Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:GA
ipsec-tools
ipsec-tools.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ipsec-tools.changes of Package ipsec-tools
------------------------------------------------------------------- Fri Jan 26 17:07:35 UTC 2018 - jbohac@suse.com - avoid-dos-with-fragment-out-of-order.patch (bsc#1047443, CVE-2016-10396) ------------------------------------------------------------------- Wed Nov 29 22:00:35 UTC 2017 - meissner@suse.com - ipsec-tools-openssl1.1.patch: build against openssl 1.1 (bsc#1066950) ------------------------------------------------------------------- Thu Nov 23 13:44:14 UTC 2017 - rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- Sat Sep 2 20:11:15 UTC 2017 - chris@computersalat.de - add reminder for racoon-setkey.service to setkey.conf ------------------------------------------------------------------- Wed Aug 5 10:58:13 UTC 2015 - meissner@suse.com - do not run %fdupes over the whole tree, to avoid symlinking /etc/ config files and /usr/ sample configs. ------------------------------------------------------------------- Wed Jun 10 15:39:46 UTC 2015 - chris@computersalat.de - rework racoon.psk.patch * comment example entry (its not a backdoor just an example) ------------------------------------------------------------------- Thu Jun 4 12:52:01 UTC 2015 - tchvatal@suse.com - Cleanup most of the rpmlint warnings to have it in better shape ------------------------------------------------------------------- Thu Apr 23 11:07:44 UTC 2015 - meissner@suse.com - racoon-fips-rsa.patch: Use a default exponent of at least 65537 (minimum FIPS required public exponent) - racoon-no-md5.patch: replace one md5 usage by sha1 in an internal hash table. Allow md5 usage for an external visible interface, as it is also hashing only. ------------------------------------------------------------------- Thu Jan 22 01:02:51 UTC 2015 - p.drouand@gmail.com - Update to version 0.8.2 * Fix admin port establish-sa for tunnel mode SAs * Fix source port selection regression from version 0.8.1 * Various logging improvements * Additional compliance and build fixes - Changes from version 0.8.1 * Improved X.509 subject name comparation * Relax DPD cookie check for Cisco IOS compatibility * Allow simplified syntax for inherited remote blocks * Never shring pfkey socket buffer * Privilege separation child process exit fix * Multiple memory allocation and use-after-free fixes - Remove some obsolete macros ------------------------------------------------------------------- Tue Jul 8 14:03:13 UTC 2014 - meissner@suse.com - ipsec-tools-0.8.0-certasn1txtbroken.patch: disable the certificate test in src/racoon/eaytest.c as the internal X.509 ASN.1 string presentation was changed in openssl and the test currently does not work. ------------------------------------------------------------------- Thu Mar 13 10:02:28 CET 2014 - jbohac@suse.cz - add RemainAfterExit=yes to the .service file (bnc#856625) ------------------------------------------------------------------- Fri Jan 10 14:06:41 CET 2014 - jbohac@suse.cz - upgrade to version 0.8.0: o Fix authentication method ambiguity with kerberos and xauth o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman) o Local address code rewrite to speed things up o Improved MIPv6 support (Arnaud Ebalard) o ISAKMP SA (phase1) rekeying o Improved scheduler (faster algorithm, support monotonic clock) o Handle RESPONDER-LIFETIME in quick mode o Handle INITIAL-CONTACT in from main mode too o Rewritten event handling framework for admin port o Ability to initiate IPsec SA through admin port o NAT-T Original Address handling (transport mode NAT-T support) o clean NAT-T - PFkey support o support for multiple anonymous remoteconfs o Remove various obsolete configuration options o A lot of other bug fixes, performance improvements and clean ups - Remove ipsec-tools-linux-3.7-compat.diff which caused bnc#867055 by including wrong headers; fix by installing linux-glibc-devel and including /usr/include for kernel headers ------------------------------------------------------------------- Thu Sep 19 02:34:45 UTC 2013 - crrodriguez@opensuse.org - remove unused racoon.init from the package, it was already removed from the spec file in the previous change. ------------------------------------------------------------------- Thu Sep 19 02:25:39 UTC 2013 - crrodriguez@opensuse.org - Add systemd support, systemctl enable racoon.service also