2221 lines
116 KiB
Plaintext
2221 lines
116 KiB
Plaintext
|
-------------------------------------------------------------------
|
|||
|
Mon Nov 20 13:32:59 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Update to release 5.9.12
|
|||
|
* Fixed a buffer overflow in charon-tkm [CVEV-2023-41913]
|
|||
|
* Support for ``nameConstraints`` of type ``iPAddress`` are now
|
|||
|
supported by the "x509", "openssl" and "constraints" plugins
|
|||
|
* Support for encoding subjectAlternativeName extensions of type
|
|||
|
uniformResourceIdentifier in X.509 certificates has been added.
|
|||
|
* Make the NetworkManager plugin (charon-nm) actually use the
|
|||
|
XFRM interface it creates since 5.9.10. This involves setting
|
|||
|
interface IDs on SAs and policies, and installing routes via
|
|||
|
the interface. To avoid routing loops if the remote traffic
|
|||
|
selectors include the VPN server, IKE and ESP packets are
|
|||
|
marked to bypass the routing table that contains the routes via
|
|||
|
XFRM interface.
|
|||
|
* The kernel-libipsec plugin now always installs routes to remote
|
|||
|
networks even if no address is found in the local traffic
|
|||
|
selectors, which allows forwarding traffic from networks the
|
|||
|
VPN host is not part of.
|
|||
|
* Fixed issues while reestablishing multiple CHILD_SAs (e.g.
|
|||
|
after a DPD timeout) that could cause a reqid to get assigned
|
|||
|
to multiple CHILD_SAs with unrelated traffic selectors.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Jun 22 13:24:08 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
|
|||
|
|
|||
|
- Removed .hmac files + hmac integrity check logic from strongswan-hmac
|
|||
|
package as it is not mandated anymore by FIPS (boo#1185116)
|
|||
|
- Removed folliwng files:
|
|||
|
[- strongswan_fipscheck.patch]
|
|||
|
[- fipscheck.sh.in]
|
|||
|
Note: strongswan-hmac package is not removed as it still provides a
|
|||
|
config file that doesn't allow non-fips approved algorithms
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jun 12 15:54:53 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Remove pre-SLE15 build logic
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jun 12 15:22:09 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
|
|||
|
|
|||
|
- Update to release 5.9.11
|
|||
|
* A deadlock in the vici plugin has been fixed
|
|||
|
* Per RFC 5280, CRLs now have to be signed by a certificate that
|
|||
|
either encodes the cRLSign keyUsage bit (even if it is a CA
|
|||
|
certificate), or is a CA certificate without a keyUsage
|
|||
|
extension.
|
|||
|
* Support for optional CA labels in EST server URIs was added to
|
|||
|
the pki --est and pki --estca commands.
|
|||
|
* The pkcs7 and openssl plugins now support CMS-style signatures
|
|||
|
in PKCS#7 containers, which allows verifying RSA-PSS and ECDSA
|
|||
|
signatures.
|
|||
|
* Fixed a regression in the server implementation of EAP-TLS when
|
|||
|
using TLS <=1.2.
|
|||
|
* The EAP-TLS client does now enforce that the TLS handshake is
|
|||
|
complete when using TLS <=1.2.
|
|||
|
* On Linux, the kernel-libipsec plugin can now optionally handle
|
|||
|
ESP packets without UDP encapsulation.
|
|||
|
* The dhcp plugin uses an alternative method to determine the
|
|||
|
source address when sending unicast DHCP requests.
|
|||
|
* ECDSA and EdDSA public keys are supported by the ipseckey
|
|||
|
plugin when parsing RFC 4025 IPSECKEY resource records.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Apr 5 01:34:28 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
|
|||
|
|
|||
|
- Allow to use stroke aka ipsec interface by default instead of
|
|||
|
vici aka swanctl interface which is current upstream's default.
|
|||
|
strongswan.service which enables swanctl interface is masked to
|
|||
|
stop interfering with the ipsec interface (bsc#1184144)
|
|||
|
- Removes deprecated SysV support
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Mar 2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Update to release 5.9.10
|
|||
|
* Fixed a vulnerability related to certificate verification in
|
|||
|
TLS-based EAP methods that leads to an authentication bypass
|
|||
|
followed by an expired pointer dereference that results in a
|
|||
|
denial of service but possibly even remote code execution.
|
|||
|
[CVE-2023-26463]
|
|||
|
* Added support for full packet hardware offload for IPsec SAs
|
|||
|
and policies, which has been introduced with the Linux 6.2
|
|||
|
kernel, to the kernel-netlink plugin. Bypass policies for the
|
|||
|
IKE ports are automatically offloaded to devices that support
|
|||
|
this type of offloading.
|
|||
|
* TLS-based EAP methods use the key derivation specified in
|
|||
|
draft-ietf-emu-tls-eap-types when used with TLS 1.3.
|
|||
|
* Routes via XFRM interfaces can now optionally be installed
|
|||
|
automatically by enabling the
|
|||
|
charon.plugins.kernel-netlink.install_routes_xfrmi option.
|
|||
|
- If connections are missing in `ipsec status`, check that
|
|||
|
strongswan-starter.service (rather than strongswan.service)
|
|||
|
is active.
|
|||
|
- Remove CVE-2023-26463_tls_auth_bypass_exp_pointer.patch
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Mar 2 12:26:39 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
|
|||
|
|
|||
|
- Added patch to fix a vulnerability in incorrectly accepted
|
|||
|
untrusted public key with incorrect refcount
|
|||
|
(CVE-2023-26463 boo#1208608)
|
|||
|
[+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Jan 3 13:22:12 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Update to release 5.9.9
|
|||
|
* Fixed an issue that could cause OCSP requests to contain an
|
|||
|
incorrect serial number if the openssl plugin parsed the
|
|||
|
certificate.
|
|||
|
* The resolve plugin does not invoke resolvconf(8) with
|
|||
|
individual interface names for each name server anymore.
|
|||
|
* The kernel-netlink plugin now logs extended ACK error and
|
|||
|
warning messages provided by the Linux kernel if e.g. the
|
|||
|
installation of an SA or policy fails.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Oct 3 20:36:03 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Update to release 5.9.8
|
|||
|
* Fixed a vulnerability related to online certificate
|
|||
|
revocation checking that was caused because the revocation
|
|||
|
plugin used potentially untrusted OCSP URIs and CRL
|
|||
|
distribution points in certificates.
|
|||
|
* The `pki --scep/--scepca` commands implement the HTTP-based
|
|||
|
"Simple Certificate Enrollment Protocol" (RFC 8894 SCEP)
|
|||
|
replacing the old and long deprecated scepclient that has
|
|||
|
been removed.
|
|||
|
* The `pki --est|estca` commands implement the HTTPS-based
|
|||
|
"Enrollment over Secure Transport" (RFC 7070 EST) protocol.
|
|||
|
* The TLS client implementation now sends an empty certificate
|
|||
|
payload if a certificate request is received but no
|
|||
|
certificate is available.
|
|||
|
* The socket plugins don't set the SO_REUSEADDR option anymore
|
|||
|
on the IKE UDP sockets, so an error is triggered if e.g. two
|
|||
|
daemons (e.g. charon and charon-systemd) are running
|
|||
|
concurrently using the same ports.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Sat Jul 30 06:48:29 UTC 2022 - Peter Conrad <conrad@quisquis.de>
|
|||
|
|
|||
|
- Update to release 5.9.7
|
|||
|
* The IKEv2 key derivation is now delayed until the keys are
|
|||
|
actually needed to process or send the next message.
|
|||
|
* Inbound IKEv2 messages, in particular requests, are now
|
|||
|
processed differently.
|
|||
|
* The retransmission logic in the dhcp plugin has been fixed.
|
|||
|
* The connmark plugin now considers configured masks in
|
|||
|
installed firewall rules.
|
|||
|
* Child config selection has been fixed as responder in cases
|
|||
|
where multiple children use transport mode traffic selectors.
|
|||
|
* The outbound SA/policy is now also removed after IKEv1
|
|||
|
CHILD_SA rekeyings.
|
|||
|
* The openssl plugin supports AES and Camellia in CTR mode.
|
|||
|
* The AES-XCBC/CMAC PRFs are demoted in the default proposal
|
|||
|
(after HMAC-based PRFs) since they were never widely adopted.
|
|||
|
* The kdf plugin is now automatically enabled if any of the
|
|||
|
aesni, cmac or xcbc plugins are enabled, or if none of the
|
|||
|
plugins that directly provide HMAC-based KDFs are enabled.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Update to release 5.9.6
|
|||
|
* Support for labeled IPsec with IKEv2
|
|||
|
(draft-ietf-ipsecme-labeled-ipsec) has been added. Two modes
|
|||
|
are currently supported.
|
|||
|
* The secrets used for generating COOKIE payloads are now
|
|||
|
switched based on a time limit (2 minutes) and not the
|
|||
|
previous usage limit (10'000 generated cookies).
|
|||
|
* Actively initiating duplicate CHILD_SAs within the same
|
|||
|
IKE_SA is now largely prevented.
|
|||
|
* If the source address is unknown when initiating an IKEv2 SA,
|
|||
|
a NAT situation is now forced for IPv4 (for IPv6, NAT-T is
|
|||
|
disabled) to avoid causing asymmetric enabling of
|
|||
|
UDP-encapsulation.
|
|||
|
* The main two steps of the IKEv2 key derivation (PRF/prf+)
|
|||
|
have been modularized. In particular, prf+ is now provided by
|
|||
|
a plugin.
|
|||
|
- Drop prf-plus-modularization.patch
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Mar 16 12:57:46 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|||
|
|
|||
|
- prf-plus-modularization.patch: updated from upstream branch
|
|||
|
after certifier feedback, SKEYSEED generated via HKDF-Extract.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Mar 3 14:49:26 UTC 2022 - Marcus Meissner <meissner@suse.com>
|
|||
|
|
|||
|
- Added prf-plus-modularization.patch that outsources the IKE
|
|||
|
key derivation to openssl. (will be merged to 5.9.6)
|
|||
|
- package the kdf config, template and plugin
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Jan 26 12:25:35 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Update to release 5.9.5
|
|||
|
* Fixed a vulnerability in the EAP client implementation
|
|||
|
(CVE-2021-45079 bsc#1194471).
|
|||
|
* libtpmtss may now establish a secure session via RSA OAEP
|
|||
|
public key encryption or an ephemeral ECDH key exchange,
|
|||
|
respectively.
|
|||
|
* When rekeying CHILD_SAs, the old outbound SA is now
|
|||
|
uninstalled earlier on the initiator/winner.
|
|||
|
* The openssl plugin now only announces the ECDH groups
|
|||
|
actually supported by OpenSSL (determined via
|
|||
|
EC_get_builtin_curves()).
|
|||
|
* Added support for AES-CFB.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Nov 24 08:25:29 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|||
|
|
|||
|
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
|
|||
|
* harden_strongswan.service.patch
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Nov 22 16:19:08 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
|
|||
|
|
|||
|
- Update to version 5.9.4:
|
|||
|
* Fixed a denial-of-service vulnerability in the gmp plugin that
|
|||
|
was caused by an integer overflow when processing RSASSA-PSS
|
|||
|
signatures with very large salt lengths. This vulnerability has
|
|||
|
been registered as CVE-2021-41990. Please refer to our blog for
|
|||
|
details. (bsc#1191367)
|
|||
|
* Fixed a denial-of-service vulnerability in the in-memory
|
|||
|
certificate cache if certificates are replaced and a very large
|
|||
|
random value caused an integer overflow. This vulnerability has
|
|||
|
been registered as CVE-2021-41991. Please refer to our blog for
|
|||
|
details. (bsc#1191435)
|
|||
|
* Fixed a related flaw that caused the daemon to accept and cache
|
|||
|
an infinite number of versions of a valid certificate by
|
|||
|
modifying the parameters in the signatureAlgorithm field of the
|
|||
|
outer X.509 Certificate structure.
|
|||
|
* AUTH_LIFETIME notifies are now only sent by a responder if it
|
|||
|
can't reauthenticate the IKE_SA itself due to asymmetric
|
|||
|
authentication (i.e. EAP) or the use of virtual IPs.
|
|||
|
* Several corner cases with reauthentication have been fixed
|
|||
|
(48fbe1d, 36161fe, 0d373e2).
|
|||
|
* Serial number generation in several pki sub-commands has been
|
|||
|
fixed so they don't start with an unintended zero byte.
|
|||
|
* Loading SSH public keys via vici has been improved.
|
|||
|
* Shared secrets, PEM files, vici messages, PF_KEY messages,
|
|||
|
swanctl configs and other data is properly wiped from memory.
|
|||
|
* Use a longer dummy key to initialize HMAC instances in the
|
|||
|
openssl plugin in case it's used in FIPS-mode.
|
|||
|
* The --enable-tpm option now implies --enable-tss-tss2 as the
|
|||
|
plugin doesn't do anything without a TSS 2.0.
|
|||
|
* libtpmtss is initialized in all programs and libraries that use
|
|||
|
it.
|
|||
|
* Migrated testing scripts to Python 3.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Sep 27 19:01:38 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
|
|||
|
|
|||
|
- Update to version 5.9.3:
|
|||
|
* Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
|
|||
|
plugin.
|
|||
|
* Added AES-CCM support to the openssl plugin (#353 bsc#1185363).
|
|||
|
* The x509 and the openssl plugins now consider the
|
|||
|
authorityKeyIdentifier, if available, before verifying
|
|||
|
signatures, which avoids unnecessary signature verifications
|
|||
|
after a CA key rollover if both CA certificates are loaded.
|
|||
|
The openssl plugin now does the same also for CRLs (the x509
|
|||
|
plugin already did).
|
|||
|
* The pkcs11 plugin better handles optional attributes like
|
|||
|
CKA_TRUSTED, which previously depended on a version check.
|
|||
|
* The NetworkManager backend (charon-nm) now supports using SANs
|
|||
|
as client identities, not only full DNs (#437).
|
|||
|
* charon-tkm now handles IKE encryption.
|
|||
|
* Send a MOBIKE update again if a a change in the NAT mappings is
|
|||
|
detected but the endpoints stay the same (e143a7d).
|
|||
|
* A deadlock in the HA plugin introduced with 5.9.2 has been
|
|||
|
fixed (#456).
|
|||
|
* DSCP values are now also set for NAT keepalives.
|
|||
|
* The ike_derived_keys() hook now receives more keys but in a
|
|||
|
different order (4e29d6f).
|
|||
|
* Converted most of the test case scenarios to the vici
|
|||
|
interface.
|
|||
|
- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
|
|||
|
as this is what really checks for. Needed as libsoup-3.0 is
|
|||
|
released.
|
|||
|
- 5.9.1
|
|||
|
- README: added a missing " to pki example command (bsc#1167880)
|
|||
|
- fixed a libgcrypt call in FIPS mode (bsc#1180801)
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Sep 7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Update to release 5.9.0
|
|||
|
* Prefer AEAD algorithms for ESP; this puts AES-GCM in a default
|
|||
|
AEAD proposal in front of the previous default proposal.
|
|||
|
* If a connection fails after getting redirected, we now
|
|||
|
restart connecting to the original host, not the one
|
|||
|
redirected to.
|
|||
|
* For peers that don't send the EAP_ONLY_AUTHENTICATION notify
|
|||
|
but still expect to use EAP-only authentication, the
|
|||
|
charon.force_eap_only_authentication option can be enabled to
|
|||
|
force this type of authentication even on non-compliant
|
|||
|
peers.
