Revisions of strongswan
buildservice-autocommit
accepted
request 1160698
from
Jan Engelhardt (jengelh)
(revision 162)
baserev update by copy to link target
Jan Engelhardt (jengelh)
committed
(revision 161)
- Update to release 5.9.14
buildservice-autocommit
accepted
request 1151765
from
Mohd Saquib (msaquib)
(revision 160)
baserev update by copy to link target
Mohd Saquib (msaquib)
accepted
request 1151555
from
Dominique Leuenberger (dimstar)
(revision 159)
Prepare for RPM 4.20
buildservice-autocommit
accepted
request 1132112
from
Factory Maintainer (factory-maintainer)
(revision 158)
baserev update by copy to link target
Jan Engelhardt (jengelh)
committed
(revision 157)
- Update to release 5.9.13
buildservice-autocommit
accepted
request 1129146
from
Factory Maintainer (factory-maintainer)
(revision 156)
baserev update by copy to link target
Jan Engelhardt (jengelh)
committed
(revision 155)
- Update to release 5.9.12
buildservice-autocommit
accepted
request 1094810
from
Mohd Saquib (msaquib)
(revision 154)
baserev update by copy to link target
Mohd Saquib (msaquib)
accepted
request 1094809
from
Mohd Saquib (msaquib)
(revision 153)
- Removed .hmac files + hmac integrity check logic from strongswan-hmac package as it is not mandated anymore by FIPS (boo#1185116) - Removed folliwng files: [- strongswan_fipscheck.patch] [- fipscheck.sh.in] Note: strongswan-hmac package is not removed as it still provides a config file that doesn't allow non-fips approved algorithms
buildservice-autocommit
accepted
request 1092643
from
Jan Engelhardt (jengelh)
(revision 152)
baserev update by copy to link target
Jan Engelhardt (jengelh)
committed
(revision 151)
compact/trim changelog - https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)
Jan Engelhardt (jengelh)
committed
(revision 150)
Mohd Saquib (msaquib)
accepted
request 1092621
from
Mohd Saquib (msaquib)
(revision 149)
- Update to release 5.9.11 * A long-standing deadlock in the vici plugin has been fixed that could get triggered when multiple connections were initiated/terminated concurrently and control-log events were raised by the watcher_t component (#566). * In compliance with RFC 5280, CRLs now have to be signed by a certificate that either encodes the cRLSign keyUsage bit (even if it is a CA certificate), or is a CA certificate without a keyUsage extension. strongSwan encodes a keyUsage extension with cRLSign bit set in all CA certificates since 13 years. And before that it didn't encode the extension, so these certificates would also be accepted as CRL issuer in case they are still valid (7dc82de). * Support for optional CA labels in EST server URIs (e.g. https://www.example.org/.well-known/est/arbitraryLabel1/<operation>) was added to the pki --est and pki --estca commands (#1614). * The pkcs7 and openssl plugins now support CMS-style signatures in PKCS#7 containers, which allows verifying RSA-PSS and ECDSA signatures (#1615). * Fixed a regression in the server implementation of EAP-TLS when using TLS 1.2 or earlier that was introduced with 5.9.10 (#1613, 3d0d3f5). * The EAP-TLS client does now enforce that the TLS handshake is complete when using TLS 1.2 or earlier. It was possible to shortcut it by sending an early EAP-Success message. Note that this isn't a security issue as the server is authenticated at that point (db87087). * On Linux, the kernel-libipsec plugin can now optionally handle ESP packets without UDP encapsulation (uses RAW sockets, disabled by default, e3cb756). The plugin and libipsec also gained support
buildservice-autocommit
accepted
request 1077378
from
Mohd Saquib (msaquib)
(revision 148)
baserev update by copy to link target
Mohd Saquib (msaquib)
accepted
request 1077377
from
Mohd Saquib (msaquib)
(revision 147)
- Allow to use stroke aka ipsec interface by default instead of vici aka swanctl interface which is current upstream's default. strongswan.service which enables swanctl interface is masked to stop interfering with the ipsec interface (bsc#1184144) - Removes deprecated SysV support
buildservice-autocommit
accepted
request 1068724
from
Jan Engelhardt (jengelh)
(revision 146)
baserev update by copy to link target
Jan Engelhardt (jengelh)
committed
(revision 145)
upgrade note
Jan Engelhardt (jengelh)
committed
(revision 144)
- Update to release 5.9.10
Mohd Saquib (msaquib)
accepted
request 1068696
from
Mohd Saquib (msaquib)
(revision 143)
- Added patch to fix a vulnerability in incorrectly accepted untrusted public key with incorrect refcount (CVE-2023-26463 boo#1208608) [+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]
Displaying revisions 1 - 20 of 162