Jan Engelhardt
2a35cd6ca5
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=126
1932 lines
103 KiB
Plaintext
1932 lines
103 KiB
Plaintext
-------------------------------------------------------------------
|
||
Mon Sep 7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||
|
||
- Update to release 5.9.0
|
||
* Prefer AEAD algorithms for ESP; this puts AES-GCM in a default
|
||
AEAD proposal in front of the previous default proposal.
|
||
* If a connection fails after getting redirected, we now
|
||
restart connecting to the original host, not the one
|
||
redirected to.
|
||
* For peers that don't send the EAP_ONLY_AUTHENTICATION notify
|
||
but still expect to use EAP-only authentication, the
|
||
charon.force_eap_only_authentication option can be enabled to
|
||
force this type of authentication even on non-compliant
|
||
peers.
|
||
* IPv6 virtual IPs are now always enumerated, ignoring the
|
||
charon.prefer_temporary_addrs setting, which should fix route
|
||
installation if the latter is enabled.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 1 16:31:02 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||
|
||
- Enable bypass-lan strongswan plugin
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 1 09:39:42 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
||
|
||
- Update to version 5.8.4:
|
||
* In IKEv1 Quick Mode make sure that a proposal exists before
|
||
determining lifetimes (fixes a crash due to a null-pointer
|
||
dereference in 5.8.3).
|
||
* OpenSSL currently doesn't support squeezing bytes out of a
|
||
SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
|
||
Unfortunately, EVP_DigestFinalXOF() completely resets the
|
||
context and later calls not simply fail, they cause a
|
||
null-pointer dereference in libcrypto. c5c1898d73 fixes the
|
||
crash at the cost of repeating initializing the whole state and
|
||
allocating too much data for subsequent calls (hopefully, once
|
||
the OpenSSL issue 7894 is resolved we can implement this more
|
||
efficiently).
|
||
* On 32-bit platforms, reading arbitrary 32-bit integers from
|
||
config files (e.g. for charon.spi_min/max) has been fixed.
|
||
* charon-nm now allows using fixed source ports.
|
||
- Changes from version 5.8.3:
|
||
* Updates for the NM plugin (and backend, which has to be updated
|
||
to be compatible):
|
||
+ EAP-TLS authentication (#2097)
|
||
+ Certificate source (file, agent, smartcard) is selectable
|
||
independently
|
||
+ Add support to configure local and remote identities (#2581)
|
||
+ Support configuring a custom server port (#625)
|
||
+ Show hint regarding password storage policy
|
||
+ Replaced the term "gateway" with "server"
|
||
+ Fixes build issues due to use of deprecated GLib
|
||
macros/functions
|
||
+ Updated Glade file to GTK 3.2
|
||
* The NM backend now supports reauthentication and redirection.
|
||
* Previously used reqids are now reallocated, which works around
|
||
an issue on FreeBSD where the kernel doesn't allow the daemon
|
||
to use reqids > 16383 (#2315).
|
||
* On Linux, throw type routes are installed in table 220 for
|
||
passthrough policies. The kernel will then fall back on routes
|
||
in routing tables with lower priorities for matching traffic.
|
||
This way, they require less information (e.g. no interface or
|
||
source IP) and can be installed earlier and are not affected by
|
||
updates.
|
||
* For IKEv1, the lifetimes of the actually selected transform are
|
||
returned to the initiator, which is an issue if the peer uses
|
||
different lifetimes for different transforms (#3329). We now
|
||
also return the correct transform and proposal IDs (proposal ID
|
||
was always 0, transform ID 1). IKE_SAs are now not
|
||
re-established anymore (e.g. after several retransmits) if a
|
||
deletion has been queued (#3335).
|
||
* Added support for Ed448 keys and certificates via openssl
|
||
plugin and pki tool.
|
||
* Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
|
||
* The use of algorithm IDs from the private use range can now be
|
||
enabled globally, to use them even if no strongSwan vendor ID
|
||
was exchanged (05e373aeb0).
|
||
* Fixed a compiler issue that may have caused invalid keyUsage
|
||
extensions in certificates (#3249).
|
||
* A lot of spelling fixes.
|
||
* Fixed several reported issues.
|
||
- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
|
||
upstream.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 31 16:42:23 UTC 2020 - Madhu Mohan Nelemane <mmnelemane@suse.com>
|
||
|
||
- Fix to resolve multiple definitions for swanctl_dir (bsc#1164493)
|
||
[+ 0006-Resolve-multiple-definition-of-swanctl_dir.patch ]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 17 20:26:37 UTC 2020 - Johannes Kastl <kastl@b1-systems.de>
|
||
|
||
- move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
|
||
to strongswan-nm subpackage, as it is needed for the
|
||
NetworkManager plugin that uses strongswan-nm, not
|
||
strongswan-ipsec
|
||
This fixes the following error:
|
||
```
|
||
Failed to initialize a plugin instance: Connection ":1.153" is not
|
||
allowed to own the service "org.freedesktop.NetworkManager.strongswan"
|
||
due to security policies in the configuration file
|
||
```
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 30 13:43:50 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
||
|
||
- Drop upstream fixed patches:
|
||
* strongswan_modprobe_syslog.patch
|
||
* strongswan_fipsfilter.patch
|
||
* 0006-fix-compilation-error-by-adding-stdint.h.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 26 08:54:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||
|
||
- Replace %__-type macro indirections. Update homepage URL to https.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 6 22:06:58 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
||
|
||
- Update to version 5.8.2:
|
||
* The systemd service units have changed their name.
|
||
"strongswan" is now "strongswan-starter", and
|
||
"strongswan-swanctl" is now "strongswan".
|
||
After installation, you need to `systemctl disable` the old
|
||
name and `systemctl enable`+start the new one.
|
||
* Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
|
||
* boo#1109845 and boo#1107874.
|
||
- Please check included NEWS file for info on what other changes
|
||
that have been done in versions 5.8.2, 5.8.1 5.8.0, 5.7.2, 5.7.1
|
||
and 5.7.0.
|
||
- Rebase strongswan_ipsec_service.patch.
|
||
- Disable patches that need rebase or dropping:
|
||
* strongswan_modprobe_syslog.patch
|
||
* 0006-fix-compilation-error-by-adding-stdint.h.patch
|
||
- Add conditional pkgconfig(libsystemd) BuildRequires: New
|
||
dependency.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 6 22:14:57 UTC 2018 - bjorn.lie@gmail.com
|
||
|
||
- Update to version 5.6.3 (CVE-2018-10811, boo#1093536,
|
||
CVE-2018-5388, boo#1094462):
|
||
* Fixed a DoS vulnerability in the IKEv2 key derivation if the
|
||
openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated
|
||
as PRF. This vulnerability has been registered as
|
||
CVE-2018-10811, boo#1093536.
|
||
* Fixed a vulnerability in the stroke plugin, which did not check
|
||
the received length before reading a message from the socket.
|
||
Unless a group is configured, root privileges are required to
|
||
access that socket, so in the default configuration this
|
||
shouldn't be an issue. This vulnerability has been registered
|
||
as CVE-2018-5388, boo#1094462.
|
||
* CRLs that are not yet valid are now ignored to avoid problems
|
||
in scenarios where expired certificates are removed from new
|
||
CRLs and the clock on the host doing the revocation check is
|
||
trailing behind that of the host issuing CRLs. Not doing this
|
||
could result in accepting a revoked and expired certificate, if
|
||
it's still valid according to the trailing clock but not
|
||
contained anymore in not yet valid CRLs.
|
||
* The issuer of fetched CRLs is now compared to the issuer of the
|
||
checked certificate (#2608).
|
||
* CRL validation results other than revocation (e.g. a skipped
|
||
check because the CRL couldn't be fetched) are now stored also
|
||
for intermediate CA certificates and not only for end-entity
|
||
certificates, so a strict CRL policy can be enforced in such
|
||
cases.
|
||
* In compliance with RFC 4945, section 5.1.3.2, certificates used
|
||
for IKE must now either not contain a keyUsage extension (like
|
||
the ones generated by pki), or have at least one of the
|
||
digitalSignature or nonRepudiation bits set.
|
||
* New options for vici/swanctl allow forcing the local
|
||
termination of an IKE_SA. This might be useful in situations
|
||
where it's known the other end is not reachable anymore, or
|
||
that it already removed the IKE_SA, so retransmitting a DELETE
|
||
and waiting for a response would be pointless.
|
||
* Waiting only a certain amount of time for a response (i.e.
|
||
shorter than all retransmits would be) before destroying the
|
||
IKE_SA is also possible by additionally specifying a timeout in
|
||
the forced termination request.
|
||
* When removing routes, the kernel-netlink plugin now checks if
|
||
it tracks other routes for the same destination and replaces
|
||
the installed route instead of just removing it. Same during
|
||
installation, where existing routes previously weren't
|
||
replaced. This should allow using traps with virtual IPs on
|
||
Linux (#2162).
|
||
* The dhcp plugin now only sends the client identifier DHCP
|
||
option if the identity_lease setting is enabled (7b660944b6).
|
||
It can also send identities of up to 255 bytes length, instead
|
||
of the previous 64 bytes (30e886fe3b, 0e5b94d038). If a server
|
||
address is configured, DHCP requests are now sent from port 67
|
||
instead of 68 to avoid ICMP port unreachables (becf027cd9).
|
||
* The handling of faulty INVALID_KE_PAYLOAD notifies (e.g. one
|
||
containing a DH group that wasn't proposed) during
|
||
CREATE_CHILD_SA exchanges has been improved (#2536).
|
||
* Roam events are now completely ignored for IKEv1 SAs (there is
|
||
no MOBIKE to handle such changes properly).
|
||
* ChaCha20/Poly1305 is now correctly proposed without key length
|
||
(#2614). For compatibility with older releases the
|
||
chacha20poly1305compat keyword may be included in proposals to
|
||
also propose the algorithm with a key length (c58434aeff).
|
||
* Configuration of hardware offload of IPsec SAs is now more
|
||
flexible and allows a new setting (auto), which automatically
|
||
uses it if the kernel and device both support it. If hw_offload
|
||
is set to yes and offloading is not supported, the CHILD_SA
|
||
installation now fails.
|
||
* The kernel-pfkey plugin optionally installs routes via internal
|
||
interface (one with an IP in the local traffic selector). On
|
||
FreeBSD, enabling this selects the correct source IP when
|
||
sending packets from the gateway itself (e811659323).
|
||
* SHA-2 based PRFs are supported in PKCS#8 files as generated by
|
||
OpenSSL 1.1 (#2574).
|
||
* The pki --verify tool may load CA certificates and CRLs from
|
||
directories.
|
||
* The IKE daemon now also switches to port 4500 if the remote
|
||
port is not 500 (e.g. because the remote maps the response to a
|
||
different port, as might happen on Azure), as long as the local
|
||
port is 500 (85bfab621d).
|
||
* Fixed an issue with DNS servers passed to NetworkManager in
|
||
charon-nm (ee8c25516a).
|
||
* Logged traffic selectors now always contain the protocol if
|
||
either protocol or port are set (a36d8097ed).
|
||
* Only the inbound SA/policy will be updated as reaction to IP
|
||
address changes for rekeyed CHILD_SAs that are kept around.
|
||
* The parser for strongswan.conf/swanctl.conf now accepts =
|
||
characters in values without having to put the value in quotes
|
||
(e.g. for Base64 encoded shared secrets).
|
||
- Rename strongswan-5.6.2-rpmlintrc to strongswan-rpmlintrc,
|
||
changing the version string on every version update makes no
|
||
sense.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 17 13:24:38 UTC 2018 - bjorn.lie@gmail.com
|
||
|
||
- Update to version 5.6.2:
|
||
* Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS
|
||
signatures that was caused by insufficient input validation.
|
||
One of the configurable parameters in algorithm identifier
|
||
structures for RSASSA-PSS signatures is the mask generation
|
||
function (MGF). Only MGF1 is currently specified for this
|
||
purpose. However, this in turn takes itself a parameter that
|
||
specifies the underlying hash function. strongSwan's parser did
|
||
not correctly handle the case of this parameter being absent,
|
||
causing an undefined data read. This vulnerability has been
|
||
registered as CVE-2018-6459.
|
||
* When rekeying IKEv2 IKE_SAs the previously negotiated DH group
|
||
will be reused, instead of using the first configured group,
|
||
which avoids an additional exchange if the peer previously
|
||
selected a different DH group via INVALID_KE_PAYLOAD notify.
|
||
The same is also done when rekeying CHILD_SAs except for the
|
||
first rekeying of the CHILD_SA that was created with the
|
||
IKE_SA, where no DH group was negotiated yet. Also, the
|
||
selected DH group is moved to the front in all sent proposals
|
||
that contain it and all proposals that don't are moved to the
|
||
back in order to convey the preference for this group to the
|
||
peer.
