strongswan: Update to 5.3.1

Fixed a denial-of-service and potential remote code execution vulnerability triggered by IKEv1/IKEv2 messages that contain payloads for the respective other IKE version. Such payload are treated specially since 5.2.2 but because they were still identified by their original payload type they were used as such in some places causing invalid function pointer dereferences. The vulnerability has been registered as CVE-2015-3991. https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html The increased buffer size has been fixed in bug #943 upstream https://wiki.strongswan.org/issues/943
2026-04-09 18:45:54 +02:00 · 2015-06-04 19:26:44 +02:00
parent b2faf4f566
commit 41ed4795fe
3 changed files with 15 additions and 38 deletions
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@

 include Config

-VER        = 5.3.0
+VER        = 5.3.1

 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = c52d4228231c2025d9c320d0e9990327
+$(DL_FILE)_MD5 = 66f258901a3d6c271da1a0c7fb3e5013

 install : $(TARGET)

@@ -78,10 +78,10 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.3.1-build-timeattack.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch

-	cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
+	cd $(DIR_APP) && autoreconf -vfi
 	cd $(DIR_APP) && ./configure \
 		--prefix="/usr" \
 		--sysconfdir="/etc" \
--- a/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch
+++ b/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch
@@ -1,34 +0,0 @@
-From 4b59d129fd1026bab37256af0df9ae7ace39e7ba Mon Sep 17 00:00:00 2001
-From: Michael Tremer <michael.tremer@ipfire.org>
-Date: Mon, 27 Apr 2015 18:49:45 +0200
-Subject: [PATCH] stroke: Increase stroke buffer size to 8k
-
-Complicated connections can have lots of arguments
-for the ike= and esp= directives in the ipsec.conf
-configuration file. strongSwan wouldn't import those
-because the size of the message that is send from
-stroke to charon exceeded the limit of 4k.
-
-This patch increases the size of the buffer that
-can be passed to charon to 8k which should be enough
-even for connections with longer configurations.
---
- src/stroke/stroke_msg.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
-index c2b923f6db9a..c391efa00105 100644
--- a/src/stroke/stroke_msg.h
-+++ b/src/stroke/stroke_msg.h
-@@ -32,7 +32,7 @@
-  */
- #define STROKE_SOCKET IPSEC_PIDDIR "/charon.ctl"
- 
-#define STROKE_BUF_LEN		4096
-+#define STROKE_BUF_LEN		8192
- 
- typedef enum list_flag_t list_flag_t;
- 
-- 
-2.1.0
-
--- a/src/patches/strongswan-5.3.1-build-timeattack.patch
+++ b/src/patches/strongswan-5.3.1-build-timeattack.patch
@@ -0,0 +1,11 @@
+--- strongswan-5.3.1/scripts/Makefile.am.old	2015-06-04 17:20:43.539244145 +0000
+++ strongswan-5.3.1/scripts/Makefile.am	2015-06-04 17:20:51.760510631 +0000
+@@ -42,7 +42,7 @@
+ dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+ aes_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+ settings_test_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+-timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+timeattack_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(RTLIB)
+ 
+ key2keyid.o :	$(top_builddir)/config.status
+