Michael Rash, Security Researcher

Software Release - fwknop-0.9.7

The 0.9.7 release of fwknop is ready for download. Here is the ChangeLog:
  • Added fwknop_serv to function as minimal TCP server over which SPA packets can be sent. This allows SPA to be compatible with the Tor network, which requires that a virtual circuit is established before traffic can be sent.
  • Updated to Crypt::CBC 2.18 after a vulnerability was discovered in previous versions of Crypt::CBC that caused weak ciphertext to be generated for algorithms that have blocksizes greater than 8 bytes (such as Rijndael used by fwknop). Manually specifying initialization vectors is not necessary now.
  • Updated SSH patch to support OpenSSH-4.3p2.
  • Bugfix to make sure to create /var/* directories if they don't exist (such as when /var is a tmpfs).
  • Bugfix to wrap SPA Rijndael decryption with eval{} so that fwknopd does not die if there are problems trying to decrypt data. This is necessary because of the security vulnerability fix in Crypt::CBC that creates some incompatibilities in different versions of Crypt::CBC.