|
||
* Handling of MOBIKE task queuing has been improved. In
|
||
particular, the response to an address update (with NAT-D
|
||
payloads) is not ignored anymore if only an address list update
|
||
or DPD is queued as that could prevent updating the UDP
|
||
encapsulation in the kernel.
|
||
* On Linux, roam events may optionally be triggered by changes to
|
||
the routing rules, which can be useful if routing rules
|
||
(instead of e.g. route metrics) are used to switch from one to
|
||
another interface (i.e. from one to another routing table).
|
||
Since routing rules are currently not evaluated when doing
|
||
route lookups this is only useful if the kernel-based route
|
||
lookup is used (4664992f7d).
|
||
* The fallback drop policies installed to avoid traffic leaks
|
||
when replacing addresses in installed policies are now replaced
|
||
by temporary drop policies, which also prevent acquires because
|
||
we currently delete and reinstall IPsec SAs to update their
|
||
addresses (35ef1b032d).
|
||
* Access X.509 certificates held in non-volatile storage of a TPM
|
||
2.0 referenced via the NV index.
|
||
* Adding the --keyid parameter to pki --print allows to print
|
||
private keys or certificates stored in a smartcard or a TPM
|
||
2.0.
|
||
* Fixed proposal selection if a peer incorrectly sends DH groups
|
||
in the ESP proposal during IKE_AUTH and also if a DH group is
|
||
configured in the local ESP proposal and
|
||
charon.prefer_configured_proposals is disabled (d058fd3c32).
|
||
* The lookup for PSK secrets for IKEv1 has been improved for
|
||
certain scenarios (see #2497 for details).
|
||
* MSKs received via RADIUS are now padded to 64 bytes to avoid
|
||
compatibility issues with EAP-MSCHAPv2 and PRFs that have a
|
||
block size < 64 bytes (e.g. AES-XCBC-PRF-128, see 73cbce6013).
|
||
* The tpm_extendpcr command line tool extends a digest into a TPM
|
||
PCR.
|
||
* Ported the NetworkManager backend from the deprecated
|
||
libnm-glib to libnm.
|
||
* The save-keys debugging/development plugin saves IKE and/or ESP
|
||
keys to files compatible with Wireshark.
|
||
- Following upstreams port, replace NetworkManager-devel with
|
||
pkgconfig(libnm) BuildRequires.
|
||
- Refresh patches with quilt.
|
||
- Disable strongswan_fipsfilter.patch, needs rebase or dropping,
|
||
the file it patches no longer exists in tarball.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 16 08:55:10 UTC 2018 - mmnelemane@suse.com
|
||
|
||
- Removed unused requires and macro calls(bsc#1083261)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 17 11:27:54 UTC 2017 - jengelh@inai.de
|
||
|
||
- Update summaries and descriptions. Trim filler words and
|
||
author list.
|
||
- Drop %if..%endif guards that are idempotent and do not affect
|
||
the build result.
|
||
- Replace old $RPM_ shell variables.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 5 17:10:11 CEST 2017 - ndas@suse.de
|
||
|
||
- Updated to strongSwan 5.6.0 providing the following changes:
|
||
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
|
||
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
|
||
where m is the signature, and e and n are the exponent and modulus of the public key.
|
||
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
|
||
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
|
||
This result wasn't handled properly causing a null-pointer dereference.
|
||
This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
|
||
|
||
*New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
|
||
Draft and has been demonstrated at the IETF 99 Prague Hackathon.
|
||
|
||
*The IMV database template has been adapted to achieve full compliance with the
|
||
ISO 19770-2:2015 SWID tag standard.
|
||
|
||
*The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
|
||
|
||
*By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
|
||
swanctl.conf file.
|
||
|
||
*The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
|
||
|
||
*The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
|
||
|
||
*libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
|
||
|
||
* more on https://wiki.strongswan.org/versions/66
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 5 11:33:01 CEST 2017 - ndas@suse.de
|
||
|
||
- fix "uintptr_t’ undeclared" compilation error.
|
||
[+0006-fix-compilation-error-by-adding-stdint.h.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 31 18:30:28 CEST 2017 - ndas@suse.de
|
||
|
||
- Updated to strongSwan 5.3.5(bsc#1050691) providing the following changes:
|
||
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input
|
||
validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two
|
||
requirements regarding the passed exponent and modulus that the plugin did not
|
||
enforce, if these are not met the calculation will result in a floating point exception
|
||
that crashes the whole process.
|
||
This vulnerability has been registered as CVE-2017-9022.
|
||
Please refer to our blog for details.
|
||
|
||
*Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
|
||
didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
|
||
parsing X.509 extensions that use such types.
|
||
This vulnerability has been registered as CVE-2017-9023.
|
||
Please refer to our blog for details.
|
||
|
||
*The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
|
||
traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA
|
||
the responder already has everything available to install and use the new CHILD_SA.
|
||
However, this could lead to lost traffic as the initiator won't be able to process
|
||
inbound packets until it processed the CREATE_CHILD_SA response and updated the
|
||
inbound SA. To avoid this the responder now only installs the new inbound SA and
|
||
delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA.
|
||
|
||
*The messages transporting these DELETEs could reach the peer before packets sent
|
||
with the deleted outbound SAs reach it. To reduce the chance of traffic loss due
|
||
to this the inbound SA of the replaced CHILD_SA is not removed for a configurable
|
||
amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed.
|
||
|
||
*The code base has been ported to Apple's ARM64 iOS platform, which required several
|
||
changes regarding the use of variadic functions. This was necessary because the calling
|
||
conventions for variadic and regular functions are different there.
|
||
This means that assigning a non-variadic function to a variadic function pointer, as we
|
||
did with our enumerator_t::enumerate() implementations and several callbacks, will
|
||
result in crashes as the called function accesses the arguments differently than the
|
||
caller provided them. To avoid this issue the enumerator_t interface has been changed
|
||
and the signature of the callback functions for enumerator_create_filter() and two
|
||
methods on linked_list_t have been changed. Refer to the developer notes below
|
||
for details.
|
||
|
||
*Adds support for fuzzing the certificate parser provided by the default plugins
|
||
(x509, pem, gmp etc.) on Google's OSS-Fuzz infrastructure (or generally with
|
||
libFuzzer). Several issues found while fuzzing these plugins were fixed.
|
||
|
||
*Two new options have been added to charon's retransmission settings:
|
||
retransmit_limit and retransmit_jitter. The former adds an upper limit to the
|
||
calculated retransmission timeout, the latter randomly reduces it.
|
||
Refer to Retransmission for details.
|
||
|
||
*A bug in swanctl's --load-creds command was fixed that caused unencrypted
|
||
private keys to get unloaded if the command was called multiple times.
|
||
The load-key VICI command now returns the key ID of the loaded key on success.
|
||
|
||
*The credential manager now enumerates local credential sets before global ones.
|
||
This means certificates supplied by the peer will now be preferred over certificates
|
||
with the same identity that may be locally stored (e.g. in the certificate cache).
|
||
|
||
*Adds support for hardware offload of IPsec SAs as introduced by Linux 4.11 for
|
||
specific hardware that supports this.
|
||
|
||
*The pki tool loads the curve25519 plugin by default.
|
||
[- 0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
|
||
- 0007-asn1-parser-Fix-CHOICE-parsing.patch]
|
||
- libhydra is removed as all kernel plugins moved to libcharon
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 23 14:25:32 CEST 2017 - ndas@suse.de
|
||
|
||
- Applied patch for "Don't retransmit Aggressive Mode response"
|
||
bsc#985012.
|
||
- Applied upstream patch for "Insufficient Input Validation in gmp Plugin"
|
||
bsc#1039514(CVE-2017-9022).
|
||
- Applied upstream patch for "Incorrect x509 ASN.1 parser error handling"
|
||
bsc#1039515(CVE-2017-9023).
|
||
[+0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch,
|
||
+0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
|
||
+0007-asn1-parser-Fix-CHOICE-parsing.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 4 12:00:00 UTC 2016 - doug@uq.edu.au
|
||
|
||
- Updated to strongSwan 5.3.5 providing the following changes:
|
||
Changes in version 5.3.5:
|
||
* Properly handle potential EINTR errors in sigwaitinfo(2) calls
|
||
that replaced sigwait(3) calls with 5.3.4.
|
||
* RADIUS retransmission timeouts are now configurable, courtesy
|
||
of Thom Troy.
|
||
Changes in version 5.3.4:
|
||
* Fixed an authentication bypass vulnerability in the
|
||
eap-mschapv2 plugin that was caused by insufficient
|
||
verification of the internal state when handling MSCHAPv2
|
||
Success messages received by the client. This vulnerability
|
||
has been registered as CVE-2015-8023.
|
||
* The sha3 plugin implements the SHA3 Keccak-F1600 hash
|
||
algorithm family. Within the strongSwan framework SHA3 is
|
||
currently used for BLISS signatures only because the OIDs for
|
||
other signature algorithms haven't been defined yet. Also the
|
||
use of SHA3 for IKEv2 has not been standardized yet.
|
||
Changes in version 5.3.3:
|
||
* Added support for the ChaCha20/Poly1305 AEAD cipher specified
|
||
in RFC 7539 and RFC 7634 using the chacha20poly1305 ike/esp
|
||
proposal keyword. The new chapoly plugin implements the
|
||
cipher, if possible SSE-accelerated on x86/x64 architectures.
|
||
It is usable both in IKEv2 and the strongSwan libipsec ESP
|
||
backend. On Linux 4.2 or newer the kernel-netlink plugin can
|
||
configure the cipher for ESP SAs.
|
||
* The vici interface now supports the configuration of auxiliary
|
||
certification authority information as CRL and OCSP URIs.
|
||
* In the bliss plugin the c_indices derivation using a SHA-512
|
||
based random oracle has been fixed, generalized and
|
||
standardized by employing the MGF1 mask generation function
|
||
with SHA-512. As a consequence BLISS signatures unsing the
|
||
improved oracle are not compatible with the earlier
|
||
implementation.
|
||
* Support for auto=route with right=%any for transport mode
|
||
connections has been added (the ikev2/trap-any scenario
|
||
provides examples).
|
||
* The starter daemon does not flush IPsec policies and SAs
|
||
anymore when it is stopped. Already existing duplicate
|
||
policies are now overwritten by the IKE daemon when it
|
||
installs its policies.
|
||
* Init limits (like charon.init_limit_half_open) can now
|
||
optionally be enforced when initiating SAs via VICI. For this,
|
||
IKE_SAs initiated by the daemon are now also counted as half
|
||
open SAs, which, as a side-effect, fixes the status output
|
||
while connecting (e.g. in ipsec status).
|
||
* Symmetric configuration of EAP methods in left|rightauth is
|
||
now possible when mutual EAP-only authentication is used
|
||
(previously, the client had to configure rightauth=eap or
|
||
rightauth=any, which prevented it from using this same config
|
||
as responder).
|
||
* The initiator flag in the IKEv2 header is compared again
|
||
(wasn't the case since 5.0.0) and packets that have the flag
|
||
set incorrectly are again ignored.
|
||
* Implemented a demo Hardcopy Device IMC/IMV pair based on the
|
||
"Hardcopy Device Health Assessment Trusted Network Connect
|
||
Binding" (HCD-TNC) document drafted by the IEEE Printer
|
||
Working Group (PWG).
|
||
* Fixed IF-M segmentation which failed in the presence of
|
||
multiple small attributes in front of a huge attribute to be
|
||
segmented.
|
||
Changes in version 5.3.2:
|
||
* Fixed a vulnerability that allowed rogue servers with a valid
|
||
certificate accepted by the client to trick it into disclosing
|
||
its username and even password (if the client accepts
|
||
EAP-GTC). This was caused because constraints against the
|
||
responder's authentication were enforced too late. This
|
||
vulnerability has been registered as CVE-2015-4171.
|
||
Changes in version 5.3.1:
|
||
* Fixed a denial-of-service and potential remote code execution
|
||
vulnerability triggered by IKEv1/IKEv2 messages that contain
|
||
payloads for the respective other IKE version. Such payload
|
||
are treated specially since 5.2.2 but because they were still
|
||
identified by their original payload type they were used as
|
||
such in some places causing invalid function pointer
|
||
dereferences. The vulnerability has been registered as
|
||
CVE-2015-3991.
|
||
* The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and
|
||
GCM crypto primitives for AES-128/192/256. The plugin requires
|
||
AES-NI and PCLMULQDQ instructions and works on both x86 and
|
||
x64 architectures. It provides superior crypto performance in
|
||
userland without any external libraries.
