From 1cca4a4a79d4bac4f1a2d59d44c96b3de6cdb3cf Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Thu, 30 Apr 2026 18:49:17 +0800 Subject: [PATCH] strongswan: upgrade 6.0.5 -> 6.0.6 Changelog: =========== - CVE-2026-35328 - Fixed a vulnerability in libtls related to the processing of the supported_versions extension in TLS that can result in an infinite loop. - CVE-2026-35329 - Fixed a vulnerability in libstrongswan and the pkcs7 plugin related to the processing of encrypted PKCS#7 containers that can result in a crash. - CVE-2026-35330 - Fixed a vulnerability in in libsimaka related to the processing of certain EAP-SIM/AKA attributes that can result in an infinite loop or a heap-based buffer overflow and potentially remote code execution. - CVE-2026-35331 - Fixed a vulnerability in the constraints plugin related to the processing of X.509 name constraints that can allow authentication with certificates that violate the constraints. - CVE-2026-35332 - Fixed a vulnerability in libtls related to the processing of ECDH public values in TLS < 1.3 that can result in a crash. - CVE-2026-35333 - Fixed a vulnerability in libradius related to the processing of RADIUS attributes that can result in an infinite loop or an out-of-bounds read that may cause a crash. - CVE-2026-35334 - Fixed a vulnerability in the gmp plugin related to RSA decryption that can result in a crash. - Made the Botan RNG types used/provided by the botan plugin configurable. - The fix for the vulnerability in the constraints plugin now causes all certificates that contain excluded name constraints of type directoryName (DN) to get rejected. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --- .../strongswan/{strongswan_6.0.5.bb => strongswan_6.0.6.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/strongswan/{strongswan_6.0.5.bb => strongswan_6.0.6.bb} (99%) diff --git a/meta-networking/recipes-support/strongswan/strongswan_6.0.5.bb b/meta-networking/recipes-support/strongswan/strongswan_6.0.6.bb similarity index 99% rename from meta-networking/recipes-support/strongswan/strongswan_6.0.5.bb rename to meta-networking/recipes-support/strongswan/strongswan_6.0.6.bb index 405080070c..daa6552899 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_6.0.5.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_6.0.6.bb @@ -10,7 +10,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2" -SRC_URI[sha256sum] = "437460893655d6cfbc2def79d2da548cb5175b865520c507201ab2ec2e7895d9" +SRC_URI[sha256sum] = "07df7cedae56a7f3bb07e66d21a1f9f87e961db70e99184e11d3819413e4f87c" UPSTREAM_CHECK_REGEX = "strongswan-(?P\d+(\.\d+)+)\.tar"