From: Michael Tremer Date: Wed, 23 Aug 2017 19:03:21 +0000 (+0100) Subject: strongswan: Update to 5.6.0 X-Git-Tag: v2.19-core114~1^2~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c55ec5a49770d5972c62c99499fbd6eef88ded3;p=people%2Fstevee%2Fipfire-2.x.git strongswan: Update to 5.6.0 Fixes CVE-2017-11185: Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with the operation m^e mod n, where m is the signature, and e and n are the exponent and modulus of the public key. The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the calculation results in 0, in which case mpz_export() returns NULL. This result wasn't handled properly causing a null-pointer dereference. Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/core/114/filelists/i586/strongswan-padlock b/config/rootfiles/core/114/filelists/i586/strongswan-padlock new file mode 120000 index 0000000000..2412824fb2 --- /dev/null +++ b/config/rootfiles/core/114/filelists/i586/strongswan-padlock @@ -0,0 +1 @@ +../../../../common/i586/strongswan-padlock \ No newline at end of file diff --git a/config/rootfiles/core/114/filelists/strongswan b/config/rootfiles/core/114/filelists/strongswan new file mode 120000 index 0000000000..90c727e265 --- /dev/null +++ b/config/rootfiles/core/114/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/114/update.sh b/config/rootfiles/core/114/update.sh index b68af03e6e..54a2062304 100644 --- a/config/rootfiles/core/114/update.sh +++ b/config/rootfiles/core/114/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done # Stop services +ipsec stop /etc/init.d/squid stop /etc/init.d/unbound stop @@ -50,6 +51,10 @@ ldconfig /etc/init.d/unbound start /etc/init.d/squid start +if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + ipsec start +fi + # This update need a reboot... touch /var/run/need_reboot diff --git a/lfs/strongswan b/lfs/strongswan index 85c4f2b858..600c012dc5 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@ include Config -VER = 5.5.3 +VER = 5.6.0 THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 4afffe3c219bb2e04f09510905af836b +$(DL_FILE)_MD5 = befb5e827d02433fea6669c20e11530a install : $(TARGET)