strongswan: Update to version 5.9.12

  - Update from version 5.9.11 to 5.9.12
- Update of rootfile
- Changelog
    5.9.12
	Vulnerabilities
	    Fixed a vulnerability in charon-tkm (the TKM-backed version of the charon IKE
	     daemon) related to processing DH public values that can lead to a buffer
	     overflow and potentially remote code execution. This vulnerability has been
	     registered as CVE-2023-41913. Please refer to our blog for details.
	New Feature Additions
	    The new pki --ocsp command produces OCSP responses based on certificate status
	     information provided by implementations of the new ocsp_responder_t interface
	     (#1958).
	    Two sources are currently available, the openxpki plugin that directly
	     accesses the OpenXPKI database and the command's --index argument, which
	     reads certificate status information from OpenSSL-style index.txt files
	     (multiple CAs are supported concurrently).
	    The new cert-enroll script handles the initial enrollment of an X.509 host
	     certificate with a PKI server via the EST or SCEP protocols.
	    Run as a systemd timer or via a crontab entry, the script checks the
	     expiration date of the host certificate daily. When a given deadline is
	     reached, the host certificate is automatically renewed via EST or SCEP
	     re-enrollment based on the possession of the old private key and the
	     matching certificate.
	    Added a global option (charon.reject_trusted_end_entity) to prevent peers
	     from authenticating with certificates that are locally trusted, in
	     particular, our own local certificate, which safeguards against accidental
	     reuse of certificates on multiple peers. As the name suggests, all trusted
	     end-entity certificates are rejected if enabled, so peer certificates can't
	     be configured explicitly anymore (e.g. via remote.certs in swanctl.conf).
	    The --priv argument for charon-cmd allows the use of any type of private key
	     (previously, only RSA keys were supported).
	    The openssl plugin now supports the nameConstraints extension in X.509
	     certificates (#1990).
	    Support for nameConstraints of type iPAddress are now supported by the x509,
	     openssl and constraints plugins (#1991).
	    Support for encoding subjectAlternativeName extensions of type
	     uniformResourceIdentifier in X.509 certificates has been added via the uri:
	     prefix (e.g. for URNs, #1983).
	    Support for password-less PKCS#12 and PKCS#8 files has been added (#1955).
	Enhancements and Optimizations
	    Because of a relatively recent NIAP requirement (TD0527, Test 8b), loading of
	     certificates with ECDSA keys that explicitly encode the curve parameters is
	     rejected if possible. Explicit encoding is pretty rare to begin with and
	     e.g. wolfSSL already rejects such keys, by default. All crypto plugins that
	     support ECDSA enforce this by rejecting such public keys, except when using
	     older versions of OpenSSL (< 1.1.1h) or Botan (< 3.2.0) (#1949).
	    Make the NetworkManager plugin (charon-nm) actually use the XFRM interface it
	     creates since 5.9.10. This involves setting interface IDs on SAs and
	     policies, and installing routes via the interface. To avoid routing loops if
	     the remote traffic selectors include the VPN server, IKE and ESP packets are
	     marked to bypass the routing table that contains the routes via XFRM
	     interface (69e0c11).
	    If available, the plugin now also adopts the interface name configured in
	     connection.interface-name in a *.nmconnection file as name for the XFRM
	     interface instead of generating one randomly (e8f8d32).
	    The resolve plugin tries to maintain the order of DNS servers it installs via
	     resolvconf or resolv.conf (6440975, 8238ad4).
	    The kernel-libipsec plugin now always installs routes to remote networks even
	     if no address is found in the local traffic selectors, which allows
	     forwarding traffic from networks the VPN host is not part of (190d8cb).
	    Increased the default receive buffer size for Netlink sockets to 8 MiB
	     (doubled by the kernel to account for overhead) and simplified the
	     configuration (no need for a separate option to force overriding rmem_max).
	     It's now also set for event sockets, which previously could cause issues on
	     hosts with e.g. lots of route changes (#1757).