|
||
Changes in version 5.3.0:
|
||
* Added support for IKEv2 make-before-break reauthentication. By
|
||
using a global CHILD_SA reqid allocation mechanism, charon
|
||
supports overlapping CHILD_SAs. This allows the use of
|
||
make-before-break instead of the previously supported
|
||
break-before-make reauthentication, avoiding connectivity gaps
|
||
during that procedure. As the new mechanism may fail with peers
|
||
not supporting it (such as any previous strongSwan release) it
|
||
must be explicitly enabled using the charon.make_before_break
|
||
strongswan.conf option.
|
||
* Support for "Signature Authentication in IKEv2" (RFC 7427) has
|
||
been added. This allows the use of stronger hash algorithms
|
||
for public key authentication. By default, signature schemes
|
||
are chosen based on the strength of the signature key, but
|
||
specific hash algorithms may be configured in leftauth.
|
||
* Key types and hash algorithms specified in rightauth are now
|
||
also checked against IKEv2 signature schemes. If such
|
||
constraints are used for certificate chain validation in
|
||
existing configurations, in particular with peers that don't
|
||
support RFC 7427, it may be necessary to disable this feature
|
||
with the charon.signature_authentication_constraints setting,
|
||
because the signature scheme used in classic IKEv2 public key
|
||
authentication may not be strong enough.
|
||
* The new connmark plugin allows a host to bind conntrack flows
|
||
to a specific CHILD_SA by applying and restoring the SA mark
|
||
to conntrack entries. This allows a peer to handle multiple
|
||
transport mode connections coming over the same NAT device for
|
||
client-initiated flows. A common use case is to protect
|
||
L2TP/IPsec, as supported by some systems.
|
||
* The forecast plugin can forward broadcast and multicast
|
||
messages between connected clients and a LAN. For CHILD_SA
|
||
using unique marks, it sets up the required Netfilter rules
|
||
and uses a multicast/broadcast listener that forwards such
|
||
messages to all connected clients. This plugin is designed for
|
||
Windows 7 IKEv2 clients, which announces its services over the
|
||
tunnel if the negotiated IPsec policy allows it.
|
||
* For the vici plugin a Python Egg has been added to allow
|
||
Python applications to control or monitor the IKE daemon using
|
||
the VICI interface, similar to the existing ruby gem. The
|
||
Python library has been contributed by Björn Schuberg.
|
||
* EAP server methods now can fulfill public key constraints,
|
||
such as rightcert or rightca. Additionally, public key and
|
||
signature constraints can be specified for EAP methods in the
|
||
rightauth keyword. Currently the EAP-TLS and EAP-TTLS methods
|
||
provide verification details to constraints checking.
|
||
* Upgrade of the BLISS post-quantum signature algorithm to the
|
||
improved BLISS-B variant. Can be used in conjunction with the
|
||
SHA256, SHA384 and SHA512 hash algorithms with SHA512 being
|
||
the default.
|
||
* The IF-IMV 1.4 interface now makes the IP address of the TNC
|
||
access requestor as seen by the TNC server available to all
|
||
IMVs. This information can be forwarded to policy enforcement
|
||
points (e.g. firewalls or routers).
|
||
* The new mutual tnccs-20 plugin parameter activates mutual TNC
|
||
measurements in PB-TNC half-duplex mode between two endpoints
|
||
over either a PT-EAP or PT-TLS transport medium.
|
||
- Adjusted file lists and removed obsolete patches
|
||
[- 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch,
|
||
- 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch,
|
||
- 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 13 10:25:59 UTC 2015 - mt@suse.de
|
||
|
||
- Applied upstream fix for a authentication bypass vulnerability
|
||
in the eap-mschapv2 plugin (CVE-2015-8023,bsc#953817).
|
||
[+ 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 4 10:54:29 UTC 2015 - mt@suse.de
|
||
|
||
- Applied upstream fix for a rogue servers vulnerability, that may
|
||
enable rogue servers able to authenticate itself with certificate
|
||
issued by any CA the client trusts, to gain user credentials from
|
||
a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
|
||
[+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
|
||
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
|
||
and renamed it to use number prefix corresponding with patch nr.
|
||
[- strongswan-5.2.2-5.3.0_unknown_payload.patch,
|
||
+ 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 1 16:18:35 UTC 2015 - mt@suse.de
|
||
|
||
- Applied upstream fix for a DoS and potential remote code execution
|
||
vulnerability through payload type (bsc#931272,CVE-2015-3991)
|
||
[+ strongswan-5.2.2-5.3.0_unknown_payload.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 5 14:38:46 UTC 2015 - mt@suse.de
|
||
|
||
- Updated to strongSwan 5.2.2 providing the following changes:
|
||
Changes in version 5.2.2:
|
||
* Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
|
||
payload that contains the Diffie-Hellman group 1025. This identifier was
|
||
used internally for DH groups with custom generator and prime. Because
|
||
these arguments are missing when creating DH objects based on the KE
|
||
payload an invalid pointer dereference occurred. This allowed an attacker
|
||
to crash the IKE daemon with a single IKE_SA_INIT message containing such
|
||
a KE payload. The vulnerability has been registered as CVE-2014-9221.
|
||
* The left/rightid options in ipsec.conf, or any other identity in
|
||
strongSwan, now accept prefixes to enforce an explicit type, such as
|
||
email: or fqdn:. Note that no conversion is done for the remaining string,
|
||
refer to ipsec.conf(5) for details.
|
||
* The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
|
||
an IKEv2 public key authentication method. The pki tool offers full
|
||
support for the generation of BLISS key pairs and certificates.
|
||
* Fixed mapping of integrity algorithms negotiated for AH via IKEv1.
|
||
This could cause interoperability issues when connecting to older versions
|
||
of charon.
|
||
Changes in version 5.2.1:
|
||
* The new charon-systemd IKE daemon implements an IKE daemon tailored for
|
||
use with systemd. It avoids the dependency on ipsec starter and uses
|
||
swanctl as configuration backend, building a simple and lightweight
|
||
solution. It supports native systemd journal logging.
|
||
* Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
|
||
fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
|
||
* Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
|
||
All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
|
||
and IETF/Installed Packages attributes can be processed incrementally on a
|
||
per segment basis.
|
||
* The new ext-auth plugin calls an external script to implement custom IKE_SA
|
||
authorization logic, courtesy of Vyronas Tsingaras.
|
||
* For the vici plugin a ruby gem has been added to allow ruby applications to
|
||
control or monitor the IKE daemon. The vici documentation has been updated
|
||
to include a description of the available operations and some simple
|
||
examples using both the libvici C interface and the ruby gem.
|
||
Changes in version 5.2.0:
|
||
* strongSwan has been ported to the Windows platform. Using a MinGW toolchain,
|
||
many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2
|
||
and newer releases. charon-svc implements a Windows IKE service based on
|
||
libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec
|
||
backend on the Windows platform. socket-win provides a native IKE socket
|
||
implementation, while winhttp fetches CRL and OCSP information using the
|
||
WinHTTP API.
|
||
* The new vici plugin provides a Versatile IKE Configuration Interface for
|
||
charon. Using the stable IPC interface, external applications can configure,
|
||
control and monitor the IKE daemon. Instead of scripting the ipsec tool
|
||
and generating ipsec.conf, third party applications can use the new interface
|
||
for more control and better reliability.
|
||
* Built upon the libvici client library, swanctl implements the first user of
|
||
the VICI interface. Together with a swanctl.conf configuration file,
|
||
connections can be defined, loaded and managed. swanctl provides a portable,
|
||
complete IKE configuration and control interface for the command line.
|
||
The first six swanctl example scenarios have been added.
|
||
* The SWID IMV implements a JSON-based REST API which allows the exchange
|
||
of SWID tags and Software IDs with the strongTNC policy manager.
|
||
* The SWID IMC can extract all installed packages from the dpkg (Debian,
|
||
Ubuntu, Linux Mint etc.), rpm (Fedora, RedHat, OpenSUSE, etc.), or
|
||
pacman (Arch Linux, Manjaro, etc.) package managers, respectively, using
|
||
the swidGenerator (https://github.com/strongswan/swidGenerator) which
|
||
generates SWID tags according to the new ISO/IEC 19770-2:2014 standard.
|
||
* All IMVs now share the access requestor ID, device ID and product info
|
||
of an access requestor via a common imv_session object.
|
||
* The Attestation IMC/IMV pair supports the IMA-NG measurement format
|
||
introduced with the Linux 3.13 kernel.
|
||
* The aikgen tool generates an Attestation Identity Key bound to a TPM.
|
||
* Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network
|
||
Connect.
|
||
* The ipsec.conf replay_window option defines connection specific IPsec
|
||
replay windows. Original patch courtesy of Zheng Zhong and Christophe
|
||
Gouault from 6Wind.
|
||
- Adjusted file lists and removed obsolete patches
|
||
[- 0005-restore-registration-algorithm-order.bug897512.patch,
|
||
- 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
|
||
- Adopted/Merged fipscheck patches
|
||
[* strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 17 10:15:23 UTC 2014 - mt@suse.de
|
||
|
||
- Disallow brainpool elliptic curve groups in fips mode (bnc#856322).
|
||
[* strongswan_fipsfilter.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 11 10:21:01 UTC 2014 - mt@suse.de
|
||
|
||
- Applied an upstream fix for a denial-of-service vulnerability,
|
||
which can be triggered by an IKEv2 Key Exchange payload, that
|
||
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
|
||
[+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
|
||
- Adjusted whilelist of approved algorithms in fips mode (bsc#856322).
|
||
[* strongswan_fipsfilter.patch]
|
||
- Renamed patch file to match it's patch number:
|
||
[- 0001-restore-registration-algorithm-order.bug897512.patch,
|
||
+ 0005-restore-registration-algorithm-order.bug897512.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 25 11:22:06 UTC 2014 - mt@suse.de
|
||
|
||
- Updated strongswan-hmac package description (bsc#856322).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 21 12:03:59 UTC 2014 - mt@suse.de
|
||
|
||
- Disabled explicit gpg validation; osc source_validator does it.
|
||
- Guarded fipscheck and hmac package in the spec file for >13.1.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 20 07:43:43 UTC 2014 - mt@suse.de
|
||
|
||
- Added generation of fips hmac hash files using fipshmac utility
|
||
and a _fipscheck script to verify binaries/libraries/plugings
|
||
shipped in the strongswan-hmac package.
|
||
With enabled fips in the kernel, the ipsec script will call it
|
||
before any action or in a enforced/manual "ipsec _fipscheck" call.
|
||
Added config file to load openssl and kernel af-alg plugins, but
|
||
not all the other modules which provide further/alternative algs.
|
||
Applied a filter disallowing non-approved algorithms in fips mode.
|
||
(fate#316931,bnc#856322).
|
||
[+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
|
||
- Fixed file list in the optional (disabled) strongswan-test package.
|
||
- Fixed build of the strongswan built-in integrity checksum library
|
||
and enabled building it only on architectures tested to work.
|
||
- Fix to use bug number 897048 instead 856322 in last changes entry.
|
||
- Applied an upstream patch reverting to store algorithms in the
|
||
registration order again as ordering them by identifier caused
|
||
weaker algorithms to be proposed first by default (bsc#897512).
|
||
[+0001-restore-registration-algorithm-order.bug897512.patch]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 26 16:02:09 UTC 2014 - mt@suse.de
|
||
|
||
- Re-enabled gcrypt plugin and reverted to not enforce fips again
|
||
as this breaks gcrypt and openssl plugins when the fips pattern
|
||
option is not installed (fate#316931,bnc#856322).
|
||
[- strongswan-fips-disablegcrypt.patch]
|
||
- Added empty strongswan-hmac package supposed to provide fips hmac
|
||
files and enforce fips compliant operation later (bnc#856322).
|
||
- Cleaned up conditional build flags in the rpm spec file.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 3 13:39:45 UTC 2014 - meissner@suse.com
|
||
|
||
- disable gcrypt plugin by default, so it will only use openssl
|
||
fate#316931 [+strongswan-fips-disablegcrypt.patch]
|
||
- enable fips mode 2
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 20 17:38:07 UTC 2014 - crrodriguez@opensuse.org
|
||
|
||
- Fix build in factory
|
||
* Do not include var/run directories in package
|
||
* Move runtime data to /run and provide tmpfiles.d snippet
|
||
* Add proper systemd macros to rpm scriptlets.
|
||
* Do not buildRequire library package libnl1, it is not used.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 14 23:36:07 UTC 2014 - mt@suse.de
|
||
|
||
- Updated to strongSwan 5.1.3 providing the following changes:
|
||
- Fixed an authentication bypass vulnerability triggered by rekeying
|
||
an unestablished IKEv2 SA while it gets actively initiated. This
|
||
allowed an attacker to trick a peer's IKE_SA state to established,
|
||
without the need to provide any valid authentication credentials.
