diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2021-10-20 19:41:30 +0200 |
|---|---|---|
| committer | J0WI <J0WI@users.noreply.github.com> | 2021-10-21 13:28:51 +0200 |
| commit | 8281675b2abf71d9aeedd63f91436e20a9907c58 (patch) | |
| tree | a679ad21420ff1bc8064867fddc4fda1359a8a4e | |
| parent | ad113d7b2c64187bba3c3e1f71c2774a3246800e (diff) | |
main/strongswan: patch CVE-2021-41990 and CVE-2021-41991
| -rw-r--r-- | main/strongswan/APKBUILD | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index 2ac8c184781..7143fb44172 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.8.4 _pkgver=${pkgver//_rc/rc} -pkgrel=2 +pkgrel=3 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="https://www.strongswan.org/" arch="all" @@ -16,8 +16,11 @@ makedepends="linux-headers python3 sqlite-dev openssl-dev curl-dev install="$pkgname.pre-install" subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc" source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2 + https://download.strongswan.org/security/CVE-2021-41990/strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch + https://download.strongswan.org/security/CVE-2021-41991/strongswan-4.4.1-5.9.3_cert-cache-random.patch 0001-file-logger-Set-owner-group-of-log-file.patch 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch + 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch 1003-vici-add-support-for-individual-sa-state-changes.patch @@ -29,6 +32,9 @@ source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2 " # secfixes: +# 5.8.4-r3: +# - CVE-2021-41990 +# - CVE-2021-41991 # 5.7.1-r0: # - CVE-2018-17540 # 5.7.0-r0: @@ -123,7 +129,10 @@ logfile() { install -m 2750 -o ipsec -g wheel -d "$subpkgdir/var/log/ipsec" } -sha512sums="15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103 strongswan-5.8.4.tar.bz2 +sha512sums=" +15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103 strongswan-5.8.4.tar.bz2 +42bb9dc02e04735183cb2966e23f26bdb2b14b56b10dc3df770cfbea066a690130ce84dc3a17b1369c2d45852bcd8a2902f19368099a1e71c858293decdb48ee strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch +39f607625bc6aa128b71e65e9806c60051015378d0250961bafbe787aa652141e1b3126d235b9cede08e4fe816b3220dbae54e40492b0aeb48f034220f1ee446 strongswan-4.4.1-5.9.3_cert-cache-random.patch 7ea3cecb6ed1d730b4417699715ec1f02f592848a7736448187c3fff8df7c194983021c370019a63cc56ee3cfec881e13e950ac31ba49a5ecae75abab64dbcfc 0001-file-logger-Set-owner-group-of-log-file.patch c829b59d33f5dcffd86fbc81d824b51397ed48dc94da6271ec2d7d70e5975cff0c13d235147f92e1981b391857d5573507972593fed0ce831968da10d119da0f 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch cdc8b9d56fbd7c079dfa37e8de822cfa925d3b6741ff7d04afbc8b856d717ed090750e85b19af2296e28ee030c2d91597d2492f4b9b3540a5647b120bf609556 1001-charon-add-optional-source-and-remote-overrides-for-.patch @@ -132,4 +141,5 @@ da39b5654c6f39d175c5491dabd5ed5c1b552857af7cbe7eeb8d0ecb34dad265bb8cd7725930eb75 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5 charon.initd 0417de0c0aa779602b216f29b1ad58cc842f0b0fbb8f5238d39199125dac30eaae89d869b337f8f504f8427f074ee7a363f55e3b3875516fe1ed5f0ed7f34c6f charon.logrotate -5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf" +5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf +" |