Date: Sun, 5 Mar 2023 15:38:43 GMT From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 0cc82a481063 - main - security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463 Message-ID: <202303051538.325FchKg063393@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by pi: URL: https://cgit.FreeBSD.org/ports/commit/?id=0cc82a4810632d46ea854e9225f0f99a87ac2347 commit 0cc82a4810632d46ea854e9225f0f99a87ac2347 Author: Kurt Jaeger <pi@FreeBSD.org> AuthorDate: 2023-03-05 15:33:25 +0000 Commit: Kurt Jaeger <pi@FreeBSD.org> CommitDate: 2023-03-05 15:38:18 +0000 security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463 See also: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html PR: 269976 Approved-by: Francois ten Krooden <strongswan@Nanoteq.com> (maintainer) Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.10 --- security/strongswan/Makefile | 3 +- security/strongswan/distinfo | 6 +-- .../strongswan/files/patch-src_libtls_tls_server.c | 48 ---------------------- 3 files changed, 4 insertions(+), 53 deletions(-) diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile index 0870d891ebce..3861de54b247 100644 --- a/security/strongswan/Makefile +++ b/security/strongswan/Makefile @@ -1,6 +1,5 @@ PORTNAME= strongswan -DISTVERSION= 5.9.9 -PORTREVISION= 2 +DISTVERSION= 5.9.10 CATEGORIES= security net-vpn MASTER_SITES= https://download.strongswan.org/ \ https://download2.strongswan.org/ diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo index 49cedad3203e..a0375e3819be 100644 --- a/security/strongswan/distinfo +++ b/security/strongswan/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1673591641 -SHA256 (strongswan-5.9.9.tar.bz2) = 5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d -SIZE (strongswan-5.9.9.tar.bz2) = 4764675 +TIMESTAMP = 1678023733 +SHA256 (strongswan-5.9.10.tar.bz2) = 3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654 +SIZE (strongswan-5.9.10.tar.bz2) = 4765407 diff --git a/security/strongswan/files/patch-src_libtls_tls_server.c b/security/strongswan/files/patch-src_libtls_tls_server.c deleted file mode 100644 index 5bd53faab6fb..000000000000 --- a/security/strongswan/files/patch-src_libtls_tls_server.c +++ /dev/null @@ -1,48 +0,0 @@ -From 980750bde07136255784d6ef6cdb5c085d30e2f9 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@strongswan.org> -Date: Fri, 17 Feb 2023 15:07:20 +0100 -Subject: [PATCH] libtls: Fix authentication bypass and expired pointer - dereference - -`public` is returned, but previously only if a trusted key was found. -We obviously don't want to return untrusted keys. However, since the -reference is released after determining the key type, the returned -object also doesn't have the correct refcount. - -So when the returned reference is released after verifying the TLS -signature, the public key object is actually destroyed. The certificate -object then points to an expired pointer, which is dereferenced once it -itself is destroyed after the authentication is complete. Depending on -whether the pointer is valid (i.e. points to memory allocated to the -process) and what was allocated there after the public key was freed, -this could result in a segmentation fault or even code execution. - -Fixes: 63fd718915b5 ("libtls: call create_public_enumerator() with key_type") -Fixes: CVE-2023-26463 ---- - src/libtls/tls_server.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c -index c9c300917dd6..573893f2efb5 100644 ---- src/libtls/tls_server.c -+++ src/libtls/tls_server.c -@@ -183,11 +183,11 @@ public_key_t *tls_find_public_key(auth_cfg_t *peer_auth, identification_t *id) - cert = peer_auth->get(peer_auth, AUTH_HELPER_SUBJECT_CERT); - if (cert) - { -- public = cert->get_public_key(cert); -- if (public) -+ current = cert->get_public_key(cert); -+ if (current) - { -- key_type = public->get_type(public); -- public->destroy(public); -+ key_type = current->get_type(current); -+ current->destroy(current); - } - enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, - key_type, id, peer_auth, TRUE); --- -2.25.1 -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303051538.325FchKg063393>