commit strongswan for openSUSE:Factory

Source-Sync Fri, 03 Mar 2023 13:24:59 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package strongswan for openSUSE:Factory 
checked in at 2023-03-03 22:24:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/strongswan (Old)
 and      /work/SRC/openSUSE:Factory/.strongswan.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "strongswan"

Fri Mar  3 22:24:35 2023 rev:88 rq:1068724 version:5.9.10

Changes:
--------
--- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes    2023-01-04 
18:10:33.876533828 +0100
+++ /work/SRC/openSUSE:Factory/.strongswan.new.31432/strongswan.changes 
2023-03-03 22:24:44.914587696 +0100
@@ -1,0 +2,32 @@
+Thu Mar  2 13:34:37 UTC 2023 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 5.9.10
+  * Fixed a vulnerability related to certificate verification in
+    TLS-based EAP methods that leads to an authentication bypass
+    followed by an expired pointer dereference that results in a
+    denial of service but possibly even remote code execution.
+    [CVE-2023-26463]
+  * Added support for full packet hardware offload for IPsec SAs
+    and policies, which has been introduced with the Linux 6.2
+    kernel, to the kernel-netlink plugin. Bypass policies for the
+    IKE ports are automatically offloaded to devices that support
+    this type of offloading.
+  * TLS-based EAP methods use the key derivation specified in
+    draft-ietf-emu-tls-eap-types when used with TLS 1.3.
+  * Routes via XFRM interfaces can now optionally be installed
+    automatically by enabling the
+    charon.plugins.kernel-netlink.install_routes_xfrmi option.
+- If connections are missing in `ipsec status`, check that
+  strongswan-starter.service (rather than strongswan.service)
+  is active.
+- Remove CVE-2023-26463_tls_auth_bypass_exp_pointer.patch
+
+-------------------------------------------------------------------
+Thu Mar  2 12:26:39 UTC 2023 - Mohd Saquib <mohd.saq...@suse.com>
+
+- Added patch to fix a vulnerability in incorrectly accepted
+  untrusted public key with incorrect refcount
+  (CVE-2023-26463 boo#1208608)
+  [+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]
+
+-------------------------------------------------------------------

Old:
----
  strongswan-5.9.9.tar.bz2
  strongswan-5.9.9.tar.bz2.sig

New:
----
  strongswan-5.9.10.tar.bz2
  strongswan-5.9.10.tar.bz2.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ strongswan.spec ++++++
--- /var/tmp/diff_new_pack.6tFhQg/_old  2023-03-03 22:24:45.722590765 +0100
+++ /var/tmp/diff_new_pack.6tFhQg/_new  2023-03-03 22:24:45.730590796 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           strongswan
-Version:        5.9.9
+Version:        5.9.10
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}

++++++ strongswan-5.9.9.tar.bz2 -> strongswan-5.9.10.tar.bz2 ++++++
++++ 12548 lines of diff (skipped)

commit strongswan for openSUSE:Factory

Reply via email to