- Update to version 5.8.4:
* In IKEv1 Quick Mode make sure that a proposal exists before
determining lifetimes (fixes a crash due to a null-pointer
dereference in 5.8.3).
* OpenSSL currently doesn't support squeezing bytes out of a
SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
Unfortunately, EVP_DigestFinalXOF() completely resets the
context and later calls not simply fail, they cause a
null-pointer dereference in libcrypto. c5c1898d73 fixes the
crash at the cost of repeating initializing the whole state and
allocating too much data for subsequent calls (hopefully, once
the OpenSSL issue 7894 is resolved we can implement this more
efficiently).
* On 32-bit platforms, reading arbitrary 32-bit integers from
config files (e.g. for charon.spi_min/max) has been fixed.
* charon-nm now allows using fixed source ports.
- Changes from version 5.8.3:
* Updates for the NM plugin (and backend, which has to be updated
to be compatible):
+ EAP-TLS authentication (#2097)
+ Certificate source (file, agent, smartcard) is selectable
independently
+ Add support to configure local and remote identities (#2581)
+ Support configuring a custom server port (#625)
+ Show hint regarding password storage policy
+ Replaced the term "gateway" with "server"
+ Fixes build issues due to use of deprecated GLib
macros/functions
+ Updated Glade file to GTK 3.2
* The NM backend now supports reauthentication and redirection.
* Previously used reqids are now reallocated, which works around
an issue on FreeBSD where the kernel doesn't allow the daemon
to use reqids > 16383 (#2315).
* On Linux, throw type routes are installed in table 220 for
passthrough policies. The kernel will then fall back on routes
in routing tables with lower priorities for matching traffic.
This way, they require less information (e.g. no interface or
source IP) and can be installed earlier and are not affected by
updates.
* For IKEv1, the lifetimes of the actually selected transform are
returned to the initiator, which is an issue if the peer uses
different lifetimes for different transforms (#3329). We now
also return the correct transform and proposal IDs (proposal ID
was always 0, transform ID 1). IKE_SAs are now not
re-established anymore (e.g. after several retransmits) if a
deletion has been queued (#3335).
* Added support for Ed448 keys and certificates via openssl
plugin and pki tool.
* Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
* The use of algorithm IDs from the private use range can now be
enabled globally, to use them even if no strongSwan vendor ID
was exchanged (05e373aeb0).
* Fixed a compiler issue that may have caused invalid keyUsage
extensions in certificates (#3249).
* A lot of spelling fixes.
* Fixed several reported issues.
- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
upstream.
OBS-URL: https://build.opensuse.org/request/show/800173
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=122
- Update to version 5.8.2:
* Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
* boo#1109845 and boo#1107874.
- Please check included NEWS file for info on what other changes
that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1
and 5.7.0.
- Rebase strongswan_ipsec_service.patch.
- Disable patches that need rebase or dropping:
* strongswan_modprobe_syslog.patch
* 0006-fix-compilation-error-by-adding-stdint.h.patch
- Add conditional pkgconfig(libsystemd) BuildRequires: New
dependency.
OBS-URL: https://build.opensuse.org/request/show/761676
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=114
- Updated to strongSwan 5.6.0 providing the following changes:
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.
This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
*New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
Draft and has been demonstrated at the IETF 99 Prague Hackathon.
*The IMV database template has been adapted to achieve full compliance with the
ISO 19770-2:2015 SWID tag standard.
*The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
*By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
swanctl.conf file.
*The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
*The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
*libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
* more on https://wiki.strongswan.org/versions/66
OBS-URL: https://build.opensuse.org/request/show/521273
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=104
- Updated to strongSwan 5.3.5 providing the following changes:
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input
validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two
requirements regarding the passed exponent and modulus that the plugin did not
enforce, if these are not met the calculation will result in a floating point exception
that crashes the whole process.
This vulnerability has been registered as CVE-2017-9022.
Please refer to our blog for details.
*Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
parsing X.509 extensions that use such types.
This vulnerability has been registered as CVE-2017-9023.
Please refer to our blog for details.
*The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA
the responder already has everything available to install and use the new CHILD_SA.
However, this could lead to lost traffic as the initiator won't be able to process
inbound packets until it processed the CREATE_CHILD_SA response and updated the
inbound SA. To avoid this the responder now only installs the new inbound SA and
delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA.
*The messages transporting these DELETEs could reach the peer before packets sent
with the deleted outbound SAs reach it. To reduce the chance of traffic loss due
to this the inbound SA of the replaced CHILD_SA is not removed for a configurable
amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed.
*The code base has been ported to Apple's ARM64 iOS platform, which required several
changes regarding the use of variadic functions. This was necessary because the calling
conventions for variadic and regular functions are different there.
This means that assigning a non-variadic function to a variadic function pointer, as we
did with our enumerator_t::enumerate() implementations and several callbacks, will
result in crashes as the called function accesses the arguments differently than the
OBS-URL: https://build.opensuse.org/request/show/513652
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
- Applied upstream fix for a rogue servers vulnerability, that may
enable rogue servers able to authenticate itself with certificate
issued by any CA the client trusts, to gain user credentials from
a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
[+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
and renamed it to use number prefix corresponding with patch nr.
[- strongswan-5.2.2-5.3.0_unknown_payload.patch,
+ 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
OBS-URL: https://build.opensuse.org/request/show/311158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=61
enable rogue servers able to authenticate itself with certificate
issued by any CA the client trusts, to gain user credentials from
a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
[+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
and renamed it to use number prefix corresponding with patch nr.
[- strongswan-5.2.2-5.3.0_unknown_payload.patch,
+ 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=93
Changes in version 5.2.2:
* Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
payload that contains the Diffie-Hellman group 1025. This identifier was
used internally for DH groups with custom generator and prime. Because
these arguments are missing when creating DH objects based on the KE
payload an invalid pointer dereference occurred. This allowed an attacker
to crash the IKE daemon with a single IKE_SA_INIT message containing such
a KE payload. The vulnerability has been registered as CVE-2014-9221.
* The left/rightid options in ipsec.conf, or any other identity in
strongSwan, now accept prefixes to enforce an explicit type, such as
email: or fqdn:. Note that no conversion is done for the remaining string,
refer to ipsec.conf(5) for details.
* The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
an IKEv2 public key authentication method. The pki tool offers full
support for the generation of BLISS key pairs and certificates.
* Fixed mapping of integrity algorithms negotiated for AH via IKEv1.
This could cause interoperability issues when connecting to older versions
of charon.
Changes in version 5.2.1:
* The new charon-systemd IKE daemon implements an IKE daemon tailored for
use with systemd. It avoids the dependency on ipsec starter and uses
swanctl as configuration backend, building a simple and lightweight
solution. It supports native systemd journal logging.
* Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
* Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
and IETF/Installed Packages attributes can be processed incrementally on a
per segment basis.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
[* strongswan_fipsfilter.patch]
- Applied an upstream fix for a denial-of-service vulnerability,
which can be triggered by an IKEv2 Key Exchange payload, that
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
[+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
- Adjusted whilelist of approved algorithms in fips mode (bsc#856322).
[* strongswan_fipsfilter.patch]
- Renamed patch file to match it's patch number:
[- 0001-restore-registration-algorithm-order.bug897512.patch,
+ 0005-restore-registration-algorithm-order.bug897512.patch]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=84
- Updated strongswan-hmac package description (bsc#856322).
- Disabled explicit gpg validation; osc source_validator does it.
- Guarded fipscheck and hmac package in the spec file for >13.1.
- Added generation of fips hmac hash files using fipshmac utility
and a _fipscheck script to verify binaries/libraries/plugings
shipped in the strongswan-hmac package.
With enabled fips in the kernel, the ipsec script will call it
before any action or in a enforced/manual "ipsec _fipscheck" call.
Added config file to load openssl and kernel af-alg plugins, but
not all the other modules which provide further/alternative algs.
Applied a filter disallowing non-approved algorithms in fips mode.
(fate#316931,bnc#856322).
[+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
- Fixed file list in the optional (disabled) strongswan-test package.
- Fixed build of the strongswan built-in integrity checksum library
and enabled building it only on architectures tested to work.
- Fix to use bug number 897048 instead 856322 in last changes entry.
- Applied an upstream patch reverting to store algorithms in the
registration order again as ordering them by identifier caused
weaker algorithms to be proposed first by default (bsc#897512).
[+0001-restore-registration-algorithm-order.bug897512.patch]
- Re-enabled gcrypt plugin and reverted to not enforce fips again
as this breaks gcrypt and openssl plugins when the fips pattern
option is not installed (fate#316931,bnc#856322).
[- strongswan-fips-disablegcrypt.patch]
- Added empty strongswan-hmac package supposed to provide fips hmac
files and enforce fips compliant operation later (bnc#856322).
OBS-URL: https://build.opensuse.org/request/show/262968
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=58
