From patchwork Tue Apr 7 15:11:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9640 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4fqqRl50L8z3wbG for ; Tue, 07 Apr 2026 15:12:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E7" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4fqqRl2XbGz3wG for ; Tue, 07 Apr 2026 15:12:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4fqqRF47cbz37Hq for ; Tue, 07 Apr 2026 15:11:37 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4fqqQx1Sxmz35ZS for ; Tue, 07 Apr 2026 15:11:21 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4fqqQw41t8z5tv; Tue, 07 Apr 2026 15:11:20 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1775574680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=POBctXk7OwK+AgWCLML5a51XvZ/z2zF1Kgplyz7xbJI=; b=xBlNBHr4k+W1Yu4/bsJgYgngeqdH/tAfsiszxQv8qSJrbk13Rv4IUcDTOMB+EfH9jYPaA9 mXUTbrAI+1yrXQCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1775574680; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=POBctXk7OwK+AgWCLML5a51XvZ/z2zF1Kgplyz7xbJI=; b=atVeQZgJFPxIK1Z/w0Y0uWJHDS+3S6K/+62HXSy4WQvxd1gtlq9scQRdAe99pvhqPXSut+ JZDsHY7A/ECNnvxj8vTD5PRBVucbh4hxNsZckew3rYjW+vNvptV+20v8Xhs9EhzIJ0ujl8 C47bkOXYf05fBCB+RdLJMrvuyKMqeRWWZuzwZJOymvuT7e8bRxskhK4YgBtgZTViYLkFeL Z1VgjirjW8/AZucbdazUYxd6koRs4Eb2CspkeZKIbWHtJpVRSREfUVTLI2WCFDqZXRMunL gfG5kWDxLyoZpF9D0TB2zT7JnmACrU5AVvhiNM42JZosTeQTqYAh+rfXivkV9w== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] strongswan: Update to version 6.0.5 Date: Tue, 7 Apr 2026 17:11:03 +0200 Message-ID: <20260407151108.3472751-30-adolf.belka@ipfire.org> In-Reply-To: <20260407151108.3472751-1-adolf.belka@ipfire.org> References: <20260407151108.3472751-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 6.0.4 to 6.0.5 - No change to rootfile - One CVE fix included - Changelog 6.0.5 - Fixed a vulnerability in the eap-ttls plugin related to processing EAP-TTLS AVPs that can lead to a resource exhaustion or a crash. This vulnerability has been registered as CVE-2026-25075. - Added support for forwarding certain ICMP errors even if their source address doesn't match the traffic selectors, when running on Linux 6.9+. - The dhcp plugin now tracks leases across make-before-break reauthentications. - charon-cmd support childless IKE SA initiation and IKEv2 PSK authentication. - The kernel-netlink plugin now doesn't default to the peer's address as next hop when installing routes if at least an interface was found. - organizationIdentifier RDNs are supported when parsing ASN.1 DN identities from strings. - Options shared by all commands in the swanctl and pki tools (e.g. --debug) are now parsed even if passed before the command. The log level is now always changed before initializing the libraries and plugins. And due to conflicts, the short options for swanctl's `--version` and `--uninstall` commands were changed to `-V` and `-U`, respectively. Similarly, the short option for pki's `--verify` command is now `-V`. - For distributions that package plugins separately a new configure option is provided to change the log message if a plugin can't be loaded. Signed-off-by: Adolf Belka --- lfs/strongswan | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/strongswan b/lfs/strongswan index a993dd39e..aea530fd9 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 6.0.4 +VER = 6.0.5 THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 2291900bda3e679cb68f35e44fe20011d82b44e7a9ed3fd0ae7c40ed57154c5ecded1ab5bffc9ab30c93de667ef9b103a7da1a2b31d8e2eae97b268f0be11f01 +$(DL_FILE)_BLAKE2 = 202515de3c275be32f5c9485c37a4b6c0d0f6d4e7298bc0594cb166cca8c2a78fa3ea7398f67311d26bf49479645d0a91bb1f8ccc8d374374d13fd0d3ea2fb48 install : $(TARGET)