[arch-commits] Commit in strongswan/trunk (PKGBUILD cve_2018_5388.patch)
Christian Rebischke
shibumi at archlinux.org
Sat May 26 14:11:51 UTC 2018
Date: Saturday, May 26, 2018 @ 14:11:50
Author: shibumi
Revision: 330093
upgpkg: strongswan 5.6.2-2
Fixed CVE-2018-5388
Bugreport: #58719
Added:
strongswan/trunk/cve_2018_5388.patch
Modified:
strongswan/trunk/PKGBUILD
---------------------+
PKGBUILD | 7 +++++--
cve_2018_5388.patch | 25 +++++++++++++++++++++++++
2 files changed, 30 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-05-26 12:51:13 UTC (rev 330092)
+++ PKGBUILD 2018-05-26 14:11:50 UTC (rev 330093)
@@ -11,7 +11,7 @@
pkgname=strongswan
pkgver=5.6.2
-pkgrel=1
+pkgrel=2
pkgdesc="open source IPsec implementation"
url='http://www.strongswan.org'
license=("GPL2")
@@ -43,6 +43,7 @@
source=("https://download.strongswan.org/strongswan-${pkgver}.tar.bz2"
"https://download.strongswan.org/strongswan-${pkgver}.tar.bz2.sig"
'configure_ac.patch'
+ 'cve_2018_5388.patch'
)
validpgpkeys=("948F158A4E76A27BF3D07532DF42C170B34DBA77")
@@ -49,7 +50,8 @@
sha512sums=('cf2d5cb6c45d991fe0ad8eed4ea8628f95a1871e9728ddf0985aa26e78d1e6da1c92c961772aafd3e55cfcfa84516204a15561389d373f78140f05607b248c52'
'SKIP'
- '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74')
+ '0e2c818f2f620410dda949d9016a4c1a686bf2946acb3b42a729b2376c077f4dad6762fe8d2f736c213c4895c1fbd60c0d654a1c36f72d06f58ba7cff635bc74'
+ '77cfce88de2cb72d69c93f80f607a2f95cfedac45b40c8e9d60e22df07f0a37a617797e0cfa1b6132eb7a748ec694b6621e0e1ee0e80300431efc1a516713fcf')
# We don't build libipsec because it would get loaded before kernel-netlink and netkey, which
# would case processing to be handled in user space. Also, the plugin is experimental. If you need it,
@@ -57,6 +59,7 @@
prepare() {
cd "${srcdir}/${pkgname}-${pkgver}"
patch -p1 -l < "${srcdir}/configure_ac.patch"
+ patch -p1 -l < "${srcdir}/cve_2018_5388.patch"
autoreconf
}
Added: cve_2018_5388.patch
===================================================================
--- cve_2018_5388.patch (rev 0)
+++ cve_2018_5388.patch 2018-05-26 14:11:50 UTC (rev 330093)
@@ -0,0 +1,25 @@
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Tue, 13 Mar 2018 17:54:08 +0000 (+0100)
+Subject: stroke: Ensure a minimum message length
+X-Git-Tag: 5.6.3dr1~28
+X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=0acd1ab4
+
+stroke: Ensure a minimum message length
+---
+
+diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
+index c568440..1e7f210 100644
+--- a/src/libcharon/plugins/stroke/stroke_socket.c
++++ b/src/libcharon/plugins/stroke/stroke_socket.c
+@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
+ }
+ return FALSE;
+ }
++ if (len < offsetof(stroke_msg_t, buffer))
++ {
++ DBG1(DBG_CFG, "invalid stroke message length %d", len);
++ return FALSE;
++ }
+
+ /* read message (we need an additional byte to terminate the buffer) */
+ msg = malloc(len + 1);
More information about the arch-commits
mailing list