strongSwan

h1. Version 5.2.2

* Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange

  payload that contains the Diffie-Hellman group 1025.  This identifier was

  used internally for DH groups with custom generator and prime.  Because

  these arguments are missing when creating DH objects based on the KE payload

  an invalid pointer dereference occurred.  This allowed an attacker to crash

  the IKE daemon with a single IKE_SA_INIT message containing such a KE

  payload.  The vulnerability has been registered as "CVE-2014-9221":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9221.

  Please refer to "our blog":https://www.strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-(cve-2014-9221).html for details.

* The left/rightid options in [[connsection|ipsec.conf]], or any other identity in strongSwan,

  now accept prefixes to enforce an explicit type, such as email: or fqdn:.

  Note that no conversion is done for the remaining string, refer to the

  [[connsection|conn section reference]] (or the ipsec.conf(5) man page) for details.

* The [[bliss|post-quantum Bimodal Lattice Signature Scheme (BLISS)]] can be used as

  an IKEv2 public key authentication method. The [[ipsecpki|pki]] tool offers full support

  for the generation of BLISS key pairs and certificates.

* Fixed mapping of integrity algorithms negotiated for AH via IKEv1. This could

  cause interoperability issues when connecting to older versions of charon (#771).

* Support to configure IP address pools as ranges (<from IP>-<to IP>) in

  [[connsection|ipsec.conf]] and [[swanctl.conf|swanctl.conf]] has been added.

* The first and last addresses in subnet based pools are now skipped properly and

  the pools' sizes are adjusted accordingly.  Which is also the case if pools are

  configured with an offset, e.g. 192.168.0.100/24, which reduces the number of

  available addresses from 254 to 155 and assignment now starts at .100 not .101,

  that is, .100-.254 are assignable to clients.

* Many uses of select(2) have been replaced by call to poll(2), which avoids problems

  with more than 1024 open file descriptors (see #757).

* Only payloads with payload types defined for the currently handled IKE version are now parsed,

  all other payloads are ignored (see "mailing list":https://lists.strongswan.org/pipermail/users/2014-October/006804.html).

* Send and handle INITIAL_CONTACT notifies in IKEv1 Main Mode (commit:11b42933bf, commit:1201ddcbc5).

* On [[Windows]] ALE layer WFP rules are introduced to accept tunnel mode packets in

  stateful packet filtering if default-drop policies are used (commit:e61841a211).

* The new [[ipsecpkiPKCS12|--pkcs12]] command for [[ipsecpki|pki]] provides basic support for PKCS#12

  containers, namely listing and exporting credentials.

* Correctly configure replay window size on FreeBSD and Mac OS X (commit:d21b01462e).

* Accept IPComp proposals with 4 octet long CPI values (commit:4141f01671).

* The source code for the user interface of the [[MacOSX#Native-application|native Mac OS X application]] is now

  open source and part of our repository (commit:55e7a0cafb).