This resolves one issue in particular that caused failures in Tumbleweed, see https://forums.opensuse.org/showthread.php/569960-Latest-strongswan-ipsec-crashes-on-startup .
- Update to release 5.9.7
* The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
* Inbound IKEv2 messages, in particular requests, are now processed differently.
* The retransmission logic in the dhcp plugin has been fixed (#1154).
* The connmark plugin now considers configured masks in installed firewall rules (#1087).
* Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
* The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
* The openssl plugin supports AES and Camellia in CTR mode (112bb46).
* The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
* The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
* The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).
OBS-URL: https://build.opensuse.org/request/show/991798
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=136
- Update to version 5.9.4:
* Fixed a denial-of-service vulnerability in the gmp plugin that
was caused by an integer overflow when processing RSASSA-PSS
signatures with very large salt lengths. This vulnerability has
been registered as CVE-2021-41990. Please refer to our blog for
details.
* Fixed a denial-of-service vulnerability in the in-memory
certificate cache if certificates are replaced and a very large
random value caused an integer overflow. This vulnerability has
been registered as CVE-2021-41991. Please refer to our blog for
details.
* Fixed a related flaw that caused the daemon to accept and cache
an infinite number of versions of a valid certificate by
modifying the parameters in the signatureAlgorithm field of the
outer X.509 Certificate structure.
* AUTH_LIFETIME notifies are now only sent by a responder if it
can't reauthenticate the IKE_SA itself due to asymmetric
authentication (i.e. EAP) or the use of virtual IPs.
* Several corner cases with reauthentication have been fixed
(48fbe1d, 36161fe, 0d373e2).
* Serial number generation in several pki sub-commands has been
fixed so they don't start with an unintended zero byte.
* Loading SSH public keys via vici has been improved.
* Shared secrets, PEM files, vici messages, PF_KEY messages,
swanctl configs and other data is properly wiped from memory.
* Use a longer dummy key to initialize HMAC instances in the
openssl plugin in case it's used in FIPS-mode.
* The --enable-tpm option now implies --enable-tss-tss2 as the
plugin doesn't do anything without a TSS 2.0.
* libtpmtss is initialized in all programs and libraries that use
it.
* Migrated testing scripts to Python 3.
OBS-URL: https://build.opensuse.org/request/show/933151
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=128
- Update to version 5.9.3:
* Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
plugin.
* Added AES-CCM support to the openssl plugin (#353).
* The x509 and the openssl plugins now consider the
authorityKeyIdentifier, if available, before verifying
signatures, which avoids unnecessary signature verifications
after a CA key rollover if both CA certificates are loaded.
The openssl plugin now does the same also for CRLs (the x509
plugin already did).
* The pkcs11 plugin better handles optional attributes like
CKA_TRUSTED, which previously depended on a version check.
* The NetworkManager backend (charon-nm) now supports using SANs
as client identities, not only full DNs (#437).
* charon-tkm now handles IKE encryption.
* Send a MOBIKE update again if a a change in the NAT mappings is
detected but the endpoints stay the same (e143a7d).
* A deadlock in the HA plugin introduced with 5.9.2 has been
fixed (#456).
* DSCP values are now also set for NAT keepalives.
* The ike_derived_keys() hook now receives more keys but in a
different order (4e29d6f).
* Converted most of the test case scenarios to the vici
interface.
- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
as this is what really checks for. Needed as libsoup-3.0 is
released.
OBS-URL: https://build.opensuse.org/request/show/921885
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=127
- Update to version 5.8.4:
* In IKEv1 Quick Mode make sure that a proposal exists before
determining lifetimes (fixes a crash due to a null-pointer
dereference in 5.8.3).
* OpenSSL currently doesn't support squeezing bytes out of a
SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
Unfortunately, EVP_DigestFinalXOF() completely resets the
context and later calls not simply fail, they cause a
null-pointer dereference in libcrypto. c5c1898d73 fixes the
crash at the cost of repeating initializing the whole state and
allocating too much data for subsequent calls (hopefully, once
the OpenSSL issue 7894 is resolved we can implement this more
efficiently).
