buildservice-autocommit accepted request 1160698 from Jan Engelhardt (jengelh) 2 months ago (revision 162)

baserev update by copy to link target

• Files Changed
• Browse Source

Jan Engelhardt (jengelh) committed 3 months ago (revision 161)

- Update to release 5.9.14

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1151765 from Mohd Saquib (msaquib) 3 months ago (revision 160)

baserev update by copy to link target

• Files Changed
• Browse Source

Mohd Saquib (msaquib) accepted request 1151555 from Dominique Leuenberger (dimstar) 3 months ago (revision 159)

Prepare for RPM 4.20

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1132112 from Factory Maintainer (factory-maintainer) 6 months ago (revision 158)

baserev update by copy to link target

• Files Changed
• Browse Source

Jan Engelhardt (jengelh) committed 6 months ago (revision 157)

- Update to release 5.9.13

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1129146 from Factory Maintainer (factory-maintainer) 6 months ago (revision 156)

baserev update by copy to link target

• Files Changed
• Browse Source

Jan Engelhardt (jengelh) committed 7 months ago (revision 155)

- Update to release 5.9.12

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1094810 from Mohd Saquib (msaquib) 12 months ago (revision 154)

baserev update by copy to link target

• Files Changed
• Browse Source

Mohd Saquib (msaquib) accepted request 1094809 from Mohd Saquib (msaquib) 12 months ago (revision 153)

- Removed .hmac files + hmac integrity check logic from strongswan-hmac
  package as it is not mandated anymore by FIPS (boo#1185116)
- Removed folliwng files:
  [- strongswan_fipscheck.patch]
  [- fipscheck.sh.in]
  Note: strongswan-hmac package is not removed as it still provides a
  config file that doesn't allow non-fips approved algorithms

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1092643 from Jan Engelhardt (jengelh) 12 months ago (revision 152)

baserev update by copy to link target

• Files Changed
• Browse Source

Jan Engelhardt (jengelh) committed 12 months ago (revision 151)

compact/trim changelog - https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)

• Files Changed
• Browse Source

Jan Engelhardt (jengelh) committed 12 months ago (revision 150)

• Files Changed
• Browse Source

Mohd Saquib (msaquib) accepted request 1092621 from Mohd Saquib (msaquib) 12 months ago (revision 149)

- Update to release 5.9.11
  * A long-standing deadlock in the vici plugin has been fixed that
    could get triggered when multiple connections were
    initiated/terminated concurrently and control-log events were
    raised by the watcher_t component (#566). 
  * In compliance with RFC 5280, CRLs now have to be signed by a
    certificate that either encodes the cRLSign keyUsage bit
    (even if it is a CA certificate), or is a CA certificate without
    a keyUsage extension. strongSwan encodes a keyUsage extension
    with cRLSign bit set in all CA certificates since 13 years. And
    before that it didn't encode the extension, so these certificates
    would also be accepted as CRL issuer in case they are still valid
    (7dc82de).
  * Support for optional CA labels in EST server URIs
    (e.g. https://www.example.org/.well-known/est/arbitraryLabel1/<operation>)
    was added to the pki --est and pki --estca commands (#1614).
  * The pkcs7 and openssl plugins now support CMS-style signatures in
    PKCS#7 containers, which allows verifying RSA-PSS and ECDSA
    signatures (#1615).
  * Fixed a regression in the server implementation of EAP-TLS when
    using TLS 1.2 or earlier that was introduced with 5.9.10
    (#1613, 3d0d3f5).
  * The EAP-TLS client does now enforce that the TLS handshake is
    complete when using TLS 1.2 or earlier. It was possible to
    shortcut it by sending an early EAP-Success message. Note that
    this isn't a security issue as the server is authenticated at
    that point (db87087).
  * On Linux, the kernel-libipsec plugin can now optionally handle
    ESP packets without UDP encapsulation (uses RAW sockets, disabled
    by default, e3cb756). The plugin and libipsec also gained support

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1077378 from Mohd Saquib (msaquib) about 1 year ago (revision 148)

baserev update by copy to link target

• Files Changed
• Browse Source

Mohd Saquib (msaquib) accepted request 1077377 from Mohd Saquib (msaquib) about 1 year ago (revision 147)

- Allow to use stroke aka ipsec interface by default instead of
  vici aka swanctl interface which is current upstream's default.
  strongswan.service which enables swanctl interface is masked to
  stop interfering with the ipsec interface (bsc#1184144)
- Removes deprecated SysV support

• Files Changed
• Browse Source

buildservice-autocommit accepted request 1068724 from Jan Engelhardt (jengelh) over 1 year ago (revision 146)

baserev update by copy to link target

• Files Changed
• Browse Source

Jan Engelhardt (jengelh) committed over 1 year ago (revision 145)

upgrade note

• Files Changed
• Browse Source

Jan Engelhardt (jengelh) committed over 1 year ago (revision 144)

- Update to release 5.9.10

• Files Changed
• Browse Source

Mohd Saquib (msaquib) accepted request 1068696 from Mohd Saquib (msaquib) over 1 year ago (revision 143)

- Added patch to fix a vulnerability in incorrectly accepted
  untrusted public key with incorrect refcount
  (CVE-2023-26463 boo#1208608)
  [+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]

• Files Changed
• Browse Source