diff --git a/SOURCES/libreswan-3.27-CVE-2020-1763.patch b/SOURCES/libreswan-3.27-CVE-2020-1763.patch new file mode 100644 index 0000000..c634bdb --- /dev/null +++ b/SOURCES/libreswan-3.27-CVE-2020-1763.patch @@ -0,0 +1,13 @@ +diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c +index 38dfe060db..b5ad3e4560 100644 +--- a/programs/pluto/ikev1.c ++++ b/programs/pluto/ikev1.c +@@ -2047,7 +2047,7 @@ void process_packet_tail(struct msg_digest **mdp) + "%smessage ignored because it contains a payload type (%s) unexpected by state %s", + excuse, + enum_show(&ikev1_payload_names, np), +- st->st_state_name); ++ (st == NULL) ? "" : st->st_state_name); + if (!md->encrypted) { + SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE); + } diff --git a/SPECS/libreswan.spec b/SPECS/libreswan.spec index 4419183..9a67595 100644 --- a/SPECS/libreswan.spec +++ b/SPECS/libreswan.spec @@ -33,7 +33,7 @@ Name: libreswan Summary: IPsec implementation with IKEv1 and IKEv2 keying protocols # version is generated in the release script Version: 3.29 -Release: %{?prever:0.}6%{?prever:.%{prever}}%{?dist} +Release: %{?prever:0.}7%{?prever:.%{prever}}%{?dist} License: GPLv2 Url: https://libreswan.org/ Source0: https://download.libreswan.org/%{?prever:with_development/}%{name}-%{version}%{?prever}.tar.gz @@ -49,6 +49,7 @@ Patch3: libreswan-3.29-1723957-audit.patch Patch4: libreswan-3.25-1724200-halfopen-shunt.patch Patch5: libreswan-3.29-1699318-show.patch Patch6: libreswan-3.29-1714331-nss-kdf.patch +Patch7: libreswan-3.27-CVE-2020-1763.patch Group: System Environment/Daemons BuildRequires: bison flex pkgconfig @@ -106,6 +107,7 @@ Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 pathfix.py -i %{__python3} -pn programs/verify/verify.in programs/show/show.in \ testing/cert_verify/usage_test testing/pluto/ikev1-01-fuzzer/cve-2015-3204.py \ @@ -233,6 +235,9 @@ certutil -N -d sql:$tmpdir --empty-password %{_libdir}/fipscheck/pluto.hmac %changelog +* Wed Apr 29 2020 Paul Wouters - 3.29-7 +- Resolves: rhbz#1814935 CVE-2020-1763 doS attack via malicious IKEv1 informational exchange message [rhel-8.2.0.z] + * Tue Aug 13 2019 Paul Wouters - 3.29-6 - Resolves: rhbz#1714331 support NSS based IKE KDF's [require updated nss for rhbz 1738689, memleak fix]