Overview Repositories Revisions Requests Users Attributes Meta

strongswan

Edit Package strongswan
No description set
  • Devel package for openSUSE:Factory
  • 4 derived packages
  • Developed at SCM
  • Download package
  • osc -A https://api.opensuse.org checkout network:vpn/strongswan && cd $_
  • Create Badge
Refresh
Refresh
Source Files
Filename Size Changed
0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch 0000001088 1.06 KB
README.SUSE 0000002342 2.29 KB
fips-enforce.conf 0000000742 742 Bytes
fipscheck.sh.in 0000001934 1.89 KB
harden_strongswan.service.patch 0000000794 794 Bytes
strongswan-5.9.7.tar.bz2 0004741967 4.52 MB
strongswan-5.9.7.tar.bz2.sig 0000000659 659 Bytes
strongswan-rpmlintrc 0000000428 428 Bytes
strongswan.changes 0000112456 110 KB
strongswan.init.in 0000008747 8.54 KB
strongswan.keyring 0000003085 3.01 KB
strongswan.spec 0000039890 39 KB
strongswan_fipscheck.patch 0000001920 1.88 KB
strongswan_ipsec_service.patch 0000000446 446 Bytes
Revision 136 (latest revision is 167)
Jan Engelhardt's avatar Jan Engelhardt (jengelh) accepted request 991798 from Peter Conrad's avatar Peter Conrad (p_conrad) (revision 136) 
This resolves one issue in particular that caused failures in Tumbleweed, see https://forums.opensuse.org/showthread.php/569960-Latest-strongswan-ipsec-crashes-on-startup .

- Update to release 5.9.7
  * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
  * Inbound IKEv2 messages, in particular requests, are now processed differently.
  * The retransmission logic in the dhcp plugin has been fixed (#1154).
  * The connmark plugin now considers configured masks in installed firewall rules (#1087).
  * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
  * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
  * The openssl plugin supports AES and Camellia in CTR mode (112bb46).
  * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
  * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
  * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).
Comments 0
openSUSE Build Service is sponsored by
Places