rjain/strongswan
SHA256
1
0
Fork 0
forked from jengelh/strongswan
Code Pull Requests Activity

- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944):

Browse Source 
- Fixed a security vulnerability in the openssl plugin which was
    reported by Kevin Wojtysiak.  The vulnerability has been registered
    as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA
    signature verification was used, due to a misinterpretation of the
    error code returned by the OpenSSL ECDSA_verify() function, an empty
    or zeroed signature was accepted as a legitimate one. Refer to our
    blog for details.
  - The handling of a couple of other non-security relevant OpenSSL
    return codes was fixed as well.
  - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses
    via its TCG TNC IF-MAP 2.1 interface.
  - The charon.initiator_only strongswan.conf option causes charon to
    ignore IKE initiation requests.
  - The openssl plugin can now use the openssl-fips library.
  The version 5.0.3 provides new ipseckey plugin, enabling authentication
  based on trustworthy public keys stored as IPSECKEY resource records in
  the DNS and protected by DNSSEC and new openssl plugin using the AES-NI
  accelerated version of AES-GCM if the hardware supports it.
  See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
  for a list of all changes since the 5.0.1 release.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=58
This commit is contained in:
Marius Tomaschewski
2013-04-30 13:10:58 +00:00
committed by Git OBS Bridge
parent f2cf7cb837
commit 2fa10a3109
7 changed files with 51 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
strongswan.changes
View File

@@ -1,3 +1,28 @@
-------------------------------------------------------------------
Tue Apr 30 12:48:44 UTC 2013 - mt@suse.de
- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944):
- Fixed a security vulnerability in the openssl plugin which was
reported by Kevin Wojtysiak. The vulnerability has been registered
as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA
signature verification was used, due to a misinterpretation of the
error code returned by the OpenSSL ECDSA_verify() function, an empty
or zeroed signature was accepted as a legitimate one. Refer to our
blog for details.
- The handling of a couple of other non-security relevant OpenSSL
return codes was fixed as well.
- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses
via its TCG TNC IF-MAP 2.1 interface.
- The charon.initiator_only strongswan.conf option causes charon to
ignore IKE initiation requests.
- The openssl plugin can now use the openssl-fips library.
The version 5.0.3 provides new ipseckey plugin, enabling authentication
based on trustworthy public keys stored as IPSECKEY resource records in
the DNS and protected by DNSSEC and new openssl plugin using the AES-NI
accelerated version of AES-GCM if the hardware supports it.
See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
for a list of all changes since the 5.0.1 release.
-------------------------------------------------------------------
Thu Nov 29 19:13:40 CET 2012 - sbrabec@suse.cz