	    When issuing certificates, the subjectKeyIdentifier of the issuing
	     certificate, if available, is now copied as authorityKeyIdentifier, instead
	     of always generating a SHA-1 hash of the issuer's subjectPublicKey
	     (#1992, 6941dcb).
	    Explicitly request permission to display notifications on Android 13+
	     (ddf84c1), also enabled hardware acceleration for the Android-specific
	     OpenSSL build.
	Fixes
	    Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
	     timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
	     unrelated traffic selectors (#1855).
	    Fixed an issue in watcher_t with handling errors on sockets (e.g. if the
	     receive buffer is full), which caused an infinite loop if poll() only
	     signaled POLLERR as event (#1757).
	    Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6,
	     which did not correctly untrack invalid messages with non-zero message IDs
	     or SPIs (0b47357).
	    Fixed a regression introduced with 5.9.8 when handling IKE redirects during
	     IKE_AUTH (595fa07).
	    Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs in
	     the kernel-netlink plugin, which prevented MOBIKE updates if a large
	     anti-replay window was used (#1967).
	    Fixed a race condition in the kernel-pfroute plugin when adding virtual IPs
	     if the TUN device is activated after the address was already added
	     internally, which caused the installed route not to go via TUN device in
	     order to force the virtual IP as source address (#1807).
	    Fixed an issue in libtls that could cause the wrong ECDH group to get
	     instantiated (b5e4bf4).
	    Fixed the encoding of the CHILD_SA_NOT_FOUND notify if a CHILD_SA is not
	     found during rekeying. It was previously empty, now contains the SPI and
	     sets the protocol to the values received in the REKEY_SA notify (849c2c9).
	    Fixed a possible issue with MOBIKE in the Android client on certain devices
	     (#1691).
	For Developers
	    The new ocsp_responder_t interface can be implemented to provide certificate
	     status information to the pki --ocsp command. Responders can be
	     (un-)registered via the ocsp_responders_t instance at lib->ocsp.
	    For the watcher_t component, WATCHER_EXCEPT has been removed as there is no
	     way to explicitly listen for errors on sockets and poll() actually can
	     return POLLERR for any FD and it might even be the only signaled event
	     (which caused an infinite loop previously). Now we simply notify the
	     registered callbacks. The error is then reported by e.g. recvfrom(), which
	     was already the case before if POLLERR was returned together with
	     e.g. POLLIN.
	    The reqids allocated for CHILD_SAs (including trap policies) via
	     kernel_interface_t::alloc_reqid() are now refcounted. When recreating a
	     CHILD_SA, a reference to the reqid can be requested via
	     child_sa_t::get_reqid_ref(). If another reference is required afterwards,
	     one can be acquired directly via kernel_interface_t::ref_reqid(). Each
	     reference has to be released via kernel_interface_t::release_reqid(), whose
	     interface was simplified.
	    The testing environment is now based on Debian 12 (bookworm), by default.
	     Also, when copying files to guests, the guest-specific files are now copied
	     after the default files, which allows overriding files per guest (fixes an
	     issue with winnetou's /etc/fstab and mounting the test results).
	Refer to the 5.9.12 milestone for a list of all closed issues and pull requests.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/strongswan | 1 +
 lfs/strongswan                     | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)
  

Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

I am back :)

> On 21 Nov 2023, at 22:37, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> - Update from version 5.9.11 to 5.9.12
> - Update of rootfile
> - Changelog
>    5.9.12
> Vulnerabilities
>    Fixed a vulnerability in charon-tkm (the TKM-backed version of the charon IKE
>     daemon) related to processing DH public values that can lead to a buffer
>     overflow and potentially remote code execution. This vulnerability has been
>     registered as CVE-2023-41913. Please refer to our blog for details.
> New Feature Additions
>    The new pki --ocsp command produces OCSP responses based on certificate status
>     information provided by implementations of the new ocsp_responder_t interface
>     (#1958).
>    Two sources are currently available, the openxpki plugin that directly
>     accesses the OpenXPKI database and the command's --index argument, which
>     reads certificate status information from OpenSSL-style index.txt files
>     (multiple CAs are supported concurrently).
>    The new cert-enroll script handles the initial enrollment of an X.509 host
>     certificate with a PKI server via the EST or SCEP protocols.
>    Run as a systemd timer or via a crontab entry, the script checks the
>     expiration date of the host certificate daily. When a given deadline is
>     reached, the host certificate is automatically renewed via EST or SCEP
>     re-enrollment based on the possession of the old private key and the
>     matching certificate.
>    Added a global option (charon.reject_trusted_end_entity) to prevent peers
>     from authenticating with certificates that are locally trusted, in
>     particular, our own local certificate, which safeguards against accidental
>     reuse of certificates on multiple peers. As the name suggests, all trusted
>     end-entity certificates are rejected if enabled, so peer certificates can't
>     be configured explicitly anymore (e.g. via remote.certs in swanctl.conf).
>    The --priv argument for charon-cmd allows the use of any type of private key
>     (previously, only RSA keys were supported).
>    The openssl plugin now supports the nameConstraints extension in X.509
>     certificates (#1990).
>    Support for nameConstraints of type iPAddress are now supported by the x509,
>     openssl and constraints plugins (#1991).
>    Support for encoding subjectAlternativeName extensions of type
>     uniformResourceIdentifier in X.509 certificates has been added via the uri:
>     prefix (e.g. for URNs, #1983).
>    Support for password-less PKCS#12 and PKCS#8 files has been added (#1955).
> Enhancements and Optimizations
>    Because of a relatively recent NIAP requirement (TD0527, Test 8b), loading of
>     certificates with ECDSA keys that explicitly encode the curve parameters is
>     rejected if possible. Explicit encoding is pretty rare to begin with and
>     e.g. wolfSSL already rejects such keys, by default. All crypto plugins that
>     support ECDSA enforce this by rejecting such public keys, except when using
>     older versions of OpenSSL (< 1.1.1h) or Botan (< 3.2.0) (#1949).
>    Make the NetworkManager plugin (charon-nm) actually use the XFRM interface it
>     creates since 5.9.10. This involves setting interface IDs on SAs and
>     policies, and installing routes via the interface. To avoid routing loops if
>     the remote traffic selectors include the VPN server, IKE and ESP packets are
>     marked to bypass the routing table that contains the routes via XFRM
>     interface (69e0c11).
>    If available, the plugin now also adopts the interface name configured in
>     connection.interface-name in a *.nmconnection file as name for the XFRM
>     interface instead of generating one randomly (e8f8d32).
>    The resolve plugin tries to maintain the order of DNS servers it installs via
>     resolvconf or resolv.conf (6440975, 8238ad4).
>    The kernel-libipsec plugin now always installs routes to remote networks even
>     if no address is found in the local traffic selectors, which allows
>     forwarding traffic from networks the VPN host is not part of (190d8cb).
>    Increased the default receive buffer size for Netlink sockets to 8 MiB
>     (doubled by the kernel to account for overhead) and simplified the
>     configuration (no need for a separate option to force overriding rmem_max).
>     It's now also set for event sockets, which previously could cause issues on
>     hosts with e.g. lots of route changes (#1757).
>    When issuing certificates, the subjectKeyIdentifier of the issuing
>     certificate, if available, is now copied as authorityKeyIdentifier, instead
>     of always generating a SHA-1 hash of the issuer's subjectPublicKey
>     (#1992, 6941dcb).
>    Explicitly request permission to display notifications on Android 13+
>     (ddf84c1), also enabled hardware acceleration for the Android-specific
>     OpenSSL build.
> Fixes
>    Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
>     timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
>     unrelated traffic selectors (#1855).
>    Fixed an issue in watcher_t with handling errors on sockets (e.g. if the
>     receive buffer is full), which caused an infinite loop if poll() only
>     signaled POLLERR as event (#1757).
>    Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6,
>     which did not correctly untrack invalid messages with non-zero message IDs
>     or SPIs (0b47357).
>    Fixed a regression introduced with 5.9.8 when handling IKE redirects during
>     IKE_AUTH (595fa07).
>    Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs in
>     the kernel-netlink plugin, which prevented MOBIKE updates if a large
>     anti-replay window was used (#1967).
>    Fixed a race condition in the kernel-pfroute plugin when adding virtual IPs
>     if the TUN device is activated after the address was already added
>     internally, which caused the installed route not to go via TUN device in
>     order to force the virtual IP as source address (#1807).
>    Fixed an issue in libtls that could cause the wrong ECDH group to get
>     instantiated (b5e4bf4).
>    Fixed the encoding of the CHILD_SA_NOT_FOUND notify if a CHILD_SA is not
>     found during rekeying. It was previously empty, now contains the SPI and
>     sets the protocol to the values received in the REKEY_SA notify (849c2c9).
>    Fixed a possible issue with MOBIKE in the Android client on certain devices
>     (#1691).
> For Developers
>    The new ocsp_responder_t interface can be implemented to provide certificate
>     status information to the pki --ocsp command. Responders can be
>     (un-)registered via the ocsp_responders_t instance at lib->ocsp.
>    For the watcher_t component, WATCHER_EXCEPT has been removed as there is no
>     way to explicitly listen for errors on sockets and poll() actually can
>     return POLLERR for any FD and it might even be the only signaled event
>     (which caused an infinite loop previously). Now we simply notify the
>     registered callbacks. The error is then reported by e.g. recvfrom(), which
>     was already the case before if POLLERR was returned together with
>     e.g. POLLIN.
>    The reqids allocated for CHILD_SAs (including trap policies) via
>     kernel_interface_t::alloc_reqid() are now refcounted. When recreating a
>     CHILD_SA, a reference to the reqid can be requested via
>     child_sa_t::get_reqid_ref(). If another reference is required afterwards,
>     one can be acquired directly via kernel_interface_t::ref_reqid(). Each
>     reference has to be released via kernel_interface_t::release_reqid(), whose
>     interface was simplified.
>    The testing environment is now based on Debian 12 (bookworm), by default.
>     Also, when copying files to guests, the guest-specific files are now copied
>     after the default files, which allows overriding files per guest (fixes an
>     issue with winnetou's /etc/fstab and mounting the test results).
> Refer to the 5.9.12 milestone for a list of all closed issues and pull requests.
> 
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> config/rootfiles/common/strongswan | 1 +
> lfs/strongswan                     | 4 ++--
> 2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
> index 22adf24b4..a5f256e02 100644
> --- a/config/rootfiles/common/strongswan
> +++ b/config/rootfiles/common/strongswan
> @@ -181,6 +181,7 @@ usr/sbin/swanctl
> #usr/share/man/man1/pki---gen.1
> #usr/share/man/man1/pki---issue.1
> #usr/share/man/man1/pki---keyid.1
> +#usr/share/man/man1/pki---ocsp.1
> #usr/share/man/man1/pki---pkcs7.1
> #usr/share/man/man1/pki---print.1
> #usr/share/man/man1/pki---pub.1
> diff --git a/lfs/strongswan b/lfs/strongswan
> index 357283b15..9496d05dd 100644
> --- a/lfs/strongswan
> +++ b/lfs/strongswan
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 5.9.11
> +VER        = 5.9.12
> 
> THISAPP    = strongswan-$(VER)
> DL_FILE    = $(THISAPP).tar.bz2
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = e8e84d79d1530b9a968ce8429fec0e7b3fcf19b75fdbd4371a38763d8564d5b37d012769006330b5c94cff3e914acb1b1a3e2829749effb8c35f9e5d775be491
> +$(DL_FILE)_BLAKE2 = 40f80162970152bca028a9af6b37c4c6e2ef38e75f88b92bf03f18641dadacbc574441e74cd0c7abb49ce4c15d9b82301aa90cb07c4fd223bf83163ebfbc2381
> 
> install : $(TARGET)
> 
> -- 
> 2.42.1
>