33a729fac2
libimcv: Corrected caption
2017-09-09 13:10:45 +02:00
165d28174d
pt-tls-client: Introduced --options as a synonym for --optionsfrom
2017-09-09 10:31:02 +02:00
94bdd463d8
sec-updater: Write to log only if at least one update is found.
2017-09-07 14:54:41 +02:00
311d931aef
android: New release after adding OCSP, CRL cache and some other stuff
2017-09-04 11:27:40 +02:00
82088028d8
testing: Reduce log level of SSH client
...
This should suppress the "Permanently added ... to the list of known
hosts" warnings that occasionally come up for no apparent reason.
2017-09-04 11:16:00 +02:00
c353996191
ike: Reset local SPI if retrying to connect in state IKE_CONNECTING
...
In case we send retransmits for an IKE_SA_INIT where we propose a DH
group the responder will reject we might later receive delayed responses
that either contain INVALID_KE_PAYLOAD notifies with the group we already
use or, if we retransmitted an IKE_SA_INIT with the requested group but
then had to restart again, a KE payload with a group different from the
one we proposed. So far we didn't change the initiator SPI when
restarting the connection, i.e. these delayed responses were processed
and might have caused fatal errors due to a failed DH negotiation or
because of the internal retry counter in the ike-init task. Changing
the initiator SPI avoids that as we won't process the delayed responses
anymore that caused this confusion.
2017-09-04 11:16:00 +02:00
eaedcf8c00
ike-sa-manager: Add method to change the initiator SPI of an IKE_SA
2017-09-04 11:16:00 +02:00
bd371590ab
ike-init: Fail if DH group in KE payload does not match proposed group
2017-09-04 11:02:55 +02:00
9c03e8c80b
Merge branch 'android-updates'
...
Caches CRLs in the app directory, adds support for OCSP, adds a button
to reconnect to the "already connected" dialog, only apply/configure app
selection on Android >= 5 (older versions don't support the API), and catches
some random exceptions.
2017-09-04 10:44:08 +02:00
1926efadde
android: Add disconnect button to dialog if already connected to profile
2017-09-04 10:41:30 +02:00
037b353d2c
android: Load x509 plugin to generate OCSP requests and parse responses
...
BoringSSL does not support OpenSSL's OCSP API.
2017-09-04 10:41:29 +02:00
829cc56a53
android: Add support to POST data via SimpleFetcher
...
That's required for OCSP verification.
2017-09-04 10:41:29 +02:00
6e39240a3e
android: Add option to clear cached CRLs
2017-09-04 10:41:29 +02:00
0bebbae9e3
android: Cache CRLs in app directory
...
Fixes #2405 .
2017-09-04 10:41:25 +02:00
3fe9a436ee
android: Pass absolute path to the app's data directory via JNI
2017-09-04 10:41:25 +02:00
98ab757284
android: Hide app selection in profile editor on Android < 5
2017-09-04 10:41:25 +02:00
0b4f7d646b
android: Only apply app filter on Android 5 and newer
2017-09-04 10:41:24 +02:00
ac3189f792
android: Catch OutOfMemoryError when importing profiles
...
Not sure if this is actually caused because e.g. the file is too large
or due to some encoding issue.
2017-09-04 10:41:24 +02:00
1a9261a923
android: Catch NullPointerException when parsing invalid certificates
2017-09-04 10:41:24 +02:00
e59b78254a
android: Catch NullPointerException when calling VpnService.prepare()
...
According to the Play Console this occurs occasionally.
2017-09-04 10:41:24 +02:00
d43b84dcb4
Version bump to 5.6.1dr1
2017-09-01 13:49:09 +02:00
fc373b64a6
imv-os: Updated security update evaluation
2017-09-01 12:42:24 +02:00
7b75c18696
libimcv: Updated database scheme
2017-09-01 11:19:40 +02:00
b84817375d
sec-updater: Checks for security updates
...
sec-updater checks for security updates and backports in Debian/
Ubuntu repositories and sets the security flags in the strongTNC
policy database accordingly.
2017-09-01 11:19:40 +02:00
076aac7069
imv-attestation: Fixed file hash measurements
...
