packages/libreswan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!48 Update to 4.11 for fix CVE-2023-30570

Browse Source 
From: @wk333 
Reviewed-by: @wu-leilei 
Signed-off-by: @wu-leilei
This commit is contained in:
openeuler-ci-bot 2023-05-31 03:06:22 +00:00 committed by Gitee
commit 8d47b8523a
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 8 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CVE-2022-23094.patch
View File

@ -1,26 +0,0 @@
diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 9f4847874d..f7413f3594 100644
--- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2103,7 +2103,9 @@ void process_packet_tail(struct msg_digest *md)
diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
&pd->payload, sizeof(pd->payload), &pd->pbs);
if (d != NULL) {
- llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+ llog_diag(RC_LOG,
+ st != NULL ? st->st_logger : md->md_logger,
+ &d, "%s", "");
LOG_PACKET(RC_LOG_SERIOUS,
"%smalformed payload in packet",
excuse);
@@ -2172,7 +2174,9 @@ void process_packet_tail(struct msg_digest *md)
&pd->payload, sizeof(pd->payload),
&pd->pbs);
if (d != NULL) {
- llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+ llog_diag(RC_LOG,
+ st != NULL ? st->st_logger : md->md_logger,
+ &d, "%s", "");
LOG_PACKET(RC_LOG_SERIOUS,
"%smalformed payload in packet",
excuse);

16
CVE-2023-23009.patch
View File

@ -1,16 +0,0 @@
diff --git a/programs/pluto/ikev2_ts.c b/programs/pluto/ikev2_ts.c
index 3f7519ca38..f06c40ba46 100644
--- a/programs/pluto/ikev2_ts.c
+++ b/programs/pluto/ikev2_ts.c
@@ -437,6 +437,11 @@ static bool v2_parse_tss(struct payload_digest *const ts_pd,
d = pbs_in_struct(&ts_pd->pbs, &ikev2_ts_header_desc,
&ts_h, sizeof(ts_h), &ts_body_pbs);
+ if (d != NULL) {
+ llog_diag(RC_LOG, logger, &d, "%s", "");
+ return false;
+ }
+
switch (ts_h.isath_type) {
case IKEv2_TS_IPV4_ADDR_RANGE:
case IKEv2_TS_IPV6_ADDR_RANGE:

BIN
libreswan-4.11.tar.gz Normal file
View File

Binary file not shown.

BIN
libreswan-4.5.tar.gz
View File

Binary file not shown.

14
libreswan.spec
View File

@ -25,8 +25,8 @@
Name: libreswan Name: libreswan
Summary: IKE implementation for IPsec with IKEv1 and IKEv2 support Summary: IKE implementation for IPsec with IKEv1 and IKEv2 support
Version: 4.5 Version: 4.11
Release: 3 Release: 1
License: GPLv2 License: GPLv2
Url: https://libreswan.org/ Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{name}-%{version}.tar.gz Source0: https://download.libreswan.org/%{name}-%{version}.tar.gz
@ -34,10 +34,6 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
Source4: openeuler-libreswan-sysctl.conf Source4: openeuler-libreswan-sysctl.conf
#https://libreswan.org/security/CVE-2022-23094/
Patch0: CVE-2022-23094.patch
#https://libreswan.org/security/CVE-2023-23009/
Patch1: CVE-2023-23009.patch
BuildRequires: audit-libs-devel BuildRequires: audit-libs-devel
@ -108,6 +104,9 @@ sed -i '/config setup/a\\t# Specifies a directory forNSS database files\n\tnssdi
sed -i '/ipsec --checknss/s/$/ --nssdir \/etc\/ipsec.d/' ./initsystems/systemd/ipsec.service.in sed -i '/ipsec --checknss/s/$/ --nssdir \/etc\/ipsec.d/' ./initsystems/systemd/ipsec.service.in
linux_variant=`sed -n -e 's/"//g' -e 's/^ID_LIKE=//p' -e 's/^ID=//p' /etc/os-release`
sed -i "s/filter fedora/filter fedora $linux_variant/" mk/defaults/linux.mk
%build %build
make %{?_smp_mflags} \ make %{?_smp_mflags} \
OPTIMIZE_CFLAGS="%{optflags}" \ OPTIMIZE_CFLAGS="%{optflags}" \
@ -192,6 +191,9 @@ certutil -N -d sql:$tmpdir --empty-password
%attr(0644,root,root) %doc %{_mandir}/*/* %attr(0644,root,root) %doc %{_mandir}/*/*
%changelog %changelog
* Tue May 30 2023 wangkai <13474090681@163.com> - 4.11-1
- Update to 4.11 for fix CVE-2023-30570
* Tue Mar 07 2023 yaoxin <yaoxin30@h-partners.com> - 4.5-3 * Tue Mar 07 2023 yaoxin <yaoxin30@h-partners.com> - 4.5-3
- Fix CVE-2023-23009 - Fix CVE-2023-23009