Accepting request 1068724 from network:vpn
- Update to release 5.9.10 OBS-URL: https://build.opensuse.org/request/show/1068724 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=88
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
89db574bcf
3
strongswan-5.9.10.tar.bz2
Normal file
3
strongswan-5.9.10.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654
|
||||||
|
size 4765407
|
||||||
14
strongswan-5.9.10.tar.bz2.sig
Normal file
14
strongswan-5.9.10.tar.bz2.sig
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmQAZmIACgkQ30LBcLNN
|
||||||
|
uncmawv8DgoR/EdXdzvqzToiDYREwU5CfIYAPCYmUfw7tdwTZsiN9rdt13lI8+ei
|
||||||
|
8IqYIrtGvKVtiV3qwNaxxD/spQ+b/jbOk+ifzCQzylD5gv9fFyyKjiYIiLmK3qhr
|
||||||
|
7sc+tN90HY443qN4JV1rwHP4jN57pmNZ2qg2CbzU/zpePUHj5MlM3kgGd5bO5Q6L
|
||||||
|
MWmstO/RcjIIsZusqscrOGsaZrkULTeLyrOTLoJcM06b0F4vzeDwhLJjVoqYFVt5
|
||||||
|
dPXLXygUfVUr+aAvCfNA03zokt6Ok9aSOBZZ8+nMPLU6wmWjjIdOf0/H9JG3/v6F
|
||||||
|
SGHVxlB4Z7sCkDzvmB/vmYquGw+gx+0Fx28eEV4E7TnrJrdlqC5n8wrPO9iFQ36y
|
||||||
|
QEua+S/q7qHSUBr01DW35e70oiJmbOqSH+poPVz2Qwk3ZVgcqIxCUpz6aWPjAicL
|
||||||
|
7VMYBssX6R5cCD3nIuHSe1+Iyx/AuFP7nuPHQrkIAKsDMVZR8GClNz+M8ZM7Cbar
|
||||||
|
a6YUUR/D
|
||||||
|
=FN1F
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:5e16580998834658c17cebfb31dd637e728669cf2fdd325460234a4643b8d81d
|
|
||||||
size 4764675
|
|
||||||
@ -1,14 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmOxaKcACgkQ30LBcLNN
|
|
||||||
uneBbgv8DTvNTm48iRhC2MisT87T5oHtMtq3iCFuhXxP2X1t53e8E4eLFx837hCO
|
|
||||||
AdTbR6CeQRyEjW+scTmTv1mmY0WGKb6npfwyCxb9qteIu3Sf21MNSqZ1Va7WMh7d
|
|
||||||
0fm7ezF6dgxkRcmVFF+4jwwsMTx6u54I9QSsdcJ1b1u4FWThOLtCrBA7qMnxGaGN
|
|
||||||
9whbBJB8DIZhXYF9BDRftLZ1rXoERAmXxXxt/a+vhikv0Sw/NlZTJaHsf4l/8w+p
|
|
||||||
yWkdXm5WUo95Ilv+cboVHcqx8StTU+xSbyrZxQul3B8zG5fc7yyA3H8dR8K1fBbi
|
|
||||||
CiBOPnQHL1m8iDSbmV7Nm6xalKwZXffLaLwnBcqfSX0JC7ZRnDfjOT/mTdPhpkoH
|
|
||||||
JzEEDFl3iEAJGbvb5Bvyn4Q98gZOzWWsxtxWpHUzoPjVd/HFx4w95Wcod/+4JhVE
|
|
||||||
wfHIOzALmFk7LWzCpiN4heW103ilGCJ3/n2OVn4j+3maZ01tK8hNIxWNTKYYhpbI
|
|
||||||
eBmb+TNc
|
|
||||||
=gp/t
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
@ -1,3 +1,35 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 2 13:34:37 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 5.9.10
|
||||||
|
* Fixed a vulnerability related to certificate verification in
|
||||||
|
TLS-based EAP methods that leads to an authentication bypass
|
||||||
|
followed by an expired pointer dereference that results in a
|
||||||
|
denial of service but possibly even remote code execution.
|
||||||
|
[CVE-2023-26463]
|
||||||
|
* Added support for full packet hardware offload for IPsec SAs
|
||||||
|
and policies, which has been introduced with the Linux 6.2
|
||||||
|
kernel, to the kernel-netlink plugin. Bypass policies for the
|
||||||
|
IKE ports are automatically offloaded to devices that support
|
||||||
|
this type of offloading.
|
||||||
|
* TLS-based EAP methods use the key derivation specified in
|
||||||
|
draft-ietf-emu-tls-eap-types when used with TLS 1.3.
|
||||||
|
* Routes via XFRM interfaces can now optionally be installed
|
||||||
|
automatically by enabling the
|
||||||
|
charon.plugins.kernel-netlink.install_routes_xfrmi option.
|
||||||
|
- If connections are missing in `ipsec status`, check that
|
||||||
|
strongswan-starter.service (rather than strongswan.service)
|
||||||
|
is active.
|
||||||
|
- Remove CVE-2023-26463_tls_auth_bypass_exp_pointer.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 2 12:26:39 UTC 2023 - Mohd Saquib <mohd.saquib@suse.com>
|
||||||
|
|
||||||
|
- Added patch to fix a vulnerability in incorrectly accepted
|
||||||
|
untrusted public key with incorrect refcount
|
||||||
|
(CVE-2023-26463 boo#1208608)
|
||||||
|
[+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 3 13:22:12 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
Tue Jan 3 13:22:12 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
|||||||
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: strongswan
|
Name: strongswan
|
||||||
Version: 5.9.9
|
Version: 5.9.10
|
||||||
Release: 0
|
Release: 0
|
||||||
%define upstream_version %{version}
|
%define upstream_version %{version}
|
||||||
%define strongswan_docdir %{_docdir}/%{name}
|
%define strongswan_docdir %{_docdir}/%{name}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user