|
|||
|
* IPv6 virtual IPs are now always enumerated, ignoring the
|
|||
|
charon.prefer_temporary_addrs setting, which should fix route
|
|||
|
installation if the latter is enabled.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Sep 1 16:31:02 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Enable bypass-lan strongswan plugin
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri May 1 09:39:42 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
|||
|
|
|||
|
- Update to version 5.8.4:
|
|||
|
* In IKEv1 Quick Mode make sure that a proposal exists before
|
|||
|
determining lifetimes (fixes a crash due to a null-pointer
|
|||
|
dereference in 5.8.3).
|
|||
|
* OpenSSL currently doesn't support squeezing bytes out of a
|
|||
|
SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
|
|||
|
Unfortunately, EVP_DigestFinalXOF() completely resets the
|
|||
|
context and later calls not simply fail, they cause a
|
|||
|
null-pointer dereference in libcrypto. c5c1898d73 fixes the
|
|||
|
crash at the cost of repeating initializing the whole state and
|
|||
|
allocating too much data for subsequent calls (hopefully, once
|
|||
|
the OpenSSL issue 7894 is resolved we can implement this more
|
|||
|
efficiently).
|
|||
|
* On 32-bit platforms, reading arbitrary 32-bit integers from
|
|||
|
config files (e.g. for charon.spi_min/max) has been fixed.
|
|||
|
* charon-nm now allows using fixed source ports.
|
|||
|
- Changes from version 5.8.3:
|
|||
|
* Updates for the NM plugin (and backend, which has to be updated
|
|||
|
to be compatible):
|
|||
|
+ EAP-TLS authentication (#2097)
|
|||
|
+ Certificate source (file, agent, smartcard) is selectable
|
|||
|
independently
|
|||
|
+ Add support to configure local and remote identities (#2581)
|
|||
|
+ Support configuring a custom server port (#625)
|
|||
|
+ Show hint regarding password storage policy
|
|||
|
+ Replaced the term "gateway" with "server"
|
|||
|
+ Fixes build issues due to use of deprecated GLib
|
|||
|
macros/functions
|
|||
|
+ Updated Glade file to GTK 3.2
|
|||
|
* The NM backend now supports reauthentication and redirection.
|
|||
|
* Previously used reqids are now reallocated, which works around
|
|||
|
an issue on FreeBSD where the kernel doesn't allow the daemon
|
|||
|
to use reqids > 16383 (#2315).
|
|||
|
* On Linux, throw type routes are installed in table 220 for
|
|||
|
passthrough policies. The kernel will then fall back on routes
|
|||
|
in routing tables with lower priorities for matching traffic.
|
|||
|
This way, they require less information (e.g. no interface or
|
|||
|
source IP) and can be installed earlier and are not affected by
|
|||
|
updates.
|
|||
|
* For IKEv1, the lifetimes of the actually selected transform are
|
|||
|
returned to the initiator, which is an issue if the peer uses
|
|||
|
different lifetimes for different transforms (#3329). We now
|
|||
|
also return the correct transform and proposal IDs (proposal ID
|
|||
|
was always 0, transform ID 1). IKE_SAs are now not
|
|||
|
re-established anymore (e.g. after several retransmits) if a
|
|||
|
deletion has been queued (#3335).
|
|||
|
* Added support for Ed448 keys and certificates via openssl
|
|||
|
plugin and pki tool.
|
|||
|
* Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
|
|||
|
* The use of algorithm IDs from the private use range can now be
|
|||
|
enabled globally, to use them even if no strongSwan vendor ID
|
|||
|
was exchanged (05e373aeb0).
|
|||
|
* Fixed a compiler issue that may have caused invalid keyUsage
|
|||
|
extensions in certificates (#3249).
|
|||
|
* A lot of spelling fixes.
|
|||
|
* Fixed several reported issues.
|
|||
|
- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
|
|||
|
upstream.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Mar 31 16:42:23 UTC 2020 - Madhu Mohan Nelemane <mmnelemane@suse.com>
|
|||
|
|
|||
|
- Fix to resolve multiple definitions for swanctl_dir (bsc#1164493)
|
|||
|
[+ 0006-Resolve-multiple-definition-of-swanctl_dir.patch ]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Feb 17 20:26:37 UTC 2020 - Johannes Kastl <kastl@b1-systems.de>
|
|||
|
|
|||
|
- move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
|
|||
|
to strongswan-nm subpackage, as it is needed for the
|
|||
|
NetworkManager plugin that uses strongswan-nm, not
|
|||
|
strongswan-ipsec
|
|||
|
This fixes the following error:
|
|||
|
```
|
|||
|
Failed to initialize a plugin instance: Connection ":1.153" is not
|
|||
|
allowed to own the service "org.freedesktop.NetworkManager.strongswan"
|
|||
|
due to security policies in the configuration file
|
|||
|
```
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Jan 30 13:43:50 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
|||
|
|
|||
|
- Drop upstream fixed patches:
|
|||
|
* strongswan_modprobe_syslog.patch
|
|||
|
* strongswan_fipsfilter.patch
|
|||
|
* 0006-fix-compilation-error-by-adding-stdint.h.patch
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Sun Jan 26 08:54:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
|||
|
|
|||
|
- Replace %__-type macro indirections. Update homepage URL to https.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jan 6 22:06:58 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
|||
|
|
|||
|
- Update to version 5.8.2 (jsc#SLE-11370):
|
|||
|
* The systemd service units have changed their name.
|
|||
|
"strongswan" is now "strongswan-starter", and
|
|||
|
"strongswan-swanctl" is now "strongswan".
|
|||
|
After installation, you need to `systemctl disable` the old
|
|||
|
name and `systemctl enable`+start the new one.
|
|||
|
* Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
|
|||
|
* boo#1109845 and boo#1107874.
|
|||
|
- Please check included NEWS file for info on what other changes
|
|||
|
that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1
|
|||
|
and 5.7.0.
|
|||
|
- Rebase strongswan_ipsec_service.patch.
|
|||
|
- Disable patches that need rebase or dropping:
|
|||
|
* strongswan_modprobe_syslog.patch
|
|||
|
* 0006-fix-compilation-error-by-adding-stdint.h.patch
|
|||
|
- Add conditional pkgconfig(libsystemd) BuildRequires: New
|
|||
|
dependency.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Jun 6 22:14:57 UTC 2018 - bjorn.lie@gmail.com
|
|||
|
|
|||
|
- Update to version 5.6.3 (CVE-2018-10811, boo#1093536,
|
|||
|
CVE-2018-5388, boo#1094462):
|
|||
|
* Fixed a DoS vulnerability in the IKEv2 key derivation if the
|
|||
|
openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated
|
|||
|
as PRF. This vulnerability has been registered as
|
|||
|
CVE-2018-10811, boo#1093536.
|
|||
|
* Fixed a vulnerability in the stroke plugin, which did not check
|
|||
|
the received length before reading a message from the socket.
|
|||
|
Unless a group is configured, root privileges are required to
|
|||
|
access that socket, so in the default configuration this
|
|||
|
shouldn't be an issue. This vulnerability has been registered
|
|||
|
as CVE-2018-5388, boo#1094462.
|
|||
|
* CRLs that are not yet valid are now ignored to avoid problems
|
|||
|
in scenarios where expired certificates are removed from new
|
|||
|
CRLs and the clock on the host doing the revocation check is
|
|||
|
trailing behind that of the host issuing CRLs. Not doing this
|
|||
|
could result in accepting a revoked and expired certificate, if
|
|||
|
it's still valid according to the trailing clock but not
|
|||
|
contained anymore in not yet valid CRLs.
|
|||
|
* The issuer of fetched CRLs is now compared to the issuer of the
|
|||
|
checked certificate (#2608).
|
|||
|
* CRL validation results other than revocation (e.g. a skipped
|
|||
|
check because the CRL couldn't be fetched) are now stored also
|
|||
|
for intermediate CA certificates and not only for end-entity
|
|||
|
certificates, so a strict CRL policy can be enforced in such
|
|||
|
cases.
|
|||
|
* In compliance with RFC 4945, section 5.1.3.2, certificates used
|
|||
|
for IKE must now either not contain a keyUsage extension (like
|
|||
|
the ones generated by pki), or have at least one of the
|
|||
|
digitalSignature or nonRepudiation bits set.
|
|||
|
* New options for vici/swanctl allow forcing the local
|
|||
|
termination of an IKE_SA. This might be useful in situations
|
|||
|
where it's known the other end is not reachable anymore, or
|
|||
|
that it already removed the IKE_SA, so retransmitting a DELETE
|
|||
|
and waiting for a response would be pointless.
|
|||
|
* Waiting only a certain amount of time for a response (i.e.
|
|||
|
shorter than all retransmits would be) before destroying the
|
|||
|
IKE_SA is also possible by additionally specifying a timeout in
|
|||
|
the forced termination request.
|
|||
|
* When removing routes, the kernel-netlink plugin now checks if
|
|||
|
it tracks other routes for the same destination and replaces
|
|||
|
the installed route instead of just removing it. Same during
|
|||
|
installation, where existing routes previously weren't
|
|||
|
replaced. This should allow using traps with virtual IPs on
|
|||
|
Linux (#2162).
|
|||
|
* The dhcp plugin now only sends the client identifier DHCP
|
|||
|
option if the identity_lease setting is enabled (7b660944b6).
|
|||
|
It can also send identities of up to 255 bytes length, instead
|
|||
|
of the previous 64 bytes (30e886fe3b, 0e5b94d038). If a server
|
|||
|
address is configured, DHCP requests are now sent from port 67
|
|||
|
instead of 68 to avoid ICMP port unreachables (becf027cd9).
|
|||
|
* The handling of faulty INVALID_KE_PAYLOAD notifies (e.g. one
|
|||
|
containing a DH group that wasn't proposed) during
|
|||
|
CREATE_CHILD_SA exchanges has been improved (#2536).
|
|||
|
* Roam events are now completely ignored for IKEv1 SAs (there is
|
|||
|
no MOBIKE to handle such changes properly).
|
|||
|
* ChaCha20/Poly1305 is now correctly proposed without key length
|
|||
|
(#2614). For compatibility with older releases the
|
|||
|
chacha20poly1305compat keyword may be included in proposals to
|
|||
|
also propose the algorithm with a key length (c58434aeff).
|
|||
|
* Configuration of hardware offload of IPsec SAs is now more
|
|||
|
flexible and allows a new setting (auto), which automatically
|
|||
|
uses it if the kernel and device both support it. If hw_offload
|
|||
|
is set to yes and offloading is not supported, the CHILD_SA
|
|||
|
installation now fails.
|
|||
|
* The kernel-pfkey plugin optionally installs routes via internal
|
|||
|
interface (one with an IP in the local traffic selector). On
|
|||
|
FreeBSD, enabling this selects the correct source IP when
|
|||
|
sending packets from the gateway itself (e811659323).
|
|||
|
* SHA-2 based PRFs are supported in PKCS#8 files as generated by
|
|||
|
OpenSSL 1.1 (#2574).
|
|||
|
* The pki --verify tool may load CA certificates and CRLs from
|
|||
|
directories.
|
|||
|
* The IKE daemon now also switches to port 4500 if the remote
|
|||
|
port is not 500 (e.g. because the remote maps the response to a
|
|||
|
different port, as might happen on Azure), as long as the local
|
|||
|
port is 500 (85bfab621d).
|
|||
|
* Fixed an issue with DNS servers passed to NetworkManager in
|
|||
|
charon-nm (ee8c25516a).
|
|||
|
* Logged traffic selectors now always contain the protocol if
|
|||
|
either protocol or port are set (a36d8097ed).
|
|||
|
* Only the inbound SA/policy will be updated as reaction to IP
|
|||
|
address changes for rekeyed CHILD_SAs that are kept around.
|
|||
|
* The parser for strongswan.conf/swanctl.conf now accepts =
|
|||
|
characters in values without having to put the value in quotes
|
|||
|
(e.g. for Base64 encoded shared secrets).
|
|||
|
- Rename strongswan-5.6.2-rpmlintrc to strongswan-rpmlintrc,
|
|||
|
changing the version string on every version update makes no
|
|||
|
sense.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Apr 17 13:24:38 UTC 2018 - bjorn.lie@gmail.com
|
|||
|
|
|||
|
- Update to version 5.6.2:
|
|||
|
* Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS
|
|||
|
signatures that was caused by insufficient input validation.
|
|||
|
One of the configurable parameters in algorithm identifier
|
|||
|
structures for RSASSA-PSS signatures is the mask generation
|
|||
|
function (MGF). Only MGF1 is currently specified for this
|
|||
|
purpose. However, this in turn takes itself a parameter that
|
|||
|
specifies the underlying hash function. strongSwan's parser did
|
|||
|
not correctly handle the case of this parameter being absent,
|
|||
|
causing an undefined data read. This vulnerability has been
|
|||
|
registered as CVE-2018-6459.
|
|||
|
* When rekeying IKEv2 IKE_SAs the previously negotiated DH group
|
|||
|
will be reused, instead of using the first configured group,
|
|||
|
which avoids an additional exchange if the peer previously
|
|||
|
selected a different DH group via INVALID_KE_PAYLOAD notify.
|
|||
|
The same is also done when rekeying CHILD_SAs except for the
|
|||
|
first rekeying of the CHILD_SA that was created with the
|
|||
|
IKE_SA, where no DH group was negotiated yet. Also, the
|
|||
|
selected DH group is moved to the front in all sent proposals
|
|||
|
that contain it and all proposals that don't are moved to the
|
|||
|
back in order to convey the preference for this group to the
|
|||
|
peer.
|
|||
|
* Handling of MOBIKE task queuing has been improved. In
|
|||
|
particular, the response to an address update (with NAT-D
|
|||
|
payloads) is not ignored anymore if only an address list update
|
|||
|
or DPD is queued as that could prevent updating the UDP
|
|||
|
encapsulation in the kernel.
|
|||
|
* On Linux, roam events may optionally be triggered by changes to
|
|||
|
the routing rules, which can be useful if routing rules
|
|||
|
(instead of e.g. route metrics) are used to switch from one to
|
|||
|
another interface (i.e. from one to another routing table).
|
|||
|
Since routing rules are currently not evaluated when doing
|
|||
|
route lookups this is only useful if the kernel-based route
|
|||
|
lookup is used (4664992f7d).
|
|||
|
* The fallback drop policies installed to avoid traffic leaks
|
|||
|
when replacing addresses in installed policies are now replaced
|
|||
|
by temporary drop policies, which also prevent acquires because
|
|||
|
we currently delete and reinstall IPsec SAs to update their
|
|||
|
addresses (35ef1b032d).
|
|||
|
* Access X.509 certificates held in non-volatile storage of a TPM
|
|||
|
2.0 referenced via the NV index.
|
|||
|
* Adding the --keyid parameter to pki --print allows to print
|
|||
|
private keys or certificates stored in a smartcard or a TPM
|
|||
|
2.0.
|
|||
|
* Fixed proposal selection if a peer incorrectly sends DH groups
|
|||
|
in the ESP proposal during IKE_AUTH and also if a DH group is
|
|||
|
configured in the local ESP proposal and
|
|||
|
charon.prefer_configured_proposals is disabled (d058fd3c32).
|
|||
|
* The lookup for PSK secrets for IKEv1 has been improved for
|
|||
|
certain scenarios (see #2497 for details).
|
|||
|
* MSKs received via RADIUS are now padded to 64 bytes to avoid
|
|||
|
compatibility issues with EAP-MSCHAPv2 and PRFs that have a
|
|||
|
block size < 64 bytes (e.g. AES-XCBC-PRF-128, see 73cbce6013).
|
|||
|
* The tpm_extendpcr command line tool extends a digest into a TPM
|
|||
|
PCR.
|
|||
|
* Ported the NetworkManager backend from the deprecated
|
|||
|
libnm-glib to libnm.
