This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via c1000c2cd4a7fb0ea38ed9c4772207a38819c070 (commit)
from 511f9a88e7b92135083492e43ee80e7d1e5a8d94 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c1000c2cd4a7fb0ea38ed9c4772207a38819c070
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jan 12 13:03:16 2015 +0100
strongswan: Fix for CVE-2014-9221
-----------------------------------------------------------------------
Summary of changes:
lfs/strongswan | 1 +
.../strongswan-5.1.2-5.2.1_modp_custom.patch | 164 +++++++++++++++++++++
2 files changed, 165 insertions(+)
create mode 100644 src/patches/strongswan-5.1.2-5.2.1_modp_custom.patch
Difference in files:
diff --git a/lfs/strongswan b/lfs/strongswan
index dd1f0ac..642d651 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -78,6 +78,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.1.2-5.2.1_modp_custom.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.0.2_ipfire.patch
cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
diff --git a/src/patches/strongswan-5.1.2-5.2.1_modp_custom.patch b/src/patches/strongswan-5.1.2-5.2.1_modp_custom.patch
new file mode 100644
index 0000000..df2cb09
--- /dev/null
+++ b/src/patches/strongswan-5.1.2-5.2.1_modp_custom.patch
@@ -0,0 +1,164 @@
+From a78ecdd47509626711a13481f53696e01d4b8c62 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias(a)strongswan.org>
+Date: Mon, 1 Dec 2014 17:21:59 +0100
+Subject: [PATCH] crypto: Define MODP_CUSTOM outside of IKE DH range
+
+Before this fix it was possible to crash charon with an IKE_SA_INIT
+message containing a KE payload with DH group MODP_CUSTOM(1025).
+Defining MODP_CUSTOM outside of the two byte IKE DH identifier range
+prevents it from getting negotiated.
+
+Fixes CVE-2014-9221 in version 5.1.2 and newer.
+---
+ src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 2 +-
+ src/libstrongswan/crypto/diffie_hellman.c | 11 ++++++-----
+ src/libstrongswan/crypto/diffie_hellman.h | 6 ++++--
+ src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 2 +-
+ src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +-
+ src/libstrongswan/plugins/ntru/ntru_ke.c | 2 +-
+ src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c | 2 +-
+ src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c | 2 +-
+ src/libstrongswan/plugins/pkcs11/pkcs11_dh.c | 2 +-
+ 9 files changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+index 67db5e6d87d6..836e0b7f088d 100644
+--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
++++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+@@ -41,7 +41,7 @@ struct private_tkm_diffie_hellman_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /**
+ * Diffie Hellman public value.
+diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
+index bada1c529951..ac106e9c4d45 100644
+--- a/src/libstrongswan/crypto/diffie_hellman.c
++++ b/src/libstrongswan/crypto/diffie_hellman.c
+@@ -42,15 +42,16 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT,
+ "ECP_256_BP",
+ "ECP_384_BP",
+ "ECP_512_BP");
+-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP,
+- "MODP_NULL",
+- "MODP_CUSTOM");
+-ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM,
++ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_512_BP,
++ "MODP_NULL");
++ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
+ "NTRU_112",
+ "NTRU_128",
+ "NTRU_192",
+ "NTRU_256");
+-ENUM_END(diffie_hellman_group_names, NTRU_256_BIT);
++ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT,
++ "MODP_CUSTOM");
++ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
+
+
+ /**
+diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
+index 105db22f14d4..d5161d077bb2 100644
+--- a/src/libstrongswan/crypto/diffie_hellman.h
++++ b/src/libstrongswan/crypto/diffie_hellman.h
+@@ -63,12 +63,14 @@ enum diffie_hellman_group_t {
+ /** insecure NULL diffie hellman group for testing, in PRIVATE USE */
+ MODP_NULL = 1024,
+ /** MODP group with custom generator/prime */
+- MODP_CUSTOM = 1025,
+ /** Parameters defined by IEEE 1363.1, in PRIVATE USE */
+ NTRU_112_BIT = 1030,
+ NTRU_128_BIT = 1031,
+ NTRU_192_BIT = 1032,
+- NTRU_256_BIT = 1033
++ NTRU_256_BIT = 1033,
++ /** internally used DH group with additional parameters g and p, outside
++ * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
++ MODP_CUSTOM = 65536,
+ };
+
+ /**
+diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+index f418b941db86..299865da2e09 100644
+--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
++++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+@@ -35,7 +35,7 @@ struct private_gcrypt_dh_t {
+ /**
+ * Diffie Hellman group number
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /*
+ * Generator value
+diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+index b74d35169f44..9936f7e4518f 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
++++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+@@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /*
+ * Generator value.
+diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
+index abaa22336221..e64f32b91d0e 100644
+--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
++++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
+@@ -56,7 +56,7 @@ struct private_ntru_ke_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /**
+ * NTRU Parameter Set
+diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+index ff3382473666..1e68ac59b838 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+@@ -38,7 +38,7 @@ struct private_openssl_diffie_hellman_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /**
+ * Diffie Hellman object
+diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+index b487d59a59a3..50853d6f0bde 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
++++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+@@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /**
+ * EC private (public) key
+diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+index 36cc284bf2b5..23b63d2386af 100644
+--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
++++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+@@ -47,7 +47,7 @@ struct private_pkcs11_dh_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /**
+ * Handle for own private value
+--
+1.9.1
+
hooks/post-receive
--
IPFire 2.x development tree