package/strongswan: security bump to version 5.9.5

Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This vulnerability has been registered as CVE-2021-45079: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html https://github.com/strongswan/strongswan/releases/tag/5.9.5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Reviewed-by: Quentin Schulz <foss+buildroot@0leil.net> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-02-13 12:33:32 +01:00 · 2022-02-13 12:33:32 +01:00 · a837937973
commit a837937973
parent 63f40a109b
2 changed files with 4 additions and 4 deletions
--- a/package/strongswan/strongswan.hash
+++ b/package/strongswan/strongswan.hash
@ -1,7 +1,7 @@
-# From http://download.strongswan.org/strongswan-5.9.4.tar.bz2.md5
-md5  9c387eb77f0159fdefbcf7e81c905c35  strongswan-5.9.4.tar.bz2
+# From http://download.strongswan.org/strongswan-5.9.5.tar.bz2.md5
+md5  53005324e3cba8592f1fb958b1c2d0e5  strongswan-5.9.5.tar.bz2
 # Calculated based on the hash above
-sha256  45fdf1a4c2af086d8ff5b76fd7b21d3b6f0890f365f83bf4c9a75dda26887518  strongswan-5.9.4.tar.bz2
+sha256  983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd  strongswan-5.9.5.tar.bz2
 # Locally calculated
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
 sha256  2292e21797754548dccdef9eef6aee7584e552fbd890fa914e1de8d3577d23f0  LICENSE
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-STRONGSWAN_VERSION = 5.9.4
+STRONGSWAN_VERSION = 5.9.5
 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
 STRONGSWAN_SITE = http://download.strongswan.org
 STRONGSWAN_LICENSE = GPL-2.0+