packages/libreswan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:1065d04785191f27a1fabbb4067f7efc872b65f0
Branches Tags
packages:main
...
compare: packages:e2c8375e4b2bc941deb70ef7115def526a10c42c
Branches Tags
packages:main

10 Commits
1065d04785 ... e2c8375e4b

Author SHA1 Message Date
openeuler-ci-bot
e2c8375e4b
!85 [sync] PR-81: Update to 4.15 for fix CVE-2024-3652 
From: @openeuler-sync-bot 
Reviewed-by: @wu-leilei 
Signed-off-by: @wu-leilei
 2024-04-30 06:25:33 +00:00
wk333
431431ea7d Update to 4.15 for fix CVE-2024-3652 
(cherry picked from commit a7f6da2116e03096919b17222d3db4b5903c1e39)
 2024-04-30 10:59:24 +08:00
openeuler-ci-bot
4af8904d79
!73 [sync] PR-68: Upgrade to 4.14 for fix CVE-2024-2357 
From: @openeuler-sync-bot 
Reviewed-by: @wu-leilei 
Signed-off-by: @wu-leilei
 2024-03-20 01:38:41 +00:00
starlet-dx
5007a8d668 Upgrade to 4.14 for fix CVE-2024-2357 
(cherry picked from commit 48f9ac2c82c07b69073a1302a9a09af26cccf987)
 2024-03-12 11:01:26 +08:00
openeuler-ci-bot
8cfb47d7fd
!56 Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712 
From: @fundawang 
Reviewed-by: @wu-leilei 
Signed-off-by: @wu-leilei
 2023-08-14 08:07:08 +00:00
Funda Wang
0dffdaf40c 4.12 2023-08-12 20:24:26 +08:00
openeuler-ci-bot
8d47b8523a
!48 Update to 4.11 for fix CVE-2023-30570 
From: @wk333 
Reviewed-by: @wu-leilei 
Signed-off-by: @wu-leilei
 2023-05-31 03:06:22 +00:00
wk333
42a7c4aa84 Update to 4.11 for fix CVE-2023-30570 2023-05-30 20:08:16 +08:00
openeuler-ci-bot
19ed4a8452
!43 Fix CVE-2023-23009 
From: @starlet-dx 
Reviewed-by: @wu-leilei 
Signed-off-by: @wu-leilei
 2023-03-07 06:52:26 +00:00
starlet-dx
aadc9420b1 Fix CVE-2023-23009 2023-03-07 14:04:56 +08:00
4 changed files with 25 additions and 32 deletions
Show Stats Expand all files Collapse all files

26
CVE-2022-23094.patch
View File

@ -1,26 +0,0 @@
diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 9f4847874d..f7413f3594 100644
--- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2103,7 +2103,9 @@ void process_packet_tail(struct msg_digest *md)
diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
&pd->payload, sizeof(pd->payload), &pd->pbs);
if (d != NULL) {
- llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+ llog_diag(RC_LOG,
+ st != NULL ? st->st_logger : md->md_logger,
+ &d, "%s", "");
LOG_PACKET(RC_LOG_SERIOUS,
"%smalformed payload in packet",
excuse);
@@ -2172,7 +2174,9 @@ void process_packet_tail(struct msg_digest *md)
&pd->payload, sizeof(pd->payload),
&pd->pbs);
if (d != NULL) {
- llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+ llog_diag(RC_LOG,
+ st != NULL ? st->st_logger : md->md_logger,
+ &d, "%s", "");
LOG_PACKET(RC_LOG_SERIOUS,
"%smalformed payload in packet",
excuse);

BIN
libreswan-4.15.tar.gz Normal file
View File

Binary file not shown.

BIN
libreswan-4.5.tar.gz
View File

Binary file not shown.

31
libreswan.spec
View File

@ -1,4 +1,4 @@
%global nss_version 3.44.0-8 %global nss_version 3.52
%global unbound_version 1.6.6 %global unbound_version 1.6.6
%global libreswan_config \\\ %global libreswan_config \\\
SHELL_BINARY=/usr/bin/sh \\\ SHELL_BINARY=/usr/bin/sh \\\
@ -25,17 +25,15 @@
Name: libreswan Name: libreswan
Summary: IKE implementation for IPsec with IKEv1 and IKEv2 support Summary: IKE implementation for IPsec with IKEv1 and IKEv2 support
Version: 4.5 Version: 4.15
Release: 2 Release: 1
License: GPLv2 License: GPL-2.0-only
Url: https://libreswan.org/ Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{name}-%{version}.tar.gz Source0: https://download.libreswan.org/%{name}-%{version}.tar.gz
Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2 Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
Source4: openeuler-libreswan-sysctl.conf Source4: openeuler-libreswan-sysctl.conf
#https://libreswan.org/security/CVE-2022-23094/
Patch0: CVE-2022-23094.patch
BuildRequires: audit-libs-devel BuildRequires: audit-libs-devel
@ -106,6 +104,9 @@ sed -i '/config setup/a\\t# Specifies a directory forNSS database files\n\tnssdi
sed -i '/ipsec --checknss/s/$/ --nssdir \/etc\/ipsec.d/' ./initsystems/systemd/ipsec.service.in sed -i '/ipsec --checknss/s/$/ --nssdir \/etc\/ipsec.d/' ./initsystems/systemd/ipsec.service.in
linux_variant=`sed -n -e 's/"//g' -e 's/^ID_LIKE=//p' -e 's/^ID=//p' /etc/os-release|tr '\n' ' ' && echo`
sed -i "s/filter fedora/filter fedora $linux_variant/" mk/defaults/linux.mk
%build %build
make %{?_smp_mflags} \ make %{?_smp_mflags} \
OPTIMIZE_CFLAGS="%{optflags}" \ OPTIMIZE_CFLAGS="%{optflags}" \
@ -190,6 +191,24 @@ certutil -N -d sql:$tmpdir --empty-password
%attr(0644,root,root) %doc %{_mandir}/*/* %attr(0644,root,root) %doc %{_mandir}/*/*
%changelog %changelog
* Tue Apr 30 2024 wangkai <13474090681@163.com> - 4.15-1
- Update to 4.15 for fix CVE-2024-3652
* Tue Mar 12 2024 yaoxin <yao_xin001@hoperun.com> - 4.14-1
- Upgrade to 4.14 for fix CVE-2024-2357
* Sat Aug 12 2023 Funda Wang <fundawang@yeah.net> - 4.12-1
- Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712
* Wed Jun 14 2023 yangbo <yangbo1@xfusion.com> - 4.11-2
- Fix '\n' of the linux_variant
* Tue May 30 2023 wangkai <13474090681@163.com> - 4.11-1
- Update to 4.11 for fix CVE-2023-30570
* Tue Mar 07 2023 yaoxin <yaoxin30@h-partners.com> - 4.5-3
- Fix CVE-2023-23009
* Tue Jun 28 2022 yaoxin <yaoxin30@h-partners.com> - 4.5-2 * Tue Jun 28 2022 yaoxin <yaoxin30@h-partners.com> - 4.5-2
- Fix CVE-2022-23094 - Fix CVE-2022-23094