diff -Nru strongswan-5.5.1/debian/changelog strongswan-5.5.1/debian/changelog --- strongswan-5.5.1/debian/changelog 2017-04-10 08:56:49.000000000 +0000 +++ strongswan-5.5.1/debian/changelog 2017-05-24 18:53:29.000000000 +0000 @@ -1,3 +1,19 @@ +strongswan (5.5.1-1ubuntu3.1) zesty-security; urgency=medium + + * SECURITY UPDATE: Insufficient Input Validation in gmp Plugin + - debian/patches/CVE-2017-9022.patch: make sure the modulus is odd and + the exponent not zero in + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. + - CVE-2017-9022 + * SECURITY UPDATE: Incorrect Handling of CHOICE types in ASN.1 parser and + x509 plugin + - debian/patches/CVE-2017-9023.patch: fix CHOICE parsing in + src/libstrongswan/asn1/asn1_parser.*, + src/libstrongswan/plugins/x509/x509_cert.c. + - CVE-2017-9023 + + -- Marc Deslauriers Wed, 24 May 2017 14:53:29 -0400 + strongswan (5.5.1-1ubuntu3) zesty; urgency=medium * Rebuild against new libldns2. diff -Nru strongswan-5.5.1/debian/patches/CVE-2017-9022.patch strongswan-5.5.1/debian/patches/CVE-2017-9022.patch --- strongswan-5.5.1/debian/patches/CVE-2017-9022.patch 1970-01-01 00:00:00.000000000 +0000 +++ strongswan-5.5.1/debian/patches/CVE-2017-9022.patch 2017-05-24 18:53:19.000000000 +0000 @@ -0,0 +1,41 @@ +From 1bf67b900fb4955a0b09f3c1cbe1ce7177adbe2f Mon Sep 17 00:00:00 2001 +From: Tobias Brunner +Date: Wed, 29 Mar 2017 11:26:24 +0200 +Subject: [PATCH] gmp: Make sure the modulus is odd and the exponent not zero + +Unlike mpz_powm() its secure replacement mpz_powm_sec() has the additional +requirement that the exponent must be > 0 and the modulus has to be odd. +Otherwise, it will crash with a floating-point exception. + +Fixes: CVE-2017-9022 +--- + src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +index 2b2c7f249590..32a72ac9600b 100644 +--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c ++++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +@@ -475,7 +475,7 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) + } + break; + } +- if (!e.ptr || !n.ptr) ++ if (!e.len || !n.len || (n.ptr[n.len-1] & 0x01) == 0) + { + return NULL; + } +@@ -506,5 +506,10 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) + + this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE; + ++ if (!mpz_sgn(this->e)) ++ { ++ destroy(this); ++ return NULL; ++ } + return &this->public; + } +-- +1.9.1 + diff -Nru strongswan-5.5.1/debian/patches/CVE-2017-9023.patch strongswan-5.5.1/debian/patches/CVE-2017-9023.patch --- strongswan-5.5.1/debian/patches/CVE-2017-9023.patch 1970-01-01 00:00:00.000000000 +0000 +++ strongswan-5.5.1/debian/patches/CVE-2017-9023.patch 2017-05-24 18:53:26.000000000 +0000 @@ -0,0 +1,372 @@ +From e3d4fe2be3bda0d9acc985a6cd67efe249d8326c Mon Sep 17 00:00:00 2001 +From: Andreas Steffen +Date: Fri, 5 May 2017 09:01:08 +0200 +Subject: [PATCH] asn1-parser: Fix CHOICE parsing + +Also fixes the application in the x509 plugin and the parsing of +nameConstraints, which doesn't require a loop. + +Fixes: CVE-2017-9023 +--- + src/libstrongswan/asn1/asn1_parser.c | 70 +++++++++++++++--- + src/libstrongswan/asn1/asn1_parser.h | 27 +++---- + src/libstrongswan/plugins/x509/x509_cert.c | 115 +++++++++++++++-------------- + 3 files changed, 135 insertions(+), 77 deletions(-) + +Index: strongswan-5.5.1/src/libstrongswan/asn1/asn1_parser.c +=================================================================== +--- strongswan-5.5.1.orig/src/libstrongswan/asn1/asn1_parser.c 2017-05-24 14:53:24.584171075 -0400 ++++ strongswan-5.5.1/src/libstrongswan/asn1/asn1_parser.c 2017-05-24 14:53:24.580171020 -0400 +@@ -1,8 +1,7 @@ + /* + * Copyright (C) 2006 Martin Will +- * Copyright (C) 2000-2008 Andreas Steffen +- * +- * Hochschule fuer Technik Rapperswil ++ * Copyright (C) 2000-2017 Andreas Steffen ++ * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the +@@ -76,12 +75,18 @@ struct private_asn1_parser_t { + * Current parsing pointer for each level + */ + chunk_t blobs[ASN1_MAX_LEVEL + 2]; ++ ++ /** ++ * Parsing a CHOICE on the current level ? ++ */ ++ bool choice[ASN1_MAX_LEVEL + 2]; ++ + }; + + METHOD(asn1_parser_t, iterate, bool, + private_asn1_parser_t *this, int *objectID, chunk_t *object) + { +- chunk_t *blob, *blob1; ++ chunk_t *blob, *blob1, blob_ori; + u_char *start_ptr; + u_int level; + asn1Object_t obj; +@@ -97,7 +102,7 @@ METHOD(asn1_parser_t, iterate, bool, + return FALSE; + } + +- if (obj.flags & ASN1_END) /* end of loop or option found */ ++ if (obj.flags & ASN1_END) /* end of loop or choice or option found */ + { + if (this->loopAddr[obj.level] && this->blobs[obj.level+1].len > 0) + { +@@ -106,13 +111,42 @@ METHOD(asn1_parser_t, iterate, bool, + } + else + { +- this->loopAddr[obj.level] = 0; /* exit loop or option*/ ++ this->loopAddr[obj.level] = 0; /* exit loop */ ++ ++ if (obj.flags & ASN1_CHOICE) /* end of choices */ ++ { ++ if (this->choice[obj.level+1]) ++ { ++ DBG1(DBG_ASN, "L%d - %s: incorrect choice encoding", ++ this->level0 + obj.level, obj.name); ++ this->success = FALSE; ++ goto end; ++ } ++ } ++ ++ if (obj.flags & ASN1_CH) /* end of choice */ ++ { ++ /* parsed a valid choice */ ++ this->choice[obj.level] = FALSE; ++ ++ /* advance to end of choices */ ++ do ++ { ++ this->line++; ++ } ++ while (!((this->objects[this->line].flags & ASN1_END) && ++ (this->objects[this->line].flags & ASN1_CHOICE) && ++ (this->objects[this->line].level == obj.level-1))); ++ this->line--; ++ } ++ + goto end; + } + } + + level = this->level0 + obj.level; + blob = this->blobs + obj.level; ++ blob_ori = *blob; + blob1 = blob + 1; + start_ptr = blob->ptr; + +@@ -129,7 +163,6 @@ METHOD(asn1_parser_t, iterate, bool, + } + + /* handle ASN.1 options */ +- + if ((obj.flags & ASN1_OPT) + && (blob->len == 0 || *start_ptr != obj.type)) + { +@@ -144,7 +177,6 @@ METHOD(asn1_parser_t, iterate, bool, + } + + /* an ASN.1 object must possess at least a tag and length field */ +- + if (blob->len < 2) + { + DBG1(DBG_ASN, "L%d - %s: ASN.1 object smaller than 2 octets", +@@ -167,8 +199,16 @@ METHOD(asn1_parser_t, iterate, bool, + blob->ptr += blob1->len; + blob->len -= blob1->len; + +- /* return raw ASN.1 object without prior type checking */ ++ /* handle ASN.1 choice without explicit context encoding */ ++ if ((obj.flags & ASN1_CHOICE) && obj.type == ASN1_EOC) ++ { ++ DBG2(DBG_ASN, "L%d - %s:", level, obj.name); ++ this->choice[obj.level+1] = TRUE; ++ *blob1 = blob_ori; ++ goto end; ++ } + ++ /* return raw ASN.1 object without prior type checking */ + if (obj.flags & ASN1_RAW) + { + DBG2(DBG_ASN, "L%d - %s:", level, obj.name); +@@ -209,6 +249,18 @@ METHOD(asn1_parser_t, iterate, bool, + } + } + ++ /* In case of a "CHOICE" start to scan for exactly one valid choice */ ++ if (obj.flags & ASN1_CHOICE) ++ { ++ if (blob1->len == 0) ++ { ++ DBG1(DBG_ASN, "L%d - %s: contains no choice", level, obj.name); ++ this->success = FALSE; ++ goto end; ++ } ++ this->choice[obj.level+1] = TRUE; ++ } ++ + if (obj.flags & ASN1_OBJ) + { + object->ptr = start_ptr; +Index: strongswan-5.5.1/src/libstrongswan/asn1/asn1_parser.h +=================================================================== +--- strongswan-5.5.1.orig/src/libstrongswan/asn1/asn1_parser.h 2017-05-24 14:53:24.584171075 -0400 ++++ strongswan-5.5.1/src/libstrongswan/asn1/asn1_parser.h 2017-05-24 14:53:24.580171020 -0400 +@@ -1,8 +1,7 @@ + /* + * Copyright (C) 2006 Martin Will +- * Copyright (C) 2000-2008 Andreas Steffen +- * +- * Hochschule fuer Technik Rapperswil ++ * Copyright (C) 2000-2017 Andreas Steffen ++ * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the +@@ -32,15 +31,17 @@ + /** + * Definition of ASN.1 flags + */ +-#define ASN1_NONE 0x00 +-#define ASN1_DEF 0x01 +-#define ASN1_OPT 0x02 +-#define ASN1_LOOP 0x04 +-#define ASN1_END 0x08 +-#define ASN1_OBJ 0x10 +-#define ASN1_BODY 0x20 +-#define ASN1_RAW 0x40 +-#define ASN1_EXIT 0x80 ++#define ASN1_NONE 0x0000 ++#define ASN1_DEF 0x0001 ++#define ASN1_OPT 0x0002 ++#define ASN1_LOOP 0x0004 ++#define ASN1_CHOICE 0x0008 ++#define ASN1_CH 0x0010 ++#define ASN1_END 0x0020 ++#define ASN1_OBJ 0x0040 ++#define ASN1_BODY 0x0080 ++#define ASN1_RAW 0x0100 ++#define ASN1_EXIT 0x0200 + + typedef struct asn1Object_t asn1Object_t; + +@@ -51,7 +52,7 @@ struct asn1Object_t{ + u_int level; + const u_char *name; + asn1_t type; +- u_char flags; ++ uint16_t flags; + }; + + typedef struct asn1_parser_t asn1_parser_t; +Index: strongswan-5.5.1/src/libstrongswan/plugins/x509/x509_cert.c +=================================================================== +--- strongswan-5.5.1.orig/src/libstrongswan/plugins/x509/x509_cert.c 2017-05-24 14:53:24.584171075 -0400 ++++ strongswan-5.5.1/src/libstrongswan/plugins/x509/x509_cert.c 