Skip to content
Snippets Groups Projects
Commit 1f7d063d authored by alice's avatar alice
Browse files

community/libreswan: patch CVE-2023-23009

parent 91a49f38
No related branches found
No related tags found
No related merge requests found
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libreswan
pkgver=4.9
pkgrel=0
pkgrel=1
pkgdesc="IPsec implementation for Linux"
url="https://libreswan.org/"
arch="all"
......@@ -28,11 +28,14 @@ makedepends="
"
subpackages="$pkgname-doc $pkgname-openrc"
source="https://download.libreswan.org/libreswan-$pkgver.tar.gz
CVE-2023-23009-libreswan-4.2-4.9.patch
initd-runscript.patch
Makefile.inc.local
"
# secfixes:
# 4.9-r1:
# - CVE-2023-23009
# 4.6-r0:
# - CVE-2022-23094
# 3.32-r0:
......@@ -65,6 +68,7 @@ package() {
sha512sums="
4a43b09b0ef1bacc64ca1b74e7c268df7f024d8b6a9633a489f373ecd9327b173e9508dbc13c4d25ee74f3e2ba569d9d38dfd851fd98cf3cde4a61ef90a1d9d5 libreswan-4.9.tar.gz
98bf86c5e45de1de0ada47b391039a5bba89f31febf2747009edb3db7ba141952e12dc475b4794d6e5e4f23231aeb86a1651aecca4ce7ebc24162246f9a6329b CVE-2023-23009-libreswan-4.2-4.9.patch
50bba031d0342695727f520840d3e3650bd9ffae918374f03b122573152d08399128e9fb04e6a52321801f3d5dc7c9eab96364ae581f3e673c947dc283e45c04 initd-runscript.patch
94bcde573fc320450864394f3824bfe23e6ac8528a7b0b8a7d97d02a3883b6f47951f8a89a2c46cc394c65c5b3f9788b644f7f911f90ac78540e6479715e0a11 Makefile.inc.local
"
diff --git a/programs/pluto/ikev2_ts.c b/programs/pluto/ikev2_ts.c
index 3f7519ca38..f06c40ba46 100644
- - --- a/programs/pluto/ikev2_ts.c
+++ b/programs/pluto/ikev2_ts.c
@@ -437,6 +437,11 @@ static bool v2_parse_tss(struct payload_digest *const ts_pd,
d = pbs_in_struct(&ts_pd->pbs, &ikev2_ts_header_desc,
&ts_h, sizeof(ts_h), &ts_body_pbs);
+ if (d != NULL) {
+ llog_diag(RC_LOG, logger, &d, "%s", "");
+ return false;
+ }
+
switch (ts_h.isath_type) {
case IKEv2_TS_IPV4_ADDR_RANGE:
case IKEv2_TS_IPV6_ADDR_RANGE:
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment