summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2013-11-01 13:35:39 +0100
committerYves-Alexis Perez <corsac@debian.org>2013-11-01 13:35:39 +0100
commit0a105a808fbfe27a56e06745fee3b75783dbf9f2 (patch)
tree82e0da1f1059e29f2cdd373573b99991c55cf2ff /debian
parentfa6c72bfc3e2a4b89a5604512e41c8912259a144 (diff)
downloadvyos-strongswan-0a105a808fbfe27a56e06745fee3b75783dbf9f2.tar.gz
vyos-strongswan-0a105a808fbfe27a56e06745fee3b75783dbf9f2.zip
remove security patches included in upstream release.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog2
-rw-r--r--debian/patches/CVE-2013-6075.patch27
-rw-r--r--debian/patches/CVE-2013-6076.patch27
-rw-r--r--debian/patches/series2
4 files changed, 2 insertions, 56 deletions
diff --git a/debian/changelog b/debian/changelog
index ba7f8a9fd..4feff7dfa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,8 @@ strongswan (5.1.1-1) UNRELEASED; urgency=low
- da.po updated. closes: #725620
- nb.po updated, thanks Bjørn Steensrud. closes: #725497
- fr.po updated, thanks Christian Perrier. closes: #725469
+ * debian/patches:
+ - CVE-2013-6075 and CVE-2013-6076 dropped, included upstream.
[ Romain Francoise ]
* debian/rules:
diff --git a/debian/patches/CVE-2013-6075.patch b/debian/patches/CVE-2013-6075.patch
deleted file mode 100644
index d50616a60..000000000
--- a/debian/patches/CVE-2013-6075.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001
-From: Martin Willi <martin@revosec.ch>
-Date: Mon, 7 Oct 2013 14:21:57 +0200
-Subject: [PATCH] identification: Properly check length before comparing for
- binary DN equality
-
-Fixes CVE-2013-6075.
----
- src/libstrongswan/utils/identification.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
-index 5df3e5f..9c43ad5 100644
---- a/src/libstrongswan/utils/identification.c
-+++ b/src/libstrongswan/utils/identification.c
-@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc)
- }
- }
- /* try a binary compare */
-- if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len))
-+ if (chunk_equals(t_dn, o_dn))
- {
- return TRUE;
- }
---
-1.8.1.2
-
diff --git a/debian/patches/CVE-2013-6076.patch b/debian/patches/CVE-2013-6076.patch
deleted file mode 100644
index 51f0ae37d..000000000
--- a/debian/patches/CVE-2013-6076.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From d8867a8452eece3fffab29605f48e6bed47c42d4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Volker=20R=C3=BCmelin?= <vr_strongswan@t-online.de>
-Date: Fri, 11 Oct 2013 09:38:24 +0200
-Subject: [PATCH] ikev1: Properly initialize list of fragments in case fragment
- ID is 0
-
-Fixes CVE-2013-6076.
----
- src/libcharon/sa/ikev1/task_manager_v1.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
-index 6d4ef14..597416e 100644
---- a/src/libcharon/sa/ikev1/task_manager_v1.c
-+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
-@@ -1273,7 +1273,7 @@ static status_t handle_fragment(private_task_manager_t *this, message_t *msg)
- return FAILED;
- }
-
-- if (this->frag.id != payload->get_id(payload))
-+ if (!this->frag.list || this->frag.id != payload->get_id(payload))
- {
- clear_fragments(this, payload->get_id(payload));
- this->frag.list = linked_list_create();
---
-1.8.1.2
-
diff --git a/debian/patches/series b/debian/patches/series
index fadf557e2..2cf256b6c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1 @@
01_fix-manpages.patch
-CVE-2013-6075.patch
-CVE-2013-6076.patch