Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 5 Mar 2023 15:38:43 GMT
From:      Kurt Jaeger <pi@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 0cc82a481063 - main - security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463
Message-ID:  <202303051538.325FchKg063393@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by pi:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0cc82a4810632d46ea854e9225f0f99a87ac2347

commit 0cc82a4810632d46ea854e9225f0f99a87ac2347
Author:     Kurt Jaeger <pi@FreeBSD.org>
AuthorDate: 2023-03-05 15:33:25 +0000
Commit:     Kurt Jaeger <pi@FreeBSD.org>
CommitDate: 2023-03-05 15:38:18 +0000

    security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463
    
    See also:
      https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html
    
    PR:             269976
    Approved-by:    Francois ten Krooden <strongswan@Nanoteq.com> (maintainer)
    Changelog:      https://github.com/strongswan/strongswan/releases/tag/5.9.10
---
 security/strongswan/Makefile                       |  3 +-
 security/strongswan/distinfo                       |  6 +--
 .../strongswan/files/patch-src_libtls_tls_server.c | 48 ----------------------
 3 files changed, 4 insertions(+), 53 deletions(-)

diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile
index 0870d891ebce..3861de54b247 100644
--- a/security/strongswan/Makefile
+++ b/security/strongswan/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	strongswan
-DISTVERSION=	5.9.9
-PORTREVISION=	2
+DISTVERSION=	5.9.10
 CATEGORIES=	security net-vpn
 MASTER_SITES=	https://download.strongswan.org/ \
 		https://download2.strongswan.org/
diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo
index 49cedad3203e..a0375e3819be 100644
--- a/security/strongswan/distinfo
+++ b/security/strongswan/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1673591641
-SHA256 (strongswan-5.9.9.tar.bz2) = 5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d
-SIZE (strongswan-5.9.9.tar.bz2) = 4764675
+TIMESTAMP = 1678023733
+SHA256 (strongswan-5.9.10.tar.bz2) = 3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654
+SIZE (strongswan-5.9.10.tar.bz2) = 4765407
diff --git a/security/strongswan/files/patch-src_libtls_tls_server.c b/security/strongswan/files/patch-src_libtls_tls_server.c
deleted file mode 100644
index 5bd53faab6fb..000000000000
--- a/security/strongswan/files/patch-src_libtls_tls_server.c
+++ /dev/null
@@ -1,48 +0,0 @@
-From 980750bde07136255784d6ef6cdb5c085d30e2f9 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Fri, 17 Feb 2023 15:07:20 +0100
-Subject: [PATCH] libtls: Fix authentication bypass and expired pointer
- dereference
-
-`public` is returned, but previously only if a trusted key was found.
-We obviously don't want to return untrusted keys.  However, since the
-reference is released after determining the key type, the returned
-object also doesn't have the correct refcount.
-
-So when the returned reference is released after verifying the TLS
-signature, the public key object is actually destroyed.  The certificate
-object then points to an expired pointer, which is dereferenced once it
-itself is destroyed after the authentication is complete.  Depending on
-whether the pointer is valid (i.e. points to memory allocated to the
-process) and what was allocated there after the public key was freed,
-this could result in a segmentation fault or even code execution.
-
-Fixes: 63fd718915b5 ("libtls: call create_public_enumerator() with key_type")
-Fixes: CVE-2023-26463
----
- src/libtls/tls_server.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
-index c9c300917dd6..573893f2efb5 100644
---- src/libtls/tls_server.c
-+++ src/libtls/tls_server.c
-@@ -183,11 +183,11 @@ public_key_t *tls_find_public_key(auth_cfg_t *peer_auth, identification_t *id)
- 	cert = peer_auth->get(peer_auth, AUTH_HELPER_SUBJECT_CERT);
- 	if (cert)
- 	{
--		public = cert->get_public_key(cert);
--		if (public)
-+		current = cert->get_public_key(cert);
-+		if (current)
- 		{
--			key_type = public->get_type(public);
--			public->destroy(public);
-+			key_type = current->get_type(current);
-+			current->destroy(current);
- 		}
- 		enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
- 											key_type, id, peer_auth, TRUE);
--- 
-2.25.1
-



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303051538.325FchKg063393>