* On 32-bit platforms, reading arbitrary 32-bit integers from
config files (e.g. for charon.spi_min/max) has been fixed.
* charon-nm now allows using fixed source ports.
- Changes from version 5.8.3:
* Updates for the NM plugin (and backend, which has to be updated
to be compatible):
+ EAP-TLS authentication (#2097)
+ Certificate source (file, agent, smartcard) is selectable
independently
+ Add support to configure local and remote identities (#2581)
+ Support configuring a custom server port (#625)
+ Show hint regarding password storage policy
+ Replaced the term "gateway" with "server"
+ Fixes build issues due to use of deprecated GLib
macros/functions
+ Updated Glade file to GTK 3.2
* The NM backend now supports reauthentication and redirection.
* Previously used reqids are now reallocated, which works around
an issue on FreeBSD where the kernel doesn't allow the daemon
to use reqids > 16383 (#2315).
* On Linux, throw type routes are installed in table 220 for
passthrough policies. The kernel will then fall back on routes
in routing tables with lower priorities for matching traffic.
This way, they require less information (e.g. no interface or
source IP) and can be installed earlier and are not affected by
updates.
* For IKEv1, the lifetimes of the actually selected transform are
returned to the initiator, which is an issue if the peer uses
different lifetimes for different transforms (#3329). We now
also return the correct transform and proposal IDs (proposal ID
was always 0, transform ID 1). IKE_SAs are now not
re-established anymore (e.g. after several retransmits) if a
deletion has been queued (#3335).
* Added support for Ed448 keys and certificates via openssl
plugin and pki tool.
* Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
* The use of algorithm IDs from the private use range can now be
enabled globally, to use them even if no strongSwan vendor ID
was exchanged (05e373aeb0).
* Fixed a compiler issue that may have caused invalid keyUsage
extensions in certificates (#3249).
* A lot of spelling fixes.
* Fixed several reported issues.
- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
upstream.
OBS-URL: https://build.opensuse.org/request/show/800173
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=122
- Update to version 5.8.2:
* Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
* boo#1109845 and boo#1107874.
- Please check included NEWS file for info on what other changes
that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1
and 5.7.0.
- Rebase strongswan_ipsec_service.patch.
- Disable patches that need rebase or dropping:
* strongswan_modprobe_syslog.patch
* 0006-fix-compilation-error-by-adding-stdint.h.patch
- Add conditional pkgconfig(libsystemd) BuildRequires: New
dependency.
OBS-URL: https://build.opensuse.org/request/show/761676
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=114
- Updated to strongSwan 5.6.0 providing the following changes:
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.
This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
*New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
Draft and has been demonstrated at the IETF 99 Prague Hackathon.
*The IMV database template has been adapted to achieve full compliance with the
ISO 19770-2:2015 SWID tag standard.
*The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
*By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
swanctl.conf file.
*The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
*The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
*libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
* more on https://wiki.strongswan.org/versions/66
OBS-URL: https://build.opensuse.org/request/show/521273
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=104
- Updated to strongSwan 5.3.5 providing the following changes:
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input
validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two
requirements regarding the passed exponent and modulus that the plugin did not
enforce, if these are not met the calculation will result in a floating point exception
that crashes the whole process.
This vulnerability has been registered as CVE-2017-9022.
Please refer to our blog for details.
*Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
parsing X.509 extensions that use such types.
This vulnerability has been registered as CVE-2017-9023.
Please refer to our blog for details.
*The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA
the responder already has everything available to install and use the new CHILD_SA.
However, this could lead to lost traffic as the initiator won't be able to process
inbound packets until it processed the CREATE_CHILD_SA response and updated the
inbound SA. To avoid this the responder now only installs the new inbound SA and
delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA.
