New upstream version 5.6.3

1 files changed, 63 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 6a0ae7c4a..c136008b0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,65 @@
+strongswan-5.6.3
+----------------
+
+- Fixed a DoS vulnerability in the IKEv2 key derivation if the openssl plugin is
+  used in FIPS mode and HMAC-MD5 is negotiated as PRF.
+  This vulnerability has been registered as CVE-2018-10811.
+
+- Fixed a vulnerability in the stroke plugin, which did not check the received
+  length before reading a message from the socket. Unless a group is configured,
+  root privileges are required to access that socket, so in the default
+  configuration this shouldn't be an issue.
+  This vulnerability has been registered as CVE-2018-5388.
+
+⁻ CRLs that are not yet valid are now ignored to avoid problems in scenarios
+  where expired certificates are removed from CRLs and the clock on the host
+  doing the revocation check is trailing behind that of the host issuing CRLs.
+
+- The issuer of fetched CRLs is now compared to the issuer of the checked
+  certificate.
+
+- CRL validation results other than revocation (e.g. a skipped check because
+  the CRL couldn't be fetched) are now stored also for intermediate CA
+  certificates and not only for end-entity certificates, so a strict CRL policy
+  can be enforced in such cases.
+
+- In compliance with RFC 4945, section 5.1.3.2, certificates used for IKE must
+  now either not contain a keyUsage extension (like the ones generated by pki)
+  or have at least one of the digitalSignature or nonRepudiation bits set.
+
+- New options for vici/swanctl allow forcing the local termination of an IKE_SA.
+  This might be useful in situations where it's known the other end is not
+  reachable anymore, or that it already removed the IKE_SA, so retransmitting a
+  DELETE and waiting for a response would be pointless.  Waiting only a certain
+  amount of time for a response before destroying the IKE_SA is also possible
+  by additionally specifying a timeout.
+
+- When removing routes, the kernel-netlink plugin now checks if it tracks other
+  routes for the same destination and replaces the installed route instead of
+  just removing it.  Same during installation, where existing routes previously
+  weren't replaced.  This should allow using traps with virtual IPs on Linux.
+
+- The dhcp plugin only sends the client identifier option if identity_lease is
+  enabled.  It can also send identities of up to 255 bytes length, instead of
+  the previous 64 bytes.  If a server address is configured, DHCP requests are
+  now sent from port 67 instead of 68 to avoid ICMP port unreachables.
+
+- Roam events are now completely ignored for IKEv1 SAs.
+
+- ChaCha20/Poly1305 is now correctly proposed without key length. For
+  compatibility with older releases the chacha20poly1305compat keyword may be
+  included in proposals to also propose the algorithm with a key length.
+
+- Configuration of hardware offload of IPsec SAs is now more flexible and allows
+  a new mode, which automatically uses it if the kernel and device support it.
+
+- SHA-2 based PRFs are supported in PKCS#8 files as generated by OpenSSL 1.1.
+
+- The pki --verify tool may load CA certificates and CRLs from directories.
+
+- Fixed an issue with DNS servers passed to NetworkManager in charon-nm.
+
+
 strongswan-5.6.2
 ----------------
 
@@ -2089,7 +2151,7 @@ strongswan-4.2.0
   refactored to support modular credential providers, proper
   CERTREQ/CERT payload exchanges and extensible authorization rules.
 
-- The framework of strongSwan Manager has envolved to the web application
+- The framework of strongSwan Manager has evolved to the web application
   framework libfast (FastCGI Application Server w/ Templates) and is usable
   by other applications.