2017-05-24 14:53:24.584171075 -0400 +@@ -2,10 +2,10 @@ + * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann + * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss + * Copyright (C) 2002 Mario Strasser +- * Copyright (C) 2000-2006 Andreas Steffen ++ * Copyright (C) 2000-2017 Andreas Steffen + * Copyright (C) 2006-2009 Martin Willi + * Copyright (C) 2008 Tobias Brunner +- * Hochschule fuer Technik Rapperswil ++ * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the +@@ -769,20 +769,20 @@ static void parse_extendedKeyUsage(chunk + * ASN.1 definition of crlDistributionPoints + */ + static const asn1Object_t crlDistributionPointsObjects[] = { +- { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ +- { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ +- { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 2 */ +- { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */ +- { 3, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ +- { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */ +- { 3, "end choice", ASN1_EOC, ASN1_END }, /* 6 */ +- { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ +- { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ +- { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ +- { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ +- { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ +- { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ +- { 0, "exit", ASN1_EOC, ASN1_EXIT } ++ { 0, "crlDistributionPoints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ ++ { 1, "DistributionPoint", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ ++ { 2, "distributionPoint", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_CHOICE }, /* 2 */ ++ { 3, "fullName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_OBJ }, /* 3 */ ++ { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 4 */ ++ { 3, "nameRelToCRLIssuer",ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 5 */ ++ { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 6 */ ++ { 2, "end opt/choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 7 */ ++ { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ ++ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ ++ { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ ++ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ ++ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ ++ { 0, "exit", ASN1_EOC, ASN1_EXIT } + }; + #define CRL_DIST_POINTS 1 + #define CRL_DIST_POINTS_FULLNAME 3 +@@ -880,14 +880,13 @@ void x509_parse_crlDistributionPoints(ch + * ASN.1 definition of nameConstraints + */ + static const asn1Object_t nameConstraintsObjects[] = { +- { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ ++ { 0, "nameConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "permittedSubtrees", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_LOOP }, /* 1 */ + { 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 2 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 3 */ + { 1, "excludedSubtrees", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_LOOP }, /* 4 */ + { 2, "generalSubtree", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */ + { 1, "end loop", ASN1_EOC, ASN1_END }, /* 6 */ +- { 0, "end loop", ASN1_EOC, ASN1_END }, /* 7 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } + }; + #define NAME_CONSTRAINT_PERMITTED 2 +@@ -936,25 +935,27 @@ static void parse_nameConstraints(chunk_ + * ASN.1 definition of a certificatePolicies extension + */ + static const asn1Object_t certificatePoliciesObject[] = { +- { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ +- { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ +- { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ +- { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ +- { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ +- { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ +- { 4, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ +- { 4, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ +- { 4, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 8 */ +- { 5, "explicitText", ASN1_EOC, ASN1_RAW }, /* 9 */ +- { 4, "end choice", ASN1_EOC, ASN1_END }, /* 10 */ +- { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ +- { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ +- { 