From nobody Sun Mar 5 15:38:43 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PV5Tc1c7Cz3wcJQ; Sun, 5 Mar 2023 15:38:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PV5Tc17QBz4ZYd; Sun, 5 Mar 2023 15:38:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678030724; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bruZppuoys5g5HI0Pa6B4OsEJ6Ax42dShrYqcZk1gDg=; b=CYtAirxfZLPa7V7FliLi33N9BNMtoZ0VO93U5xbkWV+J7weQP7BGDqPgtZSpT7mJ1nyFiB 4x/v8k4Vi489FYc2l53cm8GKjGCSJe/E/BgKrdegbNKPg2DOSlPWClkgFyKrZ5oNjrD8qC v8qoL42gKMAu2wmbGQxYnH8KkJglCjp3LYUnZLERa5qYuzSC95FnlgXgLvl6pQm95LQZVn f8ykb+wGqQWuNJkXOe99BjHInOKr6eWlYr4he/zhiQUTJklplhtqFyDt+ZHzdYSU8nQ8c/ MqUUVwElMsxrt8VmXEbw6Copy2f95z699LoC0OTsmkgt6ViyuBiSMnsIO+rz0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1678030724; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bruZppuoys5g5HI0Pa6B4OsEJ6Ax42dShrYqcZk1gDg=; b=IqKvzuC9PgNObV8K4+LHWC+sCDc7f+ktQK1oza+Fl8slzgRoMc9PSf6P2a9k4eL2KT8xkB 2px1w2igA1qOHfY32fRYgPvjn10pJkU8WQUm9HmfcwauWocAX7aigZaMbamXbdim1wOqy3 leA40lygjDtWHyaE7Q931ZVR4ubFnWyi8F831qcxjPfSKMcYdX9gtzhce34FnTXIMs26lO Z8sSN3pmC10uqUsqsLlYzmD6j+vnSHtIvE11M3IlIXFEjcmkxZHx3j2l13qWxt5txjGJk6 +nLKvkEOx/6boxSGx05hRhB1qxzdBxq5PF/Fw8hHzSkzlkiiMBcqGSdUT1szjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1678030724; a=rsa-sha256; cv=none; b=YGOtxL5y2AIFWsCQCKGRilaluTXI9mrogD+r/y2SOvTNkgvsVYJD92wsPFsBpXdVIB06fl xPO2tcgqhBKFSNBAMNUsEq/PGKBCljNpCaFtUHkGYZX0mT2tLHjIVmoQJX46rU3fXjRb6J pV3dnjgMhWednH215Ukk0JBiaNL84HRQZ27WOF4ICL/dacuLuE54p2LuNmbOnk96I8IzC7 jQerstthFjVwS1R8OYXcdUWgXUs3LPRn33lHn2AzMxosk7vZcFhE+0WRpV1aHitBaVKMkd +xqDXJT9GMSATdOGuzbdAkgWsvlG8+HSVs1T6xMakxG9s6ScXPNfqtJCeHmnQg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PV5Tc0BrTzRB3; Sun, 5 Mar 2023 15:38:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 325FchoG063394; Sun, 5 Mar 2023 15:38:43 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 325FchKg063393; Sun, 5 Mar 2023 15:38:43 GMT (envelope-from git) Date: Sun, 5 Mar 2023 15:38:43 GMT Message-Id: <202303051538.325FchKg063393@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Kurt Jaeger Subject: git: 0cc82a481063 - main - security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pi X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0cc82a4810632d46ea854e9225f0f99a87ac2347 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by pi: URL: https://cgit.FreeBSD.org/ports/commit/?id=0cc82a4810632d46ea854e9225f0f99a87ac2347 commit 0cc82a4810632d46ea854e9225f0f99a87ac2347 Author: Kurt Jaeger AuthorDate: 2023-03-05 15:33:25 +0000 Commit: Kurt Jaeger CommitDate: 2023-03-05 15:38:18 +0000 security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463 See also: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html PR: 269976 Approved-by: Francois ten Krooden (maintainer) Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.10 --- security/strongswan/Makefile | 3 +- security/strongswan/distinfo | 6 +-- .../strongswan/files/patch-src_libtls_tls_server.c | 48 ---------------------- 3 files changed, 4 insertions(+), 53 deletions(-) diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile index 0870d891ebce..3861de54b247 100644 --- a/security/strongswan/Makefile +++ b/security/strongswan/Makefile @@ -1,6 +1,5 @@ PORTNAME= strongswan -DISTVERSION= 5.9.9 -PORTREVISION= 2 +DISTVERSION= 5.9.10 CATEGORIES= security net-vpn MASTER_SITES= https://download.strongswan.org/ \ https://download2.strongswan.org/ diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo index 49cedad3203e..a0375e3819be 100644 --- a/security/strongswan/distinfo +++ b/security/strongswan/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1673591641 -SHA256 (strongswan-5.9.9.tar.bz2) = 5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d -SIZE (strongswan-5.9.9.tar.bz2) = 4764675 +TIMESTAMP = 1678023733 +SHA256 (strongswan-5.9.10.tar.bz2) = 3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654 +SIZE (strongswan-5.9.10.tar.bz2) = 4765407 diff --git a/security/strongswan/files/patch-src_libtls_tls_server.c b/security/strongswan/files/patch-src_libtls_tls_server.c deleted file mode 100644 index 5bd53faab6fb..000000000000 --- a/security/strongswan/files/patch-src_libtls_tls_server.c +++ /dev/null @@ -1,48 +0,0 @@ -From 980750bde07136255784d6ef6cdb5c085d30e2f9 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner -Date: Fri, 17 Feb 2023 15:07:20 +0100 -Subject: [PATCH] libtls: Fix authentication bypass and expired pointer - dereference - -`public` is returned, but previously only if a trusted key was found. -We obviously don't want to return untrusted keys. However, since the -reference is released after determining the key type, the returned -object also doesn't have the correct refcount. - -So when the returned reference is released after verifying the TLS -signature, the public key object is actually destroyed. The certificate -object then points to an expired pointer, which is dereferenced once it -itself is destroyed after the authentication is complete. Depending on -whether the pointer is valid (i.e. points to memory allocated to the -process) and what was allocated there after the public key was freed, -this could result in a segmentation fault or even code execution. - -Fixes: 63fd718915b5 ("libtls: call create_public_enumerator() with key_type") -Fixes: CVE-2023-26463 ---- - src/libtls/tls_server.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c -index c9c300917dd6..573893f2efb5 100644 ---- src/libtls/tls_server.c -+++ src/libtls/tls_server.c -@@ -183,11 +183,11 @@ public_key_t *tls_find_public_key(auth_cfg_t *peer_auth, identification_t *id) - cert = peer_auth->get(peer_auth, AUTH_HELPER_SUBJECT_CERT); - if (cert) - { -- public = cert->get_public_key(cert); -- if (public) -+ current = cert->get_public_key(cert); -+ if (current) - { -- key_type = public->get_type(public); -- public->destroy(public); -+ key_type = current->get_type(current); -+ current->destroy(current); - } - enumerator = lib->credmgr->create_public_enumerator(lib->credmgr, - key_type, id, peer_auth, TRUE); --- -2.25.1 -