- Update libreswan to 4.15 for CVE-2024-3652

- Resolves rhbz#2274448 CVE-2024-3652 libreswan: IKEv1 default AH/ESP
  responder can crash and restart
- Allow "ipsec import" to try importing PKCS#12 non-interactively if
  there is no password

Resolves: RHEL-32481
This commit is contained in:
Paul Wouters 2024-06-21 21:49:10 -04:00 committed by Daiki Ueno
parent 38ded79037
commit 32be2a6df3
3 changed files with 8 additions and 4 deletions

2
.gitignore vendored
View File

@ -60,3 +60,5 @@
/libreswan-4.13.tar.gz.asc /libreswan-4.13.tar.gz.asc
/libreswan-4.14.tar.gz /libreswan-4.14.tar.gz
/libreswan-4.14.tar.gz.asc /libreswan-4.14.tar.gz.asc
/libreswan-4.15.tar.gz
/libreswan-4.15.tar.gz.asc

View File

@ -29,7 +29,7 @@
Name: libreswan Name: libreswan
Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
# version is generated in the release script # version is generated in the release script
Version: 4.14 Version: 4.15
Release: %autorelease Release: %autorelease
# The code in lib/libswan/nss_copies.c is under MPL-2.0, while the # The code in lib/libswan/nss_copies.c is under MPL-2.0, while the
# rest is under GPL-2.0-or-later # rest is under GPL-2.0-or-later
@ -44,6 +44,8 @@ Source4: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
Source5: https://download.libreswan.org/cavs/ikev2.fax.bz2 Source5: https://download.libreswan.org/cavs/ikev2.fax.bz2
%endif %endif
Patch1: libreswan-4.15-ipsec_import.patch
BuildRequires: audit-libs-devel BuildRequires: audit-libs-devel
BuildRequires: bison BuildRequires: bison
BuildRequires: curl-devel BuildRequires: curl-devel

View File

@ -1,5 +1,5 @@
SHA512 (libreswan-4.14.tar.gz) = fb4c4dc426530614d308a7c4f5d21123a166b1ad652f66393b45d4987a3e2be8e8bc135e7eedfe1c014db962b70f08108757f876e27cd9e7739a79764c6d4f2d
SHA512 (libreswan-4.14.tar.gz.asc) = 870c2f206b74f2f5391f145bf6b81e6e40ec8ecb3357554c77be105a2410ea0d3d2c70ac59963b0ebf495fff55d7c8be64b511d093ee6b5542ae1f3ee3ffbd51
SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
SHA512 (ikev2.fax.bz2) = 65c65d86fd1a7539c0ad516b0f49546d5722b710225857ee2d2f5f3415ac7d023264746398f3637fd248a4ce2364957c516c31214ee33faefe58ac8e4e333a10 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
SHA512 (libreswan-4.15.tar.gz) = 49a60688bb4a5241dbd791bdde0c71ae80cfb7383bb841ea0788a9d0237569d7ad79e59985c700526e3807817ddae77ebd57521897526fbb8fb93ffbea631efe
SHA512 (libreswan-4.15.tar.gz.asc) = 3db63ff7e6082dd710325e92b97dd4639299acb0958e256d876f636d69d77d1e2de517ddb356a72dff8d03dfe540d3398554acf4b6e8d05f2358efabc441f520