|
||
(CVE-2014-2338, bnc#870572).
|
||
- The acert plugin evaluates X.509 Attribute Certificates. Group
|
||
membership information encoded as strings can be used to fulfill
|
||
authorization checks defined with the rightgroups option.
|
||
Attribute Certificates can be loaded locally or get exchanged in
|
||
IKEv2 certificate payloads.
|
||
- The pki command gained support to generate X.509 Attribute
|
||
Certificates using the --acert subcommand, while the --print
|
||
command supports the ac type. The openac utility has been removed
|
||
in favor of the new pki functionality.
|
||
- The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other
|
||
protocols has been extended by AEAD mode support, currently limited
|
||
to AES-GCM.
|
||
- Fixed an issue where CRL/OCSP trustchain validation broke enforcing
|
||
CA constraints
|
||
- Limited OCSP signing to specific certificates to improve performance
|
||
- authKeyIdentifier is not added to self-signed certificates anymore
|
||
- Fixed the comparison of IKE configs if only the cipher suites were
|
||
different
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 2 05:53:21 UTC 2014 - mt@suse.de
|
||
|
||
- Updated to strongSwan 5.1.2 providing the following changes:
|
||
- A new default configuration file layout is introduced. The new
|
||
default strongswan.conf file mainly includes config snippets from
|
||
the strongswan.d and strongswan.d/charon directories (the latter
|
||
containing snippets for all plugins). The snippets, with commented
|
||
defaults, are automatically generated and installed, if they don't
|
||
exist yet. Also installed in $prefix/share/strongswan/templates so
|
||
existing files can be compared to the current defaults.
|
||
- As an alternative to the non-extensible charon.load setting, the
|
||
plugins to load in charon (and optionally other applications) can
|
||
now be determined via the charon.plugins.<name>.load setting for
|
||
each plugin (enabled in the new default strongswan.conf file via the
|
||
charon.load_modular option). The load setting optionally takes a
|
||
numeric priority value that allows reordering the plugins (otherwise
|
||
the default plugin order is preserved).
|
||
- All strongswan.conf settings that were formerly defined in library
|
||
specific "global" sections are now application specific (e.g.
|
||
settings for plugins in libstrongswan.plugins can now be set only
|
||
for charon in charon.plugins). The old options are still supported,
|
||
which now allows to define defaults for all applications in the
|
||
libstrongswan section.
|
||
- The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum
|
||
computer IKE key exchange mechanism. The implementation is based on
|
||
the ntru-crypto library from the NTRUOpenSourceProject.
|
||
The supported security strengths are ntru112, ntru128, ntru192, and
|
||
ntru256. Since the private DH group IDs 1030..1033 have been
|
||
assigned, the strongSwan Vendor ID must be sent in order to use NTRU
|
||
(charon.send_vendor_id = yes).
|
||
- Defined a TPMRA remote attestation workitem and added support for it
|
||
to the Attestation IMV.
|
||
- Compatibility issues between IPComp (compress=yes) and
|
||
leftfirewall=yes as well as multiple subnets in left|rightsubnet
|
||
have been fixed.
|
||
- When enabling its "session" strongswan.conf option, the xauth-pam
|
||
plugin opens and closes a PAM session for each established IKE_SA.
|
||
Patch courtesy of Andrea Bonomi.
|
||
- The strongSwan unit testing framework has been rewritten without the
|
||
"check" dependency for improved flexibility and portability. It now
|
||
properly supports multi-threaded and memory leak testing and brings
|
||
a bunch of new test cases.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 1 12:28:39 UTC 2013 - mt@suse.de
|
||
|
||
- Updated to strongSwan 5.1.1 minor release addressing two security
|
||
fixes (bnc#847506,CVE-2013-6075, bnc#847509,CVE-2013-6076):
|
||
- Fixed a denial-of-service vulnerability and potential authorization
|
||
bypass triggered by a crafted ID_DER_ASN1_DN ID payload. The cause
|
||
is an insufficient length check when comparing such identities. The
|
||
vulnerability has been registered as CVE-2013-6075.
|
||
- Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
|
||
fragmentation payload. The cause is a NULL pointer dereference. The
|
||
vulnerability has been registered as CVE-2013-6076.
|
||
- The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS
|
||
session with a strongSwan policy enforcement point which uses the
|
||
tnc-pdp charon plugin.
|
||
- The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests
|
||
for either full SWID Tag or concise SWID Tag ID inventories.
|
||
- The XAuth backend in eap-radius now supports multiple XAuth
|
||
exchanges for different credential types and display messages.
|
||
All user input gets concatenated and verified with a single
|
||
User-Password RADIUS attribute on the AAA. With an AAA supporting
|
||
it, one for example can implement Password+Token authentication with
|
||
proper dialogs on iOS and OS X clients. - charon supports IKEv1 Mode
|
||
Config exchange in push mode. The ipsec.conf modeconfig=push option
|
||
enables it for both client and server, the same way as pluto used it.
|
||
- Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2
|
||
connections, charon can negotiate and install Security Associations
|
||
integrity-protected by the Authentication Header protocol. Supported
|
||
are plain AH(+IPComp) SAs only, but not the deprecated RFC2401 style
|
||
ESP+AH bundles.
|
||
- The generation of initialization vectors for IKE and ESP (when using
|
||
libipsec) is now modularized and IVs for e.g. AES-GCM are now correctly
|
||
allocated sequentially, while other algorithms like AES-CBC still
|
||
use random IVs.
|
||
- The left and right options in ipsec.conf can take multiple address
|
||
ranges and subnets. This allows connection matching against a larger
|
||
set of addresses, for example to use a different connection for clients
|
||
connecting from a internal network.
|
||
- For all those who have a queasy feeling about the NIST elliptic curve
|
||
set, the Brainpool curves introduced for use with IKE by RFC 6932 might
|
||
be a more trustworthy alternative.
|
||
- The kernel-libipsec userland IPsec backend now supports usage
|
||
statistics, volume based rekeying and accepts ESPv3 style TFC padded
|
||
packets.
|
||
- With two new strongswan.conf options fwmarks can be used to implement
|
||
host-to-host tunnels with kernel-libipsec.
|
||
- load-tester supports transport mode connections and more complex
|
||
traffic selectors, including such using unique ports for each tunnel.
|
||
- The new dnscert plugin provides support for authentication via CERT
|
||
RRs that are protected via DNSSEC. The plugin was created by Ruslan
|
||
N. Marchenko.
|
||
- The eap-radius plugin supports forwarding of several Cisco Unity
|
||
specific RADIUS attributes in corresponding configuration payloads.
|
||
- Database transactions are now abstracted and implemented by the two
|
||
backends. If you use MySQL make sure all tables use the InnoDB engine.
|
||
- libstrongswan now can provide an experimental custom implementation
|
||
of the printf family functions based on klibc if neither Vstr nor
|
||
glibc style printf hooks are available. This can avoid the Vstr
|
||
dependency on some systems at the cost of slower and less complete
|
||
printf functions.
|
||
- Adjusted file lists: this version installs the pki utility and manuals
|
||
in common /usr directories and additional ipsec/pt-tls-client helper.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 5 13:48:11 UTC 2013 - mt@suse.de
|
||
|
||
- Updated to strongSwan 5.1.0 release (bnc#833278, CVE-2013-5018):
|
||
- Fixed a denial-of-service vulnerability triggered by specific XAuth
|
||
usernames and EAP identities (since 5.0.3), and PEM files (since
|
||
4.1.11). The crash was caused by insufficient error handling in the
|
||
is_asn1() function. The vulnerability has been registered as
|
||
CVE-2013-5018.
|
||
- The new charon-cmd command line IKE client can establish road
|
||
warrior connections using IKEv1 or IKEv2 with different
|
||
authentication profiles. It does not depend on any configuration
|
||
files and can be configured using a few simple command line options.
|
||
- The kernel-pfroute networking backend has been greatly improved.
|
||
It now can install virtual IPs on TUN devices on OS X and FreeBSD,
|
||
allowing these systems to act as a client in common road warrior
|
||
scenarios.
|
||
- The new kernel-libipsec plugin uses TUN devices and libipsec to
|
||
provide IPsec processing in userland on Linux, FreeBSD and Mac OS X.
|
||
- The eap-radius plugin can now serve as an XAuth backend called
|
||
xauth-radius, directly verifying XAuth credentials using RADIUS
|
||
User-Name/User-Password attributes. This is more efficient than the
|
||
existing xauth-eap+eap-radius combination, and allows RADIUS servers
|
||
without EAP support to act as AAA backend for IKEv1.
|
||
- The new osx-attr plugin installs configuration attributes (currently
|
||
DNS servers) via SystemConfiguration on Mac OS X. The keychain
|
||
plugin provides certificates from the OS X keychain service.
|
||
- The sshkey plugin parses SSH public keys, which, together with the
|
||
--agent option for charon-cmd, allows the use of ssh-agent for
|
||
authentication. To configure SSH keys in ipsec.conf the
|
||
left|rightrsasigkey options are replaced with left|rightsigkey,
|
||
which now take public keys in one of three formats: SSH (RFC 4253,
|
||
ssh: prefix), DNSKEY (RFC 3110, dns: prefix), and PKCS#1 (the
|
||
default, no prefix).
|
||
- Extraction of certificates and private keys from PKCS#12 files is
|
||
now provided by the new pkcs12 plugin or the openssl plugin.
|
||
charon-cmd (--p12) as well as charon (via P12 token in
|
||
ipsec.secrets) can make use of this.
|
||
- IKEv2 can now negotiate transport mode and IPComp in NAT situations.
|
||
- IKEv2 exchange initiators now properly close an established IKE or
|
||
CHILD_SA on error conditions using an additional exchange, keeping
|
||
state in sync between peers.
|
||
- Using a SQL database interface a Trusted Network Connect (TNC)
|
||
Policy Manager can generate specific measurement workitems for an
|
||
arbitrary number of Integrity Measurement Verifiers (IMVs) based on
|
||
the history of the VPN user and/or device.
|
||
- Several core classes in libstrongswan are now tested with unit
|
||
tests. These can be enabled with --enable-unit-tests and run with
|
||
'make check'.
|
||
Coverage reports can be generated with --enable-coverage and 'make
|
||
coverage' (this disables any optimization, so it should not be
|
||
enabled when building production releases).
|
||
- The leak-detective developer tool has been greatly improved. It
|
||
works much faster/stabler with multiple threads, does not use
|
||
deprecated malloc hooks anymore and has been ported to OS X.
|
||
- chunk_hash() is now based on SipHash-2-4 with a random key. This
|
||
provides better distribution and prevents hash flooding attacks
|
||
when used with hashtables.
|
||
- All default plugins implement the get_features() method to define
|
||
features and their dependencies. The plugin loader has been
|
||
improved, so that plugins in a custom load statement can be ordered
|
||
freely or to express preferences without being affected by
|
||
dependencies between plugin features.
|
||
- A centralized thread can take care for watching multiple file
|
||
descriptors concurrently. This removes the need for a dedicated
|
||
listener threads in various plugins. The number of "reserved"
|
||
threads for such tasks has been reduced to about five, depending on
|
||
the plugin configuration.
|
||
- Plugins that can be controlled by a UNIX socket IPC mechanism gained
|
||
network transparency. Third party applications querying these
|
||
plugins now can use TCP connections from a different host.
|
||
- libipsec now supports AES-GCM.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 30 12:48:44 UTC 2013 - mt@suse.de
|
||
|
||
- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944):
|
||
- Fixed a security vulnerability in the openssl plugin which was
|
||
reported by Kevin Wojtysiak. The vulnerability has been registered
|
||
as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA
|
||
signature verification was used, due to a misinterpretation of the
|
||
error code returned by the OpenSSL ECDSA_verify() function, an empty
|
||
or zeroed signature was accepted as a legitimate one. Refer to our
|
||
blog for details.
|
||
- The handling of a couple of other non-security relevant OpenSSL
|
||
return codes was fixed as well.
|
||
- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses
|
||
via its TCG TNC IF-MAP 2.1 interface.
|
||
- The charon.initiator_only strongswan.conf option causes charon to
|
||
ignore IKE initiation requests.
|
||
- The openssl plugin can now use the openssl-fips library.
|
||
The version 5.0.3 provides new ipseckey plugin, enabling authentication
|
||
based on trustworthy public keys stored as IPSECKEY resource records in
|
||
the DNS and protected by DNSSEC and new openssl plugin using the AES-NI
|
||
accelerated version of AES-GCM if the hardware supports it.
