Drop support for Padlock which is not in wide usage
any more and creates some rootfile trouble every time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes CVE-2017-11185:
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The build environment is using a number of variables which
occasionally conflicted with some other build systems.
This patch cleans that up by renaming some variables and
later unexporting them in the lfs files.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
IPFire 2 does not have IPv6 connectivity with exception of a
few systems for testing where IPsec connections become a little
bit unstable when trying to connect over IPv6.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is not necessary to copy the init scripts and remove the symlinks for
runnlevel interaction.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Fixed a denial-of-service and potential remote code execution vulnerability
triggered by IKEv1/IKEv2 messages that contain payloads for the respective
other IKE version. Such payload are treated specially since 5.2.2 but because
they were still identified by their original payload type they were used as
such in some places causing invalid function pointer dereferences.
The vulnerability has been registered as CVE-2015-3991.
https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-%28cve-2015-3991%29.html
The increased buffer size has been fixed in bug #943 upstream
https://wiki.strongswan.org/issues/943
This reverts commit c1000c2cd4.
This commit has been merged from master to this branch, but
actually strongswan was already updated to version 5.2.2 which
does not need this fix any more.
