mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
ee80a12db0
- Update from version 5.9.9 to 5.9.10 - Update of rootfile not required - Changelog strongswan-5.9.10 - Fixed a vulnerability related to certificate verification in TLS-based EAP methods that leads to an authentication bypass followed by an expired pointer dereference that results in a denial of service and possibly even remote code execution. This vulnerability has been registered as CVE-2023-26463. - Added support for full packet hardware offload for IPsec SAs and policies with Linux 6.2 kernels to the kernel-netlink plugin. - TLS-based EAP methods now use the standardized key derivation when used with TLS 1.3. - The eap-tls plugin properly supports TLS 1.3 according to RFC 9190, by implementing the "protected success indication". - With the `prefer` value for the `childless` setting, initiators will create a childless IKE_SA if the responder supports the extension. - Routes via XFRM interfaces can optionally be installed automatically by enabling the `install_routes_xfrmi` option of the kernel-netlink plugin. - charon-nm now uses XFRM interfaces instead of dummy TUN devices to avoid issues with name resolution if they are supported by the kernel. - The `pki --req` command can encode extendedKeyUsage (EKU) flags in the PKCS#10 certificate signing request. - The `pki --issue` command adopts EKU flags from CSRs but allows modifying them (replace them completely, or adding/removing specific flags). - On Linux 6.2 kernels, the last use times of CHILD_SAs are determined via the IPsec SAs instead of the policies. - For libcurl with MultiSSL support, the curl plugin provides an option to select the SSL/TLS backend. Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
IPFire 2.x - The Open Source Firewall
What is IPFire?
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. For a full list of features have a look here.
This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other distribution.
Where can I get IPFire?
Just head over to https://www.ipfire.org/download
How do I use this software?
We have a long and detailed wiki located here which should answers most of your questions.
But I have some questions left. Where can I get support?
You can ask your question at our community located here. A complete list of our support channels can be found here.
How can I contribute?
We have another document for this. Please look here.