0, "exit", ASN1_EOC, ASN1_EXIT } ++ { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ ++ { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ ++ { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ ++ { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ ++ { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ ++ { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ ++ { 4, "qualifier", ASN1_EOC, ASN1_CHOICE }, /* 6 */ ++ { 5, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 7 */ ++ { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 8 */ ++ { 5, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 9 */ ++ { 6, "explicitText", ASN1_EOC, ASN1_RAW }, /* 10 */ ++ { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 11 */ ++ { 4, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 12 */ ++ { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 13 */ ++ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 14 */ ++ { 0, "exit", ASN1_EOC, ASN1_EXIT } + }; +-#define CERT_POLICY_ID 2 +-#define CERT_POLICY_QUALIFIER_ID 5 +-#define CERT_POLICY_CPS_URI 6 +-#define CERT_POLICY_EXPLICIT_TEXT 9 ++#define CERT_POLICY_ID 2 ++#define CERT_POLICY_QUALIFIER_ID 5 ++#define CERT_POLICY_CPS_URI 7 ++#define CERT_POLICY_EXPLICIT_TEXT 10 + + /** + * Parse certificatePolicies +@@ -1107,27 +1108,31 @@ static void parse_policyConstraints(chun + * ASN.1 definition of ipAddrBlocks according to RFC 3779 + */ + static const asn1Object_t ipAddrBlocksObjects[] = { +- { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ +- { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ +- { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ +- { 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */ +- { 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ +- { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ +- { 3, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ +- { 3, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ +- { 3, "addressRange", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ +- { 4, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 9 */ +- { 4, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 10 */ +- { 3, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ +- { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ +- { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ +- { 0, "exit", ASN1_EOC, ASN1_EXIT } ++ { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ ++ { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ ++ { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ ++ { 2, "ipAddressChoice", ASN1_EOC, ASN1_CHOICE }, /* 3 */ ++ { 3, "inherit", ASN1_NULL, ASN1_OPT }, /* 4 */ ++ { 3, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 5 */ ++ { 3, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 6 */ ++ { 4, "addressOrRange", ASN1_EOC, ASN1_CHOICE }, /* 7 */ ++ { 5, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 8 */ ++ { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 9 */ ++ { 5, "addressRange", ASN1_SEQUENCE, ASN1_OPT }, /* 10 */ ++ { 6, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 11 */ ++ { 6, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 12 */ ++ { 5, "end choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 13 */ ++ { 4, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 14 */ ++ { 3, "end loop/choice", ASN1_EOC, ASN1_END|ASN1_CH }, /* 15 */ ++ { 2, "end choices", ASN1_EOC, ASN1_END|ASN1_CHOICE }, /* 16 */ ++ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 17 */ ++ { 0, "exit", ASN1_EOC, ASN1_EXIT } + }; + #define IP_ADDR_BLOCKS_FAMILY 2 +-#define IP_ADDR_BLOCKS_INHERIT 3 +-#define IP_ADDR_BLOCKS_PREFIX 6 +-#define IP_ADDR_BLOCKS_MIN 9 +-#define IP_ADDR_BLOCKS_MAX 10 ++#define IP_ADDR_BLOCKS_INHERIT 4 ++#define IP_ADDR_BLOCKS_PREFIX 8 ++#define IP_ADDR_BLOCKS_MIN 11 ++#define IP_ADDR_BLOCKS_MAX 12 + + static bool check_address_object(ts_type_t ts_type, chunk_t object) + { diff -Nru strongswan-5.5.1/debian/patches/series strongswan-5.5.1/debian/patches/series --- strongswan-5.5.1/debian/patches/series 2016-12-06 13:21:51.000000000 +0000 +++ strongswan-5.5.1/debian/patches/series 2017-05-24 18:53:23.000000000 +0000 @@ -3,3 +3,5 @@ 04_disable-libtls-tests.patch dont-load-kernel-libipsec-plugin-by-default.patch increase-bliss-test-timeout.patch +CVE-2017-9022.patch +CVE-2017-9023.patch