Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=5d4f4759c38fccfa5152930633eb9671c9f07494
commit 5d4f4759c38fccfa5152930633eb9671c9f07494 Author: kikadf <[email protected]> Date: Wed May 7 14:39:35 2014 +0200 strongswan-5.0.1-2arcturus2-x86_64 * Fix CVE-2014-2891 diff --git a/source/network-extra/strongswan/CVE-2014-2891.patch b/source/network-extra/strongswan/CVE-2014-2891.patch new file mode 100644 index 0000000..6769ed7 --- /dev/null +++ b/source/network-extra/strongswan/CVE-2014-2891.patch @@ -0,0 +1,23 @@ +From 4609d5384c187aef2e58f91f53f5889f25faeaeb Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <[email protected]> +Date: Thu, 24 Apr 2014 17:04:10 +0200 +Subject: [PATCH] asn1: Properly check length in asn1_unwrap() + +Fixes CVE-2014-2891 in strongSwan releases 4.3.3-5.1.1. +--- + src/libstrongswan/asn1/asn1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c +index d860ad9..9a5f5c5 100644 +--- a/src/libstrongswan/asn1/asn1.c ++++ b/src/libstrongswan/asn1/asn1.c +@@ -296,7 +296,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) + else + { /* composite length, determine number of length octets */ + len &= 0x7f; +- if (len == 0 || len > sizeof(res.len)) ++ if (len == 0 || len > blob->len || len > sizeof(res.len)) + { + return ASN1_INVALID; + } diff --git a/source/network-extra/strongswan/FrugalBuild b/source/network-extra/strongswan/FrugalBuild index ae564f3..e9dd6d9 100644 --- a/source/network-extra/strongswan/FrugalBuild +++ b/source/network-extra/strongswan/FrugalBuild @@ -1,9 +1,10 @@ # Compiling Time: 1.01 SBU +# Contributor: kikadf <[email protected]> # Maintainer: Miklos Vajna <[email protected]> pkgname=strongswan pkgver=5.0.1 -pkgrel=2arcturus1 +pkgrel=2arcturus2 pkgdesc="the OpenSource IPsec-based VPN Solution for Linux" url="http://www.strongswan.org/"; depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite3') @@ -19,8 +20,9 @@ Finclude systemd # FSA fix *** source=(${source[@]} CVE-2013-5018.patch CVE-2013-6075.patch CVE-2014-2338.patch - strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch) -signatures=(${signatures} '' '' '' '') + strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch + CVE-2014-2891.patch) +signatures=(${signatures} '' '' '' '' '') # *********** build() _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