The introduction of file versions broke file hash measurements.
This has been fixed by using a generic product versions having an
empty package name.
2017-09-01 10:51:15 +02:00
66805c7b32
ike-cfg: Fix memory leak when checking for configured address
2017-08-29 16:25:42 +02:00
d2a89e9407
sw-collector.8: Some cleanups
2017-08-25 11:28:06 +02:00
062a34e722
kernel-netlink: Set usable state whenever an interface appears
...
If an interface is renamed we already have an entry (based on the
ifindex) allocated but previously only set the usable state once
based on the original name.
Fixes #2403 .
2017-08-23 12:10:39 +02:00
b7ad5f777f
libimcv: Updated Android.mk after move of swid-gen(-info)
2017-08-21 12:17:02 +02:00
0d11d7b110
coverage: Use absolute path when removing paths with lcov
...
There is a bug in some versions of lcov that causes it to fail writing
to files via relative paths after it issued warnings (e.g. due to
negative counts in the tracefile).
2017-08-21 11:14:08 +02:00
9cf2920512
traffic-selector: Use single buffer for both address families
...
The generic field of size 0 in the union that was used previously
triggered index-out-of-bounds errors with the UBSAN sanitizer that's
used on OSS-Fuzz. Since the two family specific union members don't
really provide any advantage, we can just use a single buffer for both
families to avoid the errors.
2017-08-17 12:34:40 +02:00
936db031c7
testing: Make removal of SWID tags work with different releases
...
The regid.2004-03.org.strongswan directory might not exist in new images.
2017-08-16 10:51:15 +02:00
bf31485e1e
fuzzing: Also run input that previously caused crashes
2017-08-15 10:35:20 +02:00
17840fa18e
configure: Detect mpz_powm_sec() when built with -Werror
2017-08-15 10:35:20 +02:00
7421884da1
travis: Use the same ASAN_OPTIONS as used by OSS-Fuzz
2017-08-15 10:35:20 +02:00
ed13c60c4f
plugin-loader: Move indent variables into !USE_FUZZING block
...
This avoids compile errors on Travis.
2017-08-15 10:35:20 +02:00
1ce2721d90
travis: Run fuzz targets
2017-08-15 10:35:20 +02:00
9f2e74cfbb
fuzzing: Run local fuzz targets on given corpora during `make check`
...
The base directory of the corpora must be set in FUZZING_CORPORA.
2017-08-15 10:35:20 +02:00
be1beea7a4
fuzzing: Add driver to run fuzz targets on a given list of files
...
This is enabled if the path to libFuzzer.a is not specified when running
the configure script.
2017-08-15 10:35:20 +02:00
c15dbfaf08
charon-tkm: Build fix for kernel SAD tests
...
Commit 7729577... added a flag to the get_esa_id function but the unit
tests were not adjusted.
2017-08-14 18:35:37 +02:00
9cc37212c6
Version bump to 5.6.0
2017-08-14 10:07:47 +02:00
7cc4a92d0b
NEWS: Add info about CVE-2017-11185
2017-08-14 08:49:33 +02:00
ef5c37fcdf
gmp: Fix RSA signature verification for m >= n
...
By definition, m must be <= n-1, we didn't enforce that and because
mpz_export() returns NULL if the passed value is zero a crash could have
been triggered with m == n.
Fixes CVE-2017-11185.
2017-08-14 08:49:33 +02:00
d35183e33e
Version bump to 5.6.0rc2
2017-08-09 14:23:28 +02:00
e658fd475a
sw-collector: Moved info class to libimcv
2017-08-09 13:28:00 +02:00
f237bfcb9e
NEWS: Added some news
2017-08-08 20:05:30 +02:00
e66c3d41bc
conf: Descriptions of several settings updated
2017-08-08 17:28:01 +02:00
eb3239b921
libimcv: Cast chunk length to int when printing as string
2017-08-08 15:32:08 +02:00
cbade9b6b9
sw-collector: Cast chunk length to int when printing as string
2017-08-08 15:31:56 +02:00
0392f76804
sw-collector: Fix memory leak after failing to open DB
2017-08-08 15:30:44 +02:00
Andreas Steffen