changed, 6 insertions(+), 1 deletion(-) >- >-diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c >-index 2b2d103d03e9..6999ad360d7e 100644 >---- src/charon-tkm/src/tkm/tkm_diffie_hellman.c >-+++ src/charon-tkm/src/tkm/tkm_diffie_hellman.c >-@@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool, >- return TRUE; >- } >- >-- >- METHOD(key_exchange_t, set_public_key, bool, >- private_tkm_diffie_hellman_t *this, chunk_t value) >- { >- dh_pubvalue_type othervalue; >-+ >-+ if (!key_exchange_verify_pubkey(this->group, value) || >-+ value.len > sizeof(othervalue.data)) >-+ { >-+ return FALSE; >-+ } >- othervalue.size = value.len; >- memcpy(&othervalue.data, value.ptr, value.len); >- >--- >-2.34.1 >-
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=246891">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 275620
:
246891
|
246933