From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] strongswan: add upstream security patch
Date: Thu, 7 Sep 2017 17:26:55 +0200 [thread overview]
Message-ID: <20170907152655.23933-1-peter@korsgaard.com> (raw)
Fixes CVE-2017-11185: The gmp plugin in strongSwan before 5.6.0 allows
remote attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a crafted RSA signature.
For more details, see
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html
While we're at it, add hashes for the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/strongswan/strongswan.hash | 3 +++
package/strongswan/strongswan.mk | 3 ++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash
index cbc4e3857a..820c712843 100644
--- a/package/strongswan/strongswan.hash
+++ b/package/strongswan/strongswan.hash
@@ -5,3 +5,6 @@ sha256 f8288faaea6a9cd8a7d413c0b76b7922be5da3dfcd01fd05cb30d2c55d3bbe89 strongsw
# Locally calculated
sha256 f5ba7f46cf7ae81dd81bc86f9e4cfa0c5c7c6987149b3bc9c0b8bf08598a1063 strongswan-4.4.0-5.5.2_gmp_mpz_powm_sec.patch
sha256 03db8c7a4133e877e8992e155c046dd27ec4810d50f239abf55595f0280caf31 strongswan-5.0.0-5.5.2_asn1_choice.patch
+sha256 c80e02c9a5eeaf10f0a8bdde3be6375dd2833e515af03dad3a700e93c4fd041a strongswan-4.4.0-5.5.3_gmp_mpz_export.patch
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
+sha256 2292e21797754548dccdef9eef6aee7584e552fbd890fa914e1de8d3577d23f0 LICENSE
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index 1070eeaf8b..30bbc6c852 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -9,7 +9,8 @@ STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
STRONGSWAN_SITE = http://download.strongswan.org
STRONGSWAN_PATCH = \
$(STRONGSWAN_SITE)/patches/21_gmp_mpz_powm_sec_patch/strongswan-4.4.0-5.5.2_gmp_mpz_powm_sec.patch \
- $(STRONGSWAN_SITE)/patches/22_asn1_choice_patch/strongswan-5.0.0-5.5.2_asn1_choice.patch
+ $(STRONGSWAN_SITE)/patches/22_asn1_choice_patch/strongswan-5.0.0-5.5.2_asn1_choice.patch \
+ $(STRONGSWAN_SITE)/patches/23_gmp_mpz_export_patch/strongswan-4.4.0-5.5.3_gmp_mpz_export.patch
STRONGSWAN_LICENSE = GPL-2.0+
STRONGSWAN_LICENSE_FILES = COPYING LICENSE
STRONGSWAN_DEPENDENCIES = host-pkgconf
--
2.11.0
next reply other threads:[~2017-09-07 15:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 15:26 Peter Korsgaard [this message]
2017-09-08 9:14 ` [Buildroot] [PATCH] strongswan: add upstream security patch Peter Korsgaard
2017-09-18 7:47 ` Peter Korsgaard
2017-10-16 21:51 ` Peter Korsgaard
-- strict thread matches above, loose matches on Subject: below --
2018-09-30 20:12 Peter Korsgaard
2018-10-01 12:31 ` Peter Korsgaard
2018-10-05 19:59 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170907152655.23933-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.