New upstream version 5.6.2

1 files changed, 56 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index fe0d6f9c2..6a0ae7c4a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,54 @@
+strongswan-5.6.2
+----------------
+
+- Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
+  was caused by insufficient input validation.  One of the configurable
+  parameters in algorithm identifier structures for RSASSA-PSS signatures is the
+  mask generation function (MGF).  Only MGF1 is currently specified for this
+  purpose.  However, this in turn takes itself a parameter that specifies the
+  underlying hash function.  strongSwan's parser did not correctly handle the
+  case of this parameter being absent, causing an undefined data read.
+  This vulnerability has been registered as CVE-2018-6459.
+
+- The previously negotiated DH group is reused when rekeying an SA, instead of
+  using the first group in the configured proposals, which avoids an additional
+  exchange if the peer selected a different group via INVALID_KE_PAYLOAD when
+  the SA was created initially.
+  The selected DH group is also moved to the front of all sent proposals that
+  contain it and all proposals that don't are moved to the back in order to
+  convey the preference for this group to the peer.
+
+- Handling of MOBIKE task queuing has been improved. In particular, the response
+  to an address update is not ignored anymore if only an address list update or
+  DPD is queued.
+
+- The fallback drop policies installed to avoid traffic leaks when replacing
+  addresses in installed policies are now replaced by temporary drop policies,
+  which also prevent acquires because we currently delete and reinstall IPsec
+  SAs to update their addresses.
+
+- Access X.509 certificates held in non-volatile storage of a TPM 2.0
+  referenced via the NV index.
+
+- Adding the --keyid parameter to pki --print allows to print private keys
+  or certificates stored in a smartcard or a TPM 2.0.
+
+- Fixed proposal selection if a peer incorrectly sends DH groups in the ESP
+  proposals during IKE_AUTH and also if a DH group is configured in the local
+  ESP proposal and charon.prefer_configured_proposals is disabled.
+
+- MSKs received via RADIUS are now padded to 64 bytes to avoid compatibility
+  issues with EAP-MSCHAPv2 and PRFs that have a block size < 64 bytes (e.g.
+  AES-XCBC-PRF-128).
+
+- The tpm_extendpcr command line tool extends a digest into a TPM PCR.
+
+- Ported the NetworkManager backend from the deprecated libnm-glib to libnm.
+
+- The save-keys debugging/development plugin saves IKE and/or ESP keys to files
+  compatible with Wireshark.
+
+
 strongswan-5.6.1
 ----------------
 
@@ -1370,7 +1421,7 @@ strongswan-4.4.1
 - The openssl plugin now supports X.509 certificate and CRL functions.
 
 - OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled
-  by default. Plase update manual load directives in strongswan.conf.
+  by default. Please update manual load directives in strongswan.conf.
 
 - RFC3779 ipAddrBlock constraint checking has been moved to the addrblock
   plugin, disabled by default. Enable it and update manual load directives
@@ -1832,7 +1883,7 @@ strongswan-4.2.8
 
 - Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges,
   handle events if kernel detects NAT mapping changes in UDP-encapsulated
-  ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as
+  ESP packets (requires kernel patch), reuse old addresses in MOBIKE updates as
   long as possible and other fixes.
 
 - Fixed a bug in addr_in_subnet() which caused insertion of wrong source
@@ -2111,7 +2162,7 @@ strongswan-4.1.7
 
 - In NAT traversal situations and multiple queued Quick Modes,
   those pending connections inserted by auto=start after the
-  port floating from 500 to 4500 were erronously deleted.
+  port floating from 500 to 4500 were erroneously deleted.
 
 - Added a "forceencaps" connection parameter to enforce UDP encapsulation
   to surmount restrictive firewalls. NAT detection payloads are faked to
@@ -2705,7 +2756,7 @@ strongswan-2.6.0
 strongswan-2.5.7
 ----------------
 
-- CA certicates are now automatically loaded from a smartcard
+- CA certificates are now automatically loaded from a smartcard
   or USB crypto token and appear in the ipsec auto --listcacerts
   listing.
 
@@ -2818,7 +2869,7 @@ strongswan-2.5.1
 - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
   installed either by setting auto=route in ipsec.conf or by
   a connection put into hold, generates an XFRM_AQUIRE event
-  for each packet that wants to use the not-yet exisiting
+  for each packet that wants to use the not-yet existing
   tunnel. Up to now each XFRM_AQUIRE event led to an entry in
   the Quick Mode queue, causing multiple IPsec SA to be
   established in rapid succession. Starting with strongswan-2.5.1