Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange payload that contains the Diffie-Hellman group 1025. This identifier was used internally for DH groups with custom generator and prime. Because these arguments are missing when creating DH objects based on the KE payload an invalid pointer dereference occurred. This allowed an attacker to crash the IKE daemon with a single IKE_SA_INIT message containing such a KE payload. The vulnerability has been registered as CVE-2014-9221. Please refer to our blog for details.
The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to the conn section reference (or the ipsec.conf(5) man page) for details.
Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could cause interoperability issues when connecting to older versions of charon (#771).
Support to configure IP address pools as ranges (<from IP>-<to IP>) in ipsec.conf and swanctl.conf has been added.
The first and last addresses in subnet based pools are now skipped properly and the pools' sizes are adjusted accordingly. Which is also the case if pools are configured with an offset, e.g. 192.168.0.100/24, which reduces the number of available addresses from 254 to 155 and assignment now starts at .100 not .101, that is, .100-.254 are assignable to clients.
Many uses of select(2) have been replaced by call to poll(2), which avoids problems with more than 1024 open file descriptors (see #757).
Only payloads with payload types defined for the currently handled IKE version are now parsed, all other payloads are ignored (see mailing list).