From c3e7f611ea8273c6b3909cb006ade4903a74aad0 Mon Sep 17 00:00:00 2001
From: Rene Mayrhofer <rene@mayrhofer.eu.org>
Date: Wed, 1 Apr 2009 20:13:30 +0000
Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.2.14)

---
 NEWS | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 4709b07df..83308c772 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,29 @@
+strongswan-4.2.14
+-----------------
+
+- The new server-side EAP RADIUS plugin (--enable-eap-radius)
+  relays EAP messages to and from a RADIUS server. Succesfully
+  tested with with a freeradius server using EAP-MD5 and EAP-SIM.
+
+- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
+  Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
+  all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
+  R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
+  pluto IKE daemon to crash and restart. No authentication or encryption
+  is required to trigger this bug. One spoofed UDP packet can cause the
+  pluto IKE daemon to restart and be unresponsive for a few seconds while
+  restarting. This DPD null state vulnerability has been officially
+  registered as CVE-2009-0790 and is fixed by this release.
+
+- ASN.1 to time_t conversion caused a time wrap-around for
+  dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
+  As a workaround such dates are set to the maximum representable
+  time, i.e. Jan 19 03:14:07 UTC 2038.
+
+- Distinguished Names containing wildcards (*) are not sent in the
+  IDr payload anymore. 
+
+
 strongswan-4.2.13
 -----------------
 
-- 
cgit v1.2.3