|
|||
|
* The save-keys debugging/development plugin saves IKE and/or ESP
|
|||
|
keys to files compatible with Wireshark.
|
|||
|
- Following upstreams port, replace NetworkManager-devel with
|
|||
|
pkgconfig(libnm) BuildRequires.
|
|||
|
- Refresh patches with quilt.
|
|||
|
- Disable strongswan_fipsfilter.patch, needs rebase or dropping,
|
|||
|
the file it patches no longer exists in tarball.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Mar 16 08:55:10 UTC 2018 - mmnelemane@suse.com
|
|||
|
|
|||
|
- Removed unused requires and macro calls(bsc#1083261)
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Oct 17 11:27:54 UTC 2017 - jengelh@inai.de
|
|||
|
|
|||
|
- Update summaries and descriptions. Trim filler words and
|
|||
|
author list.
|
|||
|
- Drop %if..%endif guards that are idempotent and do not affect
|
|||
|
the build result.
|
|||
|
- Replace old $RPM_ shell variables.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Sep 5 17:10:11 CEST 2017 - ndas@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.6.0 providing the following changes:
|
|||
|
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
|
|||
|
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
|
|||
|
where m is the signature, and e and n are the exponent and modulus of the public key.
|
|||
|
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
|
|||
|
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
|
|||
|
This result wasn't handled properly causing a null-pointer dereference.
|
|||
|
This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
|
|||
|
|
|||
|
*New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
|
|||
|
Draft and has been demonstrated at the IETF 99 Prague Hackathon.
|
|||
|
|
|||
|
*The IMV database template has been adapted to achieve full compliance with the
|
|||
|
ISO 19770-2:2015 SWID tag standard.
|
|||
|
|
|||
|
*The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
|
|||
|
|
|||
|
*By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
|
|||
|
swanctl.conf file.
|
|||
|
|
|||
|
*The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
|
|||
|
|
|||
|
*The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
|
|||
|
|
|||
|
*libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
|
|||
|
|
|||
|
* more on https://wiki.strongswan.org/versions/66
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Sep 5 11:33:01 CEST 2017 - ndas@suse.de
|
|||
|
|
|||
|
- fix "uintptr_t’ undeclared" compilation error.
|
|||
|
[+0006-fix-compilation-error-by-adding-stdint.h.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jul 31 18:30:28 CEST 2017 - ndas@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.3.5(bsc#1050691) providing the following changes:
|
|||
|
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input
|
|||
|
validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two
|
|||
|
requirements regarding the passed exponent and modulus that the plugin did not
|
|||
|
enforce, if these are not met the calculation will result in a floating point exception
|
|||
|
that crashes the whole process.
|
|||
|
This vulnerability has been registered as CVE-2017-9022.
|
|||
|
Please refer to our blog for details.
|
|||
|
|
|||
|
*Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
|
|||
|
didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
|
|||
|
parsing X.509 extensions that use such types.
|
|||
|
This vulnerability has been registered as CVE-2017-9023.
|
|||
|
Please refer to our blog for details.
|
|||
|
|
|||
|
*The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
|
|||
|
traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA
|
|||
|
the responder already has everything available to install and use the new CHILD_SA.
|
|||
|
However, this could lead to lost traffic as the initiator won't be able to process
|
|||
|
inbound packets until it processed the CREATE_CHILD_SA response and updated the
|
|||
|
inbound SA. To avoid this the responder now only installs the new inbound SA and
|
|||
|
delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA.
|
|||
|
|
|||
|
*The messages transporting these DELETEs could reach the peer before packets sent
|
|||
|
with the deleted outbound SAs reach it. To reduce the chance of traffic loss due
|
|||
|
to this the inbound SA of the replaced CHILD_SA is not removed for a configurable
|
|||
|
amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed.
|
|||
|
|
|||
|
*The code base has been ported to Apple's ARM64 iOS platform, which required several
|
|||
|
changes regarding the use of variadic functions. This was necessary because the calling
|
|||
|
conventions for variadic and regular functions are different there.
|
|||
|
This means that assigning a non-variadic function to a variadic function pointer, as we
|
|||
|
did with our enumerator_t::enumerate() implementations and several callbacks, will
|
|||
|
result in crashes as the called function accesses the arguments differently than the
|
|||
|
caller provided them. To avoid this issue the enumerator_t interface has been changed
|
|||
|
and the signature of the callback functions for enumerator_create_filter() and two
|
|||
|
methods on linked_list_t have been changed. Refer to the developer notes below
|
|||
|
for details.
|
|||
|
|
|||
|
*Adds support for fuzzing the certificate parser provided by the default plugins
|
|||
|
(x509, pem, gmp etc.) on Google's OSS-Fuzz infrastructure (or generally with
|
|||
|
libFuzzer). Several issues found while fuzzing these plugins were fixed.
|
|||
|
|
|||
|
*Two new options have been added to charon's retransmission settings:
|
|||
|
retransmit_limit and retransmit_jitter. The former adds an upper limit to the
|
|||
|
calculated retransmission timeout, the latter randomly reduces it.
|
|||
|
Refer to Retransmission for details.
|
|||
|
|
|||
|
*A bug in swanctl's --load-creds command was fixed that caused unencrypted
|
|||
|
private keys to get unloaded if the command was called multiple times.
|
|||
|
The load-key VICI command now returns the key ID of the loaded key on success.
|
|||
|
|
|||
|
*The credential manager now enumerates local credential sets before global ones.
|
|||
|
This means certificates supplied by the peer will now be preferred over certificates
|
|||
|
with the same identity that may be locally stored (e.g. in the certificate cache).
|
|||
|
|
|||
|
*Adds support for hardware offload of IPsec SAs as introduced by Linux 4.11 for
|
|||
|
specific hardware that supports this.
|
|||
|
|
|||
|
*The pki tool loads the curve25519 plugin by default.
|
|||
|
[- 0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
|
|||
|
- 0007-asn1-parser-Fix-CHOICE-parsing.patch]
|
|||
|
- libhydra is removed as all kernel plugins moved to libcharon
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue May 23 14:25:32 CEST 2017 - ndas@suse.de
|
|||
|
|
|||
|
- Applied patch for "Don't retransmit Aggressive Mode response"
|
|||
|
bsc#985012.
|
|||
|
- Applied upstream patch for "Insufficient Input Validation in gmp Plugin"
|
|||
|
bsc#1039514(CVE-2017-9022).
|
|||
|
- Applied upstream patch for "Incorrect x509 ASN.1 parser error handling"
|
|||
|
bsc#1039515(CVE-2017-9023).
|
|||
|
[+0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch,
|
|||
|
+0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
|
|||
|
+0007-asn1-parser-Fix-CHOICE-parsing.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au
|
|||
|
|
|||
|
- Updated to strongSwan 5.3.5 providing the following changes:
|
|||
|
Changes in version 5.3.5:
|
|||
|
* Properly handle potential EINTR errors in sigwaitinfo(2) calls
|
|||
|
that replaced sigwait(3) calls with 5.3.4.
|
|||
|
* RADIUS retransmission timeouts are now configurable, courtesy
|
|||
|
of Thom Troy.
|
|||
|
Changes in version 5.3.4:
|
|||
|
* Fixed an authentication bypass vulnerability in the
|
|||
|
eap-mschapv2 plugin that was caused by insufficient
|
|||
|
verification of the internal state when handling MSCHAPv2
|
|||
|
Success messages received by the client. This vulnerability
|
|||
|
has been registered as CVE-2015-8023.
|
|||
|
* The sha3 plugin implements the SHA3 Keccak-F1600 hash
|
|||
|
algorithm family. Within the strongSwan framework SHA3 is
|
|||
|
currently used for BLISS signatures only because the OIDs for
|
|||
|
other signature algorithms haven't been defined yet. Also the
|
|||
|
use of SHA3 for IKEv2 has not been standardized yet.
|
|||
|
Changes in version 5.3.3:
|
|||
|
* Added support for the ChaCha20/Poly1305 AEAD cipher specified
|
|||
|
in RFC 7539 and RFC 7634 using the chacha20poly1305 ike/esp
|
|||
|
proposal keyword. The new chapoly plugin implements the
|
|||
|
cipher, if possible SSE-accelerated on x86/x64 architectures.
|
|||
|
It is usable both in IKEv2 and the strongSwan libipsec ESP
|
|||
|
backend. On Linux 4.2 or newer the kernel-netlink plugin can
|
|||
|
configure the cipher for ESP SAs.
|
|||
|
* The vici interface now supports the configuration of auxiliary
|
|||
|
certification authority information as CRL and OCSP URIs.
|
|||
|
* In the bliss plugin the c_indices derivation using a SHA-512
|
|||
|
based random oracle has been fixed, generalized and
|
|||
|
standardized by employing the MGF1 mask generation function
|
|||
|
with SHA-512. As a consequence BLISS signatures unsing the
|
|||
|
improved oracle are not compatible with the earlier
|
|||
|
implementation.
|
|||
|
* Support for auto=route with right=%any for transport mode
|
|||
|
connections has been added (the ikev2/trap-any scenario
|
|||
|
provides examples).
|
|||
|
* The starter daemon does not flush IPsec policies and SAs
|
|||
|
anymore when it is stopped. Already existing duplicate
|
|||
|
policies are now overwritten by the IKE daemon when it
|
|||
|
installs its policies.
|
|||
|
* Init limits (like charon.init_limit_half_open) can now
|
|||
|
optionally be enforced when initiating SAs via VICI. For this,
|
|||
|
IKE_SAs initiated by the daemon are now also counted as half
|
|||
|
open SAs, which, as a side-effect, fixes the status output
|
|||
|
while connecting (e.g. in ipsec status).
|
|||
|
* Symmetric configuration of EAP methods in left|rightauth is
|
|||
|
now possible when mutual EAP-only authentication is used
|
|||
|
(previously, the client had to configure rightauth=eap or
|
|||
|
rightauth=any, which prevented it from using this same config
|
|||
|
as responder).
|
|||
|
* The initiator flag in the IKEv2 header is compared again
|
|||
|
(wasn't the case since 5.0.0) and packets that have the flag
|
|||
|
set incorrectly are again ignored.
|
|||
|
* Implemented a demo Hardcopy Device IMC/IMV pair based on the
|
|||
|
"Hardcopy Device Health Assessment Trusted Network Connect
|
|||
|
Binding" (HCD-TNC) document drafted by the IEEE Printer
|
|||
|
Working Group (PWG).
|
|||
|
* Fixed IF-M segmentation which failed in the presence of
|
|||
|
multiple small attributes in front of a huge attribute to be
|
|||
|
segmented.
|
|||
|
Changes in version 5.3.2:
|
|||
|
* Fixed a vulnerability that allowed rogue servers with a valid
|
|||
|
certificate accepted by the client to trick it into disclosing
|
|||
|
its username and even password (if the client accepts
|
|||
|
EAP-GTC). This was caused because constraints against the
|
|||
|
responder's authentication were enforced too late. This
|
|||
|
vulnerability has been registered as CVE-2015-4171.
|
|||
|
Changes in version 5.3.1:
|
|||
|
* Fixed a denial-of-service and potential remote code execution
|
|||
|
vulnerability triggered by IKEv1/IKEv2 messages that contain
|
|||
|
payloads for the respective other IKE version. Such payload
|
|||
|
are treated specially since 5.2.2 but because they were still
|
|||
|
identified by their original payload type they were used as
|
|||
|
such in some places causing invalid function pointer
|
|||
|
dereferences. The vulnerability has been registered as
|
|||
|
CVE-2015-3991.
|
|||
|
* The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and
|
|||
|
GCM crypto primitives for AES-128/192/256. The plugin requires
|
|||
|
AES-NI and PCLMULQDQ instructions and works on both x86 and
|
|||
|
x64 architectures. It provides superior crypto performance in
|
|||
|
userland without any external libraries.
|
|||
|
Changes in version 5.3.0:
|
|||
|
* Added support for IKEv2 make-before-break reauthentication. By
|
|||
|
using a global CHILD_SA reqid allocation mechanism, charon
|
|||
|
supports overlapping CHILD_SAs. This allows the use of
|
|||
|
make-before-break instead of the previously supported
|
|||
|
break-before-make reauthentication, avoiding connectivity gaps
|
|||
|
during that procedure. As the new mechanism may fail with peers
|
|||
|
not supporting it (such as any previous strongSwan release) it
|
|||
|
must be explicitly enabled using the charon.make_before_break
|
|||
|
strongswan.conf option.
|
|||
|
* Support for "Signature Authentication in IKEv2" (RFC 7427) has
|
|||
|
been added. This allows the use of stronger hash algorithms
|
|||
|
for public key authentication. By default, signature schemes
|
|||
|
are chosen based on the strength of the signature key, but
|
|||
|
specific hash algorithms may be configured in leftauth.
|
|||
|
* Key types and hash algorithms specified in rightauth are now
|
|||
|
also checked against IKEv2 signature schemes. If such
|
|||
|
constraints are used for certificate chain validation in
|
|||
|
existing configurations, in particular with peers that don't
|
|||
|
support RFC 7427, it may be necessary to disable this feature
|
|||
|
with the charon.signature_authentication_constraints setting,
|
|||
|
because the signature scheme used in classic IKEv2 public key
|
|||
|
authentication may not be strong enough.
|
|||
|
* The new connmark plugin allows a host to bind conntrack flows
|
|||
|
to a specific CHILD_SA by applying and restoring the SA mark
|
|||
|
to conntrack entries. This allows a peer to handle multiple
|
|||
|
transport mode connections coming over the same NAT device for
|
|||
|
client-initiated flows. A common use case is to protect
|
|||
|
L2TP/IPsec, as supported by some systems.
|
|||
|
* The forecast plugin can forward broadcast and multicast
|
|||
|
messages between connected clients and a LAN. For CHILD_SA
|
|||
|
using unique marks, it sets up the required Netfilter rules
|
|||
|
and uses a multicast/broadcast listener that forwards such
|
|||
|
messages to all connected clients. This plugin is designed for
|
|||
|
Windows 7 IKEv2 clients, which announces its services over the
|
|||
|
tunnel if the negotiated IPsec policy allows it.
|
|||
|
* For the vici plugin a Python Egg has been added to allow
|
|||
|
Python applications to control or monitor the IKE daemon using
|
|||
|
the VICI interface, similar to the existing ruby gem. The
|
|||
|
Python library has been contributed by Björn Schuberg.
|
|||
|
* EAP server methods now can fulfill public key constraints,
|
|||
|
such as rightcert or rightca. Additionally, public key and
|
|||
|
signature constraints can be specified for EAP methods in the
|
|||
|
rightauth keyword. Currently the EAP-TLS and EAP-TTLS methods
|
|||
|
provide verification details to constraints checking.
|
|||
|
* Upgrade of the BLISS post-quantum signature algorithm to the
|
|||
|
improved BLISS-B variant. Can be used in conjunction with the
|
|||
|
SHA256, SHA384 and SHA512 hash algorithms with SHA512 being
|
|||
|
the default.
|
|||
|
* The IF-IMV 1.4 interface now makes the IP address of the TNC
|
|||
|
access requestor as seen by the TNC server available to all
|
|||
|
IMVs. This information can be forwarded to policy enforcement
|
|||
|
points (e.g. firewalls or routers).
|
|||
|
* The new mutual tnccs-20 plugin parameter activates mutual TNC
|
|||
|
measurements in PB-TNC half-duplex mode between two endpoints
|
|||
|
over either a PT-EAP or PT-TLS transport medium.
|
|||
|
- Adjusted file lists and removed obsolete patches
|
|||
|
[- 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch,
|
|||
|
- 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch,
|
|||
|
- 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Nov 13 10:25:59 UTC 2015 - mt@suse.de
|
|||
|
|
|||
|
- Applied upstream fix for a authentication bypass vulnerability
|
|||
|
in the eap-mschapv2 plugin (CVE-2015-8023,bsc#953817).
|
|||
|
[+ 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Jun 4 10:54:29 UTC 2015 - mt@suse.de
|
|||
|
|
|||
|
- Applied upstream fix for a rogue servers vulnerability, that may
|
|||
|
enable rogue servers able to authenticate itself with certificate
|
|||
|
issued by any CA the client trusts, to gain user credentials from
|
|||
|
a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
|
|||
|
[+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
|
|||
|
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
|
|||
|
and renamed it to use number prefix corresponding with patch nr.
|
|||
|
[- strongswan-5.2.2-5.3.0_unknown_payload.patch,
|
|||
|
+ 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jun 1 16:18:35 UTC 2015 - mt@suse.de
|
|||
|
|
|||
|
- Applied upstream fix for a DoS and potential remote code execution
|
|||
|
vulnerability through payload type (bsc#931272,CVE-2015-3991)
|
|||
|
[+ strongswan-5.2.2-5.3.0_unknown_payload.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jan 5 14:38:46 UTC 2015 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.2.2 providing the following changes:
|
|||
|
Changes in version 5.2.2:
|
|||
|
* Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
|
|||
|
payload that contains the Diffie-Hellman group 1025. This identifier was
|
|||
|
used internally for DH groups with custom generator and prime. Because
|
|||
|
these arguments are missing when creating DH objects based on the KE
|
|||
|
payload an invalid pointer dereference occurred. This allowed an attacker
|
|||
|
to crash the IKE daemon with a single IKE_SA_INIT message containing such
|
|||
|
a KE payload. The vulnerability has been registered as CVE-2014-9221.
|
|||
|
* The left/rightid options in ipsec.conf, or any other identity in
|
|||
|
strongSwan, now accept prefixes to enforce an explicit type, such as
|
|||
|
email: or fqdn:. Note that no conversion is done for the remaining string,
|
|||
|
refer to ipsec.conf(5) for details.
|
|||
|
* The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
|
|||
|
an IKEv2 public key authentication method. The pki tool offers full
|
|||
|
support for the generation of BLISS key pairs and certificates.
|
|||
|
* Fixed mapping of integrity algorithms negotiated for AH via IKEv1.
|
|||
|
This could cause interoperability issues when connecting to older versions
|
|||
|
of charon.
|
|||
|
Changes in version 5.2.1:
|
|||
|
* The new charon-systemd IKE daemon implements an IKE daemon tailored for
|
|||
|
use with systemd. It avoids the dependency on ipsec starter and uses
|
|||
|
swanctl as configuration backend, building a simple and lightweight
|
|||
|
solution. It supports native systemd journal logging.
|
|||
|
* Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
|
|||
|
fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
|
|||
|
* Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
|
|||
|
All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
|
|||
|
and IETF/Installed Packages attributes can be processed incrementally on a
|
|||
|
per segment basis.
|
|||
|
* The new ext-auth plugin calls an external script to implement custom IKE_SA
|
|||
|
authorization logic, courtesy of Vyronas Tsingaras.
|
|||
|
* For the vici plugin a ruby gem has been added to allow ruby applications to
|
|||
|
control or monitor the IKE daemon. The vici documentation has been updated
|
|||
|
to include a description of the available operations and some simple
|
|||
|
examples using both the libvici C interface and the ruby gem.
|
|||
|
Changes in version 5.2.0:
|
|||
|
* strongSwan has been ported to the Windows platform. Using a MinGW toolchain,
|
|||
|
many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2
|
|||
|
and newer releases. charon-svc implements a Windows IKE service based on
|
|||
|
libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec
|
|||
|
backend on the Windows platform. socket-win provides a native IKE socket
|
|||
|
implementation, while winhttp fetches CRL and OCSP information using the
|
|||
|
WinHTTP API.
|
|||
|
* The new vici plugin provides a Versatile IKE Configuration Interface for
|
|||
|
charon. Using the stable IPC interface, external applications can configure,
|
|||
|
control and monitor the IKE daemon. Instead of scripting the ipsec tool
|
|||
|
and generating ipsec.conf, third party applications can use the new interface
|
|||
|
for more control and better reliability.
|
|||
|
* Built upon the libvici client library, swanctl implements the first user of
|
|||
|
the VICI interface. Together with a swanctl.conf configuration file,
|
|||
|
connections can be defined, loaded and managed. swanctl provides a portable,
|
|||
|
complete IKE configuration and control interface for the command line.
|
|||
|
The first six swanctl example scenarios have been added.
|
|||
|
* The SWID IMV implements a JSON-based REST API which allows the exchange
|
|||
|
of SWID tags and Software IDs with the strongTNC policy manager.
|
|||
|
* The SWID IMC can extract all installed packages from the dpkg (Debian,
|
|||
|
Ubuntu, Linux Mint etc.), rpm (Fedora, RedHat, OpenSUSE, etc.), or
|
|||
|
pacman (Arch Linux, Manjaro, etc.) package managers, respectively, using
|
|||
|
the swidGenerator (https://github.com/strongswan/swidGenerator) which
|
|||
|
generates SWID tags according to the new ISO/IEC 19770-2:2014 standard.
|
|||
|
* All IMVs now share the access requestor ID, device ID and product info
|
|||
|
of an access requestor via a common imv_session object.
|
|||
|
* The Attestation IMC/IMV pair supports the IMA-NG measurement format
|
|||
|
introduced with the Linux 3.13 kernel.
|
|||
|
* The aikgen tool generates an Attestation Identity Key bound to a TPM.
|
|||
|
* Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network
|
|||
|
Connect.
|
|||
|
* The ipsec.conf replay_window option defines connection specific IPsec
|
|||
|
replay windows. Original patch courtesy of Zheng Zhong and Christophe
|
|||
|
Gouault from 6Wind.
|
|||
|
- Adjusted file lists and removed obsolete patches
|
|||
|
[- 0005-restore-registration-algorithm-order.bug897512.patch,
|
|||
|
- 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
|
|||
|
- Adopted/Merged fipscheck patches
|
|||
|
[* strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Dec 17 10:15:23 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Disallow brainpool elliptic curve groups in fips mode (bnc#856322).
|
|||
|
[* strongswan_fipsfilter.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Dec 11 10:21:01 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Applied an upstream fix for a denial-of-service vulnerability,
|
|||
|
which can be triggered by an IKEv2 Key Exchange payload, that
|
|||
|
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
|
|||
|
[+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
|
|||
|
- Adjusted whilelist of approved algorithms in fips mode (bsc#856322).
|
|||
|
[* strongswan_fipsfilter.patch]
|
|||
|
- Renamed patch file to match it's patch number:
|
|||
|
[- 0001-restore-registration-algorithm-order.bug897512.patch,
|
|||
|
+ 0005-restore-registration-algorithm-order.bug897512.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Nov 25 11:22:06 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Updated strongswan-hmac package description (bsc#856322).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Nov 21 12:03:59 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Disabled explicit gpg validation; osc source_validator does it.
|
|||
|
- Guarded fipscheck and hmac package in the spec file for >13.1.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Nov 20 07:43:43 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Added generation of fips hmac hash files using fipshmac utility
|
|||
|
and a _fipscheck script to verify binaries/libraries/plugings
|
|||
|
shipped in the strongswan-hmac package.
|
|||
|
With enabled fips in the kernel, the ipsec script will call it
|
|||
|
before any action or in a enforced/manual "ipsec _fipscheck" call.
|
|||
|
Added config file to load openssl and kernel af-alg plugins, but
|
|||
|
not all the other modules which provide further/alternative algs.
|
|||
|
Applied a filter disallowing non-approved algorithms in fips mode.
|
|||
|
(fate#316931,bnc#856322).
|
|||
|
[+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
|
|||
|
- Fixed file list in the optional (disabled) strongswan-test package.
|
|||
|
- Fixed build of the strongswan built-in integrity checksum library
|
|||
|
and enabled building it only on architectures tested to work.
|
|||
|
- Fix to use bug number 897048 instead 856322 in last changes entry.
|
|||
|
- Applied an upstream patch reverting to store algorithms in the
|
|||
|
registration order again as ordering them by identifier caused
|
|||
|
weaker algorithms to be proposed first by default (bsc#897512).
|
|||
|
[+0001-restore-registration-algorithm-order.bug897512.patch]
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Sep 26 16:02:09 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Re-enabled gcrypt plugin and reverted to not enforce fips again
|
|||
|
as this breaks gcrypt and openssl plugins when the fips pattern
|
|||
|
option is not installed (fate#316931,bnc#856322).
|
|||
|
[- strongswan-fips-disablegcrypt.patch]
|
|||
|
- Added empty strongswan-hmac package supposed to provide fips hmac
|
|||
|
files and enforce fips compliant operation later (bnc#856322).
|
|||
|
- Cleaned up conditional build flags in the rpm spec file.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Jul 3 13:39:45 UTC 2014 - meissner@suse.com
|
|||
|
|
|||
|
- disable gcrypt plugin by default, so it will only use openssl
|
|||
|
fate#316931 [+strongswan-fips-disablegcrypt.patch]
|
|||
|
- enable fips mode 2
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Jun 20 17:38:07 UTC 2014 - crrodriguez@opensuse.org
|
|||
|
|
|||
|
- Fix build in factory
|
|||
|
* Do not include var/run directories in package
|
|||
|
* Move runtime data to /run and provide tmpfiles.d snippet
|
|||
|
* Add proper systemd macros to rpm scriptlets.
|
|||
|
* Do not buildRequire library package libnl1, it is not used.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Apr 14 23:36:07 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.1.3 providing the following changes:
|
|||
|
- Fixed an authentication bypass vulnerability triggered by rekeying
|
|||
|
an unestablished IKEv2 SA while it gets actively initiated. This
|
|||
|
allowed an attacker to trick a peer's IKE_SA state to established,
|
|||
|
without the need to provide any valid authentication credentials.
|
|||
|
(CVE-2014-2338, bnc#870572).
|
|||
|
- The acert plugin evaluates X.509 Attribute Certificates. Group
|
|||
|
membership information encoded as strings can be used to fulfill
|
|||
|
authorization checks defined with the rightgroups option.
|
|||
|
Attribute Certificates can be loaded locally or get exchanged in
|
|||
|
IKEv2 certificate payloads.
|
|||
|
- The pki command gained support to generate X.509 Attribute
|
|||
|
Certificates using the --acert subcommand, while the --print
|
|||
|
command supports the ac type. The openac utility has been removed
|
|||
|
in favor of the new pki functionality.
|
|||
|
- The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other
|
|||
|
protocols has been extended by AEAD mode support, currently limited
|
|||
|
to AES-GCM.
|
|||
|
- Fixed an issue where CRL/OCSP trustchain validation broke enforcing
|
|||
|
CA constraints
|
|||
|
- Limited OCSP signing to specific certificates to improve performance
|
|||
|
- authKeyIdentifier is not added to self-signed certificates anymore
|
|||
|
- Fixed the comparison of IKE configs if only the cipher suites were
|
|||
|
different
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Apr 2 05:53:21 UTC 2014 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.1.2 providing the following changes:
|
|||
|
- A new default configuration file layout is introduced. The new
|
|||
|
default strongswan.conf file mainly includes config snippets from
|
|||
|
the strongswan.d and strongswan.d/charon directories (the latter
|
|||
|
containing snippets for all plugins). The snippets, with commented
|
|||
|
defaults, are automatically generated and installed, if they don't
|
|||
|
exist yet. Also installed in $prefix/share/strongswan/templates so
|
|||
|
existing files can be compared to the current defaults.
|
|||
|
- As an alternative to the non-extensible charon.load setting, the
|
|||
|
plugins to load in charon (and optionally other applications) can
|
|||
|
now be determined via the charon.plugins.<name>.load setting for
|
|||
|
each plugin (enabled in the new default strongswan.conf file via the
|
|||
|
charon.load_modular option). The load setting optionally takes a
|
|||
|
numeric priority value that allows reordering the plugins (otherwise
|
|||
|
the default plugin order is preserved).
|
|||
|
- All strongswan.conf settings that were formerly defined in library
|
|||
|
specific "global" sections are now application specific (e.g.
|
|||
|
settings for plugins in libstrongswan.plugins can now be set only
|
|||
|
for charon in charon.plugins). The old options are still supported,
|
|||
|
which now allows to define defaults for all applications in the
|
|||
|
libstrongswan section.
|
|||
|
- The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
|
|||
|
computer IKE key exchange mechanism. The implementation is based on
|
|||
|
the ntru-crypto library from the NTRUOpenSourceProject.
|
|||
|
The supported security strengths are ntru112, ntru128, ntru192, and
|
|||
|
ntru256. Since the private DH group IDs 1030..1033 have been
|
|||
|
assigned, the strongSwan Vendor ID must be sent in order to use NTRU
|
|||
|
(charon.send_vendor_id = yes).
|
|||
|
- Defined a TPMRA remote attestation workitem and added support for it
|
|||
|
to the Attestation IMV.
|
|||
|
- Compatibility issues between IPComp (compress=yes) and
|
|||
|
leftfirewall=yes as well as multiple subnets in left|rightsubnet
|
|||
|
have been fixed.
|
|||
|
- When enabling its "session" strongswan.conf option, the xauth-pam
|
|||
|
plugin opens and closes a PAM session for each established IKE_SA.
|
|||
|
Patch courtesy of Andrea Bonomi.
|
|||
|
- The strongSwan unit testing framework has been rewritten without the
|
|||
|
"check" dependency for improved flexibility and portability. It now
|
|||
|
properly supports multi-threaded and memory leak testing and brings
|
|||
|
a bunch of new test cases.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Nov 1 12:28:39 UTC 2013 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.1.1 minor release addressing two security
|
|||
|
fixes (bnc#847506,CVE-2013-6075, bnc#847509,CVE-2013-6076):
|
|||
|
- Fixed a denial-of-service vulnerability and potential authorization
|
|||
|
bypass triggered by a crafted ID_DER_ASN1_DN ID payload. The cause
|
|||
|
is an insufficient length check when comparing such identities. The
|
|||
|
vulnerability has been registered as CVE-2013-6075.
|
|||
|
- Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
|
|||
|
fragmentation payload. The cause is a NULL pointer dereference. The
|
|||
|
vulnerability has been registered as CVE-2013-6076.
|
|||
|
- The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS
|
|||
|
session with a strongSwan policy enforcement point which uses the
|
|||
|
tnc-pdp charon plugin.
|
|||
|
- The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests
|
|||
|
for either full SWID Tag or concise SWID Tag ID inventories.
|
|||
|
- The XAuth backend in eap-radius now supports multiple XAuth
|
|||
|
exchanges for different credential types and display messages.
|
|||
|
All user input gets concatenated and verified with a single
|
|||
|
User-Password RADIUS attribute on the AAA. With an AAA supporting
|
|||
|
it, one for example can implement Password+Token authentication with
|
|||
|
proper dialogs on iOS and OS X clients. - charon supports IKEv1 Mode
|
|||
|
Config exchange in push mode. The ipsec.conf modeconfig=push option
|
|||
|
enables it for both client and server, the same way as pluto used it.
|
|||
|
- Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2
|
|||
|
connections, charon can negotiate and install Security Associations
|
|||
|
integrity-protected by the Authentication Header protocol. Supported
|
|||
|
are plain AH(+IPComp) SAs only, but not the deprecated RFC2401 style
|
|||
|
ESP+AH bundles.
|
|||
|
- The generation of initialization vectors for IKE and ESP (when using
|
|||
|
libipsec) is now modularized and IVs for e.g. AES-GCM are now correctly
|
|||
|
allocated sequentially, while other algorithms like AES-CBC still
|
|||
|
use random IVs.
|
|||
|
- The left and right options in ipsec.conf can take multiple address
|
|||
|
ranges and subnets. This allows connection matching against a larger
|
|||
|
set of addresses, for example to use a different connection for clients
|
|||
|
connecting from a internal network.
|
|||
|
- For all those who have a queasy feeling about the NIST elliptic curve
|
|||
|
set, the Brainpool curves introduced for use with IKE by RFC 6932 might
|
|||
|
be a more trustworthy alternative.
|
|||
|
- The kernel-libipsec userland IPsec backend now supports usage
|
|||
|
statistics, volume based rekeying and accepts ESPv3 style TFC padded
|
|||
|
packets.
|
|||
|
- With two new strongswan.conf options fwmarks can be used to implement
|
|||
|
host-to-host tunnels with kernel-libipsec.
|
|||
|
- load-tester supports transport mode connections and more complex
|
|||
|
traffic selectors, including such using unique ports for each tunnel.
|
|||
|
- The new dnscert plugin provides support for authentication via CERT
|
|||
|
RRs that are protected via DNSSEC. The plugin was created by Ruslan
|
|||
|
N. Marchenko.
|
|||
|
- The eap-radius plugin supports forwarding of several Cisco Unity
|
|||
|
specific RADIUS attributes in corresponding configuration payloads.
|
|||
|
- Database transactions are now abstracted and implemented by the two
|
|||
|
backends. If you use MySQL make sure all tables use the InnoDB engine.
|
|||
|
- libstrongswan now can provide an experimental custom implementation
|
|||
|
of the printf family functions based on klibc if neither Vstr nor
|
|||
|
glibc style printf hooks are available. This can avoid the Vstr
|
|||
|
dependency on some systems at the cost of slower and less complete
|
|||
|
printf functions.
|
|||
|
- Adjusted file lists: this version installs the pki utility and manuals
|
|||
|
in common /usr directories and additional ipsec/pt-tls-client helper.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Aug 5 13:48:11 UTC 2013 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.1.0 release (bnc#833278, CVE-2013-5018):
|
|||
|
- Fixed a denial-of-service vulnerability triggered by specific XAuth
|
|||
|
usernames and EAP identities (since 5.0.3), and PEM files (since
|
|||
|
4.1.11). The crash was caused by insufficient error handling in the
|
|||
|
is_asn1() function. The vulnerability has been registered as
|
|||
|
CVE-2013-5018.
|
|||
|
- The new charon-cmd command line IKE client can establish road
|
|||
|
warrior connections using IKEv1 or IKEv2 with different
|
|||
|
authentication profiles. It does not depend on any configuration
|
|||
|
files and can be configured using a few simple command line options.
|
|||
|
- The kernel-pfroute networking backend has been greatly improved.
|
|||
|
It now can install virtual IPs on TUN devices on OS X and FreeBSD,
|
|||
|
allowing these systems to act as a client in common road warrior
|
|||
|
scenarios.
|
|||
|
- The new kernel-libipsec plugin uses TUN devices and libipsec to
|
|||
|
provide IPsec processing in userland on Linux, FreeBSD and Mac OS X.
|
|||
|
- The eap-radius plugin can now serve as an XAuth backend called
|
|||
|
xauth-radius, directly verifying XAuth credentials using RADIUS
|
|||
|
User-Name/User-Password attributes. This is more efficient than the
|
|||
|
existing xauth-eap+eap-radius combination, and allows RADIUS servers
|
|||
|
without EAP support to act as AAA backend for IKEv1.
|
|||
|
- The new osx-attr plugin installs configuration attributes (currently
|
|||
|
DNS servers) via SystemConfiguration on Mac OS X. The keychain
|
|||
|
plugin provides certificates from the OS X keychain service.
|
|||
|
- The sshkey plugin parses SSH public keys, which, together with the
|
|||
|
--agent option for charon-cmd, allows the use of ssh-agent for
|
|||
|
authentication. To configure SSH keys in ipsec.conf the
|
|||
|
left|rightrsasigkey options are replaced with left|rightsigkey,
|
|||
|
which now take public keys in one of three formats: SSH (RFC 4253,
|
|||
|
ssh: prefix), DNSKEY (RFC 3110, dns: prefix), and PKCS#1 (the
|
|||
|
default, no prefix).
|
|||
|
- Extraction of certificates and private keys from PKCS#12 files is
|
|||
|
now provided by the new pkcs12 plugin or the openssl plugin.
|
|||
|
charon-cmd (--p12) as well as charon (via P12 token in
|
|||
|
ipsec.secrets) can make use of this.
|
|||
|
- IKEv2 can now negotiate transport mode and IPComp in NAT situations.
|
|||
|
- IKEv2 exchange initiators now properly close an established IKE or
|
|||
|
CHILD_SA on error conditions using an additional exchange, keeping
|
|||
|
state in sync between peers.
|
|||
|
- Using a SQL database interface a Trusted Network Connect (TNC)
|
|||
|
Policy Manager can generate specific measurement workitems for an
|
|||
|
arbitrary number of Integrity Measurement Verifiers (IMVs) based on
|
|||
|
the history of the VPN user and/or device.
|
|||
|
- Several core classes in libstrongswan are now tested with unit
|
|||
|
tests. These can be enabled with --enable-unit-tests and run with
|
|||
|
'make check'.
|
|||
|
Coverage reports can be generated with --enable-coverage and 'make
|
|||
|
coverage' (this disables any optimization, so it should not be
|
|||
|
enabled when building production releases).
|
|||
|
- The leak-detective developer tool has been greatly improved. It
|
|||
|
works much faster/stabler with multiple threads, does not use
|
|||
|
deprecated malloc hooks anymore and has been ported to OS X.
|
|||
|
- chunk_hash() is now based on SipHash-2-4 with a random key. This
|
|||
|
provides better distribution and prevents hash flooding attacks
|
|||
|
when used with hashtables.
|
|||
|
- All default plugins implement the get_features() method to define
|
|||
|
features and their dependencies. The plugin loader has been
|
|||
|
improved, so that plugins in a custom load statement can be ordered
|
|||
|
freely or to express preferences without being affected by
|
|||
|
dependencies between plugin features.
|
|||
|
- A centralized thread can take care for watching multiple file
|
|||
|
descriptors concurrently. This removes the need for a dedicated
|
|||
|
listener threads in various plugins. The number of "reserved"
|
|||
|
threads for such tasks has been reduced to about five, depending on
|
|||
|
the plugin configuration.
|
|||
|
- Plugins that can be controlled by a UNIX socket IPC mechanism gained
|
|||
|
network transparency. Third party applications querying these
|
|||
|
plugins now can use TCP connections from a different host.
|
|||
|
- libipsec now supports AES-GCM.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Apr 30 12:48:44 UTC 2013 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944):
|
|||
|
- Fixed a security vulnerability in the openssl plugin which was
|
|||
|
reported by Kevin Wojtysiak. The vulnerability has been registered
|
|||
|
as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA
|
|||
|
signature verification was used, due to a misinterpretation of the
|
|||
|
error code returned by the OpenSSL ECDSA_verify() function, an empty
|
|||
|
or zeroed signature was accepted as a legitimate one. Refer to our
|
|||
|
blog for details.
|
|||
|
- The handling of a couple of other non-security relevant OpenSSL
|
|||
|
return codes was fixed as well.
|
|||
|
- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses
|
|||
|
via its TCG TNC IF-MAP 2.1 interface.
|
|||
|
- The charon.initiator_only strongswan.conf option causes charon to
|
|||
|
ignore IKE initiation requests.
|
|||
|
- The openssl plugin can now use the openssl-fips library.
|
|||
|
The version 5.0.3 provides new ipseckey plugin, enabling authentication
|
|||
|
based on trustworthy public keys stored as IPSECKEY resource records in
|
|||
|
the DNS and protected by DNSSEC and new openssl plugin using the AES-NI
|
|||
|
accelerated version of AES-GCM if the hardware supports it.
|
|||
|
See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
|
|||
|
for a list of all changes since the 5.0.1 release.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Nov 29 19:13:40 CET 2012 - sbrabec@suse.cz
|
|||
|
|
|||
|
- Verify GPG signature.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Nov 16 04:02:32 UTC 2012 - crrodriguez@opensuse.org
|
|||
|
|
|||
|
- Fix systemd unit dir
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Oct 31 15:25:16 UTC 2012 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 5.0.1 release. Changes digest:
|
|||
|
- Introduced the sending of the standard IETF Assessment Result
|
|||
|
PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
|
|||
|
- Extended PTS Attestation IMC/IMV pair to provide full evidence of
|
|||
|
the Linux IMA measurement process. All pertinent file information
|
|||
|
of a Linux OS can be collected and stored in an SQL database.
|
|||
|
- The PA-TNC and PB-TNC protocols can now process huge data payloads.
|
|||
|
- The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid
|
|||
|
authenticated clients against any PAM service.
|
|||
|
- The new unity plugin brings support for some parts of the IKEv1
|
|||
|
Cisco Unity Extensions.
|
|||
|
- The kernel-netlink plugin supports the new strongswan.conf option
|
|||
|
charon.install_virtual_ip_on.
|
|||
|
- Job handling in controller_t was fixed, which occasionally caused
|
|||
|
crashes on ipsec up/down.
|
|||
|
- Fixed transmission EAP-MSCHAPv2 user name if it contains a domain
|
|||
|
part.
|
|||
|
Changes digest from strongSwan 5.0.0 version:
|
|||
|
* The charon IKE daemon gained experimental support for the IKEv1
|
|||
|
protocol. Pluto has been removed from the 5.x series.
|
|||
|
* The NetworkManager charon plugin of previous releases is now
|
|||
|
provided by a separate executable (charon-nm) and it should work
|
|||
|
again with NM 0.9.
|
|||
|
* scepclient was updated and it now works fine with Windows Server
|
|||
|
2008 R2.
|
|||
|
For full list of the changes, please read the NEWS file shipped
|
|||
|
in the strongswan-doc package or online:
|
|||
|
http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
|
|||
|
- Adopted spec file, enabled several plugins, e.g.: ccm, certexpire,
|
|||
|
coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc,
|
|||
|
eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam.
|
|||
|
- Changed to install strongswan.service with alias to ipsec.service
|
|||
|
instead of the /etc/init.d/ipsec init script on openSUSE > 12.2.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Sep 7 08:36:57 UTC 2012 - mt@suse.de
|
|||
|
|
|||
|
- Applied upstream patch adjusting an internal thread id causing
|
|||
|
charon keying daemon start failure (bnc#779038,strongswan#198):
|
|||
|
openssl: Ensure the thread ID is never zero
|
|||
|
This might otherwise cause problems because OpenSSL tries to
|
|||
|
lock mutexes recursively if it assumes the lock is held by a
|
|||
|
different thread e.g. during FIPS initialization.
|
|||
|
See http://wiki.strongswan.org/issues/198 for more informations.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu May 31 16:08:43 UTC 2012 - mt@suse.com
|
|||
|
|
|||
|
- Updated to strongSwan 4.6.4 release:
|
|||
|
- Fixed a security vulnerability in the gmp plugin. If this
|
|||
|
plugin was used for RSA signature verification an empty or
|
|||
|
zeroed signature was handled as a legitimate one
|
|||
|
(bnc#761325, CVE-2012-2388).
|
|||
|
- Fixed several issues with reauthentication and address updates.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu May 10 09:15:38 UTC 2012 - mt@suse.com
|
|||
|
|
|||
|
- Updated to strongSwan 4.6.3 release:
|
|||
|
- The tnc-pdp plugin implements a RADIUS server interface allowing
|
|||
|
a strongSwan TNC server to act as a Policy Decision Point.
|
|||
|
- The eap-radius authentication backend enforces Session-Timeout
|
|||
|
attributes using RFC4478 repeated authentication and acts upon
|
|||
|
RADIUS Dynamic Authorization extensions, RFC 5176. Currently
|
|||
|
supported are disconnect requests and CoA messages containing
|
|||
|
a Session-Timeout.
|
|||
|
- The eap-radius plugin can forward arbitrary RADIUS attributes
|
|||
|
from and to clients using custom IKEv2 notify payloads. The new
|
|||
|
radattr plugin reads attributes to include from files and prints
|
|||
|
received attributes to the console.
|
|||
|
- Added support for untruncated MD5 and SHA1 HMACs in ESP as used
|
|||
|
in RFC 4595.
|
|||
|
- The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128
|
|||
|
algorithms as defined in RFC 4494 and RFC 4615, respectively.
|
|||
|
- The resolve plugin automatically installs nameservers via
|
|||
|
resolvconf(8), if it is installed, instead of modifying
|
|||
|
/etc/resolv.conf directly.
|
|||
|
- The IKEv2 charon daemon supports now raw RSA public keys in RFC
|
|||
|
3110 DNSKEY and PKCS#1 file format.
|
|||
|
- The farp plugin sends ARP responses for any tunneled address,
|
|||
|
not only virtual IPs.
|
|||
|
- Charon resolves hosts again during additional keying tries.
|
|||
|
- Fixed switching back to original address pair during MOBIKE.
|
|||
|
- When resending IKE_SA_INIT with a COOKIE charon reuses the previous
|
|||
|
DH value, as specified in RFC 5996.
|
|||
|
This has an effect on the lifecycle of diffie_hellman_t, see
|
|||
|
source:src/libcharon/sa/keymat.h#39 for details.
|
|||
|
- COOKIEs are now kept enabled a bit longer to avoid certain race
|
|||
|
conditions the commit message to 1b7debcc has some details.
|
|||
|
- The new stroke user-creds command allows to set username/password
|
|||
|
for a connection.
|
|||
|
- strongswan.conf option added to set identifier for syslog(3) logging.
|
|||
|
- Added a workaround for null-terminated XAuth secrets (as sent by
|
|||
|
Android 4).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Sat Mar 3 00:10:34 UTC 2012 - tabraham@novell.com
|
|||
|
|
|||
|
- Updated to strongSwan 4.6.2 release:
|
|||
|
Changes in 4.6.2:
|
|||
|
- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
|
|||
|
which supports IF-TNCCS 2.0 long message types, the exclusive flags
|
|||
|
and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
|
|||
|
the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.
|
|||
|
- Fully implemented the "TCG Attestation PTS Protocol: Binding to IF-M"
|
|||
|
standard (TLV-based messages only). TPM-based remote attestation of
|
|||
|
Linux IMA (Integrity Measurement Architecture) possible. Measurement
|
|||
|
reference values are automatically stored in an SQLite database.
|
|||
|
- The EAP-RADIUS authentication backend supports RADIUS accounting. It sends
|
|||
|
start/stop messages containing Username, Framed-IP and Input/Output-Octets
|
|||
|
attributes and has been tested against FreeRADIUS and Microsoft NPS.
|
|||
|
- Added support for PKCS#8 encoded private keys via the libstrongswan
|
|||
|
pkcs8 plugin. This is the default format used by some OpenSSL tools since
|
|||
|
version 1.0.0 (e.g. openssl req with -keyout).
|
|||
|
- Added session resumption support to the strongSwan TLS stack.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Feb 15 13:31:40 UTC 2012 - mt@suse.com
|
|||
|
|
|||
|
- Updated to strongSwan 4.6.1 release:
|
|||
|
Changes in 4.6.1:
|
|||
|
- Because of changing checksums before and after installation which caused
|
|||
|
the integrity tests to fail we avoided directly linking libsimaka,
|
|||
|
libtls and libtnccs to those libcharon plugins which make use of these
|
|||
|
dynamiclibraries.