*The messages transporting these DELETEs could reach the peer before packets sent
with the deleted outbound SAs reach it. To reduce the chance of traffic loss due
to this the inbound SA of the replaced CHILD_SA is not removed for a configurable
amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed.
*The code base has been ported to Apple's ARM64 iOS platform, which required several
changes regarding the use of variadic functions. This was necessary because the calling
conventions for variadic and regular functions are different there.
This means that assigning a non-variadic function to a variadic function pointer, as we
did with our enumerator_t::enumerate() implementations and several callbacks, will
result in crashes as the called function accesses the arguments differently than the
OBS-URL: https://build.opensuse.org/request/show/513652
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=99
enable rogue servers able to authenticate itself with certificate
issued by any CA the client trusts, to gain user credentials from
a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
[+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
and renamed it to use number prefix corresponding with patch nr.
[- strongswan-5.2.2-5.3.0_unknown_payload.patch,
+ 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=93
Changes in version 5.2.2:
* Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
payload that contains the Diffie-Hellman group 1025. This identifier was
used internally for DH groups with custom generator and prime. Because
these arguments are missing when creating DH objects based on the KE
payload an invalid pointer dereference occurred. This allowed an attacker
to crash the IKE daemon with a single IKE_SA_INIT message containing such
a KE payload. The vulnerability has been registered as CVE-2014-9221.
* The left/rightid options in ipsec.conf, or any other identity in
strongSwan, now accept prefixes to enforce an explicit type, such as
email: or fqdn:. Note that no conversion is done for the remaining string,
refer to ipsec.conf(5) for details.
* The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
an IKEv2 public key authentication method. The pki tool offers full
support for the generation of BLISS key pairs and certificates.
* Fixed mapping of integrity algorithms negotiated for AH via IKEv1.
This could cause interoperability issues when connecting to older versions
of charon.
Changes in version 5.2.1:
* The new charon-systemd IKE daemon implements an IKE daemon tailored for
use with systemd. It avoids the dependency on ipsec starter and uses
swanctl as configuration backend, building a simple and lightweight
solution. It supports native systemd journal logging.
* Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
* Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
and IETF/Installed Packages attributes can be processed incrementally on a
per segment basis.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=85
[* strongswan_fipsfilter.patch]
- Applied an upstream fix for a denial-of-service vulnerability,
which can be triggered by an IKEv2 Key Exchange payload, that
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
[+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
- Adjusted whilelist of approved algorithms in fips mode (bsc#856322).
[* strongswan_fipsfilter.patch]
- Renamed patch file to match it's patch number:
[- 0001-restore-registration-algorithm-order.bug897512.patch,
+ 0005-restore-registration-algorithm-order.bug897512.patch]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=84
and a _fipscheck script to verify binaries/libraries/plugings
shipped in the strongswan-hmac package.
With enabled fips in the kernel, the ipsec script will call it
before any action or in a enforced/manual "ipsec _fipscheck" call.
Added config file to load openssl and kernel af-alg plugins, but
not all the other modules which provide further/alternative algs.
Applied a filter disallowing non-approved algorithms in fips mode.
(fate#316931,bnc#856322).
[+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
- Fixed file list in the optional (disabled) strongswan-test package.
- Fixed build of the strongswan built-in integrity checksum library
and enabled building it only on architectures tested to work.
- Fix to use bug number 897048 instead 856322 in last changes entry.
- Applied an upstream patch reverting to store algorithms in the
registration order again as ordering them by identifier caused
weaker algorithms to be proposed first by default (bsc#897512).
[+0001-restore-registration-algorithm-order.bug897512.patch]
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=77
as this breaks gcrypt and openssl plugins when the fips pattern
option is not installed (fate#316931,bnc#856322).
- Added empty strongswan-hmac package supposed to provide fips hmac
files and enforce fips compliant operation later (bnc#856322).
- Cleaned up conditional build flags in the rpm spec file.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=73