New upstream version 5.7.0

1 files changed, 84 insertions, 18 deletions

diff --git a/NEWS b/NEWS
index c136008b0..81c76e070 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,69 @@
+strongswan-5.7.0
+----------------
+
+- Fixes a potential authorization bypass vulnerability in the gmp plugin that
+  was caused by a too lenient verification of PKCS#1 v1.5 signatures.  Several
+  flaws could be exploited by a Bleichenbacher-style attack to forge signatures
+  for low-exponent keys (i.e. with e=3).  CVE-2018-16151 has been assigned to
+  the problem of accepting random bytes after the OID of the hash function in
+  such signatures, and CVE-2018-16152 has been assigned to the issue of not
+  verifying that the parameters in the ASN.1 algorithmIdentitifer structure is
+  empty.  Other flaws that don't lead to a vulnerability directly (e.g. not
+  checking for at least 8 bytes of padding) have no separate CVE assigned.
+
+- Dots are not allowed anymore in section names in swanctl.conf and
+  strongswan.conf. This mainly affects the configuration of file loggers. If the
+  path for such a log file contains dots it now has to be configured in the new
+  `path` setting within the arbitrarily renamed subsection in the `filelog`
+  section.
+
+- Sections in swanctl.conf and strongswan.conf may now reference other sections.
+  All settings and subsections from such a section are inherited. This allows
+  to simplify configs as redundant information has only to be specified once
+  and may then be included in other sections (refer to the example in the man
+  page for strongswan.conf).
+
+- The originally selected IKE config (based on the IPs and IKE version) can now
+  change if no matching algorithm proposal is found.  This way the order
+  of the configs doesn't matter that much anymore and it's easily possible to
+  specify separate configs for clients that require weak algorithms (instead
+  of having to also add them in other configs that might be selected).
+
+- Support for Postquantum Preshared Keys for IKEv2 (draft-ietf-ipsecme-qr-ikev2)
+  has been added.
+
+- The new botan plugin is a wrapper around the Botan C++ crypto library. It
+  requires a fairly recent build from Botan's master branch (or the upcoming
+  2.8.0 release). Thanks to René Korthaus and his team from Rohde & Schwarz
+  Cybersecurity for the initial patch.
+
+- The pki tool accepts a xmppAddr otherName as a subjectAlternativeName using
+  the syntax --san xmppaddr:<jid>.
+
+- Implementation of RFC 8412 "Software Inventory Message and Attributes (SWIMA)
+  for PA-TNC". SWIMA subscription option sets CLOSE_WRITE trigger on apt
+  history.log file resulting in a ClientRetry PB-TNC batch to initialize
+  a new measurement cycle.
+
+- Added support for fuzzing the PA-TNC (RFC 5792) and PB-TNC (RFC 5793) NEA
+  protocols on Google's OSS-Fuzz infrastructure.
+
+- Support for version 2 of Intel's TPM2-TSS TGC Software Stack. The presence of
+  the in-kernel /dev/tpmrm0 resource manager is automatically detected.
+
+- Marks the in- and/or outbound SA should apply to packets after processing may
+  be configured in swanctl.conf on Linux.  For outbound SAs this requires at
+  least a 4.14 kernel.  Setting a mask and configuring a mark/mask for inbound
+  SAs will be added with the upcoming 4.19 kernel.
+
+- New options in swanctl.conf allow configuring how/whether DF, ECN and DS
+  fields in the IP headers are copied during IPsec processing. Controlling this
+  is currently only possible on Linux.
+
+- To avoid conflicts, the dhcp plugin now only uses the DHCP server port if
+  explicitly configured.
+
+
 strongswan-5.6.3
 ----------------
 
@@ -1199,9 +1265,9 @@ strongswan-4.6.1
   thus causing failures during the loading of the plugins which depend on these
   libraries for resolving external symbols.
 
--  Therefore our approach of computing  integrity checksums for plugins had to be
-   changed radically by moving the hash generation from the compilation to the
-   post-installation phase.
+- Therefore our approach of computing  integrity checksums for plugins had to be
+  changed radically by moving the hash generation from the compilation to the
+  post-installation phase.
 
 
 strongswan-4.6.0
@@ -2309,7 +2375,7 @@ strongswan-4.1.4
   Thanks to the rightallowany flag the connection behaves later on
   as
 
-   right=%any
+    right=%any
 
   so that the peer can rekey the connection as an initiator when his
   IP address changes. An alternative notation is
@@ -2366,8 +2432,8 @@ strongswan-4.1.3
   is provided and more advanced backends (using e.g. a database) are trivial
   to implement.
 
- - Fixed a compilation failure in libfreeswan occurring with Linux kernel
-   headers > 2.6.17.
+- Fixed a compilation failure in libfreeswan occurring with Linux kernel
+  headers > 2.6.17.
 
 
 strongswan-4.1.2
@@ -2517,7 +2583,7 @@ strongswan-4.0.5
   The debugging levels can either be specified statically in ipsec.conf as
 
     config setup
-           charondebug="lib 1, cfg 3, net 2"
+        charondebug="lib 1, cfg 3, net 2"
 
   or changed at runtime via stroke as
 
@@ -2759,9 +2825,9 @@ strongswan-2.6.2
   if an FQDN, USER_FQDN, or Key ID was defined, as in the following example.
 
   conn rw
-       right=%any
-       rightid=@foo.bar
-       authby=secret
+      right=%any
+      rightid=@foo.bar
+      authby=secret
 
 - the ipsec command now supports most ipsec auto commands (e.g. ipsec listall).
 
@@ -2904,7 +2970,7 @@ strongswan-2.5.3
 
 - fixed the initialization of the ESP key length to a default of
   128 bits in the case that the peer does not send a key length
-   attribute for AES encryption.
+  attribute for AES encryption.
 
 - applied Herbert Xu's uniqueIDs patch
 
@@ -3309,16 +3375,16 @@ strongswan-2.1.0
 - The new "ca" section allows to define the following parameters:
 
   ca kool
-     cacert=koolCA.pem                   # cacert of kool CA
-     ocspuri=http://ocsp.kool.net:8001   # ocsp server
-     ldapserver=ldap.kool.net            # default ldap server
-     crluri=http://www.kool.net/kool.crl # crl distribution point
-     crluri2="ldap:///O=Kool, C= .."     # crl distribution point #2
-     auto=add                            # add, ignore
+      cacert=koolCA.pem                   # cacert of kool CA
+      ocspuri=http://ocsp.kool.net:8001   # ocsp server
+      ldapserver=ldap.kool.net            # default ldap server
+      crluri=http://www.kool.net/kool.crl # crl distribution point
+      crluri2="ldap:///O=Kool, C= .."     # crl distribution point #2
+      auto=add                            # add, ignore
 
   The ca definitions can be monitored via the command
 
-     ipsec auto --listcainfos
+    ipsec auto --listcainfos
 
 - Fixed cosmetic corruption of /proc filesystem by integrating
   D. Hugh Redelmeier's freeswan-2.06 kernel fixes.