enables helper optional service racoon-setkey - /etc/sysconfig/racoon was never created, fix that. ------------------------------------------------------------------- Thu Jan 31 06:48:18 UTC 2013 - mlin@suse.com - Add ipsec-tools-linux-3.7-compat.diff(partly from openwrt) * since pfkeyv2.h moved to include/uapi/linux as http://lwn.net/Articles/507794/ explained, make the compiler found header in valid path. there is a discussion about this issue at https://dev.openwrt.org/ticket/12813 ------------------------------------------------------------------- Wed Oct 31 12:47:22 UTC 2012 - mvyskocil@suse.com - unify the permissions of psk.txt to avoid false duplicate warnings from fdupes (bnc#784670) ------------------------------------------------------------------- Tue Jan 31 15:18:55 CET 2012 - meissner@suse.de - remove suse_update_config macro usage ------------------------------------------------------------------- Sat Oct 15 04:47:06 UTC 2011 - coolo@suse.com - add libtool as buildrequire to make the spec file more reliable ------------------------------------------------------------------- Sun Sep 4 18:13:45 UTC 2011 - mkubecek@suse.cz - create /var/run/racoon in the init script rather than including it in the package as it doesn't work if /var/run is on tmpfs (bnc#710277) ------------------------------------------------------------------- Sun May 15 15:42:28 UTC 2011 - chris@computersalat.de - remove Author from description - add racoon.psk patch ------------------------------------------------------------------- Wed May 4 12:02:13 UTC 2011 - idoenmez@novell.com - Add ipsec-tools-0.7.3-linkerflag.patch: remove wrong linker flag - Add ipsec-tools-0.7.2-nodevel.patch: don't install development files, instead of manually removing them in the spec file. - Drop no_werror.patch: Remove Werror flag by sed, its all over the configure file, old patch was incomplete anyway. ------------------------------------------------------------------- Tue Nov 3 19:09:21 UTC 2009 - coolo@novell.com - updated patches to apply with fuzz=0 ------------------------------------------------------------------- Tue Oct 6 20:09:15 CEST 2009 - chris@computersalat.de - cleanup spec o sorted sections o simplify clean o sort install section o sort files section - added missing /etc/racoon/cert DIR ------------------------------------------------------------------- Fri Sep 18 22:48:07 CEST 2009 - chris@computersalat.de - cleanup spec o sorted TAGS o added configure macro - rpmlint o added fdupes - fix selinux build o if suse_version >= 1100 ------------------------------------------------------------------- Thu Jun 11 17:45:45 CEST 2009 - jbohac@suse.cz - upgrade to 0.7.3 - integrated security patch - enabled selinux support (--enable-security-context=yes) ------------------------------------------------------------------- Thu Jun 11 17:45:45 CEST 2009 - jbohac@suse.cz - fix_sockaddr_overflow_in_ipsec_doi.c.diff (bnc#506710) ------------------------------------------------------------------- Wed May 6 15:54:01 CEST 2009 - jbohac@suse.cz - Upgrade to 0.7.2 - fixed some rpmlint warnings/errors - racoon.conf_macros.patch updates the .in file, not the result - added /etc/pam.d/racoon - added --with-libldap ------------------------------------------------------------------- Tue Sep 23 15:08:40 CEST 2008 - jbohac@suse.cz - fixed a memory leak in PH1 (bnc#416906, CVE-2008-3652) ------------------------------------------------------------------- Thu Aug 14 19:30:51 CEST 2008 - jbohac@suse.cz - Upgrade to 0.7.1 o Fixes a memory leak when invalid proposal received o Some fixes in DPD o do not set default gss id if xauth is used o fixed hybrid enabled builds o fixed compilation on FreeBSD8 o cleanup in network port value manipulation o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi() o Generates a log if cert validation has been disabled by configuration o better handling for pfkey socket read errors o Fixes in yacc / bison stuff o new plog() macro (reduced CPU usage when logging is disabled) o Try to works better with huge SPD/SAD o Corrected modecfg option syntax o Many other various fixes... ------------------------------------------------------------------- Wed Nov 7 19:46:03 CET 2007 - jbohac@suse.cz - Upgrade to 0.7 ------------------------------------------------------------------- Thu Apr 12 11:36:01 CEST 2007 - jbohac@jikos.cz - Fix a DoS in isakmp_info_recv (CVE-2007-1841, 260791) ------------------------------------------------------------------- Thu