Revisions of strongswan
unknown
committed
(revision 167)
[info=da8f2965e2b2460d9eb4f7b25c3be52f7b60a42ab5b9bab48c984206a964d52e]
Jan Engelhardt (jengelh)
committed
(revision 166)
[info=47ab1ca7708f6b09cc99afa33d7ec92c5e02aff2338545eedb72b0511ac25478]
Jan Engelhardt (jengelh)
accepted
request 1226498
from
Dirk Mueller (dirkmueller)
(revision 165)
- rename -hmac subpackage to -fips because it isn't providing
the hmac files, it provides the configuration drop in to
enforce fips mode.
- Removes deprecated SysV support
- Added prf-plus-modularization.patch that outsources the IKE
- move file %{_datadir}/dbus-1/system.d/nm-strongswan-service.conf
to strongswan-nm subpackage, as it is needed for the
NetworkManager plugin that uses strongswan-nm, not
- Removed unused requires and macro calls(bsc#1083261)
improved oracle are not compatible with the earlier
(wasn't the case since 5.0.0) and packets that have the flag
also checked against IKEv2 signature schemes. If such
constraints are used for certificate chain validation in
transport mode connections coming over the same NAT device for
Windows 7 IKEv2 clients, which announces its services over the
* For the vici plugin a Python Egg has been added to allow
Python applications to control or monitor the IKE daemon using
* EAP server methods now can fulfill public key constraints,
- Fix build in factory
- Fix systemd unit dir
from glibc
IDr payload anymore.
* Consistent logging of IKE and CHILD SAs at the audit (AUD) level.
caused an INVALID_SYNTAX error on PowerPC platforms.
- Initial, unfinished package
buildservice-autocommit
accepted
request 1181997
from
Jan Engelhardt (jengelh)
(revision 164)
Jan Engelhardt (jengelh)
(revision 164)
baserev update by copy to link target
Jan Engelhardt (jengelh)
accepted
request 1181914
from
Dominique Leuenberger (dimstar)
(revision 163)
- Update description of ipsec package: no longer mention /etc/init.d, which is not there for a long time anymore. - Drop legacy rc* -> sbin/service symlink. This was compatibilty boilerplate to transparently move between SySV and systemd [jsc#PED-264].
buildservice-autocommit
accepted
request 1160698
from
Jan Engelhardt (jengelh)
(revision 162)
Jan Engelhardt (jengelh)
(revision 162)
baserev update by copy to link target
buildservice-autocommit
accepted
request 1151765
from
Mohd Saquib (msaquib)
(revision 160)
Mohd Saquib (msaquib)
(revision 160)
baserev update by copy to link target
Mohd Saquib (msaquib)
accepted
request 1151555
from
Dominique Leuenberger (dimstar)
(revision 159)
Prepare for RPM 4.20
buildservice-autocommit
accepted
request 1132112
from
Factory Maintainer (factory-maintainer)
(revision 158)
Factory Maintainer (factory-maintainer)
(revision 158)
baserev update by copy to link target
buildservice-autocommit
accepted
request 1129146
from
Factory Maintainer (factory-maintainer)
(revision 156)
Factory Maintainer (factory-maintainer)
(revision 156)
baserev update by copy to link target
buildservice-autocommit
accepted
request 1094810
from
Mohd Saquib (msaquib)
(revision 154)
Mohd Saquib (msaquib)
(revision 154)
baserev update by copy to link target
Mohd Saquib (msaquib)
accepted
request 1094809
from
Mohd Saquib (msaquib)
(revision 153)
- Removed .hmac files + hmac integrity check logic from strongswan-hmac package as it is not mandated anymore by FIPS (boo#1185116) - Removed folliwng files: [- strongswan_fipscheck.patch] [- fipscheck.sh.in] Note: strongswan-hmac package is not removed as it still provides a config file that doesn't allow non-fips approved algorithms
buildservice-autocommit
accepted
request 1092643
from
Jan Engelhardt (jengelh)
(revision 152)
Jan Engelhardt (jengelh)
(revision 152)
baserev update by copy to link target
Jan Engelhardt (jengelh)
committed
(revision 151)
compact/trim changelog - https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)
Jan Engelhardt (jengelh)
committed
(revision 150)
Mohd Saquib (msaquib)
accepted
request 1092621
from
Mohd Saquib (msaquib)
(revision 149)
- Update to release 5.9.11
* A long-standing deadlock in the vici plugin has been fixed that
could get triggered when multiple connections were
initiated/terminated concurrently and control-log events were
raised by the watcher_t component (#566).
* In compliance with RFC 5280, CRLs now have to be signed by a
certificate that either encodes the cRLSign keyUsage bit
(even if it is a CA certificate), or is a CA certificate without
a keyUsage extension. strongSwan encodes a keyUsage extension
with cRLSign bit set in all CA certificates since 13 years. And
before that it didn't encode the extension, so these certificates
would also be accepted as CRL issuer in case they are still valid
(7dc82de).
* Support for optional CA labels in EST server URIs
(e.g. https://www.example.org/.well-known/est/arbitraryLabel1/<operation>)
was added to the pki --est and pki --estca commands (#1614).
* The pkcs7 and openssl plugins now support CMS-style signatures in
PKCS#7 containers, which allows verifying RSA-PSS and ECDSA
signatures (#1615).
* Fixed a regression in the server implementation of EAP-TLS when
using TLS 1.2 or earlier that was introduced with 5.9.10
(#1613, 3d0d3f5).
* The EAP-TLS client does now enforce that the TLS handshake is
complete when using TLS 1.2 or earlier. It was possible to
shortcut it by sending an early EAP-Success message. Note that
this isn't a security issue as the server is authenticated at
that point (db87087).
* On Linux, the kernel-libipsec plugin can now optionally handle
ESP packets without UDP encapsulation (uses RAW sockets, disabled
by default, e3cb756). The plugin and libipsec also gained support
buildservice-autocommit
accepted
request 1077378
from
Mohd Saquib (msaquib)
(revision 148)
Mohd Saquib (msaquib)
(revision 148)
baserev update by copy to link target
Displaying revisions 1 - 20 of 167