|
|||
|
Instead we linked the libraries to the charon daemon. Unfortunately
|
|||
|
Ubuntu 11.10 activated the --as-needed ld option which discards explicit
|
|||
|
links to dynamic libraries that are not actually used by the charon
|
|||
|
daemon itself, thus causing failures during the loading of the plugins
|
|||
|
which depend on these libraries for resolving external symbols.
|
|||
|
- Therefore our approach of computing integrity checksums for plugins had
|
|||
|
to be changed radically by moving the hash generation from the
|
|||
|
compilation to the post-installation phase.
|
|||
|
Changes in 4.6.0:
|
|||
|
- The new libstrongswan certexpire plugin collects expiration information
|
|||
|
of all used certificates and exports them to CSV files. It either
|
|||
|
directly exports them or uses cron style scheduling for batch exports.
|
|||
|
- Starter passes unresolved hostnames to charon, allowing it to do name
|
|||
|
resolution not before the connection attempt. This is especially useful
|
|||
|
with connections between hosts using dynamic IP addresses.
|
|||
|
Thanks to Mirko Parthey for the initial patch.
|
|||
|
- The android plugin can now be used without the Android frontend patch
|
|||
|
and provides DNS server registration and logging to logcat.
|
|||
|
- Pluto and starter (plus stroke and whack) have been ported to Android.
|
|||
|
- Support for ECDSA private and public key operations has been added to
|
|||
|
the pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11
|
|||
|
and can use tokens as random number generators (RNG). By default only
|
|||
|
private key operations are enabled, more advanced features have to be
|
|||
|
enabled by their option in strongswan.conf. This also applies to public
|
|||
|
key operations (even for keys not stored on the token) which were
|
|||
|
enabled by default before.
|
|||
|
- The libstrongswan plugin system now supports detailed plugin
|
|||
|
dependencies. Many plugins have been extended to export its capabilities
|
|||
|
and requirements. This allows the plugin loader to resolve plugin
|
|||
|
loading order automatically, and in future releases, to dynamically load
|
|||
|
the required features on demand.
|
|||
|
Existing third party plugins are source (but not binary) compatible if
|
|||
|
they properly initialize the new get_features() plugin function to NULL.
|
|||
|
- The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can
|
|||
|
deliver metadata about IKE_SAs via a SOAP interface to a MAP server.
|
|||
|
The tnc-ifmap plugin requires the Apache Axis2/C library.
|
|||
|
- Merged patches, changed strongswan-doc to be a noarch package.
|
|||
|
- Fixed rpmlint runlevel & fsf warnings, updated rpmlintrc
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Feb 6 10:27:00 UTC 2012 - aj@suse.de
|
|||
|
|
|||
|
- Only glib.h can be included, fix compilation.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Dec 21 10:31:49 UTC 2011 - coolo@suse.com
|
|||
|
|
|||
|
- remove call to suse_update_config (very old work around)
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Sep 12 09:26:51 UTC 2011 - coolo@suse.com
|
|||
|
|
|||
|
- remove _service file, too fragile
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Sep 12 08:24:36 UTC 2011 - mt@suse.com
|
|||
|
|
|||
|
- Fixed version in last changelog entry
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Sep 8 16:06:46 UTC 2011 - mt@suse.com
|
|||
|
|
|||
|
- Updated to strongSwan 4.5.3 release, changes overview since 4.5.2:
|
|||
|
* Our private libraries (e.g. libstrongswan) are not installed directly in
|
|||
|
prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
|
|||
|
default). The plugins directory is also moved from libexec/ipsec/ to that
|
|||
|
directory.
|
|||
|
* The dynamic IMC/IMV libraries were moved from the plugins directory to
|
|||
|
a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
|
|||
|
* Job priorities were introduced to prevent thread starvation caused by too
|
|||
|
many threads handling blocking operations (such as CRL fetching).
|
|||
|
* Two new strongswan.conf options allow to fine-tune performance on IKEv2
|
|||
|
gateways by dropping IKE_SA_INIT requests on high load.
|
|||
|
* IKEv2 charon daemon supports PASS and DROP shunt policies
|
|||
|
preventing traffic to go through IPsec connections. Installation of the
|
|||
|
shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
|
|||
|
interfaces.
|
|||
|
* The history of policies installed in the kernel is now tracked so that e.g.
|
|||
|
trap policies are correctly updated when reauthenticated SAs are terminated.
|
|||
|
* IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
|
|||
|
Using "netstat -l" the IMC scans open listening ports on the TNC client
|
|||
|
and sends a port list to the IMV which based on a port policy decides if
|
|||
|
the client is admitted to the network.
|
|||
|
* IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
|
|||
|
* The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
|
|||
|
setting, but the value defined by its own closeaction keyword. The action
|
|||
|
is triggered if the remote peer closes a CHILD_SA unexpectedly.
|
|||
|
- Fixed some fmt warnings in libchecksum, adopted paths in the spec file
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com
|
|||
|
|
|||
|
- Updated to strongSwan 4.5.2 release, changes overview since 4.5.1:
|
|||
|
* The whitelist plugin for the IKEv2 daemon maintains an in-memory identity
|
|||
|
whitelist. Any connection attempt of peers not whitelisted will get rejected.
|
|||
|
The 'ipsec whitelist' utility provides a simple command line frontend for
|
|||
|
whitelist administration.
|
|||
|
* The duplicheck plugin provides a specialized form of duplicate checking,
|
|||
|
doing a liveness check on the old SA and optionally notify a third party
|
|||
|
application about detected duplicates.
|
|||
|
* The coupling plugin permanently couples two or more devices by limiting
|
|||
|
authentication to previously used certificates.
|
|||
|
* In the case that the peer config and child config don't have the same name
|
|||
|
(usually in SQL database defined connections), ipsec up|route <peer config>
|
|||
|
starts|routes all associated child configs and ipsec up|route <child config>
|
|||
|
only starts|routes the specific child config.
|
|||
|
* fixed the encoding and parsing of X.509 certificate policy statements (CPS).
|
|||
|
* Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
|
|||
|
pcsc-lite based SIM card backend.
|
|||
|
* The eap-peap plugin implements the EAP PEAP protocol. Interoperates
|
|||
|
successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
|
|||
|
* The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
|
|||
|
all plugins to reload. Currently only the eap-radius and the attr plugins
|
|||
|
support configuration reloading.
|
|||
|
* Added userland support to the IKEv2 daemon for Extended Sequence Numbers
|
|||
|
support coming with Linux 2.6.39. To enable ESN on a connection, add
|
|||
|
the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
|
|||
|
numbers only ('noesn'), and the same value is used if no ESN mode is
|
|||
|
specified. To negotiate ESN support with the peer, include both, e.g.
|
|||
|
esp=aes128-sha1-esn-noesn.
|
|||
|
* In addition to ESN, Linux 2.6.39 gained support for replay windows larger
|
|||
|
than 32 packets. The new global strongswan.conf option 'charon.replay_window'
|
|||
|
configures the size of the replay window, in packets.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Mar 14 10:59:32 UTC 2011 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.5.1 release, changes overview since 4.5.0:
|
|||
|
* Implements RFC 5793 Posture Broker Protocol (BP)
|
|||
|
* Re-implemented TNCCS 1.1 protocol
|
|||
|
* Allows to store IKE and ESP proposals in an SQL database
|
|||
|
* Allows to store CRL and OCSP cert points in an SQL database
|
|||
|
* New 'include' statement in strongswan.conf allows recursions
|
|||
|
* Modifications of strongswan.conf parser, cause syntax attr plugin
|
|||
|
syntax changes.
|
|||
|
* ipsec listalgs now appends the plugin registering an algo
|
|||
|
* Adds support for Traffic Flow Confidentiality with Linux 2.6.38
|
|||
|
* New af-alg plugin allows to use new primitives in 2.6.38 crypto api
|
|||
|
and removes the need for additional userland implementations.
|
|||
|
* IKEv2 daemon supports the INITIAL_CONTACT notify
|
|||
|
* conftest conformance testing framework
|
|||
|
* new constraints plugin provides advanced X.509 constraint checking
|
|||
|
* left/rightauth ipsec.conf keywords accept minimum strengths
|
|||
|
* basic support for delta CRLs
|
|||
|
See the NEWS file or http://download.strongswan.org/CHANGES4.txt
|
|||
|
for a detailed description of the changes.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Nov 22 09:05:30 UTC 2010 - mt@suse.de
|
|||
|
|
|||
|
- Cleaned up spec file; use with_mysql,sqlite,gcrypt,nm flags
|
|||
|
- Disabled tests sub-package with load-tester and test-vectors
|
|||
|
plugins by default using a with_tests flag (causes load error
|
|||
|
in "ipsec pki" when enabled but the package is not installed).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Nov 16 12:01:46 UTC 2010 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.5.0 release, changes since 4.4.1 are:
|
|||
|
* IMPORTANT: the default keyexchange mode 'ike' is changing with
|
|||
|
release 4.5 from 'ikev1' to 'ikev2', thus commemorating the five
|
|||
|
year anniversary of the IKEv2 RFC 4306 and its mature successor
|
|||
|
RFC 5996. The time has definitively come for IKEv1 to go into
|
|||
|
retirement and to cede its place to the much more robust, powerful
|
|||
|
and versatile IKEv2 protocol!
|
|||
|
* Added new ctr, ccm and gcm plugins providing Counter, Counter
|
|||
|
with CBC-MAC and Galois/Counter Modes based on existing CBC
|
|||
|
implementations. These new plugins bring support for AES and
|
|||
|
Camellia Counter and CCM algorithms and the AES GCM algorithms
|
|||
|
for use in IKEv2.
|
|||
|
* The new pkcs11 plugin brings full Smartcard support to the IKEv2
|
|||
|
daemon and the pki utility using one or more PKCS#11 libraries. It
|
|||
|
currently supports RSA private and public key operations and loads
|
|||
|
X.509 certificates from tokens.
|
|||
|
* Implemented a general purpose TLS stack based on crypto and
|
|||
|
credential primitives of libstrongswan. libtls supports TLS
|
|||
|
versions 1.0, 1.1 and 1.2, ECDHE-ECDSA/RSA, DHE-RSA and RSA key
|
|||
|
exchange algorithms and RSA/ECDSA based client authentication.
|
|||
|
* Based on libtls, the eap-tls plugin brings certificate based EAP
|
|||
|
authentication for client and server. It is compatible to Windows
|
|||
|
7 IKEv2 Smartcard authentication and the OpenSSL based FreeRADIUS
|
|||
|
EAP-TLS backend.
|
|||
|
* Implemented the TNCCS 1.1 Trusted Network Connect protocol using
|
|||
|
the libtnc library on the strongSwan client and server side via
|
|||
|
the tnccs_11 plugin and optionally connecting to a TNC@FHH-enhanced
|
|||
|
FreeRADIUS AAA server. Depending on the resulting TNC Recommendation,
|
|||
|
strongSwan clients are granted access to a network behind a
|
|||
|
strongSwan gateway (allow), are put into a remediation zone (isolate)
|
|||
|
or are blocked (none), respectively.
|
|||
|
Any number of Integrity Measurement Collector/Verifier pairs can be
|
|||
|
attached via the tnc-imc and tnc-imv charon plugins.
|
|||
|
* The IKEv1 daemon pluto now uses the same kernel interfaces as the
|
|||
|
IKEv2 daemon charon. As a result of this, pluto now supports xfrm
|
|||
|
marks which were introduced in charon with 4.4.1.
|
|||
|
* The RADIUS plugin eap-radius now supports multiple RADIUS servers
|
|||
|
for redundant setups. Servers are selected by a defined priority,
|
|||
|
server load and availability.
|
|||
|
* The simple led plugin controls hardware LEDs through the Linux LED
|
|||
|
subsystem. It currently shows activity of the IKE daemon and is a
|
|||
|
good example how to implement a simple event listener.
|
|||
|
* Improved MOBIKE behavior in several corner cases, for instance,
|
|||
|
if the initial responder moves to a different address.
|
|||
|
* Fixed left-/rightnexthop option, which was broken since 4.4.0.
|
|||
|
* Fixed a bug not releasing a virtual IP address to a pool if the
|
|||
|
XAUTH identity was different from the IKE identity.
|
|||
|
* Fixed the alignment of ModeConfig messages on 4-byte boundaries
|
|||
|
in the case where the attributes are not a multiple of 4 bytes
|
|||
|
(e.g. Cisco's UNITY_BANNER).
|
|||
|
* Fixed the interoperability of the socket_raw and socket_default
|
|||
|
charon plugins.
|
|||
|
* Added man page for strongswan.conf
|
|||
|
- Adopted spec file, removed obsolete error range patch.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Aug 10 11:43:38 UTC 2010 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.4.1 release, changes since 4.4.0 are:
|
|||
|
* Support of xfrm marks in IPsec SAs and IPsec policies introduced
|
|||
|
with the Linux 2.6.34 kernel.
|
|||
|
For details see the example scenarios ikev2/nat-two-rw-mark,
|
|||
|
ikev2/rw-nat-mark-in-out and ikev2/net2net-psk-dscp.
|
|||
|
* The PLUTO_MARK_IN and PLUTO_ESP_ENC environment variables can be
|
|||
|
used in a user-specific updown script to set marks on inbound ESP
|
|||
|
or ESP_IN_UDP packets.
|
|||
|
* The openssl plugin now supports X.509 certificate and CRL functions.
|
|||
|
* OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
|
|||
|
enabled by default.
|
|||
|
Plase update manual load directives in strongswan.conf.
|
|||
|
* RFC3779 ipAddrBlock constraint checking has been moved to the
|
|||
|
addrblock plugin, disabled by default. Enable it and update manual
|
|||
|
load directives in strongswan.conf, if required.
|
|||
|
* The pki utility supports CRL generation using the --signcrl command.
|
|||
|
* The ipsec pki --self, --issue and --req commands now support output
|
|||
|
in PEM format using the --outform pem option.
|
|||
|
* The major refactoring of the IKEv1 Mode Config functionality now
|
|||
|
allows the transport and handling of any Mode Config attribute.
|
|||
|
* The RADIUS proxy plugin eap-radius now supports multiple servers.
|
|||
|
Configured servers are chosen randomly, with the option to prefer
|
|||
|
a specific server. Non-responding servers are degraded by the
|
|||
|
selection process.
|
|||
|
* The ipsec pool tool manages arbitrary configuration attributes
|
|||
|
stored in an SQL database. ipsec pool --help gives the details.
|
|||
|
* The new eap-simaka-sql plugin acts as a backend for EAP-SIM and
|
|||
|
EAP-AKA, reading triplets/quintuplets from an SQL database.
|
|||
|
* The High Availability plugin now supports a HA enabled in-memory
|
|||
|
address pool and Node reintegration without IKE_SA rekeying. The
|
|||
|
latter allows clients without IKE_SA rekeying support to keep
|
|||
|
connected during reintegration. Additionally, many other issues
|
|||
|
have been fixed in the ha plugin.
|
|||
|
* Fixed a potential remote code execution vulnerability resulting
|
|||
|
from the misuse of snprintf(). The vulnerability is exploitable
|
|||
|
by unauthenticated users.
|
|||
|
- Removed obsolete snprintf security fix, adopted spec file
|
|||
|
- Enabled the eap-sim,eap-sim-file,eap-simaka-sql,eap-simaka-reauth,
|
|||
|
eap-simaka-pseudonym,eap-aka-3gpp2,md4,blowfish,addrblock plugins.
|
|||
|
- Enabled the mysql, sqlite, load-tester and test-vectors plugins,
|
|||
|
that are packaged into separate mysql,sqlite,tests sub packages.
|
|||
|
- Disabled sqlite plugin on SLE-10 -- sqlite3 lib is too old there.
