strongswan: Update to 5.3.1

Fixed a denial-of-service and potential remote code execution vulnerability triggered by IKEv1/IKEv2 messages that contain payloads for the respective other IKE version. Such payload are treated specially since 5.2.2 but because they were still identified by their original payload type they were used as such in some places causing invalid function pointer dereferences. The vulnerability has been registered as CVE-2015-3991. https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html The increased buffer size has been fixed in bug #943 upstream https://wiki.strongswan.org/issues/943
2026-04-27 19:23:24 +02:00 · 2015-06-04 19:26:44 +02:00
parent b2faf4f566
commit 41ed4795fe
3 changed files with 15 additions and 38 deletions
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@

 include Config

-VER        = 5.3.0
+VER        = 5.3.1

 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -48,7 +48,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = c52d4228231c2025d9c320d0e9990327
+$(DL_FILE)_MD5 = 66f258901a3d6c271da1a0c7fb3e5013

 install : $(TARGET)

@@ -78,10 +78,10 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.3.0-stroke-Increase-stroke-buffer-size-to-8k.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-5.3.1-build-timeattack.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch

-	cd $(DIR_APP) && [ -x "configure" ] || ./autogen.sh
+	cd $(DIR_APP) && autoreconf -vfi
 	cd $(DIR_APP) && ./configure \
 		--prefix="/usr" \
 		--sysconfdir="/etc" \