From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] strongswan: add upstream security patch
Date: Sun, 30 Sep 2018 22:12:15 +0200 [thread overview]
Message-ID: <20180930201215.21652-1-peter@korsgaard.com> (raw)
Fixes the following security issues:
CVE-2018-16151: The OID parser in the ASN.1 code in gmp allows any number of
random bytes after a valid OID.
CVE-2018-16152: The algorithmIdentifier parser in the ASN.1 code in gmp
doesn't enforce a NULL value for the optional parameter which is not used
with any PKCS#1 algorithm.
For more details, see the advisory:
https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/strongswan/strongswan.hash | 1 +
package/strongswan/strongswan.mk | 2 ++
2 files changed, 3 insertions(+)
diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash
index 9a800572d7..abbdbc2bf1 100644
--- a/package/strongswan/strongswan.hash
+++ b/package/strongswan/strongswan.hash
@@ -3,5 +3,6 @@ md5 a6a28eeb22aa58080a7581771a5b63f9 strongswan-5.6.3.tar.bz2
# Calculated based on the hash above
sha256 c3c7dc8201f40625bba92ffd32eb602a8909210d8b3fac4d214c737ce079bf24 strongswan-5.6.3.tar.bz2
# Locally calculated
+sha256 e66c243593ee0713f5fd13bcd7f624bc50eebc54bf87f790ced429ff698077e7 strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
sha256 2292e21797754548dccdef9eef6aee7584e552fbd890fa914e1de8d3577d23f0 LICENSE
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index 632a742e9c..cdbbd552a7 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -7,6 +7,8 @@
STRONGSWAN_VERSION = 5.6.3
STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
STRONGSWAN_SITE = http://download.strongswan.org
+STRONGSWAN_PATCH = \
+ $(STRONGSWAN_SITE)/patches/27_gmp_pkcs1_verify_patch/strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch
STRONGSWAN_LICENSE = GPL-2.0+
STRONGSWAN_LICENSE_FILES = COPYING LICENSE
STRONGSWAN_DEPENDENCIES = host-pkgconf
--
2.11.0
next reply other threads:[~2018-09-30 20:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-30 20:12 Peter Korsgaard [this message]
2018-10-01 12:31 ` [Buildroot] [PATCH] strongswan: add upstream security patch Peter Korsgaard
2018-10-05 19:59 ` Peter Korsgaard
-- strict thread matches above, loose matches on Subject: below --
2017-09-07 15:26 Peter Korsgaard
2017-09-08 9:14 ` Peter Korsgaard
2017-09-18 7:47 ` Peter Korsgaard
2017-10-16 21:51 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180930201215.21652-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.