From c39f703bdd50436e74ab91b8696d61a3e751b55b Mon Sep 17 00:00:00 2001
From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Wed, 17 Oct 2018 18:54:07 +0200
Subject: [PATCH] strongswan: bump to 5.7.1

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
---
 net/strongswan/Makefile                       |  4 +-
 .../patches/011-gmp-cve-2018-17540.patch      | 38 -------------------
 .../patches/305-minimal_dh_plugin.patch       |  8 ++--
 3 files changed, 6 insertions(+), 44 deletions(-)
 delete mode 100644 net/strongswan/patches/011-gmp-cve-2018-17540.patch

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index d9044b7e2..60c4fe9a4 100644
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
-PKG_VERSION:=5.7.0
+PKG_VERSION:=5.7.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=d6fd0994320bc027090f6ee34964e59c42e761e7dac36cfcf1836c8cefc53c5c
 PKG_SOURCE_URL:=http://download.strongswan.org/ http://download2.strongswan.org/
+PKG_HASH:=006f9c9126e2a2f4e7a874b5e1bd2abec1bbbb193c8b3b3a4c6ccd8c2d454bec
 PKG_LICENSE:=GPL-2.0+
 PKG_MAINTAINER:=Stijn Tintel <stijn@linux-ipv6.be>
 
diff --git a/net/strongswan/patches/011-gmp-cve-2018-17540.patch b/net/strongswan/patches/011-gmp-cve-2018-17540.patch
deleted file mode 100644
index 225a5c803..000000000
--- a/net/strongswan/patches/011-gmp-cve-2018-17540.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 129ab919a8c3abfc17bea776f0774e0ccf33ca09 Mon Sep 17 00:00:00 2001
-From: Tobias Brunner <tobias@strongswan.org>
-Date: Tue, 25 Sep 2018 14:50:08 +0200
-Subject: [PATCH] gmp: Fix buffer overflow with very small RSA keys
-
-Because `keylen` is unsigned the subtraction results in an integer
-underflow if the key length is < 11 bytes.
-
-This is only a problem when verifying signatures with a public key (for
-private keys the plugin enforces a minimum modulus length) and to do so
-we usually only use trusted keys.  However, the x509 plugin actually
-calls issued_by() on a parsed certificate to check if it is self-signed,
-which is the reason this issue was found by OSS-Fuzz in the first place.
-So, unfortunately, this can be triggered by sending an invalid client
-cert to a peer.
-
-Fixes: 5955db5b124a ("gmp: Don't parse PKCS1 v1.5 RSA signatures to verify them")
-Fixes: CVE-2018-17540
----
- src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
-index e9a83fdf49a1..a255a40abce2 100644
---- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
-+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
-@@ -301,7 +301,7 @@ bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
- 		data = digestInfo;
- 	}
- 
--	if (data.len > keylen - 11)
-+	if (keylen < 11 || data.len > keylen - 11)
- 	{
- 		chunk_free(&digestInfo);
- 		DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of "
--- 
-2.7.4
-
diff --git a/net/strongswan/patches/305-minimal_dh_plugin.patch b/net/strongswan/patches/305-minimal_dh_plugin.patch
index 14a1de578..1dab1140c 100644
--- a/net/strongswan/patches/305-minimal_dh_plugin.patch
+++ b/net/strongswan/patches/305-minimal_dh_plugin.patch
@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -135,6 +135,7 @@ ARG_DISBL_SET([fips-prf],       [disable
+@@ -136,6 +136,7 @@ ARG_DISBL_SET([fips-prf],       [disable
  ARG_ENABL_SET([gcm],            [enables the GCM AEAD wrapper crypto plugin.])
  ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
  ARG_DISBL_SET([gmp],            [disable GNU MP (libgmp) based crypto implementation plugin.])
@@ -8,7 +8,7 @@
  ARG_DISBL_SET([curve25519],     [disable Curve25519 Diffie-Hellman plugin.])
  ARG_DISBL_SET([hmac],           [disable HMAC crypto implementation plugin.])
  ARG_ENABL_SET([md4],            [enable MD4 software implementation plugin.])
-@@ -1407,6 +1408,7 @@ ADD_PLUGIN([gcrypt],               [s ch
+@@ -1410,6 +1411,7 @@ ADD_PLUGIN([botan],                [s ch
  ADD_PLUGIN([af-alg],               [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
  ADD_PLUGIN([fips-prf],             [s charon nm cmd])
  ADD_PLUGIN([gmp],                  [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
@@ -16,7 +16,7 @@
  ADD_PLUGIN([curve25519],           [s charon pki scripts nm cmd])
  ADD_PLUGIN([agent],                [s charon nm cmd])
  ADD_PLUGIN([keychain],             [s charon cmd])
-@@ -1547,6 +1549,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
+@@ -1550,6 +1552,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
  AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
  AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
  AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
@@ -24,7 +24,7 @@
  AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue)
  AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
  AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
-@@ -1823,6 +1826,7 @@ AC_CONFIG_FILES([
+@@ -1824,6 +1827,7 @@ AC_CONFIG_FILES([
  	src/libstrongswan/plugins/mgf1/Makefile
  	src/libstrongswan/plugins/fips_prf/Makefile
  	src/libstrongswan/plugins/gmp/Makefile