diff --git a/strongswan-5.9.10.tar.bz2 b/strongswan-5.9.10.tar.bz2 new file mode 100644 index 0000000..b7517fe --- /dev/null +++ b/strongswan-5.9.10.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654 +size 4765407 diff --git a/strongswan-5.9.10.tar.bz2.sig b/strongswan-5.9.10.tar.bz2.sig new file mode 100644 index 0000000..3f018ac --- /dev/null +++ b/strongswan-5.9.10.tar.bz2.sig @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmQAZmIACgkQ30LBcLNN +uncmawv8DgoR/EdXdzvqzToiDYREwU5CfIYAPCYmUfw7tdwTZsiN9rdt13lI8+ei +8IqYIrtGvKVtiV3qwNaxxD/spQ+b/jbOk+ifzCQzylD5gv9fFyyKjiYIiLmK3qhr +7sc+tN90HY443qN4JV1rwHP4jN57pmNZ2qg2CbzU/zpePUHj5MlM3kgGd5bO5Q6L +MWmstO/RcjIIsZusqscrOGsaZrkULTeLyrOTLoJcM06b0F4vzeDwhLJjVoqYFVt5 +dPXLXygUfVUr+aAvCfNA03zokt6Ok9aSOBZZ8+nMPLU6wmWjjIdOf0/H9JG3/v6F +SGHVxlB4Z7sCkDzvmB/vmYquGw+gx+0Fx28eEV4E7TnrJrdlqC5n8wrPO9iFQ36y +QEua+S/q7qHSUBr01DW35e70oiJmbOqSH+poPVz2Qwk3ZVgcqIxCUpz6aWPjAicL +7VMYBssX6R5cCD3nIuHSe1+Iyx/AuFP7nuPHQrkIAKsDMVZR8GClNz+M8ZM7Cbar +a6YUUR/D +=FN1F +-----END PGP SIGNATURE----- diff --git a/strongswan-5.9.9.tar.bz2 b/strongswan-5.9.9.tar.bz2 deleted file mode 100644 index bfb1ffd..0000000 --- a/strongswan-5.9.9.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d -size 4764675 diff --git a/strongswan-5.9.9.tar.bz2.sig b/strongswan-5.9.9.tar.bz2.sig deleted file mode 100644 index 5dd6594..0000000 --- a/strongswan-5.9.9.tar.bz2.sig +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmOxaKcACgkQ30LBcLNN -uneBbgv8DTvNTm48iRhC2MisT87T5oHtMtq3iCFuhXxP2X1t53e8E4eLFx837hCO -AdTbR6CeQRyEjW+scTmTv1mmY0WGKb6npfwyCxb9qteIu3Sf21MNSqZ1Va7WMh7d -0fm7ezF6dgxkRcmVFF+4jwwsMTx6u54I9QSsdcJ1b1u4FWThOLtCrBA7qMnxGaGN -9whbBJB8DIZhXYF9BDRftLZ1rXoERAmXxXxt/a+vhikv0Sw/NlZTJaHsf4l/8w+p -yWkdXm5WUo95Ilv+cboVHcqx8StTU+xSbyrZxQul3B8zG5fc7yyA3H8dR8K1fBbi -CiBOPnQHL1m8iDSbmV7Nm6xalKwZXffLaLwnBcqfSX0JC7ZRnDfjOT/mTdPhpkoH -JzEEDFl3iEAJGbvb5Bvyn4Q98gZOzWWsxtxWpHUzoPjVd/HFx4w95Wcod/+4JhVE -wfHIOzALmFk7LWzCpiN4heW103ilGCJ3/n2OVn4j+3maZ01tK8hNIxWNTKYYhpbI -eBmb+TNc -=gp/t ------END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes index 86fd774..5109402 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Thu Mar 2 13:34:37 UTC 2023 - Jan Engelhardt + +- Update to release 5.9.10 + * Fixed a vulnerability related to certificate verification in + TLS-based EAP methods that leads to an authentication bypass + followed by an expired pointer dereference that results in a + denial of service but possibly even remote code execution. + [CVE-2023-26463] + * Added support for full packet hardware offload for IPsec SAs + and policies, which has been introduced with the Linux 6.2 + kernel, to the kernel-netlink plugin. Bypass policies for the + IKE ports are automatically offloaded to devices that support + this type of offloading. + * TLS-based EAP methods use the key derivation specified in + draft-ietf-emu-tls-eap-types when used with TLS 1.3. + * Routes via XFRM interfaces can now optionally be installed + automatically by enabling the + charon.plugins.kernel-netlink.install_routes_xfrmi option. +- If connections are missing in `ipsec status`, check that + strongswan-starter.service (rather than strongswan.service) + is active. +- Remove CVE-2023-26463_tls_auth_bypass_exp_pointer.patch + +------------------------------------------------------------------- +Thu Mar 2 12:26:39 UTC 2023 - Mohd Saquib + +- Added patch to fix a vulnerability in incorrectly accepted + untrusted public key with incorrect refcount + (CVE-2023-26463 boo#1208608) + [+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch] + ------------------------------------------------------------------- Tue Jan 3 13:22:12 UTC 2023 - Jan Engelhardt diff --git a/strongswan.spec b/strongswan.spec index eba5327..edee1cf 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.9.9 +Version: 5.9.10 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name}