forked from pool/strongswan
Accepting request 521273 from home:ndas:branches:network:vpn
- Updated to strongSwan 5.6.0 providing the following changes:
*Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.
This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
*New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
Draft and has been demonstrated at the IETF 99 Prague Hackathon.
*The IMV database template has been adapted to achieve full compliance with the
ISO 19770-2:2015 SWID tag standard.
*The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
*By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
swanctl.conf file.
*The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
*The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
*libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
* more on https://wiki.strongswan.org/versions/66
OBS-URL: https://build.opensuse.org/request/show/521273
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=104
This commit is contained in:
Nirmoy Das
committed by
Git OBS Bridge
Git OBS Bridge
parent
e17322a559
commit
062c69a06d
@@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: strongswan
|
||||
Version: 5.5.3
|
||||
Version: 5.6.0
|
||||
Release: 0
|
||||
%define upstream_version %{version}
|
||||
%define strongswan_docdir %{_docdir}/%{name}
|
||||
@@ -497,9 +497,9 @@ install -c -m644 ${RPM_SOURCE_DIR}/fips-enforce.conf \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/starter \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/pool \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/scepclient \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/pt-tls-client \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/imv_policy_manager \
|
||||
$RPM_BUILD_ROOT%{_libexecdir}/ipsec/_fipscheck \
|
||||
$RPM_BUILD_ROOT%{_bindir}/pt-tls-client \
|
||||
$RPM_BUILD_ROOT%{_sbindir}/ipsec \
|
||||
;
|
||||
do
|
||||
@@ -570,6 +570,7 @@ fi
|
||||
%{_libexecdir}/ipsec/_fipscheck
|
||||
%{_libexecdir}/ipsec/.*.hmac
|
||||
%{_sbindir}/.ipsec.hmac
|
||||
%{_bindir}/.pt-tls-client.hmac
|
||||
%endif
|
||||
|
||||
%files ipsec
|
||||
@@ -596,9 +597,11 @@ fi
|
||||
%{_sbindir}/rcipsec
|
||||
%endif
|
||||
%{_bindir}/pki
|
||||
%{_bindir}/pt-tls-client
|
||||
%{_sbindir}/ipsec
|
||||
%{_sbindir}/swanctl
|
||||
%{_mandir}/man1/pki*.1*
|
||||
%{_mandir}/man1/pt-tls-client.1*
|
||||
%{_mandir}/man8/ipsec.8*
|
||||
%{_mandir}/man5/ipsec.conf.5*
|
||||
%{_mandir}/man5/ipsec.secrets.5*
|
||||
@@ -611,7 +614,6 @@ fi
|
||||
%endif
|
||||
%{_libexecdir}/ipsec/duplicheck
|
||||
%{_libexecdir}/ipsec/pool
|
||||
%{_libexecdir}/ipsec/pt-tls-client
|
||||
%{_libexecdir}/ipsec/scepclient
|
||||
%{_libexecdir}/ipsec/starter
|
||||
%{_libexecdir}/ipsec/stroke
|
||||
|
||||
Reference in New Issue
Block a user