|
|||
|
- Applied patch by Jiri Bohac fixing error-type range in parsing of
|
|||
|
NOTIFY payloads (RFC 4306, section 3.10.1).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Jul 2 15:40:17 UTC 2010 - mt@suse.de
|
|||
|
|
|||
|
- Applied upstream patch fixing snprintf flaws in the strongSwan
|
|||
|
IKE daemons exploitable by unauthenticated attackers using a
|
|||
|
crafted certificate or identification payload (bnc#615915).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Jul 2 14:16:18 UTC 2010 - mt@suse.de
|
|||
|
|
|||
|
- Added README.SUSE to source list in the spec file.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri May 14 19:19:04 UTC 2010 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.4.0 release, changes since 4.3.6 are:
|
|||
|
* The IKEv2 High Availability plugin has been integrated. It
|
|||
|
provides load sharing and failover capabilities in a cluster of
|
|||
|
currently two nodes, based on an extend ClusterIP kernel module.
|
|||
|
More information is available at
|
|||
|
http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
|
|||
|
The development of the High Availability functionality was sponsored
|
|||
|
by secunet Security Networks AG.
|
|||
|
* Added IKEv1 and IKEv2 configuration support for the AES-GMAC
|
|||
|
authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux
|
|||
|
2.6.34 kernel is required to make AES-GMAC available via the XFRM
|
|||
|
kernel interface.
|
|||
|
* Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp,
|
|||
|
gcrypt and openssl plugins, usable by both pluto and charon. The new
|
|||
|
proposal keywords are modp1024s160, modp2048s224 and modp2048s256.
|
|||
|
Thanks to Joy Latten from IBM for her contribution.
|
|||
|
* The IKEv1 pluto daemon supports RAM-based virtual IP pools using
|
|||
|
the rightsourceip directive with a subnet from which addresses
|
|||
|
are allocated.
|
|||
|
* The ipsec pki --gen and --pub commands now allow the output of
|
|||
|
private and public keys in PEM format using the --outform pem
|
|||
|
command line option.
|
|||
|
* The new DHCP plugin queries virtual IP addresses for clients from
|
|||
|
a DHCP server using broadcasts, or a defined server using the
|
|||
|
charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server
|
|||
|
information is additionally served to clients if the DHCP server
|
|||
|
provides such information. The plugin is used in ipsec.conf
|
|||
|
configurations having rightsourceip set to %dhcp.
|
|||
|
* A new plugin called farp fakes ARP responses for virtual IP
|
|||
|
addresses handed out to clients from the IKEv2 daemon charon. The
|
|||
|
plugin lets a road-warrior act as a client on the local LAN if it
|
|||
|
uses a virtual IP from the responders subnet, e.g. acquired using
|
|||
|
the DHCP plugin.
|
|||
|
* The existing IKEv2 socket implementations have been migrated to
|
|||
|
the socket-default and the socket-raw plugins. The new
|
|||
|
socket-dynamic plugin binds sockets dynamically to ports configured
|
|||
|
via the left-/rightikeport ipsec.conf connection parameters.
|
|||
|
* The android charon plugin stores received DNS server information
|
|||
|
as "net.dns" system properties, as used by the Android platform.
|
|||
|
- Splitted package into strongswan-ipsec, that install the traditional
|
|||
|
ipsec service starter scripts, -ikev1 and -ikev2 installing daemons
|
|||
|
and -libs0, that contains the library and plugins.
|
|||
|
- Enabled dhcp, farp, ha, socket-dynamic, agent, eap and sql plugins.
|
|||
|
- Enabled NetworkManager nm plugin in a separate strongswan-nm package.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Mar 2 21:42:10 CET 2010 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.3.6 release, changes since 4.3.4 are:
|
|||
|
* The IKEv2 daemon supports RFC 3779 IP address block constraints
|
|||
|
carried as a critical X.509v3 extension in the peer certificate.
|
|||
|
* The ipsec pool --add|del dns|nbns command manages DNS and NBNS
|
|||
|
name server entries that are sent via the IKEv1 Mode Config or
|
|||
|
IKEv2 Configuration Payload to remote clients.
|
|||
|
* The Camellia cipher can be used as an IKEv1 encryption algorithm.
|
|||
|
* The IKEv1 and IKEV2 daemons now check certificate path length
|
|||
|
constraints.
|
|||
|
* The new ipsec.conf conn option "inactivity" closes a CHILD_SA if
|
|||
|
no traffic was sent or received within the given interval. To close
|
|||
|
the complete IKE_SA if its only CHILD_SA was inactive, set the
|
|||
|
global strongswan.conf option "charon.inactivity_close_ike" to yes.
|
|||
|
* More detailed IKEv2 EAP payload information in debug output
|
|||
|
* IKEv2 EAP-SIM and EAP-AKA share joint libsimaka library
|
|||
|
* Added required userland changes for proper SHA256 and SHA384/512
|
|||
|
in ESP that will be introduced with Linux 2.6.33.
|
|||
|
The "sha256"/"sha2_256" keyword now configures the kernel with 128
|
|||
|
bit truncation, not the non-standard 96 bit truncation used by
|
|||
|
previous releases. To use the old 96 bit truncation scheme, the new
|
|||
|
"sha256_96" proposal keyword has been introduced.
|
|||
|
* Fixed IPComp in tunnel mode, stripping out the duplicated outer
|
|||
|
header. This change makes IPcomp tunnel mode connections
|
|||
|
incompatible with previous releases; disable compression on such
|
|||
|
tunnels.
|
|||
|
* Fixed BEET mode connections on recent kernels by installing SAs
|
|||
|
with appropriate traffic selectors, based on a patch by Michael
|
|||
|
Rossberg.
|
|||
|
* Using extensions (such as BEET mode) and crypto algorithms (such
|
|||
|
as twofish, serpent, sha256_96) allocated in the private use space
|
|||
|
now require that we know its meaning, i.e. we are talking to
|
|||
|
strongSwan. Use the new "charon.send_vendor_id" option in
|
|||
|
strongswan.conf to let the remote peer know this is the case.
|
|||
|
* Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where
|
|||
|
the responder omits public key authentication in favor of a mutual
|
|||
|
authentication method. To enable EAP-only authentication, set
|
|||
|
rightauth=eap on the responder to rely only on the MSK constructed
|
|||
|
AUTH payload. This not-yet standardized extension requires the
|
|||
|
strongSwan vendor ID introduced above.
|
|||
|
* The IKEv1 daemon ignores the Juniper SRX notification type 40001,
|
|||
|
thus allowing interoperability.
|
|||
|
* The IKEv1 pluto daemon can now use SQL-based address pools to
|
|||
|
deal out virtual IP addresses as a Mode Config server. The pool
|
|||
|
capability has been migrated from charon's sql plugin to a new
|
|||
|
attr-sql plugin which is loaded by libstrongswan and which can be
|
|||
|
used by both daemons either with a SQLite or MySQL database and the
|
|||
|
corresponding plugin.
|
|||
|
* Plugin names have been streamlined: EAP plugins now have a dash
|
|||
|
after eap (e.g. eap-sim), as it is used with the --enable-eap-sim
|
|||
|
./configure option.
|
|||
|
Plugin configuration sections in strongswan.conf now use the same
|
|||
|
name as the plugin itself (i.e. with a dash). Make sure to update
|
|||
|
"load" directives and the affected plugin sections in existing
|
|||
|
strongswan.conf files.
|
|||
|
* The private/public key parsing and encoding has been split up
|
|||
|
into separate pkcs1, pgp, pem and dnskey plugins. The public key
|
|||
|
implementation plugins gmp, gcrypt and openssl can all make use
|
|||
|
of them.
|
|||
|
* The EAP-AKA plugin can use different backends for USIM/quintuplet
|
|||
|
calculations, very similar to the EAP-SIM plugin. The existing 3GPP2
|
|||
|
software implementation has been migrated to a separate plugin.
|
|||
|
* The IKEv2 daemon charon gained basic PGP support. It can use
|
|||
|
locally installed peer certificates and can issue signatures based
|
|||
|
on RSA private keys.
|
|||
|
* The new 'ipsec pki' tool provides a set of commands to maintain a
|
|||
|
public key infrastructure. It currently supports operations to
|
|||
|
create RSA and ECDSA private/public keys, calculate fingerprints and
|
|||
|
issue or verify certificates.
|
|||
|
* Charon uses a monotonic time source for statistics and job
|
|||
|
queueing, behaving correctly if the system time changes (e.g. when
|
|||
|
using NTP).
|
|||
|
* In addition to time based rekeying, charon supports IPsec SA
|
|||
|
lifetimes based on processed volume or number of packets.
|
|||
|
They new ipsec.conf paramaters 'lifetime' (an alias to 'keylife'),
|
|||
|
'lifebytes' and 'lifepackets' handle SA timeouts, while the
|
|||
|
parameters 'margintime' (an alias to rekeymargin), 'marginbytes'
|
|||
|
and 'marginpackets' trigger the rekeying before a SA expires.
|
|||
|
The existing parameter 'rekeyfuzz' affects all margins.
|
|||
|
* If no CA/Gateway certificate is specified in the NetworkManager
|
|||
|
plugin, charon uses a set of trusted root certificates preinstalled
|
|||
|
by distributions. The directory containing CA certificates can be
|
|||
|
specified using the --with-nm-ca-dir=path configure option.
|
|||
|
* Fixed the encoding of the Email relative distinguished name in
|
|||
|
left|rightid statements.
|
|||
|
* Fixed the broken parsing of PKCS#7 wrapped certificates by the
|
|||
|
pluto daemon.
|
|||
|
* Fixed smartcard-based authentication in the pluto daemon which
|
|||
|
was broken by the ECDSA support introduced with the 4.3.2 release.
|
|||
|
* A patch contributed by Heiko Hund fixes mixed IPv6 in IPv4 and
|
|||
|
vice versa tunnels established with the IKEv1 pluto daemon.
|
|||
|
* The pluto daemon now uses the libstrongswan x509 plugin for
|
|||
|
certificates and CRls and the struct id type was replaced by
|
|||
|
identification_t used by charon and the libstrongswan library.
|
|||
|
- Removed obsolete load_secrets patches, refreshed modprobe patch.
|
|||
|
- Corrected a time_t cast reported by rpmlint (timer.c:51)
|
|||
|
- Disabled libtoolize call and the gcrypt plugin on SLE 10.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Sep 4 12:56:59 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Fixed open failure debug message in load_secrets
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Sep 3 23:44:37 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Applied patch fixing locking in ipsec.secrets inclusion.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Aug 31 16:06:13 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.3.4 release:
|
|||
|
* IKEv2 charon daemon ported to FreeBSD and Mac OS X. Installation
|
|||
|
details can be found on wiki.strongswan.org.
|
|||
|
* ipsec statusall shows the number of bytes transmitted and received
|
|||
|
over ESP connections configured by the IKEv2 charon daemon.
|
|||
|
* The IKEv2 charon daemon supports include files in ipsec.secrets.
|
|||
|
- Removed obsolete ipsec.secrets include patch (bnc#524799)
|
|||
|
and patch to avoid libchecksum version.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Aug 7 11:44:30 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Applied patch implementing ipsec.secrets "include" directive
|
|||
|
support in charon (http://wiki.strongswan.org/issues/show/82,
|
|||
|
bnc#524799).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jul 27 13:40:57 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.3.3 release:
|
|||
|
* The configuration option --enable-integrity-test plus the
|
|||
|
strongswan.conf option libstrongswan.integrity_test = yes
|
|||
|
activate integrity tests of the IKE daemons charon and pluto,
|
|||
|
libstrongswan and all loaded plugins. Thus dynamic library
|
|||
|
misconfigurations and non-malicious file manipulations can be
|
|||
|
reliably detected.
|
|||
|
* The new default setting libstrongswan.ecp_x_coordinate_only=yes
|
|||
|
allows IKEv1 interoperability with MS Windows using the ECP DH
|
|||
|
groups 19 and 20.
|
|||
|
* The IKEv1 pluto daemon now supports the AES-CCM and AES-GCM ESP
|
|||
|
authenticated encryption algorithms.
|
|||
|
* The IKEv1 pluto daemon now supports V4 OpenPGP keys.
|
|||
|
* The RDN parser vulnerability discovered by Orange Labs research
|
|||
|
team was not completely fixed in version 4.3.2. Some more
|
|||
|
modifications had to be applied to the asn1_length() function to
|
|||
|
make it robust.
|
|||
|
- Enabled --enable-integrity-test configure option (new feature).
|
|||
|
- Removed patch to avoid plugin versions (accepted by upstream)
|
|||
|
and added patch to avoid version for new libchecksum library.
|
|||
|
- Added -Wno-pointer-sign -Wno-strict-aliasing CFLAGS in the spec.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Jun 10 11:04:44 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.3.2 release, that fixes two asn1 parser
|
|||
|
DoS vulnerabilities and provides several new features, e.g.:
|
|||
|
* The new gcrypt plugin provides symmetric cipher, hasher, RNG,
|
|||
|
Diffie-Hellman and RSA crypto primitives using the LGPL licensed
|
|||
|
GNU gcrypt library.
|
|||
|
* libstrongswan features an integrated crypto selftest framework
|
|||
|
for registered algorithms. The test-vector plugin provides a first
|
|||
|
set of test vectors and allows pluto and charon to rely on tested
|
|||
|
crypto algorithms.
|
|||
|
* pluto can now use all libstrongswan plugins with the exception
|
|||
|
of x509 and xcbc. Thanks to the openssl plugin, the ECP Diffie-
|
|||
|
Hellman groups 19, 20, 21, 25, and 26 as well as ECDSA-256,
|
|||
|
ECDSA-384, and ECDSA-521 authentication can be used with IKEv1.
|
|||
|
* Applying their fuzzing tool, the Orange Labs vulnerability
|
|||
|
research team found another two DoS vulnerabilities, one in the
|
|||
|
rather old ASN.1 parser of Relative Distinguished Names (RDNs)
|
|||
|
and a second one in the conversion of ASN.1 UTCTIME and
|
|||
|
GENERALIZEDTIME strings to a time_t value.
|
|||
|
* The nm plugin now passes DNS/NBNS server information to
|
|||
|
NetworkManager, allowing a gateway administrator to set DNS/NBNS
|
|||
|
configuration on clients dynamically.
|
|||
|
* The nm plugin also accepts CA certificates for gateway
|
|||
|
authentication. If a CA certificate is configured, strongSwan uses
|
|||
|
the entered gateway address as its idenitity, requiring the gateways
|
|||
|
certificate to contain the same as subjectAltName.
|
|||
|
This allows a gateway administrator to deploy the same
|
|||
|
certificates to Windows 7 and NetworkManager clients.
|
|||
|
* The command ipsec purgeike deletes IKEv2 SAs that don't have a
|
|||
|
CHILD SA.
|
|||
|
The command ipsec down <conn>{n} deletes CHILD SA instance n of
|
|||
|
connection <conn> whereas ipsec down <conn>{*} deletes all CHILD
|
|||
|
SA instances.
|
|||
|
The command ipsec down <conn>[n] deletes IKE SA instance n of
|
|||
|
connection <conn> plus dependent CHILD SAs whereas ipsec down
|
|||
|
<conn>[*] deletes all IKE SA instances of connection <conn>.
|
|||
|
* Fixed a regression introduced in 4.3.0 where EAP authentication
|
|||
|
calculated the AUTH payload incorrectly. Further, the EAP-MSCHAPv2
|
|||
|
MSK key derivation has been updated to be compatible with the
|
|||
|
Windows 7 Release Candidate.
|
|||
|
* Refactored installation of triggering policies. Routed policies
|
|||
|
are handled outside of IKE_SAs to keep them installed in any case.
|
|||
|
A tunnel gets established only once, even if initiation is delayed
|
|||
|
due network outages.
|
|||
|
* Improved the handling of multiple acquire signals triggered by
|
|||
|
the kernel.
|
|||
|
* Fixed two DoS vulnerabilities in the charon daemon that were
|
|||
|
discovered by fuzzing techniques:
|
|||
|
1) Sending a malformed IKE_SA_INIT request leaved an incomplete
|
|||
|
state which caused a null pointer dereference if a subsequent
|
|||
|
CREATE_CHILD_SA request was sent.
|
|||
|
2) Sending an IKE_AUTH request with either a missing TSi or TSr
|
|||
|
payload caused a null pointer derefence because the checks for
|
|||
|
TSi and TSr were interchanged.
|
|||
|
The IKEv2 fuzzer used was developped by the Orange Labs
|
|||
|
vulnerability research team. The tool was initially written
|
|||
|
by Gabriel Campana and is now maintained by Laurent Butti.
|
|||
|
* Added support for AES counter mode in ESP in IKEv2 using the
|
|||
|
proposal keywords aes128ctr, aes192ctr and aes256ctr.
|
|||
|
* Further progress in refactoring pluto: Use of the curl and ldap
|
|||
|
plugins for fetching crls and OCSP. Use of the random plugin to
|
|||
|
get keying material from /dev/random or /dev/urandom. Use of the
|
|||
|
openssl plugin as an alternative to the aes, des, sha1, sha2, and
|
|||
|
md5 plugins. The blowfish, twofish, and serpent encryption plugins
|
|||
|
are now optional and are not enabled by default.
|
|||
|
- Enabled new gcrypt plugin
|
|||
|
- Adopted spec file and modprobe to syslog patch
|
|||
|
- Removed obsolete getline glibc collision patch
|
|||
|
- Added patch to avoid library version for plugins (rpmlint).
|
|||
|
- Replaced update-dns-server patch with a --with-resolv-conf.
|
|||
|
- Removed restart_on_update from spec file (see bnc#450390).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jun 8 00:21:13 CEST 2009 - ro@suse.de
|
|||
|
|
|||
|
- rename getline to my_getline to avoid collision with function
|
|||
|
from glibc
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Jun 2 09:56:16 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Applied fix for a Denial-of-Service vulnerability where receiving
|
|||
|
a malformed IKE_SA_INIT request leaves an incomplete state which
|
|||
|
causes a crash of the IKEv2 charon while dereferencing a NULL
|
|||
|
pointer if a subsequent CREATE_CHILD_SA is received (bnc#507742).
|
|||
|
- Applied fix for a Denial-of-Service vulnerability where receiving
|
|||
|
a malformed IKE_AUTH request with either a missing TSi or TSr
|
|||
|
traffic selector payload causes a crash of the IKEv2 charon while
|
|||
|
dereferencing a NULL pointer because the NULL pointer checks of
|
|||
|
TSi and TSr before destruction were erroneously swapped
|
|||
|
(bnc#507742).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Mar 31 11:19:03 CEST 2009 - mt@suse.de
|
|||
|
|
|||
|
- Updated to strongSwan 4.2.14 release that fixes a grave DPD
|
|||
|
denial of service vulnerability registered as CVE-2009-0790,
|
|||
|
that had been slumbering in the code for many years:
|
|||
|
* A vulnerability in the Dead Peer Detection (RFC 3706) code
|
|||
|
was found by Gerd v. Egidy <gerd.von.egidy@intra2net.com> of
|
|||
|
Intra2net AG affecting all Openswan and strongSwan releases.
|
|||
|
A malicious (or expired ISAKMP) R_U_THERE or R_U_THERE_ACK
|
|||
|
Dead Peer Detection packet can cause the pluto IKE daemon to
|
|||
|
crash and restart. No authentication or encryption is required
|
|||
|
to trigger this bug. One spoofed UDP packet can cause the pluto
|
|||
|
IKE daemon to restart and be unresponsive for a few seconds
|
|||
|
while restarting. This DPD null state vulnerability has been
|
|||
|
officially registered as CVE-2009-0790 and is fixed by this
|
|||
|
release.
|
|||
|
* The new server-side EAP RADIUS plugin (--enable-eap-radius)
|
|||
|
relays EAP messages to and from a RADIUS server. Succesfully
|
|||
|
tested with with a freeradius server using EAP-MD5 and EAP-SIM.
|
|||
|
* ASN.1 to time_t conversion caused a time wrap-around for dates
|
|||
|
after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
|
|||
|
As a workaround such dates are set to the maximum representable
|
|||
|
time, i.e. Jan 19 03:14:07 UTC 2038.
|
|||
|
* Distinguished Names containing wildcards (*) are not sent in the
|
|||
|
IDr payload anymore.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Oct 20 09:27:06 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Updated to 4.2.8 release:
|
|||
|
* IKEv2 charon daemon supports authentication based on raw public
|
|||
|
keys stored in the SQL database backend. The ipsec listpubkeys
|
|||
|
command lists the available raw public keys via the stroke
|
|||
|
interface.
|
|||
|
* Several MOBIKE improvements: Detect changes in NAT mappings in
|
|||
|
DPD exchanges, handle events if kernel detects NAT mapping changes
|
|||
|
in UDP-encapsulated ESP packets (requires kernel patch), reuse old
|
|||
|
addesses in MOBIKE updates as long as possible and other fixes.
|
|||
|
* Fixed a bug in addr_in_subnet() which caused insertion of wrong
|
|||
|
source routes for destination subnets having netwmasks not being a
|
|||
|
multiple of 8 bits. Thanks go to Wolfgang Steudel, TU Ilmenau for
|
|||
|
reporting this bug.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Oct 14 16:29:59 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Applied fix for addr_in_subnet() extracted from strongswan-4.2.8
|
|||
|
which caused insertion of wrong source routes for destination
|
|||
|
subnets having netwmasks not being a multiple of 8 bits.
|
|||
|
Thanks go to Wolfgang Steudel, TU Ilmenau for reporting this bug.
|
|||
|
(bnc#435200)
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Fri Oct 10 08:08:35 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Applied fix for a Denial-of-Service vulnerability where an
|
|||
|
IKE_SA_INIT message with a KE payload containing zeroes only can
|
|||
|
cause a crash of the IKEv2 charon daemon due to a NULL pointer
|
|||
|
returned by the mpz_export() function of the GNU Multi Precision
|
|||
|
(GMP) library. Thanks go to Mu Dynamics Research Labs for making
|
|||
|
us aware of this problem. (bnc#435194)
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Aug 28 14:31:49 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Fixed to use --enable-curl instead of --enable-http as before
|
|||
|
- Enabled the OpenSSL crypto plugin in the spec file.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Aug 28 09:48:14 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Updated to 4.2.6 release, fixing bugs and offering a lot of new
|
|||
|
features comparing to the last version provided by this package.
|
|||
|
Most important are:
|
|||
|
* A NetworkManager plugin allows GUI-based configuration of
|
|||
|
road-warrior clients in a simple way. It features X509 based
|
|||
|
gateway authentication and EAP client authentication, tunnel
|
|||
|
setup/teardown and storing passwords in the Gnome Keyring.
|
|||
|
* A new EAP-GTC plugin implements draft-sheffer-ikev2-gtc-00.txt
|
|||
|
and allows username/password authentication against any PAM
|
|||
|
service on the gateway. The new EAP method interacts nicely with
|
|||
|
the NetworkManager plugin and allows client authentication against
|
|||
|
e.g. LDAP.
|
|||
|
* Improved support for the EAP-Identity method. The new ipsec.conf
|
|||
|
eap_identity parameter defines an additional identity to pass to
|
|||
|
the server in EAP authentication.
|
|||
|
* Fixed two multithreading deadlocks occurring when starting up
|
|||
|
several hundred tunnels concurrently.
|
|||
|
* Fixed the --enable-integrity-test configure option which
|
|||
|
computes a SHA-1 checksum over the libstrongswan library.
|
|||
|
* Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
|
|||
|
* Improved the performance of the SQL-based virtual IP address pool
|
|||
|
by introducing an additional addresses table. The leases table
|
|||
|
storing only history information has become optional and can be
|
|||
|
disabled by setting charon.plugins.sql.lease_history = no in
|
|||
|
strongswan.conf.
|
|||
|
* The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6
|
|||
|
and IPv6-over-IPv4 tunnels with the 2.6.26 and later Linux kernels.
|
|||
|
* management of different virtual IP pools for different network
|
|||
|
interfaces have become possible.
|
|||
|
* fixed a bug which prevented the assignment of more than 256
|
|||
|
virtual IP addresses from a pool managed by an sql database.
|
|||
|
* fixed a bug which did not delete own IPCOMP SAs in the kernel.
|
|||
|
* The openssl plugin supports the elliptic curve Diffie-Hellman
|
|||
|
groups 19, 20, 21, 25, and 26 and ECDSA authentication using
|
|||
|
elliptic curve X.509 certificates.
|
|||
|
* Fixed a bug in stroke which caused multiple charon threads to
|
|||
|
close the file descriptors during packet transfers over the stroke
|
|||
|
socket.
|
|||
|
* ESP sequence numbers are now migrated in IPsec SA updates handled
|
|||
|
by MOBIKE. Works only with Linux kernels >= 2.6.17.
|
|||
|
* Fixed a number of minor bugs that where discovered during the 4th
|
|||
|
IKEv2 interoperability workshop in San Antonio, TX.
|
|||
|
* Plugins for libstrongswan and charon can optionally be loaded
|
|||
|
according to a configuration in strongswan.conf. Most components
|
|||
|
provide a "load = " option followed by a space separated list of
|
|||
|
plugins to load. This allows e.g. the fallback from a hardware
|
|||
|
crypto accelerator to to software-based crypto plugins.
|
|||
|
* Charons SQL plugin has been extended by a virtual IP address pool.
|
|||
|
Configurations with a rightsourceip=%poolname setting query a
|
|||
|
SQLite or MySQL database for leases. The "ipsec pool" command helps
|
|||
|
in administrating the pool database. See ipsec pool --help for the
|
|||
|
available options
|
|||
|
* The Authenticated Encryption Algorithms AES-CCM-8/12/16 and
|
|||
|
AES-GCM-8/12/16 for ESP are now supported starting with the Linux
|
|||
|
2.6.25 kernel. The syntax is e.g. esp=aes128ccm12 or esp=aes256gcm16.
|
|||
|
- Added patch disabling direct modifications of resolv.conf; has to
|
|||
|
be replaced by a netconfig call.
|
|||
|
- Added patch adding a missed file name argument in printf call in the
|
|||
|
scripts/thread_analysis.c file -- resulting binary is not installed.
|
|||
|
- Removed obsolete patches crash_badcfg_reload and old-caps-version.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Jun 30 22:40:31 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Added fix that explicitly enables version 1 linux capabilities
|
|||
|
on version 2 systems to aviod that the charon and pluto daemons
|
|||
|
exit because of failed capset call (bnc#404989).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon May 19 16:17:16 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Applied fix (strongswan_crash_badcfg_reload.dif) to avoid
|
|||
|
a crash after reloading with bad config (bnc#392062).
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
|
|||
|
|
|||
|
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
|
|||
|
release provides much more modularity and therefore much more
|
|||
|
extensiblity and offers the following new features:
|
|||
|
* libstrongswan has been modularized to attach crypto algorithms,
|
|||
|
credential implementations (secret and private keys, certificates)
|
|||
|
and http/ldap fetchers dynamically through plugins.
|
|||
|
* A relational database API that uses pluggable database providers
|
|||
|
was added to libstrongswan including plugins for MySQL and SQLite.
|
|||
|
* The IKEv2 keying charon daemon has become more extensible. Generic
|
|||
|
plugins can provide arbitrary interfaces to credential stores and
|
|||
|
connection management interfaces. Also any EAP method can be added.
|
|||
|
* The authentication and credential framework in charon has been
|
|||
|
heavily refactored to support modular credential providers, proper
|
|||
|
CERTREQ/CERT payload exchanges and extensible authorization rules.
|
|||
|
* Support for "Hash and URL" encoded certificate payloads has been
|
|||
|
implemented in the IKEv2 daemon charon.
|
|||
|
* The IKEv2 daemon charon now supports the "uniqueids" option to
|
|||
|
close multiple IKE_SAs with the same peer.
|
|||
|
* The crypto factory in libstrongswan additionally supports random
|
|||
|
number generators. Plugins may provide other sources of randomness.
|
|||
|
* Extended the credential framework by a caching option to allow
|
|||
|
plugins persistent caching of fetched credentials.
|
|||
|
* The new trust chain verification introduced in 4.2.0 has been
|
|||
|
parallelized. Threads fetching CRL or OCSP information no longer
|
|||
|
block other threads.
|
|||
|
* A new IKEv2 configuration attribute framework has been introduced
|
|||
|
allowing plugins to provide virtual IP addresses, and in the future,
|
|||
|
other configuration attribute services (e.g. DNS/WINS servers).
|
|||
|
* The stroke plugin has been extended to provide virtual IP addresses
|
|||
|
from a simple pool defined in ipsec.conf.
|
|||
|
* Fixed compilation on uClibc and a couple of other minor bugs.
|
|||
|
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
|
|||
|
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
|
|||
|
authentication algorithm AES_XCBC_MAC.
|
|||
|
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
|
|||
|
and adding inclusion of limits.h for PATH_MAX availability.
|
|||
|
- Added rpmlintrc file and a libtoolize call to the spec file.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
|
|||
|
|
|||
|
- Updated to 4.1.11 maintenance release, providing following fixes:
|
|||
|
* IKE rekeying in NAT situations did not inherit the NAT conditions
|
|||
|
to the rekeyed IKE_SA so that the UDP encapsulation was lost with
|
|||
|
the next CHILD_SA rekeying.
|
|||
|
* Wrong type definition of the next_payload variable in id_payload.c
|
|||
|
caused an INVALID_SYNTAX error on PowerPC platforms.
|
|||
|
* Implemented IKEv2 EAP-SIM server and client test modules that use
|
|||
|
triplets stored in a file. For details on the configuration see
|
|||
|
the scenario 'ikev2/rw-eap-sim-rsa'.
|
|||
|
- The 4.1.10 final version, declared upstream as "Fully tested support
|
|||
|
of IPv6 IPsec tunnel connections", fixes ordering error in oscp cache,
|
|||
|
IPv6 defaults of the nexthop parameter, adds support for new EAP
|
|||
|
modules [disabled in this build] and obsoletes our strongswan_path
|
|||
|
and strongswan_ipsec_script_msg patches.
|
|||
|
- Removed a sed call from init script.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Sat Dec 8 13:03:42 CET 2007 - mt@suse.de
|
|||
|
|
|||
|
- Updated to 4.1.9 final, including all our patches.
|
|||
|
- Changed init script to use ipsec cmd using LSB codes now.
|
|||
|
- Added strongswan_path.dif setting a PATH in scripts (updown).
|
|||
|
- Added strongswan_ipsec_script_msg.dif for consistent look of
|
|||
|
ipsec script messages.
|
|||
|
- Added strongswan_modprobe_syslog.dif redirecting modprobe
|
|||
|
output to syslog.
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Mon Nov 26 10:19:40 CET 2007 - mt@suse.de
|
|||
|
|
|||
|
- Renamed charon plugins to avoid rpm conflicts with existing
|
|||
|
libraries (libstroke). Patch: strongswan-libconflicts.dif
|
|||
|
- Added init script. Template file: strongswan.init.in
|
|||
|
|
|||
|
-------------------------------------------------------------------
|
|||
|
Thu Nov 22 10:25:56 CET 2007 - mt@suse.de
|
|||
|
|
|||
|
- Initial, unfinished package
|
|||
|
|