Ubuntu
strongswan package

Merge lp:~randomaction/ubuntu/lucid/strongswan/merge-4.3.2-1.1 into lp:ubuntu/lucid/strongswan

  1. Lucid (10.04)
  2. merge-4.3.2-1.1
  3. Merge into lucid
Proposed by Ilya Barygin
Status: Merged
Merge reported by: Ilya Barygin
Merged at revision: not available
Proposed branch: lp:~randomaction/ubuntu/lucid/strongswan/merge-4.3.2-1.1
Merge into: lp:ubuntu/lucid/strongswan
Diff against target: 83 lines (+35/-10)
3 files modified
debian/changelog (+18/-0)
debian/rules (+1/-1)
src/libstrongswan/asn1/asn1.c (+16/-9)
To merge this branch: bzr merge lp:~randomaction/ubuntu/lucid/strongswan/merge-4.3.2-1.1
Reviewer Review Type Date Requested Status
Registry Administrators Pending
Review via email: mp+15662@code.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2009-10-23 15:02:23 +0000
3+++ debian/changelog 2009-12-04 18:10:26 +0000
4@@ -1,3 +1,21 @@
5+strongswan (4.3.2-1.1ubuntu1) lucid; urgency=low
6+
7+ * Merge from Debian testing (LP: #492396), remaining changes:
8+ - Build depend on libnm-glib-dev instead of libnm-glib-vpn-dev to
9+ match the network manager package naming in Ubuntu
10+
11+ -- Ilya Barygin <barygin@gmail.com> Fri, 04 Dec 2009 20:59:13 +0300
12+
13+strongswan (4.3.2-1.1) unstable; urgency=high
14+
15+ * Non-maintainer upload by the Security Team.
16+ * Fix incomplete fix for CVE-2009-2185 leading to a denial of service
17+ via malformed ASN.1 data (CVE-2009-2661; Closes: #540144).
18+ * Use dh_prep instead of dh_clean in install target
19+ + Fixes bug where the arch: all package is not included in .changes
20+
21+ -- Raphael Geissert <geissert@debian.org> Tue, 08 Sep 2009 18:37:35 -0500
22+
23 strongswan (4.3.2-1ubuntu3) karmic; urgency=low
24
25 * No change rebuild against libnm-glib
26
27=== modified file 'debian/rules'
28--- debian/rules 2009-06-21 17:50:02 +0000
29+++ debian/rules 2009-12-04 18:10:26 +0000
30@@ -85,7 +85,7 @@
31 install: build-stamp
32 dh_testdir
33 dh_testroot
34- dh_clean
35+ dh_prep
36 dh_installdirs
37 $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
38
39
40=== modified file 'src/libstrongswan/asn1/asn1.c'
41--- src/libstrongswan/asn1/asn1.c 2009-04-18 20:28:51 +0000
42+++ src/libstrongswan/asn1/asn1.c 2009-12-04 18:10:26 +0000
43@@ -260,25 +260,32 @@
44 u_char n;
45 size_t len;
46
47- /* advance from tag field on to length field */
48- blob->ptr++;
49- blob->len--;
50+ if (blob->len < 2)
51+ {
52+ DBG2("insufficient number of octets to parse ASN.1 length");
53+ return ASN1_INVALID_LENGTH;
54+ }
55
56- /* read first octet of length field */
57- n = *blob->ptr++;
58- blob->len--;
59+ /* read length field, skip tag and length */
60+ n = blob->ptr[1];
61+ *blob = chunk_skip(*blob, 2);
62
63 if ((n & 0x80) == 0)
64- {/* single length octet */
65+ { /* single length octet */
66+ if (n > blob->len)
67+ {
68+ DBG2("length is larger than remaining blob size");
69+ return ASN1_INVALID_LENGTH;
70+ }
71 return n;
72 }
73
74 /* composite length, determine number of length octets */
75 n &= 0x7f;
76
77- if (n > blob->len)
78+ if (n == 0 || n > blob->len)
79 {
80- DBG2("number of length octets is larger than ASN.1 object");
81+ DBG2("number of length octets invalid");
82 return ASN1_INVALID_LENGTH;
83 }
84

Subscribers

People subscribed via source and target branches

to all changes: