Accepting request 1068724 from network:vpn

- Update to release 5.9.10 OBS-URL: https://build.opensuse.org/request/show/1068724 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=88
2023-03-03 21:24:35 +00:00 · 2023-03-03 21:24:35 +00:00 · 89db574bcf
commit 89db574bcf
parent 0da0fea063 9178e03a23
6 changed files with 50 additions and 18 deletions
--- a/strongswan-5.9.10.tar.bz2
+++ b/strongswan-5.9.10.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654
+size 4765407
--- a/strongswan-5.9.10.tar.bz2.sig
+++ b/strongswan-5.9.10.tar.bz2.sig
@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmQAZmIACgkQ30LBcLNN
+uncmawv8DgoR/EdXdzvqzToiDYREwU5CfIYAPCYmUfw7tdwTZsiN9rdt13lI8+ei
+8IqYIrtGvKVtiV3qwNaxxD/spQ+b/jbOk+ifzCQzylD5gv9fFyyKjiYIiLmK3qhr
+7sc+tN90HY443qN4JV1rwHP4jN57pmNZ2qg2CbzU/zpePUHj5MlM3kgGd5bO5Q6L
+MWmstO/RcjIIsZusqscrOGsaZrkULTeLyrOTLoJcM06b0F4vzeDwhLJjVoqYFVt5
+dPXLXygUfVUr+aAvCfNA03zokt6Ok9aSOBZZ8+nMPLU6wmWjjIdOf0/H9JG3/v6F
+SGHVxlB4Z7sCkDzvmB/vmYquGw+gx+0Fx28eEV4E7TnrJrdlqC5n8wrPO9iFQ36y
+QEua+S/q7qHSUBr01DW35e70oiJmbOqSH+poPVz2Qwk3ZVgcqIxCUpz6aWPjAicL
+7VMYBssX6R5cCD3nIuHSe1+Iyx/AuFP7nuPHQrkIAKsDMVZR8GClNz+M8ZM7Cbar
+a6YUUR/D
+=FN1F
+-----END PGP SIGNATURE-----
--- a/strongswan-5.9.9.tar.bz2
+++ b/strongswan-5.9.9.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d
-size 4764675
--- a/strongswan-5.9.9.tar.bz2.sig
+++ b/strongswan-5.9.9.tar.bz2.sig
@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmOxaKcACgkQ30LBcLNN
-uneBbgv8DTvNTm48iRhC2MisT87T5oHtMtq3iCFuhXxP2X1t53e8E4eLFx837hCO
-AdTbR6CeQRyEjW+scTmTv1mmY0WGKb6npfwyCxb9qteIu3Sf21MNSqZ1Va7WMh7d
-0fm7ezF6dgxkRcmVFF+4jwwsMTx6u54I9QSsdcJ1b1u4FWThOLtCrBA7qMnxGaGN
-9whbBJB8DIZhXYF9BDRftLZ1rXoERAmXxXxt/a+vhikv0Sw/NlZTJaHsf4l/8w+p
-yWkdXm5WUo95Ilv+cboVHcqx8StTU+xSbyrZxQul3B8zG5fc7yyA3H8dR8K1fBbi
-CiBOPnQHL1m8iDSbmV7Nm6xalKwZXffLaLwnBcqfSX0JC7ZRnDfjOT/mTdPhpkoH
-JzEEDFl3iEAJGbvb5Bvyn4Q98gZOzWWsxtxWpHUzoPjVd/HFx4w95Wcod/+4JhVE
-wfHIOzALmFk7LWzCpiN4heW103ilGCJ3/n2OVn4j+3maZ01tK8hNIxWNTKYYhpbI
-eBmb+TNc
-=gp/t
-----END PGP SIGNATURE-----
--- a/strongswan.changes
+++ b/strongswan.changes
@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Thu Mar  2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 5.9.10
+  * Fixed a vulnerability related to certificate verification in
+    TLS-based EAP methods that leads to an authentication bypass
+    followed by an expired pointer dereference that results in a
+    denial of service but possibly even remote code execution.
+    [CVE-2023-26463]
+  * Added support for full packet hardware offload for IPsec SAs
+    and policies, which has been introduced with the Linux 6.2
+    kernel, to the kernel-netlink plugin. Bypass policies for the
+    IKE ports are automatically offloaded to devices that support
+    this type of offloading.
+  * TLS-based EAP methods use the key derivation specified in
+    draft-ietf-emu-tls-eap-types when used with TLS 1.3.
+  * Routes via XFRM interfaces can now optionally be installed
+    automatically by enabling the
+    charon.plugins.kernel-netlink.install_routes_xfrmi option.
+- If connections are missing in `ipsec status`, check that
+  strongswan-starter.service (rather than strongswan.service)
+  is active.
+- Remove CVE-2023-26463_tls_auth_bypass_exp_pointer.patch
+
+-------------------------------------------------------------------
+Thu Mar  2 12:26:39 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
+
+- Added patch to fix a vulnerability in incorrectly accepted
+  untrusted public key with incorrect refcount
+  (CVE-2023-26463 boo#1208608)
+  [+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]
+
 -------------------------------------------------------------------
 Tue Jan  3 13:22:12 UTC 2023 - Jan Engelhardt <jengelh@inai.de>

--- a/strongswan.spec
+++ b/strongswan.spec
@ -17,7 +17,7 @@


 Name:           strongswan
-Version:        5.9.9
+Version:        5.9.10
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}