Revisions of strongswan
Dominique Leuenberger (dimstar_suse)
accepted
request 834251
from
Factory Maintainer (factory-maintainer)
(revision 76)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 831324
from
Jan Engelhardt (jengelh)
(revision 75)
Dominique Leuenberger (dimstar_suse)
accepted
request 800175
from
Jan Engelhardt (jengelh)
(revision 74)
Dominique Leuenberger (dimstar_suse)
accepted
request 790269
from
Jan Engelhardt (jengelh)
(revision 73)
Dominique Leuenberger (dimstar_suse)
accepted
request 775000
from
Jan Engelhardt (jengelh)
(revision 72)
Dominique Leuenberger (dimstar_suse)
accepted
request 769616
from
Jan Engelhardt (jengelh)
(revision 71)
Dominique Leuenberger (dimstar_suse)
accepted
request 767305
from
Jan Engelhardt (jengelh)
(revision 70)
- Update to version 5.8.2: * Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152. * boo#1109845 and boo#1107874.
Dominique Leuenberger (dimstar_suse)
accepted
request 624096
from
Madhu Mohan Nelemane (mmnelemane)
(revision 69)
Dominique Leuenberger (dimstar_suse)
accepted
request 613646
from
Madhu Mohan Nelemane (mmnelemane)
(revision 68)
Dominique Leuenberger (dimstar_suse)
accepted
request 590079
from
Madhu Mohan Nelemane (mmnelemane)
(revision 67)
Dominique Leuenberger (dimstar_suse)
accepted
request 573411
from
Dominique Leuenberger (dimstar_suse)
(revision 66)
- Update summaries and descriptions. Trim filler words and author list. - Drop %if..%endif guards that are idempotent and do not affect the build result. - Replace old $RPM_ shell variables. (forwarded request 534431 from jengelh)
Dominique Leuenberger (dimstar_suse)
accepted
request 442527
from
Marius Tomaschewski (mtomaschewski)
(revision 63)
1
Dominique Leuenberger (dimstar_suse)
accepted
request 344762
from
Marius Tomaschewski (mtomaschewski)
(revision 62)
- Applied upstream fix for a authentication bypass vulnerability in the eap-mschapv2 plugin (CVE-2015-8023,bsc#953817). [+ 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]
Dominique Leuenberger (dimstar_suse)
accepted
request 311158
from
Marius Tomaschewski (mtomaschewski)
(revision 61)
- Applied upstream fix for a rogue servers vulnerability, that may enable rogue servers able to authenticate itself with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171). [+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch] - Fix to apply unknown_payload patch if fips is disabled (<= 13.1) and renamed it to use number prefix corresponding with patch nr. [- strongswan-5.2.2-5.3.0_unknown_payload.patch, + 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
Dominique Leuenberger (dimstar_suse)
accepted
request 309675
from
Marius Tomaschewski (mtomaschewski)
(revision 60)
- Applied upstream fix for a DoS and potential remote code execution vulnerability through payload type (bsc#931272,CVE-2015-3991) [+ strongswan-5.2.2-5.3.0_unknown_payload.patch]
Dominique Leuenberger (dimstar_suse)
accepted
request 287701
from
Factory Maintainer (factory-maintainer)
(revision 59)
Automatic submission by obs-autosubmit
Dominique Leuenberger (dimstar_suse)
accepted
request 262968
from
Marius Tomaschewski (mtomaschewski)
(revision 58)
- Updated strongswan-hmac package description (bsc#856322). - Disabled explicit gpg validation; osc source_validator does it. - Guarded fipscheck and hmac package in the spec file for >13.1. - Added generation of fips hmac hash files using fipshmac utility and a _fipscheck script to verify binaries/libraries/plugings shipped in the strongswan-hmac package. With enabled fips in the kernel, the ipsec script will call it before any action or in a enforced/manual "ipsec _fipscheck" call. Added config file to load openssl and kernel af-alg plugins, but not all the other modules which provide further/alternative algs. Applied a filter disallowing non-approved algorithms in fips mode. (fate#316931,bnc#856322). [+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch] - Fixed file list in the optional (disabled) strongswan-test package. - Fixed build of the strongswan built-in integrity checksum library and enabled building it only on architectures tested to work. - Fix to use bug number 897048 instead 856322 in last changes entry. - Applied an upstream patch reverting to store algorithms in the registration order again as ordering them by identifier caused weaker algorithms to be proposed first by default (bsc#897512). [+0001-restore-registration-algorithm-order.bug897512.patch] - Re-enabled gcrypt plugin and reverted to not enforce fips again as this breaks gcrypt and openssl plugins when the fips pattern option is not installed (fate#316931,bnc#856322). [- strongswan-fips-disablegcrypt.patch] - Added empty strongswan-hmac package supposed to provide fips hmac files and enforce fips compliant operation later (bnc#856322).
Adrian Schröter (adrianSuSE)
committed
(revision 57)
Split 13.2 from Factory
Displaying revisions 21 - 40 of 96