|
||
See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
|
||
for a list of all changes since the 5.0.1 release.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 29 19:13:40 CET 2012 - sbrabec@suse.cz
|
||
|
||
- Verify GPG signature.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 16 04:02:32 UTC 2012 - crrodriguez@opensuse.org
|
||
|
||
- Fix systemd unit dir
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 31 15:25:16 UTC 2012 - mt@suse.de
|
||
|
||
- Updated to strongSwan 5.0.1 release. Changes digest:
|
||
- Introduced the sending of the standard IETF Assessment Result
|
||
PA-TNC attribute by all strongSwan Integrity Measurement Verifiers.
|
||
- Extended PTS Attestation IMC/IMV pair to provide full evidence of
|
||
the Linux IMA measurement process. All pertinent file information
|
||
of a Linux OS can be collected and stored in an SQL database.
|
||
- The PA-TNC and PB-TNC protocols can now process huge data payloads.
|
||
- The xauth-pam backend can authenticate IKEv1 XAuth and Hybrid
|
||
authenticated clients against any PAM service.
|
||
- The new unity plugin brings support for some parts of the IKEv1
|
||
Cisco Unity Extensions.
|
||
- The kernel-netlink plugin supports the new strongswan.conf option
|
||
charon.install_virtual_ip_on.
|
||
- Job handling in controller_t was fixed, which occasionally caused
|
||
crashes on ipsec up/down.
|
||
- Fixed transmission EAP-MSCHAPv2 user name if it contains a domain
|
||
part.
|
||
Changes digest from strongSwan 5.0.0 version:
|
||
* The charon IKE daemon gained experimental support for the IKEv1
|
||
protocol. Pluto has been removed from the 5.x series.
|
||
* The NetworkManager charon plugin of previous releases is now
|
||
provided by a separate executable (charon-nm) and it should work
|
||
again with NM 0.9.
|
||
* scepclient was updated and it now works fine with Windows Server
|
||
2008 R2.
|
||
For full list of the changes, please read the NEWS file shipped
|
||
in the strongswan-doc package or online:
|
||
http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
|
||
- Adopted spec file, enabled several plugins, e.g.: ccm, certexpire,
|
||
coupling, ctr, duplicheck, eap-dynamic, eap-peap, eap-tls, eap-tnc,
|
||
eap-ttls, gcm, nonce, radattr, tnc, tnccs, unity, xauth-eap and pam.
|
||
- Changed to install strongswan.service with alias to ipsec.service
|
||
instead of the /etc/init.d/ipsec init script on openSUSE > 12.2.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 7 08:36:57 UTC 2012 - mt@suse.de
|
||
|
||
- Applied upstream patch adjusting an internal thread id causing
|
||
charon keying daemon start failure (bnc#779038,strongswan#198):
|
||
openssl: Ensure the thread ID is never zero
|
||
This might otherwise cause problems because OpenSSL tries to
|
||
lock mutexes recursively if it assumes the lock is held by a
|
||
different thread e.g. during FIPS initialization.
|
||
See http://wiki.strongswan.org/issues/198 for more informations.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 31 16:08:43 UTC 2012 - mt@suse.com
|
||
|
||
- Updated to strongSwan 4.6.4 release:
|
||
- Fixed a security vulnerability in the gmp plugin. If this
|
||
plugin was used for RSA signature verification an empty or
|
||
zeroed signature was handled as a legitimate one
|
||
(bnc#761325, CVE-2012-2388).
|
||
- Fixed several issues with reauthentication and address updates.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 10 09:15:38 UTC 2012 - mt@suse.com
|
||
|
||
- Updated to strongSwan 4.6.3 release:
|
||
- The tnc-pdp plugin implements a RADIUS server interface allowing
|
||
a strongSwan TNC server to act as a Policy Decision Point.
|
||
- The eap-radius authentication backend enforces Session-Timeout
|
||
attributes using RFC4478 repeated authentication and acts upon
|
||
RADIUS Dynamic Authorization extensions, RFC 5176. Currently
|
||
supported are disconnect requests and CoA messages containing
|
||
a Session-Timeout.
|
||
- The eap-radius plugin can forward arbitrary RADIUS attributes
|
||
from and to clients using custom IKEv2 notify payloads. The new
|
||
radattr plugin reads attributes to include from files and prints
|
||
received attributes to the console.
|
||
- Added support for untruncated MD5 and SHA1 HMACs in ESP as used
|
||
in RFC 4595.
|
||
- The cmac plugin implements the AES-CMAC-96 and AES-CMAC-PRF-128
|
||
algorithms as defined in RFC 4494 and RFC 4615, respectively.
|
||
- The resolve plugin automatically installs nameservers via
|
||
resolvconf(8), if it is installed, instead of modifying
|
||
/etc/resolv.conf directly.
|
||
- The IKEv2 charon daemon supports now raw RSA public keys in RFC
|
||
3110 DNSKEY and PKCS#1 file format.
|
||
- The farp plugin sends ARP responses for any tunneled address,
|
||
not only virtual IPs.
|
||
- Charon resolves hosts again during additional keying tries.
|
||
- Fixed switching back to original address pair during MOBIKE.
|
||
- When resending IKE_SA_INIT with a COOKIE charon reuses the previous
|
||
DH value, as specified in RFC 5996.
|
||
This has an effect on the lifecycle of diffie_hellman_t, see
|
||
source:src/libcharon/sa/keymat.h#39 for details.
|
||
- COOKIEs are now kept enabled a bit longer to avoid certain race
|
||
conditions the commit message to 1b7debcc has some details.
|
||
- The new stroke user-creds command allows to set username/password
|
||
for a connection.
|
||
- strongswan.conf option added to set identifier for syslog(3) logging.
|
||
- Added a workaround for null-terminated XAuth secrets (as sent by
|
||
Android 4).
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 3 00:10:34 UTC 2012 - tabraham@novell.com
|
||
|
||
- Updated to strongSwan 4.6.2 release:
|
||
Changes in 4.6.2:
|
||
- Upgraded the TCG IF-IMC and IF-IMV C API to the upcoming version 1.3
|
||
which supports IF-TNCCS 2.0 long message types, the exclusive flags
|
||
and multiple IMC/IMV IDs. Both the TNC Client and Server as well as
|
||
the "Test", "Scanner", and "Attestation" IMC/IMV pairs were updated.
|
||
- Fully implemented the "TCG Attestation PTS Protocol: Binding to IF-M"
|
||
standard (TLV-based messages only). TPM-based remote attestation of
|
||
Linux IMA (Integrity Measurement Architecture) possible. Measurement
|
||
reference values are automatically stored in an SQLite database.
|
||
- The EAP-RADIUS authentication backend supports RADIUS accounting. It sends
|
||
start/stop messages containing Username, Framed-IP and Input/Output-Octets
|
||
attributes and has been tested against FreeRADIUS and Microsoft NPS.
|
||
- Added support for PKCS#8 encoded private keys via the libstrongswan
|
||
pkcs8 plugin. This is the default format used by some OpenSSL tools since
|
||
version 1.0.0 (e.g. openssl req with -keyout).
|
||
- Added session resumption support to the strongSwan TLS stack.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 15 13:31:40 UTC 2012 - mt@suse.com
|
||
|
||
- Updated to strongSwan 4.6.1 release:
|
||
Changes in 4.6.1:
|
||
- Because of changing checksums before and after installation which caused
|
||
the integrity tests to fail we avoided directly linking libsimaka,
|
||
libtls and libtnccs to those libcharon plugins which make use of these
|
||
dynamiclibraries.
|
||
Instead we linked the libraries to the charon daemon. Unfortunately
|
||
Ubuntu 11.10 activated the --as-needed ld option which discards explicit
|
||
links to dynamic libraries that are not actually used by the charon
|
||
daemon itself, thus causing failures during the loading of the plugins
|
||
which depend on these libraries for resolving external symbols.
|
||
- Therefore our approach of computing integrity checksums for plugins had
|
||
to be changed radically by moving the hash generation from the
|
||
compilation to the post-installation phase.
|
||
Changes in 4.6.0:
|
||
- The new libstrongswan certexpire plugin collects expiration information
|
||
of all used certificates and exports them to CSV files. It either
|
||
directly exports them or uses cron style scheduling for batch exports.
|
||
- Starter passes unresolved hostnames to charon, allowing it to do name
|
||
resolution not before the connection attempt. This is especially useful
|
||
with connections between hosts using dynamic IP addresses.
|
||
Thanks to Mirko Parthey for the initial patch.
|
||
- The android plugin can now be used without the Android frontend patch
|
||
and provides DNS server registration and logging to logcat.
|
||
- Pluto and starter (plus stroke and whack) have been ported to Android.
|
||
- Support for ECDSA private and public key operations has been added to
|
||
the pkcs11 plugin. The plugin now also provides DH and ECDH via PKCS#11
|
||
and can use tokens as random number generators (RNG). By default only
|
||
private key operations are enabled, more advanced features have to be
|
||
enabled by their option in strongswan.conf. This also applies to public
|
||
key operations (even for keys not stored on the token) which were
|
||
enabled by default before.
|
||
- The libstrongswan plugin system now supports detailed plugin
|
||
dependencies. Many plugins have been extended to export its capabilities
|
||
and requirements. This allows the plugin loader to resolve plugin
|
||
loading order automatically, and in future releases, to dynamically load
|
||
the required features on demand.
|
||
Existing third party plugins are source (but not binary) compatible if
|
||
they properly initialize the new get_features() plugin function to NULL.
|
||
- The tnc-ifmap plugin implements a TNC IF-MAP 2.0 client which can
|
||
deliver metadata about IKE_SAs via a SOAP interface to a MAP server.
|
||
The tnc-ifmap plugin requires the Apache Axis2/C library.
|
||
- Merged patches, changed strongswan-doc to be a noarch package.
|
||
- Fixed rpmlint runlevel & fsf warnings, updated rpmlintrc
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 6 10:27:00 UTC 2012 - aj@suse.de
|
||
|
||
- Only glib.h can be included, fix compilation.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 21 10:31:49 UTC 2011 - coolo@suse.com
|
||
|
||
- remove call to suse_update_config (very old work around)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 12 09:26:51 UTC 2011 - coolo@suse.com
|
||
|
||
- remove _service file, too fragile
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 12 08:24:36 UTC 2011 - mt@suse.com
|
||
|
||
- Fixed version in last changelog entry
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 8 16:06:46 UTC 2011 - mt@suse.com
|
||
|
||
- Updated to strongSwan 4.5.3 release, changes overview since 4.5.2:
|
||
* Our private libraries (e.g. libstrongswan) are not installed directly in
|
||
prefix/lib anymore. Instead a subdirectory is used (prefix/lib/ipsec/ by
|
||
default). The plugins directory is also moved from libexec/ipsec/ to that
|
||
directory.
|
||
* The dynamic IMC/IMV libraries were moved from the plugins directory to
|
||
a new imcvs directory in the prefix/lib/ipsec/ subdirectory.
|
||
* Job priorities were introduced to prevent thread starvation caused by too
|
||
many threads handling blocking operations (such as CRL fetching).
|
||
* Two new strongswan.conf options allow to fine-tune performance on IKEv2
|
||
gateways by dropping IKE_SA_INIT requests on high load.
|
||
* IKEv2 charon daemon supports PASS and DROP shunt policies
|
||
preventing traffic to go through IPsec connections. Installation of the
|
||
shunt policies either via the XFRM netfilter or PFKEYv2 IPsec kernel
|
||
interfaces.
|
||
* The history of policies installed in the kernel is now tracked so that e.g.
|
||
trap policies are correctly updated when reauthenticated SAs are terminated.
|
||
* IMC/IMV Scanner pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
|
||
Using "netstat -l" the IMC scans open listening ports on the TNC client
|
||
and sends a port list to the IMV which based on a port policy decides if
|
||
the client is admitted to the network.
|
||
* IMC/IMV Test pair implementing the RFC 5792 PA-TNC (IF-M) protocol.
|
||
* The IKEv2 close action does not use the same value as the ipsec.conf dpdaction
|
||
setting, but the value defined by its own closeaction keyword. The action
|
||
is triggered if the remote peer closes a CHILD_SA unexpectedly.
|
||
- Fixed some fmt warnings in libchecksum, adopted paths in the spec file
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 29 16:37:00 UTC 2011 - jcnengel@googlemail.com
|
||
|
||
- Updated to strongSwan 4.5.2 release, changes overview since 4.5.1:
|
||
* The whitelist plugin for the IKEv2 daemon maintains an in-memory identity
|
||
whitelist. Any connection attempt of peers not whitelisted will get rejected.
|
||
The 'ipsec whitelist' utility provides a simple command line frontend for
|
||
whitelist administration.
|
||
* The duplicheck plugin provides a specialized form of duplicate checking,
|
||
doing a liveness check on the old SA and optionally notify a third party
|
||
application about detected duplicates.
