Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at 2017-09-07 22:15:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/strongswan (Old) and /work/SRC/openSUSE:Factory/.strongswan.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "strongswan" Thu Sep 7 22:15:13 2017 rev:65 rq:521289 version:5.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes 2017-08-24 18:46:10.094058758 +0200 +++ /work/SRC/openSUSE:Factory/.strongswan.new/strongswan.changes 2017-09-07 22:15:53.940274130 +0200 @@ -1,0 +2,37 @@ +Tue Sep 5 17:10:11 CEST 2017 - [email protected] + +- Updated to strongSwan 5.6.0 providing the following changes: + *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation + when verifying RSA signatures, which requires decryption with the operation m^e mod n, + where m is the signature, and e and n are the exponent and modulus of the public key. + The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this. + So if m equals n the calculation results in 0, in which case mpz_export() returns NULL. + This result wasn't handled properly causing a null-pointer dereference. + This vulnerability has been registered as CVE-2017-11185. (bsc#1051222) + + *New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet + Draft and has been demonstrated at the IETF 99 Prague Hackathon. + + *The IMV database template has been adapted to achieve full compliance with the + ISO 19770-2:2015 SWID tag standard. + + *The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter. + + *By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default + swanctl.conf file. + + *The curl plugin now follows HTTP redirects (configurable via strongswan.conf). + + *The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3 + + *libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd). + + * more on https://wiki.strongswan.org/versions/66 + +------------------------------------------------------------------- +Tue Sep 5 11:33:01 CEST 2017 - [email protected] + +- fix "uintptr_t’ undeclared" compilation error. + [+0006-fix-compilation-error-by-adding-stdint.h.patch] + +------------------------------------------------------------------- @@ -4 +41 @@ -- Updated to strongSwan 5.3.5 providing the following changes: +- Updated to strongSwan 5.3.5(bsc#1050691) providing the following changes: Old: ---- strongswan-5.5.3-rpmlintrc strongswan-5.5.3.tar.bz2 strongswan-5.5.3.tar.bz2.sig New: ---- 0006-fix-compilation-error-by-adding-stdint.h.patch strongswan-5.6.0-rpmlintrc strongswan-5.6.0.tar.bz2 strongswan-5.6.0.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.oqa5nE/_old 2017-09-07 22:15:54.976128160 +0200 +++ /var/tmp/diff_new_pack.oqa5nE/_new 2017-09-07 22:15:54.980127597 +0200 @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.5.3 +Version: 5.6.0 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -83,6 +83,7 @@ Patch4: %{name}_fipsfilter.patch %endif Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch +Patch6: 0006-fix-compilation-error-by-adding-stdint.h.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison BuildRequires: curl-devel @@ -294,6 +295,7 @@ %patch4 -p1 %endif %patch5 -p1 +%patch6 -p1 sed -e 's|@libexecdir@|%_libexecdir|g' \ < $RPM_SOURCE_DIR/strongswan.init.in \ > strongswan.init @@ -495,9 +497,9 @@ $RPM_BUILD_ROOT%{_libexecdir}/ipsec/starter \ $RPM_BUILD_ROOT%{_libexecdir}/ipsec/pool \ $RPM_BUILD_ROOT%{_libexecdir}/ipsec/scepclient \ - $RPM_BUILD_ROOT%{_libexecdir}/ipsec/pt-tls-client \ $RPM_BUILD_ROOT%{_libexecdir}/ipsec/imv_policy_manager \ $RPM_BUILD_ROOT%{_libexecdir}/ipsec/_fipscheck \ + $RPM_BUILD_ROOT%{_bindir}/pt-tls-client \ $RPM_BUILD_ROOT%{_sbindir}/ipsec \ ; do @@ -568,6 +570,7 @@ %{_libexecdir}/ipsec/_fipscheck %{_libexecdir}/ipsec/.*.hmac %{_sbindir}/.ipsec.hmac +%{_bindir}/.pt-tls-client.hmac %endif %files ipsec @@ -594,9 +597,11 @@ %{_sbindir}/rcipsec %endif %{_bindir}/pki +%{_bindir}/pt-tls-client %{_sbindir}/ipsec %{_sbindir}/swanctl %{_mandir}/man1/pki*.1* +%{_mandir}/man1/pt-tls-client.1* %{_mandir}/man8/ipsec.8* %{_mandir}/man5/ipsec.conf.5* %{_mandir}/man5/ipsec.secrets.5* @@ -609,7 +614,6 @@ %endif %{_libexecdir}/ipsec/duplicheck %{_libexecdir}/ipsec/pool -%{_libexecdir}/ipsec/pt-tls-client %{_libexecdir}/ipsec/scepclient %{_libexecdir}/ipsec/starter %{_libexecdir}/ipsec/stroke ++++++ 0006-fix-compilation-error-by-adding-stdint.h.patch ++++++ >From 831a9ea232f128c13c36066a704f6ccafa335244 Mon Sep 17 00:00:00 2001 From: Nirmoy Das <[email protected]> Date: Tue, 5 Sep 2017 11:17:16 +0200 Subject: [PATCH] fix compilation error by adding stdint.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit error: utils/utils/memory.h:99:15: error: ‘uintptr_t’ undeclared (first use in this function); did you mean ‘__intptr_t’? for (i = 0; (uintptr_t)&c[i] % sizeof(long) && i < n; i++) ^~~~~~~~~ __intptr_t --- src/libstrongswan/utils/utils/memory.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h index b978e7c..55aaaf5 100644 --- a/src/libstrongswan/utils/utils/memory.h +++ b/src/libstrongswan/utils/utils/memory.h @@ -22,6 +22,8 @@ #ifndef MEMORY_H_ #define MEMORY_H_ +#include <stdint.h> + /** * Helper function that compares two binary blobs for equality */ -- 2.14.1 ++++++ strongswan-5.5.3-rpmlintrc -> strongswan-5.6.0-rpmlintrc ++++++ ++++++ strongswan-5.5.3.tar.bz2 -> strongswan-5.6.0.tar.bz2 ++++++ ++++ 32710 lines of diff (skipped)
