This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 0c55ec5a49770d5972c62c99499fbd6eef88ded3 (commit) from 455f261b15e6b3d08c08679b2fc5fffe39ff8061 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 0c55ec5a49770d5972c62c99499fbd6eef88ded3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Aug 23 20:03:21 2017 +0100
strongswan: Update to 5.6.0
Fixes CVE-2017-11185:
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with the operation m^e mod n, where m is the signature, and e and n are the exponent and modulus of the public key. The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the calculation results in 0, in which case mpz_export() returns NULL. This result wasn't handled properly causing a null-pointer dereference.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: .../{oldcore/106 => core/114}/filelists/i586/strongswan-padlock | 0 config/rootfiles/{oldcore/106 => core/114}/filelists/strongswan | 0 config/rootfiles/core/114/update.sh | 5 +++++ lfs/strongswan | 4 ++-- 4 files changed, 7 insertions(+), 2 deletions(-) copy config/rootfiles/{oldcore/106 => core/114}/filelists/i586/strongswan-padlock (100%) copy config/rootfiles/{oldcore/106 => core/114}/filelists/strongswan (100%)
Difference in files: diff --git a/config/rootfiles/core/114/filelists/i586/strongswan-padlock b/config/rootfiles/core/114/filelists/i586/strongswan-padlock new file mode 120000 index 0000000..2412824 --- /dev/null +++ b/config/rootfiles/core/114/filelists/i586/strongswan-padlock @@ -0,0 +1 @@ +../../../../common/i586/strongswan-padlock \ No newline at end of file diff --git a/config/rootfiles/core/114/filelists/strongswan b/config/rootfiles/core/114/filelists/strongswan new file mode 120000 index 0000000..90c727e --- /dev/null +++ b/config/rootfiles/core/114/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/114/update.sh b/config/rootfiles/core/114/update.sh index b68af03..54a2062 100644 --- a/config/rootfiles/core/114/update.sh +++ b/config/rootfiles/core/114/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done
# Stop services +ipsec stop /etc/init.d/squid stop /etc/init.d/unbound stop
@@ -50,6 +51,10 @@ ldconfig /etc/init.d/unbound start /etc/init.d/squid start
+if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then + ipsec start +fi + # This update need a reboot... touch /var/run/need_reboot
diff --git a/lfs/strongswan b/lfs/strongswan index 85c4f2b..600c012 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 5.5.3 +VER = 5.6.0
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4afffe3c219bb2e04f09510905af836b +$(DL_FILE)_MD5 = befb5e827d02433fea6669c20e11530a
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree