diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:35:39 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:35:39 +0100 |
commit | 0a105a808fbfe27a56e06745fee3b75783dbf9f2 (patch) | |
tree | 82e0da1f1059e29f2cdd373573b99991c55cf2ff /debian | |
parent | fa6c72bfc3e2a4b89a5604512e41c8912259a144 (diff) | |
download | vyos-strongswan-0a105a808fbfe27a56e06745fee3b75783dbf9f2.tar.gz vyos-strongswan-0a105a808fbfe27a56e06745fee3b75783dbf9f2.zip |
remove security patches included in upstream release.
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/patches/CVE-2013-6075.patch | 27 | ||||
-rw-r--r-- | debian/patches/CVE-2013-6076.patch | 27 | ||||
-rw-r--r-- | debian/patches/series | 2 |
4 files changed, 2 insertions, 56 deletions
diff --git a/debian/changelog b/debian/changelog index ba7f8a9fd..4feff7dfa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -22,6 +22,8 @@ strongswan (5.1.1-1) UNRELEASED; urgency=low - da.po updated. closes: #725620 - nb.po updated, thanks Bjørn Steensrud. closes: #725497 - fr.po updated, thanks Christian Perrier. closes: #725469 + * debian/patches: + - CVE-2013-6075 and CVE-2013-6076 dropped, included upstream. [ Romain Francoise ] * debian/rules: diff --git a/debian/patches/CVE-2013-6075.patch b/debian/patches/CVE-2013-6075.patch deleted file mode 100644 index d50616a60..000000000 --- a/debian/patches/CVE-2013-6075.patch +++ /dev/null @@ -1,27 +0,0 @@ -From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001 -From: Martin Willi <martin@revosec.ch> -Date: Mon, 7 Oct 2013 14:21:57 +0200 -Subject: [PATCH] identification: Properly check length before comparing for - binary DN equality - -Fixes CVE-2013-6075. ---- - src/libstrongswan/utils/identification.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c -index 5df3e5f..9c43ad5 100644 ---- a/src/libstrongswan/utils/identification.c -+++ b/src/libstrongswan/utils/identification.c -@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) - } - } - /* try a binary compare */ -- if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len)) -+ if (chunk_equals(t_dn, o_dn)) - { - return TRUE; - } --- -1.8.1.2 - diff --git a/debian/patches/CVE-2013-6076.patch b/debian/patches/CVE-2013-6076.patch deleted file mode 100644 index 51f0ae37d..000000000 --- a/debian/patches/CVE-2013-6076.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d8867a8452eece3fffab29605f48e6bed47c42d4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Volker=20R=C3=BCmelin?= <vr_strongswan@t-online.de> -Date: Fri, 11 Oct 2013 09:38:24 +0200 -Subject: [PATCH] ikev1: Properly initialize list of fragments in case fragment - ID is 0 - -Fixes CVE-2013-6076. ---- - src/libcharon/sa/ikev1/task_manager_v1.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c -index 6d4ef14..597416e 100644 ---- a/src/libcharon/sa/ikev1/task_manager_v1.c -+++ b/src/libcharon/sa/ikev1/task_manager_v1.c -@@ -1273,7 +1273,7 @@ static status_t handle_fragment(private_task_manager_t *this, message_t *msg) - return FAILED; - } - -- if (this->frag.id != payload->get_id(payload)) -+ if (!this->frag.list || this->frag.id != payload->get_id(payload)) - { - clear_fragments(this, payload->get_id(payload)); - this->frag.list = linked_list_create(); --- -1.8.1.2 - diff --git a/debian/patches/series b/debian/patches/series index fadf557e2..2cf256b6c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1 @@ 01_fix-manpages.patch -CVE-2013-6075.patch -CVE-2013-6076.patch |