Page MenuHomeSolus
Differential D9261

Update libreswan to 3.32 and fix a runtime error with libnss
ClosedPublic
Actions

Authored by xulongwu4 on Jul 21 2020, 2:10 AM.
Tags
None
Referenced Files
F11053715: D9261.id.diff
Thu, Aug 10, 11:46 PM
F11053714: D9261.id22381.diff
Thu, Aug 10, 11:46 PM
F11053713: D9261.id22360.diff
Thu, Aug 10, 11:46 PM
F11037962: D9261.diff
Wed, Aug 9, 9:33 PM
F11002222: D9261.diff
Mon, Jul 31, 12:10 AM
F10852088: D9261.id22360.diff
Jun 12 2023, 8:22 PM
F10850582: D9261.id22381.diff
Jun 12 2023, 5:12 AM
F10827083: D9261.diff
Jun 4 2023, 4:28 AM
View All 10 Files
Subscribers
JoshStrobl

Details

Reviewers
JoshStrobl
Group Reviewers
Triage Team
Maniphest Tasks
T9186: ipsec.service: Failed with result 'signal'.
Commits
R4665:68cdb62fb409: Update libreswan to 3.32 and fix a runtime error with libnss
Summary

Update libreswan to 3.32 and fix a runtime error with libnss. Resolves T9186.

Changelog:

  • SECURITY: Fixes CVE-2020-1763
  • FIPS: ECDSA keys were mistakenly rejected as "too weak"
  • FIPS: Minimum RSA key size is 2048, not 3072
  • FIPS: Use NSS to check FIPS mode instead of manually checking fips=1
  • IKEv1: Add NSS KDF support for the Quick Mode KDF
  • libipsecconf: support old-style ",," to mean "\," in specifying id
  • libipsecconf: left/rightinterface-ip= are not kt_obsolete
  • whack: Add missing ecdsa/sha2 and compat rsa policy options to whack
  • Fix left=%iface syntax due to string length miscalculation
  • X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN

Packaging Notes:

  • Mark as conflicts with strongswan
Test Plan

ipsec.service was started successfully.

Diff Detail

Repository
R4665 libreswan
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

xulongwu4 created this revision.Jul 21 2020, 2:10 AM
Herald added a reviewer: Triage Team. · View Herald TranscriptJul 21 2020, 2:10 AM
xulongwu4 requested review of this revision.Jul 21 2020, 2:10 AM
xulongwu4 mentioned this in D9262: Enable event api for libunbound.
xulongwu4 edited the summary of this revision. (Show Details)Jul 21 2020, 2:12 AM
xulongwu4 added a task: T9186: ipsec.service: Failed with result 'signal'..
xulongwu4 mentioned this in T9186: ipsec.service: Failed with result 'signal'..
JoshStrobl edited the summary of this revision. (Show Details)Jul 21 2020, 10:00 AM
xulongwu4 added a parent revision: D9262: Enable event api for libunbound.Jul 21 2020, 12:17 PM
JoshStrobl accepted this revision.Jul 22 2020, 8:21 AM
JoshStrobl added a subscriber: JoshStrobl.

LGTM, thanks!

This revision is now accepted and ready to land.Jul 22 2020, 8:21 AM
JoshStrobl mentioned this in R3545:4562dc9d4b39: Enable event api for libunbound.Jul 22 2020, 8:22 AM
Closed by commit R4665:68cdb62fb409: Update libreswan to 3.32 and fix a runtime error with libnss (authored by xulongwu4, committed by JoshStrobl). · Explain WhyJul 22 2020, 8:24 AM
This revision was automatically updated to reflect the committed changes.
JoshStrobl added a commit: R4665:68cdb62fb409: Update libreswan to 3.32 and fix a runtime error with libnss.

Revision Contents
Changeset List

Diff 22360

View Options

abi_used_libs

Loading...
View Options

files/fix-runtime-breakage-with-nss-3.52.patch

Loading...
View Options

files/pam_d_location.patch

Loading...
View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.