diff options
author | krion <krion@FreeBSD.org> | 2018-05-31 20:39:51 +0800 |
---|---|---|
committer | krion <krion@FreeBSD.org> | 2018-05-31 20:39:51 +0800 |
commit | a650e99aea2cb8f72856b86fa5976de0ddfd4c46 (patch) | |
tree | 528d366a7d8328f3f9c28e8f40cb2f9aaa8c01fb /security/strongswan/files | |
parent | b980c120e3dc4cb993ef9f1944b27a1f95d7517a (diff) | |
download | freebsd-ports-gnome-a650e99aea2cb8f72856b86fa5976de0ddfd4c46.tar.gz freebsd-ports-gnome-a650e99aea2cb8f72856b86fa5976de0ddfd4c46.tar.zst freebsd-ports-gnome-a650e99aea2cb8f72856b86fa5976de0ddfd4c46.zip |
Update to 5.6.3
Fixes:
- Denial-of-Service Vulnerability in the IKEv2 key derivation
(CVE-2018-10811)
- Denial-of-Service Vulnerability in the stroke plugin
(CVE-2018-5388)
- Crash on FreeBSD that was present in 5.6.2
- The kernel-pfkey plugin optionally installs routes via internal
interface (one with an IP in the local traffic selector). On
FreeBSD, enabling this selects the correct source IP when sending
packets from the gateway itself.
PR: 228631
Submitted by: maintainer
Diffstat (limited to 'security/strongswan/files')
-rw-r--r-- | security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c b/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c deleted file mode 100644 index 722a2b8ceb0b..000000000000 --- a/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c +++ /dev/null @@ -1,22 +0,0 @@ ---- src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c.orig -+++ src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c -@@ -164,7 +164,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, - signature_scheme_t schemes[] = { - SIGN_RSA_EMSA_PKCS1_SHA2_384, - SIGN_RSA_EMSA_PKCS1_SHA2_256, -- }, contained; -+ }; - bool found; - int i, j; - -@@ -174,8 +174,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat, - found = FALSE; - for (j = 0; j < array_count(selected); j++) - { -- array_get(selected, j, &contained); -- if (scheme == contained) -+ array_get(selected, j, &config); -+ if (scheme == config->scheme) - { - found = TRUE; - break; |