rpms
/
libreswan
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libreswan-3.29-7.el8_2

This commit is contained in:
CentOS Sources 2020-05-12 03:10:33 -04:00 committed by Andrew Lukoshko
parent 6034278a08
commit 2c8c851501
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
SOURCES/libreswan-3.27-CVE-2020-1763.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 38dfe060db..b5ad3e4560 100644
--- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2047,7 +2047,7 @@ void process_packet_tail(struct msg_digest **mdp)
"%smessage ignored because it contains a payload type (%s) unexpected by state %s",
excuse,
enum_show(&ikev1_payload_names, np),
- st->st_state_name);
+ (st == NULL) ? "<no state>" : st->st_state_name);
if (!md->encrypted) {
SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
}

7
SPECS/libreswan.spec
View File

@ -33,7 +33,7 @@ Name: libreswan
Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols
# version is generated in the release script
Version: 3.29
Release: %{?prever:0.}6%{?prever:.%{prever}}%{?dist}
Release: %{?prever:0.}7%{?prever:.%{prever}}%{?dist}
License: GPLv2
Url: https://libreswan.org/
Source0: https://download.libreswan.org/%{?prever:with_development/}%{name}-%{version}%{?prever}.tar.gz
@ -49,6 +49,7 @@ Patch3: libreswan-3.29-1723957-audit.patch
Patch4: libreswan-3.25-1724200-halfopen-shunt.patch
Patch5: libreswan-3.29-1699318-show.patch
Patch6: libreswan-3.29-1714331-nss-kdf.patch
Patch7: libreswan-3.27-CVE-2020-1763.patch
Group: System Environment/Daemons
BuildRequires: bison flex pkgconfig
@ -106,6 +107,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
pathfix.py -i %{__python3} -pn programs/verify/verify.in programs/show/show.in \
testing/cert_verify/usage_test testing/pluto/ikev1-01-fuzzer/cve-2015-3204.py \
@ -233,6 +235,9 @@ certutil -N -d sql:$tmpdir --empty-password
%{_libdir}/fipscheck/pluto.hmac
%changelog
* Wed Apr 29 2020 Paul Wouters <pwouters@redhat.com> - 3.29-7
- Resolves: rhbz#1814935 CVE-2020-1763 doS attack via malicious IKEv1 informational exchange message [rhel-8.2.0.z]
* Tue Aug 13 2019 Paul Wouters <pwouters@redhat.com> - 3.29-6
- Resolves: rhbz#1714331 support NSS based IKE KDF's [require updated nss for rhbz 1738689, memleak fix]