diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2021-10-20 19:41:30 +0200 |
|---|---|---|
| committer | J0WI <J0WI@users.noreply.github.com> | 2021-10-21 13:21:29 +0200 |
| commit | df0c620d344bd5b20f7992e0b80feb01f843b2a2 (patch) | |
| tree | dbbe9d5a98caab9fd3f6680417b81ccc596d28f9 | |
| parent | b5633022abe3436bed90b1932d8a04cdaf159d9b (diff) | |
main/strongswan: patch CVE-2021-41990 and CVE-2021-41991
| -rw-r--r-- | main/strongswan/APKBUILD | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD index f79cecd000b..132c261d577 100644 --- a/main/strongswan/APKBUILD +++ b/main/strongswan/APKBUILD @@ -3,7 +3,7 @@ pkgname=strongswan pkgver=5.9.1 _pkgver=${pkgver//_rc/rc} -pkgrel=0 +pkgrel=1 pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" url="https://www.strongswan.org/" arch="all" @@ -17,6 +17,8 @@ makedepends="linux-headers python3 sqlite-dev openssl-dev curl-dev install="$pkgname.pre-install" subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc" source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2 + https://download.strongswan.org/security/CVE-2021-41990/strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch + https://download.strongswan.org/security/CVE-2021-41991/strongswan-4.4.1-5.9.3_cert-cache-random.patch 1001-charon-add-optional-source-and-remote-overrides-for-.patch 1002-vici-send-certificates-for-ike-sa-events.patch @@ -29,6 +31,9 @@ source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2 " # secfixes: +# 5.9.1-r1: +# - CVE-2021-41990 +# - CVE-2021-41991 # 5.7.1-r0: # - CVE-2018-17540 # 5.7.0-r0: @@ -127,11 +132,15 @@ logfile() { install -m 2750 -o ipsec -g wheel -d "$subpkgdir/var/log/ipsec" } -sha512sums="222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497 strongswan-5.9.1.tar.bz2 +sha512sums=" +222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497 strongswan-5.9.1.tar.bz2 +42bb9dc02e04735183cb2966e23f26bdb2b14b56b10dc3df770cfbea066a690130ce84dc3a17b1369c2d45852bcd8a2902f19368099a1e71c858293decdb48ee strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch +39f607625bc6aa128b71e65e9806c60051015378d0250961bafbe787aa652141e1b3126d235b9cede08e4fe816b3220dbae54e40492b0aeb48f034220f1ee446 strongswan-4.4.1-5.9.3_cert-cache-random.patch 8cd2f7e10dca25c8739b18f26f0aba427d00c5689ee126da5fc2699ce75ed567f0d25b4e50b716eab58097c06a51418e489e7f853d02bb53ba32aca72a6ae7c8 1001-charon-add-optional-source-and-remote-overrides-for-.patch f92609a1f6810786baeae1688688cbdd2a3116200cdba8d23e13da08992f5280bcbe04712cc89402f1e39aff6f4ebc8da05a2529b1e61e25a5229deb74c4dc3f 1002-vici-send-certificates-for-ike-sa-events.patch da39b5654c6f39d175c5491dabd5ed5c1b552857af7cbe7eeb8d0ecb34dad265bb8cd7725930eb75ceb99d51813f8e59631e687b09c1ff5c6437388f5f4d9647 1003-vici-add-support-for-individual-sa-state-changes.patch 8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd 4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5 charon.initd 0417de0c0aa779602b216f29b1ad58cc842f0b0fbb8f5238d39199125dac30eaae89d869b337f8f504f8427f074ee7a363f55e3b3875516fe1ed5f0ed7f34c6f charon.logrotate -5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf" +5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf +" |