[Pkg-swan-devel] [strongswan] 03/04: Fix regression in CVE-2014-9221 patch
Yves-Alexis Perez
corsac at moszumanska.debian.org
Mon Jan 5 12:27:08 UTC 2015
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch wheezy-security
in repository strongswan.
commit 2eb0941f72290c7638278b3550e9dd7f5603fbc2
Author: Yves-Alexis Perez <corsac at debian.org>
Date: Sun Dec 28 14:51:21 2014 +0100
Fix regression in CVE-2014-9221 patch
---
debian/changelog | 8 +++++
debian/patches/CVE-2014-9221_dh_group.patch | 53 +++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 62 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index b1da56a..49386e2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+strongswan (4.5.2-1.5+deb7u6) UNRELEASED; urgency=medium
+
+ * debian/patches:
+ - CVE-2014-9221_dh_group added, fix regression with
+ CVE-2014-9221_modp_custom breaking TLS authentication.
+
+ -- Yves-Alexis Perez <corsac at debian.org> Sun, 28 Dec 2014 14:50:11 +0100
+
strongswan (4.5.2-1.5+deb7u5) wheezy-security; urgency=high
* Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2014-9221_dh_group.patch b/debian/patches/CVE-2014-9221_dh_group.patch
new file mode 100644
index 0000000..b63e35d
--- /dev/null
+++ b/debian/patches/CVE-2014-9221_dh_group.patch
@@ -0,0 +1,53 @@
+diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+index f418b941db86..299865da2e09 100644
+--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
++++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+@@ -35,7 +35,7 @@ struct private_gcrypt_dh_t {
+ /**
+ * Diffie Hellman group number
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /*
+ * Generator value
+diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+index b74d35169f44..9936f7e4518f 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
++++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+@@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /*
+ * Generator value.
+diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+index ff3382473666..1e68ac59b838 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+@@ -38,7 +38,7 @@ struct private_openssl_diffie_hellman_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /**
+ * Diffie Hellman object
+diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+index b487d59a59a3..50853d6f0bde 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
++++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+@@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t {
+ /**
+ * Diffie Hellman group number.
+ */
+- u_int16_t group;
++ diffie_hellman_group_t group;
+
+ /**
+ * EC private (public) key
+
diff --git a/debian/patches/series b/debian/patches/series
index 5f00836..a59fa08 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ CVE-2013-6075.patch
CVE-2014-2338-4.x.patch
CVE-2014-2891.patch
CVE-2014-9221_modp_custom.patch
+CVE-2014-9221_dh_group.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git
More information about the Pkg-swan-devel
mailing list