|
||
* The coupling plugin permanently couples two or more devices by limiting
|
||
authentication to previously used certificates.
|
||
* In the case that the peer config and child config don't have the same name
|
||
(usually in SQL database defined connections), ipsec up|route <peer config>
|
||
starts|routes all associated child configs and ipsec up|route <child config>
|
||
only starts|routes the specific child config.
|
||
* fixed the encoding and parsing of X.509 certificate policy statements (CPS).
|
||
* Duncan Salerno contributed the eap-sim-pcsc plugin implementing a
|
||
pcsc-lite based SIM card backend.
|
||
* The eap-peap plugin implements the EAP PEAP protocol. Interoperates
|
||
successfully with a FreeRADIUS server and Windows 7 Agile VPN clients.
|
||
* The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs
|
||
all plugins to reload. Currently only the eap-radius and the attr plugins
|
||
support configuration reloading.
|
||
* Added userland support to the IKEv2 daemon for Extended Sequence Numbers
|
||
support coming with Linux 2.6.39. To enable ESN on a connection, add
|
||
the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence
|
||
numbers only ('noesn'), and the same value is used if no ESN mode is
|
||
specified. To negotiate ESN support with the peer, include both, e.g.
|
||
esp=aes128-sha1-esn-noesn.
|
||
* In addition to ESN, Linux 2.6.39 gained support for replay windows larger
|
||
than 32 packets. The new global strongswan.conf option 'charon.replay_window'
|
||
configures the size of the replay window, in packets.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 14 10:59:32 UTC 2011 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.5.1 release, changes overview since 4.5.0:
|
||
* Implements RFC 5793 Posture Broker Protocol (BP)
|
||
* Re-implemented TNCCS 1.1 protocol
|
||
* Allows to store IKE and ESP proposals in an SQL database
|
||
* Allows to store CRL and OCSP cert points in an SQL database
|
||
* New 'include' statement in strongswan.conf allows recursions
|
||
* Modifications of strongswan.conf parser, cause syntax attr plugin
|
||
syntax changes.
|
||
* ipsec listalgs now appends the plugin registering an algo
|
||
* Adds support for Traffic Flow Confidentiality with Linux 2.6.38
|
||
* New af-alg plugin allows to use new primitives in 2.6.38 crypto api
|
||
and removes the need for additional userland implementations.
|
||
* IKEv2 daemon supports the INITIAL_CONTACT notify
|
||
* conftest conformance testing framework
|
||
* new constraints plugin provides advanced X.509 constraint checking
|
||
* left/rightauth ipsec.conf keywords accept minimum strengths
|
||
* basic support for delta CRLs
|
||
See the NEWS file or http://download.strongswan.org/CHANGES4.txt
|
||
for a detailed description of the changes.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 22 09:05:30 UTC 2010 - mt@suse.de
|
||
|
||
- Cleaned up spec file; use with_mysql,sqlite,gcrypt,nm flags
|
||
- Disabled tests sub-package with load-tester and test-vectors
|
||
plugins by default using a with_tests flag (causes load error
|
||
in "ipsec pki" when enabled but the package is not installed).
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 16 12:01:46 UTC 2010 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.5.0 release, changes since 4.4.1 are:
|
||
* IMPORTANT: the default keyexchange mode 'ike' is changing with
|
||
release 4.5 from 'ikev1' to 'ikev2', thus commemorating the five
|
||
year anniversary of the IKEv2 RFC 4306 and its mature successor
|
||
RFC 5996. The time has definitively come for IKEv1 to go into
|
||
retirement and to cede its place to the much more robust, powerful
|
||
and versatile IKEv2 protocol!
|
||
* Added new ctr, ccm and gcm plugins providing Counter, Counter
|
||
with CBC-MAC and Galois/Counter Modes based on existing CBC
|
||
implementations. These new plugins bring support for AES and
|
||
Camellia Counter and CCM algorithms and the AES GCM algorithms
|
||
for use in IKEv2.
|
||
* The new pkcs11 plugin brings full Smartcard support to the IKEv2
|
||
daemon and the pki utility using one or more PKCS#11 libraries. It
|
||
currently supports RSA private and public key operations and loads
|
||
X.509 certificates from tokens.
|
||
* Implemented a general purpose TLS stack based on crypto and
|
||
credential primitives of libstrongswan. libtls supports TLS
|
||
versions 1.0, 1.1 and 1.2, ECDHE-ECDSA/RSA, DHE-RSA and RSA key
|
||
exchange algorithms and RSA/ECDSA based client authentication.
|
||
* Based on libtls, the eap-tls plugin brings certificate based EAP
|
||
authentication for client and server. It is compatible to Windows
|
||
7 IKEv2 Smartcard authentication and the OpenSSL based FreeRADIUS
|
||
EAP-TLS backend.
|
||
* Implemented the TNCCS 1.1 Trusted Network Connect protocol using
|
||
the libtnc library on the strongSwan client and server side via
|
||
the tnccs_11 plugin and optionally connecting to a TNC@FHH-enhanced
|
||
FreeRADIUS AAA server. Depending on the resulting TNC Recommendation,
|
||
strongSwan clients are granted access to a network behind a
|
||
strongSwan gateway (allow), are put into a remediation zone (isolate)
|
||
or are blocked (none), respectively.
|
||
Any number of Integrity Measurement Collector/Verifier pairs can be
|
||
attached via the tnc-imc and tnc-imv charon plugins.
|
||
* The IKEv1 daemon pluto now uses the same kernel interfaces as the
|
||
IKEv2 daemon charon. As a result of this, pluto now supports xfrm
|
||
marks which were introduced in charon with 4.4.1.
|
||
* The RADIUS plugin eap-radius now supports multiple RADIUS servers
|
||
for redundant setups. Servers are selected by a defined priority,
|
||
server load and availability.
|
||
* The simple led plugin controls hardware LEDs through the Linux LED
|
||
subsystem. It currently shows activity of the IKE daemon and is a
|
||
good example how to implement a simple event listener.
|
||
* Improved MOBIKE behavior in several corner cases, for instance,
|
||
if the initial responder moves to a different address.
|
||
* Fixed left-/rightnexthop option, which was broken since 4.4.0.
|
||
* Fixed a bug not releasing a virtual IP address to a pool if the
|
||
XAUTH identity was different from the IKE identity.
|
||
* Fixed the alignment of ModeConfig messages on 4-byte boundaries
|
||
in the case where the attributes are not a multiple of 4 bytes
|
||
(e.g. Cisco's UNITY_BANNER).
|
||
* Fixed the interoperability of the socket_raw and socket_default
|
||
charon plugins.
|
||
* Added man page for strongswan.conf
|
||
- Adopted spec file, removed obsolete error range patch.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 10 11:43:38 UTC 2010 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.4.1 release, changes since 4.4.0 are:
|
||
* Support of xfrm marks in IPsec SAs and IPsec policies introduced
|
||
with the Linux 2.6.34 kernel.
|
||
For details see the example scenarios ikev2/nat-two-rw-mark,
|
||
ikev2/rw-nat-mark-in-out and ikev2/net2net-psk-dscp.
|
||
* The PLUTO_MARK_IN and PLUTO_ESP_ENC environment variables can be
|
||
used in a user-specific updown script to set marks on inbound ESP
|
||
or ESP_IN_UDP packets.
|
||
* The openssl plugin now supports X.509 certificate and CRL functions.
|
||
* OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
|
||
enabled by default.
|
||
Plase update manual load directives in strongswan.conf.
|
||
* RFC3779 ipAddrBlock constraint checking has been moved to the
|
||
addrblock plugin, disabled by default. Enable it and update manual
|
||
load directives in strongswan.conf, if required.
|
||
* The pki utility supports CRL generation using the --signcrl command.
|
||
* The ipsec pki --self, --issue and --req commands now support output
|
||
in PEM format using the --outform pem option.
|
||
* The major refactoring of the IKEv1 Mode Config functionality now
|
||
allows the transport and handling of any Mode Config attribute.
|
||
* The RADIUS proxy plugin eap-radius now supports multiple servers.
|
||
Configured servers are chosen randomly, with the option to prefer
|
||
a specific server. Non-responding servers are degraded by the
|
||
selection process.
|
||
* The ipsec pool tool manages arbitrary configuration attributes
|
||
stored in an SQL database. ipsec pool --help gives the details.
|
||
* The new eap-simaka-sql plugin acts as a backend for EAP-SIM and
|
||
EAP-AKA, reading triplets/quintuplets from an SQL database.
|
||
* The High Availability plugin now supports a HA enabled in-memory
|
||
address pool and Node reintegration without IKE_SA rekeying. The
|
||
latter allows clients without IKE_SA rekeying support to keep
|
||
connected during reintegration. Additionally, many other issues
|
||
have been fixed in the ha plugin.
|
||
* Fixed a potential remote code execution vulnerability resulting
|
||
from the misuse of snprintf(). The vulnerability is exploitable
|
||
by unauthenticated users.
|
||
- Removed obsolete snprintf security fix, adopted spec file
|
||
- Enabled the eap-sim,eap-sim-file,eap-simaka-sql,eap-simaka-reauth,
|
||
eap-simaka-pseudonym,eap-aka-3gpp2,md4,blowfish,addrblock plugins.
|
||
- Enabled the mysql, sqlite, load-tester and test-vectors plugins,
|
||
that are packaged into separate mysql,sqlite,tests sub packages.
|
||
- Disabled sqlite plugin on SLE-10 -- sqlite3 lib is too old there.
|
||
- Applied patch by Jiri Bohac fixing error-type range in parsing of
|
||
NOTIFY payloads (RFC 4306, section 3.10.1).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 2 15:40:17 UTC 2010 - mt@suse.de
|
||
|
||
- Applied upstream patch fixing snprintf flaws in the strongSwan
|
||
IKE daemons exploitable by unauthenticated attackers using a
|
||
crafted certificate or identification payload (bnc#615915).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 2 14:16:18 UTC 2010 - mt@suse.de
|
||
|
||
- Added README.SUSE to source list in the spec file.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 14 19:19:04 UTC 2010 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.4.0 release, changes since 4.3.6 are:
|
||
* The IKEv2 High Availability plugin has been integrated. It
|
||
provides load sharing and failover capabilities in a cluster of
|
||
currently two nodes, based on an extend ClusterIP kernel module.
|
||
More information is available at
|
||
http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
|
||
The development of the High Availability functionality was sponsored
|
||
by secunet Security Networks AG.
|
||
* Added IKEv1 and IKEv2 configuration support for the AES-GMAC
|
||
authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux
|
||
2.6.34 kernel is required to make AES-GMAC available via the XFRM
|
||
kernel interface.
|
||
* Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp,
|
||
gcrypt and openssl plugins, usable by both pluto and charon. The new
|
||
proposal keywords are modp1024s160, modp2048s224 and modp2048s256.
|
||
Thanks to Joy Latten from IBM for her contribution.
|
||
* The IKEv1 pluto daemon supports RAM-based virtual IP pools using
|
||
the rightsourceip directive with a subnet from which addresses
|
||
are allocated.
|
||
* The ipsec pki --gen and --pub commands now allow the output of
|
||
private and public keys in PEM format using the --outform pem
|
||
command line option.
|
||
* The new DHCP plugin queries virtual IP addresses for clients from
|
||
a DHCP server using broadcasts, or a defined server using the
|
||
charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server
|
||
information is additionally served to clients if the DHCP server
|
||
provides such information. The plugin is used in ipsec.conf
|
||
configurations having rightsourceip set to %dhcp.
|
||
* A new plugin called farp fakes ARP responses for virtual IP
|
||
addresses handed out to clients from the IKEv2 daemon charon. The
|
||
plugin lets a road-warrior act as a client on the local LAN if it
|
||
uses a virtual IP from the responders subnet, e.g. acquired using
|
||
the DHCP plugin.
|
||
* The existing IKEv2 socket implementations have been migrated to
|
||
the socket-default and the socket-raw plugins. The new
|
||
socket-dynamic plugin binds sockets dynamically to ports configured
|
||
via the left-/rightikeport ipsec.conf connection parameters.
|
||
* The android charon plugin stores received DNS server information
|
||
as "net.dns" system properties, as used by the Android platform.
|
||
- Splitted package into strongswan-ipsec, that install the traditional
|
||
ipsec service starter scripts, -ikev1 and -ikev2 installing daemons
|
||
and -libs0, that contains the library and plugins.
|
||
- Enabled dhcp, farp, ha, socket-dynamic, agent, eap and sql plugins.
|
||
- Enabled NetworkManager nm plugin in a separate strongswan-nm package.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 2 21:42:10 CET 2010 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.3.6 release, changes since 4.3.4 are:
|
||
* The IKEv2 daemon supports RFC 3779 IP address block constraints
|
||
carried as a critical X.509v3 extension in the peer certificate.