Mar 29 16:12:01 CEST 2007 - aj@suse.de - Add flex and bison to BuildRequires. ------------------------------------------------------------------- Thu May 4 22:08:06 CEST 2006 - jbohac@suse.cz - fixed a segfault in GSSAPI initialization (#172196) ------------------------------------------------------------------- Thu May 4 22:08:06 CEST 2006 - jbohac@suse.cz - the /var/run/racoon directory was missing from the package which prevented racoon from starting (#170552) - fixed - fixed unexpanded macros in racoon.conf (#170552) ------------------------------------------------------------------- Tue Mar 21 17:27:19 CET 2006 - jbohac@suse.cz - upgrade to 0.6.5 (bugfix release) - Fixed zombie PH1 handler when isakmp_send() fails in isakmp_ph1resend() - Temporary fix for /32 subnets parsing. - make software behave as the documentation advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to avoid breaking backward compatibility. - Fixed / cleaned up signal handling. - added --with-libpam and --enable-adminport (#159647) ------------------------------------------------------------------- Wed Jan 25 21:36:40 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Tue Dec 13 20:30:55 CET 2005 - jbohac@suse.cz - fixed build ------------------------------------------------------------------- Tue Dec 13 17:45:04 CET 2005 - jbohac@suse.cz - upgrade to 0.6.4 - added krb5 support ( --enable-gssapi) - added statistics logging support ( --enable-stats) ------------------------------------------------------------------- Wed Nov 23 16:56:34 CET 2005 - jbohac@suse.cz - upgrade to 0.6.3 - fixes #134834 and an openssl incompatibility issue ------------------------------------------------------------------- Tue Nov 8 16:22:16 CET 2005 - jbohac@suse.cz - fixed build for s390 ------------------------------------------------------------------- Thu Oct 20 19:43:28 CEST 2005 - jbohac@suse.cz - upgraded to version 0.6.2 - enabled NAT-T - fixed build with current openssl ------------------------------------------------------------------- Wed Aug 31 17:17:02 CEST 2005 - jbohac@suse.cz - fixed permissions for /etc/racoon/psk.txt (bug #114383) ------------------------------------------------------------------- Tue Aug 23 14:53:58 CEST 2005 - jbohac@suse.cz - upgrade to version 0.6.1 ------------------------------------------------------------------- Wed Aug 3 11:46:38 CEST 2005 - jbohac@suse.cz - fixed build on beta (disabled -Werror again) ------------------------------------------------------------------- Tue Aug 2 18:21:06 CEST 2005 - cthiel@suse.de - fixed build ------------------------------------------------------------------- Tue Aug 2 17:13:18 CEST 2005 - jbohac@suse.cz - upgrade to version 0.6 ------------------------------------------------------------------- Thu May 5 18:11:32 CEST 2005 - jbohac@suse.cz - upgrade to version 0.5.2 - disabled -Werror, because bison-generated code would not compile ------------------------------------------------------------------- Wed Apr 13 18:11:44 CEST 2005 - jbohac@suse.cz - upgrade to version 0.5.1 - fixed compilation warning/errors regarding char/int signedness ------------------------------------------------------------------- Wed Apr 13 18:03:31 CEST 2005 - jbohac@suse.cz - upgrade to version 0.5.1 - fixed compilation warning/errors regarding char/int signedness ------------------------------------------------------------------- Wed Mar 16 12:50:02 CET 2005 - jbohac@suse.cz The patch in the previous release was not applied correctly; fixed. ------------------------------------------------------------------- Tue Mar 15 15:04:04 CET 2005 - jbohac@suse.cz - security fix - insecure header parsing (Bug ID: 64726) ------------------------------------------------------------------- Sat Feb 19 12:20:30 CET 2005 - lmuelle@suse.de - Update to version 0.5. ------------------------------------------------------------------- Wed Jan 05 16:15:17 CET 2005 - jbohac@suse.cz - update to ipsec-tools-0.5-rc1 ------------------------------------------------------------------- Thu Nov 18 11:38:35 CET 2004 - mludvig@suse.cz - Update to version 0.4 ------------------------------------------------------------------- Tue Sep 14 01:38:48 CEST 2004 - ro@suse.de - undef __P first to make it build ------------------------------------------------------------------- Tue Aug 10 11:09:23 CEST 2004 - mludvig@suse.cz - Update to 0.4rc1 ------------------------------------------------------------------- Tue