From 9ccf25ffb8d85b35eda8a61974fec6f2a22ab8bd Mon Sep 17 00:00:00 2001 From: Kirill Ponomarev Date: Thu, 31 May 2018 12:39:51 +0000 Subject: Update to 5.6.3 Fixes: - Denial-of-Service Vulnerability in the IKEv2 key derivation (CVE-2018-10811) - Denial-of-Service Vulnerability in the stroke plugin (CVE-2018-5388) - Crash on FreeBSD that was present in 5.6.2 - The kernel-pfkey plugin optionally installs routes via internal interface (one with an IP in the local traffic selector). On FreeBSD, enabling this selects the correct source IP when sending packets from the gateway itself. PR: 228631 Submitted by: maintainer --- security/strongswan/Makefile | 3 +-- security/strongswan/distinfo | 6 +++--- ..._sa_ikev2_authenticators_pubkey_authenticator.c | 22 ---------------------- 3 files changed, 4 insertions(+), 27 deletions(-) delete mode 100644 security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c (limited to 'security/strongswan') diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile index 1dad5cadc468..fd52297d3e6a 100644 --- a/security/strongswan/Makefile +++ b/security/strongswan/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= strongswan -PORTVERSION= 5.6.2 -PORTREVISION= 1 +PORTVERSION= 5.6.3 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo index 5d4cd46d2965..4cbb29d5ad54 100644 --- a/security/strongswan/distinfo +++ b/security/strongswan/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1519043301 -SHA256 (strongswan-5.6.2.tar.bz2) = e0a60a30ebf3c534c223559e1686497a21ded709a5d605c5123c2f52bcc22e92 -SIZE (strongswan-5.6.2.tar.bz2) = 4977859 +TIMESTAMP = 1527575366 +SHA256 (strongswan-5.6.3.tar.bz2) = c3c7dc8201f40625bba92ffd32eb602a8909210d8b3fac4d214c737ce079bf24 +SIZE (strongswan-5.6.3.tar.bz2) = 4961579 diff --git a/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c b/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c deleted file mode 100644 index 722a2b8ceb0b..000000000000 --- a/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c +++ /dev/null @@ -1,22 +0,0 @@ ---- src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c.orig -+++ src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c -@@ -164,7 +164,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, - signature_scheme_t schemes[] = { - SIGN_RSA_EMSA_PKCS1_SHA2_384, - SIGN_RSA_EMSA_PKCS1_SHA2_256, -- }, contained; -+ }; - bool found; - int i, j; - -@@ -174,8 +174,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, - found = FALSE; - for (j = 0; j < array_count(selected); j++) - { -- array_get(selected, j, &contained); -- if (scheme == contained) -+ array_get(selected, j, &config); -+ if (scheme == config->scheme) - { - found = TRUE; - break; -- cgit v1.2.3