|
||
* The ipsec pool --add|del dns|nbns command manages DNS and NBNS
|
||
name server entries that are sent via the IKEv1 Mode Config or
|
||
IKEv2 Configuration Payload to remote clients.
|
||
* The Camellia cipher can be used as an IKEv1 encryption algorithm.
|
||
* The IKEv1 and IKEV2 daemons now check certificate path length
|
||
constraints.
|
||
* The new ipsec.conf conn option "inactivity" closes a CHILD_SA if
|
||
no traffic was sent or received within the given interval. To close
|
||
the complete IKE_SA if its only CHILD_SA was inactive, set the
|
||
global strongswan.conf option "charon.inactivity_close_ike" to yes.
|
||
* More detailed IKEv2 EAP payload information in debug output
|
||
* IKEv2 EAP-SIM and EAP-AKA share joint libsimaka library
|
||
* Added required userland changes for proper SHA256 and SHA384/512
|
||
in ESP that will be introduced with Linux 2.6.33.
|
||
The "sha256"/"sha2_256" keyword now configures the kernel with 128
|
||
bit truncation, not the non-standard 96 bit truncation used by
|
||
previous releases. To use the old 96 bit truncation scheme, the new
|
||
"sha256_96" proposal keyword has been introduced.
|
||
* Fixed IPComp in tunnel mode, stripping out the duplicated outer
|
||
header. This change makes IPcomp tunnel mode connections
|
||
incompatible with previous releases; disable compression on such
|
||
tunnels.
|
||
* Fixed BEET mode connections on recent kernels by installing SAs
|
||
with appropriate traffic selectors, based on a patch by Michael
|
||
Rossberg.
|
||
* Using extensions (such as BEET mode) and crypto algorithms (such
|
||
as twofish, serpent, sha256_96) allocated in the private use space
|
||
now require that we know its meaning, i.e. we are talking to
|
||
strongSwan. Use the new "charon.send_vendor_id" option in
|
||
strongswan.conf to let the remote peer know this is the case.
|
||
* Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where
|
||
the responder omits public key authentication in favor of a mutual
|
||
authentication method. To enable EAP-only authentication, set
|
||
rightauth=eap on the responder to rely only on the MSK constructed
|
||
AUTH payload. This not-yet standardized extension requires the
|
||
strongSwan vendor ID introduced above.
|
||
* The IKEv1 daemon ignores the Juniper SRX notification type 40001,
|
||
thus allowing interoperability.
|
||
* The IKEv1 pluto daemon can now use SQL-based address pools to
|
||
deal out virtual IP addresses as a Mode Config server. The pool
|
||
capability has been migrated from charon's sql plugin to a new
|
||
attr-sql plugin which is loaded by libstrongswan and which can be
|
||
used by both daemons either with a SQLite or MySQL database and the
|
||
corresponding plugin.
|
||
* Plugin names have been streamlined: EAP plugins now have a dash
|
||
after eap (e.g. eap-sim), as it is used with the --enable-eap-sim
|
||
./configure option.
|
||
Plugin configuration sections in strongswan.conf now use the same
|
||
name as the plugin itself (i.e. with a dash). Make sure to update
|
||
"load" directives and the affected plugin sections in existing
|
||
strongswan.conf files.
|
||
* The private/public key parsing and encoding has been split up
|
||
into separate pkcs1, pgp, pem and dnskey plugins. The public key
|
||
implementation plugins gmp, gcrypt and openssl can all make use
|
||
of them.
|
||
* The EAP-AKA plugin can use different backends for USIM/quintuplet
|
||
calculations, very similar to the EAP-SIM plugin. The existing 3GPP2
|
||
software implementation has been migrated to a separate plugin.
|
||
* The IKEv2 daemon charon gained basic PGP support. It can use
|
||
locally installed peer certificates and can issue signatures based
|
||
on RSA private keys.
|
||
* The new 'ipsec pki' tool provides a set of commands to maintain a
|
||
public key infrastructure. It currently supports operations to
|
||
create RSA and ECDSA private/public keys, calculate fingerprints and
|
||
issue or verify certificates.
|
||
* Charon uses a monotonic time source for statistics and job
|
||
queueing, behaving correctly if the system time changes (e.g. when
|
||
using NTP).
|
||
* In addition to time based rekeying, charon supports IPsec SA
|
||
lifetimes based on processed volume or number of packets.
|
||
They new ipsec.conf paramaters 'lifetime' (an alias to 'keylife'),
|
||
'lifebytes' and 'lifepackets' handle SA timeouts, while the
|
||
parameters 'margintime' (an alias to rekeymargin), 'marginbytes'
|
||
and 'marginpackets' trigger the rekeying before a SA expires.
|
||
The existing parameter 'rekeyfuzz' affects all margins.
|
||
* If no CA/Gateway certificate is specified in the NetworkManager
|
||
plugin, charon uses a set of trusted root certificates preinstalled
|
||
by distributions. The directory containing CA certificates can be
|
||
specified using the --with-nm-ca-dir=path configure option.
|
||
* Fixed the encoding of the Email relative distinguished name in
|
||
left|rightid statements.
|
||
* Fixed the broken parsing of PKCS#7 wrapped certificates by the
|
||
pluto daemon.
|
||
* Fixed smartcard-based authentication in the pluto daemon which
|
||
was broken by the ECDSA support introduced with the 4.3.2 release.
|
||
* A patch contributed by Heiko Hund fixes mixed IPv6 in IPv4 and
|
||
vice versa tunnels established with the IKEv1 pluto daemon.
|
||
* The pluto daemon now uses the libstrongswan x509 plugin for
|
||
certificates and CRls and the struct id type was replaced by
|
||
identification_t used by charon and the libstrongswan library.
|
||
- Removed obsolete load_secrets patches, refreshed modprobe patch.
|
||
- Corrected a time_t cast reported by rpmlint (timer.c:51)
|
||
- Disabled libtoolize call and the gcrypt plugin on SLE 10.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 4 12:56:59 CEST 2009 - mt@suse.de
|
||
|
||
- Fixed open failure debug message in load_secrets
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 3 23:44:37 CEST 2009 - mt@suse.de
|
||
|
||
- Applied patch fixing locking in ipsec.secrets inclusion.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 31 16:06:13 CEST 2009 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.3.4 release:
|
||
* IKEv2 charon daemon ported to FreeBSD and Mac OS X. Installation
|
||
details can be found on wiki.strongswan.org.
|
||
* ipsec statusall shows the number of bytes transmitted and received
|
||
over ESP connections configured by the IKEv2 charon daemon.
|
||
* The IKEv2 charon daemon supports include files in ipsec.secrets.
|
||
- Removed obsolete ipsec.secrets include patch (bnc#524799)
|
||
and patch to avoid libchecksum version.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 7 11:44:30 CEST 2009 - mt@suse.de
|
||
|
||
- Applied patch implementing ipsec.secrets "include" directive
|
||
support in charon (http://wiki.strongswan.org/issues/show/82,
|
||
bnc#524799).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 27 13:40:57 CEST 2009 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.3.3 release:
|
||
* The configuration option --enable-integrity-test plus the
|
||
strongswan.conf option libstrongswan.integrity_test = yes
|
||
activate integrity tests of the IKE daemons charon and pluto,
|
||
libstrongswan and all loaded plugins. Thus dynamic library
|
||
misconfigurations and non-malicious file manipulations can be
|
||
reliably detected.
|
||
* The new default setting libstrongswan.ecp_x_coordinate_only=yes
|
||
allows IKEv1 interoperability with MS Windows using the ECP DH
|
||
groups 19 and 20.
|
||
* The IKEv1 pluto daemon now supports the AES-CCM and AES-GCM ESP
|
||
authenticated encryption algorithms.
|
||
* The IKEv1 pluto daemon now supports V4 OpenPGP keys.
|
||
* The RDN parser vulnerability discovered by Orange Labs research
|
||
team was not completely fixed in version 4.3.2. Some more
|
||
modifications had to be applied to the asn1_length() function to
|
||
make it robust.
|
||
- Enabled --enable-integrity-test configure option (new feature).
|
||
- Removed patch to avoid plugin versions (accepted by upstream)
|
||
and added patch to avoid version for new libchecksum library.
|
||
- Added -Wno-pointer-sign -Wno-strict-aliasing CFLAGS in the spec.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 10 11:04:44 CEST 2009 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.3.2 release, that fixes two asn1 parser
|
||
DoS vulnerabilities and provides several new features, e.g.:
|
||
* The new gcrypt plugin provides symmetric cipher, hasher, RNG,
|
||
Diffie-Hellman and RSA crypto primitives using the LGPL licensed
|
||
GNU gcrypt library.
|
||
* libstrongswan features an integrated crypto selftest framework
|
||
for registered algorithms. The test-vector plugin provides a first
|
||
set of test vectors and allows pluto and charon to rely on tested
|
||
crypto algorithms.
|
||
* pluto can now use all libstrongswan plugins with the exception
|
||
of x509 and xcbc. Thanks to the openssl plugin, the ECP Diffie-
|
||
Hellman groups 19, 20, 21, 25, and 26 as well as ECDSA-256,
|
||
ECDSA-384, and ECDSA-521 authentication can be used with IKEv1.
|
||
* Applying their fuzzing tool, the Orange Labs vulnerability
|
||
research team found another two DoS vulnerabilities, one in the
|
||
rather old ASN.1 parser of Relative Distinguished Names (RDNs)
|
||
and a second one in the conversion of ASN.1 UTCTIME and
|
||
GENERALIZEDTIME strings to a time_t value.
|
||
* The nm plugin now passes DNS/NBNS server information to
|
||
NetworkManager, allowing a gateway administrator to set DNS/NBNS
|
||
configuration on clients dynamically.
|
||
* The nm plugin also accepts CA certificates for gateway
|
||
authentication. If a CA certificate is configured, strongSwan uses
|
||
the entered gateway address as its idenitity, requiring the gateways
|
||
certificate to contain the same as subjectAltName.
|
||
This allows a gateway administrator to deploy the same
|
||
certificates to Windows 7 and NetworkManager clients.
|
||
* The command ipsec purgeike deletes IKEv2 SAs that don't have a
|
||
CHILD SA.
|
||
The command ipsec down <conn>{n} deletes CHILD SA instance n of
|
||
connection <conn> whereas ipsec down <conn>{*} deletes all CHILD
|
||
SA instances.
|
||
The command ipsec down <conn>[n] deletes IKE SA instance n of
|
||
connection <conn> plus dependent CHILD SAs whereas ipsec down
|
||
<conn>[*] deletes all IKE SA instances of connection <conn>.
|
||
* Fixed a regression introduced in 4.3.0 where EAP authentication
|
||
calculated the AUTH payload incorrectly. Further, the EAP-MSCHAPv2
|
||
MSK key derivation has been updated to be compatible with the
|
||
Windows 7 Release Candidate.
|
||
* Refactored installation of triggering policies. Routed policies
|
||
are handled outside of IKE_SAs to keep them installed in any case.
|
||
A tunnel gets established only once, even if initiation is delayed
|
||
due network outages.
|
||
* Improved the handling of multiple acquire signals triggered by
|
||
the kernel.
|
||
* Fixed two DoS vulnerabilities in the charon daemon that were
|
||
discovered by fuzzing techniques:
|
||
1) Sending a malformed IKE_SA_INIT request leaved an incomplete
|
||
state which caused a null pointer dereference if a subsequent
|
||
CREATE_CHILD_SA request was sent.
|
||
2) Sending an IKE_AUTH request with either a missing TSi or TSr
|
||
payload caused a null pointer derefence because the checks for
|
||
TSi and TSr were interchanged.
|
||
The IKEv2 fuzzer used was developped by the Orange Labs
|
||
vulnerability research team. The tool was initially written
|
||
by Gabriel Campana and is now maintained by Laurent Butti.
|
||
* Added support for AES counter mode in ESP in IKEv2 using the
|
||
proposal keywords aes128ctr, aes192ctr and aes256ctr.
|
||
* Further progress in refactoring pluto: Use of the curl and ldap
|
||
plugins for fetching crls and OCSP. Use of the random plugin to
|
||
get keying material from /dev/random or /dev/urandom. Use of the
|
||
openssl plugin as an alternative to the aes, des, sha1, sha2, and
|
||
md5 plugins. The blowfish, twofish, and serpent encryption plugins
|
||
are now optional and are not enabled by default.
|
||
- Enabled new gcrypt plugin
|
||
- Adopted spec file and modprobe to syslog patch
|
||
- Removed obsolete getline glibc collision patch
|
||
- Added patch to avoid library version for plugins (rpmlint).
|
||
- Replaced update-dns-server patch with a --with-resolv-conf.
|
||
- Removed restart_on_update from spec file (see bnc#450390).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 8 00:21:13 CEST 2009 - ro@suse.de
|
||
|
||
- rename getline to my_getline to avoid collision with function
|
||
from glibc
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 2 09:56:16 CEST 2009 - mt@suse.de
|
||
|
||
- Applied fix for a Denial-of-Service vulnerability where receiving
|
||
a malformed IKE_SA_INIT request leaves an incomplete state which
|
||
causes a crash of the IKEv2 charon while dereferencing a NULL
|
||
pointer if a subsequent CREATE_CHILD_SA is received (bnc#507742).
|
||
- Applied fix for a Denial-of-Service vulnerability where receiving
|
||
a malformed IKE_AUTH request with either a missing TSi or TSr
|
||
traffic selector payload causes a crash of the IKEv2 charon while
|
||
dereferencing a NULL pointer because the NULL pointer checks of
|
||
TSi and TSr before destruction were erroneously swapped
|
||
(bnc#507742).
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 31 11:19:03 CEST 2009 - mt@suse.de
|
||
|
||
- Updated to strongSwan 4.2.14 release that fixes a grave DPD
|
||
denial of service vulnerability registered as CVE-2009-0790,
|
||
that had been slumbering in the code for many years:
|
||
* A vulnerability in the Dead Peer Detection (RFC 3706) code
|
||
was found by Gerd v. Egidy <gerd.von.egidy@intra2net.com> of
|
||
Intra2net AG affecting all Openswan and strongSwan releases.
|
||
A malicious (or expired ISAKMP) R_U_THERE or R_U_THERE_ACK
|
||
Dead Peer Detection packet can cause the pluto IKE daemon to
|
||
crash and restart. No authentication or encryption is required
|
||
to trigger this bug. One spoofed UDP packet can cause the pluto
|
||
IKE daemon to restart and be unresponsive for a few seconds
|
||
while restarting. This DPD null state vulnerability has been
|
||
officially registered as CVE-2009-0790 and is fixed by this
|
||
release.
|
||
* The new server-side EAP RADIUS plugin (--enable-eap-radius)
|
||
relays EAP messages to and from a RADIUS server. Succesfully
|
||
tested with with a freeradius server using EAP-MD5 and EAP-SIM.
|
||
* ASN.1 to time_t conversion caused a time wrap-around for dates
|
||
after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
|
||
As a workaround such dates are set to the maximum representable
|
||
time, i.e. Jan 19 03:14:07 UTC 2038.
|
||
* Distinguished Names containing wildcards (*) are not sent in the
|
||
IDr payload anymore.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 20 09:27:06 CEST 2008 - mt@suse.de
|
||
|
||
- Updated to 4.2.8 release:
|
||
* IKEv2 charon daemon supports authentication based on raw public
|
||
keys stored in the SQL database backend. The ipsec listpubkeys
|
||
command lists the available raw public keys via the stroke
|
||
interface.
|
||
* Several MOBIKE improvements: Detect changes in NAT mappings in
|
||
DPD exchanges, handle events if kernel detects NAT mapping changes
|
||
in UDP-encapsulated ESP packets (requires kernel patch), reuse old
|
||
addesses in MOBIKE updates as long as possible and other fixes.
|
||
* Fixed a bug in addr_in_subnet() which caused insertion of wrong
|
||
source routes for destination subnets having netwmasks not being a
|
||
multiple of 8 bits. Thanks go to Wolfgang Steudel, TU Ilmenau for
|
||
reporting this bug.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 14 16:29:59 CEST 2008 - mt@suse.de
|
||
|
||
- Applied fix for addr_in_subnet() extracted from strongswan-4.2.8
|
||
which caused insertion of wrong source routes for destination
|
||
subnets having netwmasks not being a multiple of 8 bits.
|
||
Thanks go to Wolfgang Steudel, TU Ilmenau for reporting this bug.
|
||
(bnc#435200)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 10 08:08:35 CEST 2008 - mt@suse.de
|
||
|
||
- Applied fix for a Denial-of-Service vulnerability where an
|
||
IKE_SA_INIT message with a KE payload containing zeroes only can
|
||
cause a crash of the IKEv2 charon daemon due to a NULL pointer
|
||
returned by the mpz_export() function of the GNU Multi Precision
|
||
(GMP) library. Thanks go to Mu Dynamics Research Labs for making
|
||
us aware of this problem. (bnc#435194)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 28 14:31:49 CEST 2008 - mt@suse.de
|
||
|
||
- Fixed to use --enable-curl instead of --enable-http as before
|
||
- Enabled the OpenSSL crypto plugin in the spec file.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 28 09:48:14 CEST 2008 - mt@suse.de
|
||
|
||
- Updated to 4.2.6 release, fixing bugs and offering a lot of new
|
||
features comparing to the last version provided by this package.
|
||
Most important are:
|
||
* A NetworkManager plugin allows GUI-based configuration of
|
||
road-warrior clients in a simple way. It features X509 based
|
||
gateway authentication and EAP client authentication, tunnel
|
||
setup/teardown and storing passwords in the Gnome Keyring.
|
||
* A new EAP-GTC plugin implements draft-sheffer-ikev2-gtc-00.txt
|
||
and allows username/password authentication against any PAM
|
||
service on the gateway. The new EAP method interacts nicely with
|
||
the NetworkManager plugin and allows client authentication against
|
||
e.g. LDAP.
|
||
* Improved support for the EAP-Identity method. The new ipsec.conf
|
||
eap_identity parameter defines an additional identity to pass to
|
||
the server in EAP authentication.
|
||
* Fixed two multithreading deadlocks occurring when starting up
|
||
several hundred tunnels concurrently.
|
||
* Fixed the --enable-integrity-test configure option which
|
||
computes a SHA-1 checksum over the libstrongswan library.
|
||
* Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
|
||
* Improved the performance of the SQL-based virtual IP address pool
|
||
by introducing an additional addresses table. The leases table
|
||
storing only history information has become optional and can be
|
||
disabled by setting charon.plugins.sql.lease_history = no in
|
||
strongswan.conf.
|
||
* The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6
|
||
and IPv6-over-IPv4 tunnels with the 2.6.26 and later Linux kernels.
|
||
* management of different virtual IP pools for different network
|
||
interfaces have become possible.
|
||
* fixed a bug which prevented the assignment of more than 256
|
||
virtual IP addresses from a pool managed by an sql database.
|
||
* fixed a bug which did not delete own IPCOMP SAs in the kernel.
|
||
* The openssl plugin supports the elliptic curve Diffie-Hellman
|
||
groups 19, 20, 21, 25, and 26 and ECDSA authentication using
|
||
elliptic curve X.509 certificates.
|
||
* Fixed a bug in stroke which caused multiple charon threads to
|
||
close the file descriptors during packet transfers over the stroke
|
||
socket.
|
||
* ESP sequence numbers are now migrated in IPsec SA updates handled
|
||
by MOBIKE. Works only with Linux kernels >= 2.6.17.
|
||
* Fixed a number of minor bugs that where discovered during the 4th
|
||
IKEv2 interoperability workshop in San Antonio, TX.
|
||
* Plugins for libstrongswan and charon can optionally be loaded
|
||
according to a configuration in strongswan.conf. Most components
|
||
provide a "load = " option followed by a space separated list of
|
||
plugins to load. This allows e.g. the fallback from a hardware
|
||
crypto accelerator to to software-based crypto plugins.
|
||
* Charons SQL plugin has been extended by a virtual IP address pool.
|
||
Configurations with a rightsourceip=%poolname setting query a
|
||
SQLite or MySQL database for leases. The "ipsec pool" command helps
|
||
in administrating the pool database. See ipsec pool --help for the
|
||
available options
|
||
* The Authenticated Encryption Algorithms AES-CCM-8/12/16 and
|
||
AES-GCM-8/12/16 for ESP are now supported starting with the Linux
|
||
2.6.25 kernel. The syntax is e.g. esp=aes128ccm12 or esp=aes256gcm16.
|
||
- Added patch disabling direct modifications of resolv.conf; has to
|
||
be replaced by a netconfig call.
|
||
- Added patch adding a missed file name argument in printf call in the
|
||
scripts/thread_analysis.c file -- resulting binary is not installed.
|
||
- Removed obsolete patches crash_badcfg_reload and old-caps-version.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 30 22:40:31 CEST 2008 - mt@suse.de
|
||
|
||
- Added fix that explicitly enables version 1 linux capabilities
|
||
on version 2 systems to aviod that the charon and pluto daemons
|
||
exit because of failed capset call (bnc#404989).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 19 16:17:16 CEST 2008 - mt@suse.de
|
||
|
||
- Applied fix (strongswan_crash_badcfg_reload.dif) to avoid
|
||
a crash after reloading with bad config (bnc#392062).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
|
||
|
||
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
|
||
release provides much more modularity and therefore much more
|
||
extensiblity and offers the following new features:
|
||
* libstrongswan has been modularized to attach crypto algorithms,
|
||
credential implementations (secret and private keys, certificates)
|
||
and http/ldap fetchers dynamically through plugins.
|
||
* A relational database API that uses pluggable database providers
|
||
was added to libstrongswan including plugins for MySQL and SQLite.
|
||
* The IKEv2 keying charon daemon has become more extensible. Generic
|
||
plugins can provide arbitrary interfaces to credential stores and
|
||
connection management interfaces. Also any EAP method can be added.
|
||
* The authentication and credential framework in charon has been
|
||
heavily refactored to support modular credential providers, proper
|
||
CERTREQ/CERT payload exchanges and extensible authorization rules.
|
||
* Support for "Hash and URL" encoded certificate payloads has been
|
||
implemented in the IKEv2 daemon charon.
|
||
* The IKEv2 daemon charon now supports the "uniqueids" option to
|
||
close multiple IKE_SAs with the same peer.
|
||
* The crypto factory in libstrongswan additionally supports random
|
||
number generators. Plugins may provide other sources of randomness.
|
||
* Extended the credential framework by a caching option to allow
|
||
plugins persistent caching of fetched credentials.
|
||
* The new trust chain verification introduced in 4.2.0 has been
|
||
parallelized. Threads fetching CRL or OCSP information no longer
|
||
block other threads.
|
||
* A new IKEv2 configuration attribute framework has been introduced
|
||
allowing plugins to provide virtual IP addresses, and in the future,
|
||
other configuration attribute services (e.g. DNS/WINS servers).
|
||
* The stroke plugin has been extended to provide virtual IP addresses
|
||
from a simple pool defined in ipsec.conf.
|
||
* Fixed compilation on uClibc and a couple of other minor bugs.
|
||
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
|
||
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
|
||
authentication algorithm AES_XCBC_MAC.
|
||
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
|
||
and adding inclusion of limits.h for PATH_MAX availability.
|
||
- Added rpmlintrc file and a libtoolize call to the spec file.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
|
||
|
||
- Updated to 4.1.11 maintenance release, providing following fixes:
|
||
* IKE rekeying in NAT situations did not inherit the NAT conditions
|
||
to the rekeyed IKE_SA so that the UDP encapsulation was lost with
|
||
the next CHILD_SA rekeying.
|
||
* Wrong type definition of the next_payload variable in id_payload.c
|
||
caused an INVALID_SYNTAX error on PowerPC platforms.
|
||
* Implemented IKEv2 EAP-SIM server and client test modules that use
|
||
triplets stored in a file. For details on the configuration see
|
||
the scenario 'ikev2/rw-eap-sim-rsa'.
|
||
- The 4.1.10 final version, declared upstream as "Fully tested support
|
||
of IPv6 IPsec tunnel connections", fixes ordering error in oscp cache,
|
||
IPv6 defaults of the nexthop parameter, adds support for new EAP
|
||
modules [disabled in this build] and obsoletes our strongswan_path
|
||
and strongswan_ipsec_script_msg patches.
|
||
- Removed a sed call from init script.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 8 13:03:42 CET 2007 - mt@suse.de
|
||
|
||
- Updated to 4.1.9 final, including all our patches.
|
||
- Changed init script to use ipsec cmd using LSB codes now.
|
||
- Added strongswan_path.dif setting a PATH in scripts (updown).
|
||
- Added strongswan_ipsec_script_msg.dif for consistent look of
|
||
ipsec script messages.
|
||
- Added strongswan_modprobe_syslog.dif redirecting modprobe
|
||
output to syslog.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 26 10:19:40 CET 2007 - mt@suse.de
|
||
|
||
- Renamed charon plugins to avoid rpm conflicts with existing
|
||
libraries (libstroke). Patch: strongswan-libconflicts.dif
|
||
- Added init script. Template file: strongswan.init.in
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 22 10:25:56 CET 2007 - mt@suse.de
|
||
|
||
- Initial, unfinished package
|
||
|