Jun 15 17:08:27 CEST 2004 - mludvig@suse.cz - Update to 0.3.3 to fix a X.509 cert verification security bug. (http://marc.theaimsgroup.com/?l=bugtraq&m=108726102304507&w=2) ------------------------------------------------------------------- Mon May 17 10:21:31 CEST 2004 - mludvig@suse.cz - Fixed comment in racoon.conf (#40576) ------------------------------------------------------------------- Wed Apr 21 11:25:04 CEST 2004 - mludvig@suse.cz - Update to 0.3.1 to fix CAN-2004-0403 ------------------------------------------------------------------- Thu Apr 15 16:25:06 CEST 2004 - mludvig@suse.cz - Update to final 0.3. We had all patches in the package anyway... ------------------------------------------------------------------- Thu Apr 08 14:20:44 CEST 2004 - mludvig@suse.cz - Fixed setkey to support multiline commands in interactive mode. - Added 'exit' command to setkey. The two changes fix TAHI/ipsec tests. - Emit messages about Keep-Alive packets with DEBUG severity instead of INFO. With INFO it only polutes syslog every 20s. ------------------------------------------------------------------- Mon Apr 05 17:58:29 CEST 2004 - mludvig@suse.cz - Fixed X.509 security bug (#38373) ------------------------------------------------------------------- Thu Apr 01 15:39:56 CEST 2004 - mludvig@suse.cz - Report received SADB_X_NAT_T_NEW_MAPPING message. - Avoid segfault with unknown PF_KEY messages. - Move encmode update out of the loop. NAT-T now works even with more than one proposal. ------------------------------------------------------------------- Tue Mar 30 09:41:36 CEST 2004 - mludvig@suse.cz - Rewritten the testsuite to avoid failures on 32b platforms. ------------------------------------------------------------------- Fri Mar 26 14:01:57 CET 2004 - mludvig@suse.cz - Handle input lines one by one in interactive mode (preventing premature exit on syntax error). ------------------------------------------------------------------- Thu Mar 25 18:22:31 CET 2004 - mludvig@suse.cz - Update to 0.3rc4: - Fixed adding "null" encryption via 'setkey'. - Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 - Fixed NAT-T in aggresive mode. - Fixed testsuite and added testsuite run into make check. ------------------------------------------------------------------- Tue Mar 23 10:14:14 CET 2004 - mludvig@suse.cz - Fix segfault with AES. - Enable testsuite. ------------------------------------------------------------------- Mon Mar 22 11:28:00 CET 2004 - mludvig@suse.cz - Fix "null" encryption setup in setkey. ------------------------------------------------------------------- Fri Mar 19 18:21:15 CET 2004 - mludvig@suse.cz - Fix duplicate ipsec service (#36575) - Update to 0.3rc3 ------------------------------------------------------------------- Thu Mar 11 17:05:50 CET 2004 - mludvig@suse.cz - Update to 0.3rc2 ------------------------------------------------------------------- Mon Mar 08 17:57:18 CET 2004 - mludvig@suse.cz - Add sysconfig and init.d files. ------------------------------------------------------------------- Fri Mar 05 16:26:51 CET 2004 - mludvig@suse.cz - Include samples config files in the RPM. ------------------------------------------------------------------- Thu Mar 04 18:57:28 CET 2004 - mludvig@suse.cz - update to 0.3rc1 ------------------------------------------------------------------- Tue Feb 03 15:32:05 CET 2004 - mludvig@suse.cz - Update to 0.2.4 ------------------------------------------------------------------- Mon Jan 26 22:26:58 CET 2004 - ro@suse.de - updated neededforbuild "kernel-source-26" -> "kernel-source" ------------------------------------------------------------------- Thu Jan 15 14:55:01 CET 2004 - mludvig@suse.cz - update to ipsec-tools-0.2.3 ------------------------------------------------------------------- Sat Jan 10 22:00:47 CET 2004 - adrian@suse.de - remove obsolete %run_ldconfig ------------------------------------------------------------------- Tue Dec 23 09:36:57 CET 2003 - mludvig@suse.cz - Recognize IPSEC_DIR_FWD when dumping SPD. ------------------------------------------------------------------- Fri Dec 19 17:57:19 CET 2003 - mludvig@suse.cz - Added many fixes gathered from the mailing list. - Added support for specifying SA lifebytes. ------------------------------------------------------------------- Wed Dec 17 19:52:19 CET 2003 - garloff@suse.de - Package ipsec-tools 0.2.2.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor