Message ID | 20231121223744.3459555-1-adolf.belka@ipfire.org |
---|---|
State | Accepted |
Commit | 7c3540fa9312552e93cf748dbdf5084e38de621e |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4SZfQs0fL4z3wvt for <patchwork@web04.haj.ipfire.org>; Tue, 21 Nov 2023 22:37:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4SZfQq4m4gzq1; Tue, 21 Nov 2023 22:37:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4SZfQq2WBhz33kD; Tue, 21 Nov 2023 22:37:55 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4SZfQm1mJqz2xKP for <development@lists.ipfire.org>; Tue, 21 Nov 2023 22:37:52 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4SZfQl0ddFzWR; Tue, 21 Nov 2023 22:37:51 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1700606271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=NT0saBPobqcbJuM2Q0iIk6I1P7dD2dWLD2Svcla9jqM=; b=OP/OInpVlWikrTggGLWFVO4KqUELaKEIkyy2F5cMh5cfA5drSyMmqc9oMQV+4Ipl0wCIc5 OqP9FyGgOp6N64BQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1700606271; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=NT0saBPobqcbJuM2Q0iIk6I1P7dD2dWLD2Svcla9jqM=; b=Ih37Hdis1L7wVe2iQO+v65BcIrDmeJIe9JgQg/vT9wk6WtGIvpJIWWw7kugWyDxEpu+Dcr gqMysahLgx+m9DOB7A4QVnD97wC0yDApX4AMLcJlKyY0egGwE/D6gxytI73Bf3ICwk7NNe 4j0/wGS/Q7u2U1omFWrz6loutlQpBEKwMXuKPzUYTIsYfTe+KT7vq2eTSMZ5PMvrPCM85y FiLYrOWA/WE2zXCzXWIkKcgazhWoIjuIHhMVful1TlxlVkZiKjkjXzZgSBVRz21PJumxGj lRmyUhTzNm96AQrEfxhSAO3A/gZ2Wf4OTtLpaPg/KngG6dDYXUJI/C0g1ufIww== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] strongswan: Update to version 5.9.12 Date: Tue, 21 Nov 2023 23:37:44 +0100 Message-ID: <20231121223744.3459555-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: FFMQF4IYF35EBBBLNUJIUQSZLQUI7D3C X-Message-ID-Hash: FFMQF4IYF35EBBBLNUJIUQSZLQUI7D3C X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> Archived-At: <> List-Archive: <> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Owner: <mailto:development-owner@lists.ipfire.org> List-Post: <mailto:development@lists.ipfire.org> List-Subscribe: <mailto:development-join@lists.ipfire.org> List-Unsubscribe: <mailto:development-leave@lists.ipfire.org> |
Series |
strongswan: Update to version 5.9.12
|
|
Commit Message
Adolf Belka
Nov. 21, 2023, 10:37 p.m. UTC
- Update from version 5.9.11 to 5.9.12
- Update of rootfile
- Changelog
5.9.12
Vulnerabilities
Fixed a vulnerability in charon-tkm (the TKM-backed version of the charon IKE
daemon) related to processing DH public values that can lead to a buffer
overflow and potentially remote code execution. This vulnerability has been
registered as CVE-2023-41913. Please refer to our blog for details.
New Feature Additions
The new pki --ocsp command produces OCSP responses based on certificate status
information provided by implementations of the new ocsp_responder_t interface
(#1958).
Two sources are currently available, the openxpki plugin that directly
accesses the OpenXPKI database and the command's --index argument, which
reads certificate status information from OpenSSL-style index.txt files
(multiple CAs are supported concurrently).
The new cert-enroll script handles the initial enrollment of an X.509 host
certificate with a PKI server via the EST or SCEP protocols.
Run as a systemd timer or via a crontab entry, the script checks the
expiration date of the host certificate daily. When a given deadline is
reached, the host certificate is automatically renewed via EST or SCEP
re-enrollment based on the possession of the old private key and the
matching certificate.
Added a global option (charon.reject_trusted_end_entity) to prevent peers
from authenticating with certificates that are locally trusted, in
particular, our own local certificate, which safeguards against accidental
reuse of certificates on multiple peers. As the name suggests, all trusted
end-entity certificates are rejected if enabled, so peer certificates can't
be configured explicitly anymore (e.g. via remote.certs in swanctl.conf).
The --priv argument for charon-cmd allows the use of any type of private key
(previously, only RSA keys were supported).
The openssl plugin now supports the nameConstraints extension in X.509
certificates (#1990).
Support for nameConstraints of type iPAddress are now supported by the x509,
openssl and constraints plugins (#1991).
Support for encoding subjectAlternativeName extensions of type
uniformResourceIdentifier in X.509 certificates has been added via the uri:
prefix (e.g. for URNs, #1983).
Support for password-less PKCS#12 and PKCS#8 files has been added (#1955).
Enhancements and Optimizations
Because of a relatively recent NIAP requirement (TD0527, Test 8b), loading of
certificates with ECDSA keys that explicitly encode the curve parameters is
rejected if possible. Explicit encoding is pretty rare to begin with and
e.g. wolfSSL already rejects such keys, by default. All crypto plugins that
support ECDSA enforce this by rejecting such public keys, except when using
older versions of OpenSSL (< 1.1.1h) or Botan (< 3.2.0) (#1949).
Make the NetworkManager plugin (charon-nm) actually use the XFRM interface it
creates since 5.9.10. This involves setting interface IDs on SAs and
policies, and installing routes via the interface. To avoid routing loops if
the remote traffic selectors include the VPN server, IKE and ESP packets are
marked to bypass the routing table that contains the routes via XFRM
interface (69e0c11).
If available, the plugin now also adopts the interface name configured in
connection.interface-name in a *.nmconnection file as name for the XFRM
interface instead of generating one randomly (e8f8d32).
The resolve plugin tries to maintain the order of DNS servers it installs via
resolvconf or resolv.conf (6440975, 8238ad4).
The kernel-libipsec plugin now always installs routes to remote networks even
if no address is found in the local traffic selectors, which allows
forwarding traffic from networks the VPN host is not part of (190d8cb).
Increased the default receive buffer size for Netlink sockets to 8 MiB
(doubled by the kernel to account for overhead) and simplified the
configuration (no need for a separate option to force overriding rmem_max).
It's now also set for event sockets, which previously could cause issues on
hosts with e.g. lots of route changes (#1757).
When issuing certificates, the subjectKeyIdentifier of the issuing
certificate, if available, is now copied as authorityKeyIdentifier, instead
of always generating a SHA-1 hash of the issuer's subjectPublicKey
(#1992, 6941dcb).
Explicitly request permission to display notifications on Android 13+
(ddf84c1), also enabled hardware acceleration for the Android-specific
OpenSSL build.
Fixes
Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD
timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with
unrelated traffic selectors (#1855).
Fixed an issue in watcher_t with handling errors on sockets (e.g. if the
receive buffer is full), which caused an infinite loop if poll() only
signaled POLLERR as event (#1757).
Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6,
which did not correctly untrack invalid messages with non-zero message IDs
or SPIs (0b47357).
Fixed a regression introduced with 5.9.8 when handling IKE redirects during
IKE_AUTH (595fa07).
Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs in
the kernel-netlink plugin, which prevented MOBIKE updates if a large
anti-replay window was used (#1967).
Fixed a race condition in the kernel-pfroute plugin when adding virtual IPs
if the TUN device is activated after the address was already added
internally, which caused the installed route not to go via TUN device in
order to force the virtual IP as source address (#1807).
Fixed an issue in libtls that could cause the wrong ECDH group to get
instantiated (b5e4bf4).
Fixed the encoding of the CHILD_SA_NOT_FOUND notify if a CHILD_SA is not
found during rekeying. It was previously empty, now contains the SPI and
sets the protocol to the values received in the REKEY_SA notify (849c2c9).
Fixed a possible issue with MOBIKE in the Android client on certain devices
(#1691).
For Developers
The new ocsp_responder_t interface can be implemented to provide certificate
status information to the pki --ocsp command. Responders can be
(un-)registered via the ocsp_responders_t instance at lib->ocsp.
For the watcher_t component, WATCHER_EXCEPT has been removed as there is no
way to explicitly listen for errors on sockets and poll() actually can
return POLLERR for any FD and it might even be the only signaled event
(which caused an infinite loop previously). Now we simply notify the
registered callbacks. The error is then reported by e.g. recvfrom(), which
was already the case before if POLLERR was returned together with
e.g. POLLIN.
The reqids allocated for CHILD_SAs (including trap policies) via
kernel_interface_t::alloc_reqid() are now refcounted. When recreating a
CHILD_SA, a reference to the reqid can be requested via
child_sa_t::get_reqid_ref(). If another reference is required afterwards,
one can be acquired directly via kernel_interface_t::ref_reqid(). Each
reference has to be released via kernel_interface_t::release_reqid(), whose
interface was simplified.
The testing environment is now based on Debian 12 (bookworm), by default.
Also, when copying files to guests, the guest-specific files are now copied
after the default files, which allows overriding files per guest (fixes an
issue with winnetou's /etc/fstab and mounting the test results).
Refer to the 5.9.12 milestone for a list of all closed issues and pull requests.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/strongswan | 1 +
lfs/strongswan | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> I am back :) > On 21 Nov 2023, at 22:37, Adolf Belka <adolf.belka@ipfire.org> wrote: > > - Update from version 5.9.11 to 5.9.12 > - Update of rootfile > - Changelog > 5.9.12 > Vulnerabilities > Fixed a vulnerability in charon-tkm (the TKM-backed version of the charon IKE > daemon) related to processing DH public values that can lead to a buffer > overflow and potentially remote code execution. This vulnerability has been > registered as CVE-2023-41913. Please refer to our blog for details. > New Feature Additions > The new pki --ocsp command produces OCSP responses based on certificate status > information provided by implementations of the new ocsp_responder_t interface > (#1958). > Two sources are currently available, the openxpki plugin that directly > accesses the OpenXPKI database and the command's --index argument, which > reads certificate status information from OpenSSL-style index.txt files > (multiple CAs are supported concurrently). > The new cert-enroll script handles the initial enrollment of an X.509 host > certificate with a PKI server via the EST or SCEP protocols. > Run as a systemd timer or via a crontab entry, the script checks the > expiration date of the host certificate daily. When a given deadline is > reached, the host certificate is automatically renewed via EST or SCEP > re-enrollment based on the possession of the old private key and the > matching certificate. > Added a global option (charon.reject_trusted_end_entity) to prevent peers > from authenticating with certificates that are locally trusted, in > particular, our own local certificate, which safeguards against accidental > reuse of certificates on multiple peers. As the name suggests, all trusted > end-entity certificates are rejected if enabled, so peer certificates can't > be configured explicitly anymore (e.g. via remote.certs in swanctl.conf). > The --priv argument for charon-cmd allows the use of any type of private key > (previously, only RSA keys were supported). > The openssl plugin now supports the nameConstraints extension in X.509 > certificates (#1990). > Support for nameConstraints of type iPAddress are now supported by the x509, > openssl and constraints plugins (#1991). > Support for encoding subjectAlternativeName extensions of type > uniformResourceIdentifier in X.509 certificates has been added via the uri: > prefix (e.g. for URNs, #1983). > Support for password-less PKCS#12 and PKCS#8 files has been added (#1955). > Enhancements and Optimizations > Because of a relatively recent NIAP requirement (TD0527, Test 8b), loading of > certificates with ECDSA keys that explicitly encode the curve parameters is > rejected if possible. Explicit encoding is pretty rare to begin with and > e.g. wolfSSL already rejects such keys, by default. All crypto plugins that > support ECDSA enforce this by rejecting such public keys, except when using > older versions of OpenSSL (< 1.1.1h) or Botan (< 3.2.0) (#1949). > Make the NetworkManager plugin (charon-nm) actually use the XFRM interface it > creates since 5.9.10. This involves setting interface IDs on SAs and > policies, and installing routes via the interface. To avoid routing loops if > the remote traffic selectors include the VPN server, IKE and ESP packets are > marked to bypass the routing table that contains the routes via XFRM > interface (69e0c11). > If available, the plugin now also adopts the interface name configured in > connection.interface-name in a *.nmconnection file as name for the XFRM > interface instead of generating one randomly (e8f8d32). > The resolve plugin tries to maintain the order of DNS servers it installs via > resolvconf or resolv.conf (6440975, 8238ad4). > The kernel-libipsec plugin now always installs routes to remote networks even > if no address is found in the local traffic selectors, which allows > forwarding traffic from networks the VPN host is not part of (190d8cb). > Increased the default receive buffer size for Netlink sockets to 8 MiB > (doubled by the kernel to account for overhead) and simplified the > configuration (no need for a separate option to force overriding rmem_max). > It's now also set for event sockets, which previously could cause issues on > hosts with e.g. lots of route changes (#1757). > When issuing certificates, the subjectKeyIdentifier of the issuing > certificate, if available, is now copied as authorityKeyIdentifier, instead > of always generating a SHA-1 hash of the issuer's subjectPublicKey > (#1992, 6941dcb). > Explicitly request permission to display notifications on Android 13+ > (ddf84c1), also enabled hardware acceleration for the Android-specific > OpenSSL build. > Fixes > Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD > timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with > unrelated traffic selectors (#1855). > Fixed an issue in watcher_t with handling errors on sockets (e.g. if the > receive buffer is full), which caused an infinite loop if poll() only > signaled POLLERR as event (#1757). > Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6, > which did not correctly untrack invalid messages with non-zero message IDs > or SPIs (0b47357). > Fixed a regression introduced with 5.9.8 when handling IKE redirects during > IKE_AUTH (595fa07). > Fixed adding the XFRMA_REPLAY_ESN_VAL attribute twice when updating SAs in > the kernel-netlink plugin, which prevented MOBIKE updates if a large > anti-replay window was used (#1967). > Fixed a race condition in the kernel-pfroute plugin when adding virtual IPs > if the TUN device is activated after the address was already added > internally, which caused the installed route not to go via TUN device in > order to force the virtual IP as source address (#1807). > Fixed an issue in libtls that could cause the wrong ECDH group to get > instantiated (b5e4bf4). > Fixed the encoding of the CHILD_SA_NOT_FOUND notify if a CHILD_SA is not > found during rekeying. It was previously empty, now contains the SPI and > sets the protocol to the values received in the REKEY_SA notify (849c2c9). > Fixed a possible issue with MOBIKE in the Android client on certain devices > (#1691). > For Developers > The new ocsp_responder_t interface can be implemented to provide certificate > status information to the pki --ocsp command. Responders can be > (un-)registered via the ocsp_responders_t instance at lib->ocsp. > For the watcher_t component, WATCHER_EXCEPT has been removed as there is no > way to explicitly listen for errors on sockets and poll() actually can > return POLLERR for any FD and it might even be the only signaled event > (which caused an infinite loop previously). Now we simply notify the > registered callbacks. The error is then reported by e.g. recvfrom(), which > was already the case before if POLLERR was returned together with > e.g. POLLIN. > The reqids allocated for CHILD_SAs (including trap policies) via > kernel_interface_t::alloc_reqid() are now refcounted. When recreating a > CHILD_SA, a reference to the reqid can be requested via > child_sa_t::get_reqid_ref(). If another reference is required afterwards, > one can be acquired directly via kernel_interface_t::ref_reqid(). Each > reference has to be released via kernel_interface_t::release_reqid(), whose > interface was simplified. > The testing environment is now based on Debian 12 (bookworm), by default. > Also, when copying files to guests, the guest-specific files are now copied > after the default files, which allows overriding files per guest (fixes an > issue with winnetou's /etc/fstab and mounting the test results). > Refer to the 5.9.12 milestone for a list of all closed issues and pull requests. > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/rootfiles/common/strongswan | 1 + > lfs/strongswan | 4 ++-- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan > index 22adf24b4..a5f256e02 100644 > --- a/config/rootfiles/common/strongswan > +++ b/config/rootfiles/common/strongswan > @@ -181,6 +181,7 @@ usr/sbin/swanctl > #usr/share/man/man1/pki---gen.1 > #usr/share/man/man1/pki---issue.1 > #usr/share/man/man1/pki---keyid.1 > +#usr/share/man/man1/pki---ocsp.1 > #usr/share/man/man1/pki---pkcs7.1 > #usr/share/man/man1/pki---print.1 > #usr/share/man/man1/pki---pub.1 > diff --git a/lfs/strongswan b/lfs/strongswan > index 357283b15..9496d05dd 100644 > --- a/lfs/strongswan > +++ b/lfs/strongswan > @@ -24,7 +24,7 @@ > > include Config > > -VER = 5.9.11 > +VER = 5.9.12 > > THISAPP = strongswan-$(VER) > DL_FILE = $(THISAPP).tar.bz2 > @@ -40,7 +40,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = e8e84d79d1530b9a968ce8429fec0e7b3fcf19b75fdbd4371a38763d8564d5b37d012769006330b5c94cff3e914acb1b1a3e2829749effb8c35f9e5d775be491 > +$(DL_FILE)_BLAKE2 = 40f80162970152bca028a9af6b37c4c6e2ef38e75f88b92bf03f18641dadacbc574441e74cd0c7abb49ce4c15d9b82301aa90cb07c4fd223bf83163ebfbc2381 > > install : $(TARGET) > > -- > 2.42.1 >
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index 22adf24b4..a5f256e02 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -181,6 +181,7 @@ usr/sbin/swanctl #usr/share/man/man1/pki---gen.1 #usr/share/man/man1/pki---issue.1 #usr/share/man/man1/pki---keyid.1 +#usr/share/man/man1/pki---ocsp.1 #usr/share/man/man1/pki---pkcs7.1 #usr/share/man/man1/pki---print.1 #usr/share/man/man1/pki---pub.1 diff --git a/lfs/strongswan b/lfs/strongswan index 357283b15..9496d05dd 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@ include Config -VER = 5.9.11 +VER = 5.9.12 THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = e8e84d79d1530b9a968ce8429fec0e7b3fcf19b75fdbd4371a38763d8564d5b37d012769006330b5c94cff3e914acb1b1a3e2829749effb8c35f9e5d775be491 +$(DL_FILE)_BLAKE2 = 40f80162970152bca028a9af6b37c4c6e2ef38e75f88b92bf03f18641dadacbc574441e74cd0c7abb49ce4c15d9b82301aa90cb07c4fd223bf83163ebfbc2381 install : $(TARGET)