package/strongswan: security bump to version 5.9.13

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected. https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html https://github.com/strongswan/strongswan/blob/5.9.13/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-26 16:25:35 +01:00 · 2023-12-26 16:25:35 +01:00 · 9e5cbbb413
commit 9e5cbbb413
parent 158edd5aa9
2 changed files with 4 additions and 4 deletions
--- a/package/strongswan/strongswan.hash
+++ b/package/strongswan/strongswan.hash
@ -1,7 +1,7 @@
-# From http://download.strongswan.org/strongswan-5.9.11.tar.bz2.md5
-md5  673e194cd256af77b46928179f2c81ad  strongswan-5.9.11.tar.bz2
+# From http://download.strongswan.org/strongswan-5.9.13.tar.bz2.md5
+md5  9ada6be0c89846fb7ded1787a17cfbb2  strongswan-5.9.13.tar.bz2
 # Calculated based on the hash above
-sha256  ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d  strongswan-5.9.11.tar.bz2
+sha256  56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55  strongswan-5.9.13.tar.bz2
 # Locally calculated
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  2292e21797754548dccdef9eef6aee7584e552fbd890fa914e1de8d3577d23f0  LICENSE
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-STRONGSWAN_VERSION = 5.9.11
+STRONGSWAN_VERSION = 5.9.13
 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
 STRONGSWAN_SITE = http://download.strongswan.org
 STRONGSWAN_LICENSE = GPL-2.0+