version bump to 4.2.15

NEWS

@@ -1,3 +1,16 @@
+strongswan-4.2.15
+-----------------
+
+- Fixed two DoS vulnerabilities in the charon daemon that were discovered by
+  fuzzing techniques: 1) Sending a malformed IKE_SA_INIT request leaved an
+  incomplete state which caused a null pointer dereference if a subsequent
+  CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
+  a missing TSi or TSr payload caused a null pointer derefence because the
+  checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was 
+  developped by the Orange Labs vulnerability research team. The tool was
+  initially written by Gabriel Campana and is now maintained by Laurent Butti.
+
+
 strongswan-4.2.14
 -----------------
 

configure.in

@@ -16,7 +16,7 @@ dnl ===========================
 dnl  initialize & set some vars
 dnl ===========================
 
-AC_INIT(strongSwan,4.2.14)
+AC_INIT(strongSwan,4.2.15)
 AM_INIT_AUTOMAKE(tar-ustar)
 AC_C_BIGENDIAN
 AC_SUBST(confdir, '${sysconfdir}')

src/pluto/vendor.c

@@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = {
 	/*
 	 * strongSwan
 	 */
-	DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.2.14")
+	DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.2.15")
+	DEC_MD5_VID(STRONGSWAN_4_2_14,"strongSwan 4.2.14")
 	DEC_MD5_VID(STRONGSWAN_4_2_13,"strongSwan 4.2.13")
 	DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12")
 	DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11")

src/pluto/vendor.h

@@ -131,6 +131,7 @@ enum known_vendorid {
   VID_STRONGSWAN_4_2_11		=111,
   VID_STRONGSWAN_4_2_12		=112,
   VID_STRONGSWAN_4_2_13		=113,
+  VID_STRONGSWAN_4_2_14		=114,
 
   /* 101 - 200 : NAT-Traversal */
   VID_NATT_STENBERG_01		=151,

testing/INSTALL

@@ -53,14 +53,14 @@ are required for the strongSwan testing environment:
     * A vanilla Linux kernel on which the UML kernel will be based on.
       We recommend the use of
 
-      http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.8.tar.bz2
+      http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.29.4.tar.bz2
 
-    * The Linux kernel 2.6.28 does not require any patches for the uml guest kernel
+    * The Linux kernel 2.6.29.4 does not require any patches for the uml guest kernel
       to successfully start up.
 
     * The matching .config file required to compile the UML kernel:
 
-      http://download.strongswan.org/uml/.config-2.6.28
+      http://download.strongswan.org/uml/.config-2.6.29
 
     * A gentoo-based UML file system (compressed size 130 MBytes) found at
 
@@ -68,7 +68,7 @@ are required for the strongSwan testing environment:
 
     * The latest strongSwan distribution
 
-      http://download.strongswan.org/strongswan-4.2.14.tar.bz2
+      http://download.strongswan.org/strongswan-4.2.15.tar.bz2
 
 
 3. Creating the environment

testing/testing.conf

@@ -21,7 +21,7 @@ UMLTESTDIR=~/strongswan-testing
 
 # Bzipped kernel sources
 # (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.29.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.29.4.tar.bz2
 
 # Extract kernel version
 KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
@@ -33,7 +33,7 @@ KERNELCONFIG=$UMLTESTDIR/.config-2.6.29
 #UMLPATCH=$UMLTESTDIR/uml-2.6.26.patch.bz2
 
 # Bzipped source of strongSwan
-STRONGSWAN=$UMLTESTDIR/strongswan-4.2.14.tar.bz2
+STRONGSWAN=$UMLTESTDIR/strongswan-4.2.15.tar.bz2
 
 # strongSwan compile options (use "yes" or "no")
 USE_LIBCURL="yes"