From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 0c55ec5a49770d5972c62c99499fbd6eef88ded3 Date: Wed, 23 Aug 2017 20:10:51 +0100 Message-ID: <20170823191052.237A31081DE1@git01.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2013309080286916206==" List-Id: --===============2013309080286916206== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 0c55ec5a49770d5972c62c99499fbd6eef88ded3 (commit) from 455f261b15e6b3d08c08679b2fc5fffe39ff8061 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c55ec5a49770d5972c62c99499fbd6eef88ded3 Author: Michael Tremer Date: Wed Aug 23 20:03:21 2017 +0100 strongswan: Update to 5.6.0 =20 Fixes CVE-2017-11185: =20 Fixed a DoS vulnerability in the gmp plugin that was caused by insufficie= nt input validation when verifying RSA signatures, which requires decryption with the operati= on m^e mod n, where m is the signature, and e and n are the exponent and modulus of the= public key. The value m is an integer between 0 and n-1, however, the gmp plugin did = not verify this. So if m equals n the calculation results in 0, in which case mpz_export()= returns NULL. This result wasn't handled properly causing a null-pointer dereference. =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: .../{oldcore/106 =3D> core/114}/filelists/i586/strongswan-padlock | 0 config/rootfiles/{oldcore/106 =3D> core/114}/filelists/strongswan | 0 config/rootfiles/core/114/update.sh | 5 +++= ++ lfs/strongswan | 4 ++-- 4 files changed, 7 insertions(+), 2 deletions(-) copy config/rootfiles/{oldcore/106 =3D> core/114}/filelists/i586/strongswan-= padlock (100%) copy config/rootfiles/{oldcore/106 =3D> core/114}/filelists/strongswan (100%) Difference in files: diff --git a/config/rootfiles/core/114/filelists/i586/strongswan-padlock b/co= nfig/rootfiles/core/114/filelists/i586/strongswan-padlock new file mode 120000 index 0000000..2412824 --- /dev/null +++ b/config/rootfiles/core/114/filelists/i586/strongswan-padlock @@ -0,0 +1 @@ +../../../../common/i586/strongswan-padlock \ No newline at end of file diff --git a/config/rootfiles/core/114/filelists/strongswan b/config/rootfile= s/core/114/filelists/strongswan new file mode 120000 index 0000000..90c727e --- /dev/null +++ b/config/rootfiles/core/114/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/114/update.sh b/config/rootfiles/core/114/= update.sh index b68af03..54a2062 100644 --- a/config/rootfiles/core/114/update.sh +++ b/config/rootfiles/core/114/update.sh @@ -32,6 +32,7 @@ for (( i=3D1; i<=3D$core; i++ )); do done =20 # Stop services +ipsec stop /etc/init.d/squid stop /etc/init.d/unbound stop =20 @@ -50,6 +51,10 @@ ldconfig /etc/init.d/unbound start /etc/init.d/squid start =20 +if grep -q "ENABLED=3Don" /var/ipfire/vpn/settings; then + ipsec start +fi + # This update need a reboot... touch /var/run/need_reboot =20 diff --git a/lfs/strongswan b/lfs/strongswan index 85c4f2b..600c012 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 5.5.3 +VER =3D 5.6.0 =20 THISAPP =3D strongswan-$(VER) DL_FILE =3D $(THISAPP).tar.bz2 @@ -48,7 +48,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 4afffe3c219bb2e04f09510905af836b +$(DL_FILE)_MD5 =3D befb5e827d02433fea6669c20e11530a =20 install : $(TARGET) =20 hooks/post-receive -- IPFire 2.x development tree --===============2013309080286916206==--