strongswan4: backport 4.6.3 patch (CVE-2012-2388, #11576)

SVN-Revision: 32034

diff --git a/net/strongswan4/Makefile b/net/strongswan4/Makefile
index 65f03ce093af50cda388e8cee50e4963fcade63f..30440202b4cb18c135003e1fef711e77f13b70b8 100644 (file)
--- a/net/strongswan4/Makefile
+++ b/net/strongswan4/Makefile
@@ -1,5 +1,5 @@
 # 
-# Copyright (C) 2010-2011 OpenWrt.org
+# Copyright (C) 2010-2012 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
 PKG_VERSION:=4.5.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://download.strongswan.org/

diff --git a/net/strongswan4/patches/400-CVE-2012-2388.patch b/net/strongswan4/patches/400-CVE-2012-2388.patch
new file mode 100644 (file)
index 0000000..2ea5918
--- /dev/null
+++ b/net/strongswan4/patches/400-CVE-2012-2388.patch
@@ -0,0 +1,21 @@
+From 5a858c3197bbda9acda5289003e9015bef560dc7 Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin@revosec.ch>
+Date: Mon, 7 May 2012 13:51:46 +0200
+Subject: [PATCH] Fix boolean return value if an empty RSA signature is
+ detected in gmp plugin
+
+---
+ src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+@@ -137,7 +137,7 @@ static bool verify_emsa_pkcs1_signature(
+ 
+       if (signature.len == 0 || signature.len > this->k)
+       {
+-              return INVALID_ARG;
++              return FALSE;
+       }
+ 
+       /* unpack signature */