Репозитории ALT
S: | 5.9.11-alt1 |
5.1: | 4.3.7-alt1.M51.1 |
4.1: | 4.2.17-alt0.M41.1 |
4.0: | 4.2.17-alt0.M40.1 |
Группа :: Система/Серверы
Пакет: strongswan
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
30 апреля 2013 Michael Shigorin <mike at altlinux.org> 4.3.7-alt1.M51.1
- applied the upstream provided patch to fix CVE-2013-2944
(ECDSA signature vulnerability if openssl backend is loaded)
- 4.3.7: major security fix for snprintf() misuse
introduced in 4.3.3
- 4.3.6
+ NB: 4.3.5 has seen some plugin shuffling,
check upstream changelog in case of doubt - buildreq (including gperf)
- 4.3.4
- fixed incomplete patch (forgot to actually use prepared variable)
- moved testing docs into a noarch subpackage (thanks repocop)
- patched testing script to avoid 100% predictable /tmp paths
- 4.3.3 (closes: #20849)
+ the RDN parser vulnerability discovered by Orange Labs research team
was not completely fixed in version 4.3.2. Some more modifications
had to be applied to the asn1_length() function to make it robust.
+ thanks crux@ for prompt notification
- 4.3.2
+ disabled patch0 (applied upstream)
+ dropped patch1 (irrelevant with 4.3.x) - finally got around to merging strongswan.git by ildar@
(also closes: #18260)
+ including library subpackage removal
+ initscript status fix - disabled VIA Padlock support on non-x86_32 (fails to build)
- spec cleanup
- buildreq
- 4.2.16 fixes DoS vulnerability in the ASN.1 parser;
thanks crux@ for notification (closes: #20527)
- 4.2.15 fixes two DoS issues with charon
+ sending a malformed IKE_SA_INIT request leaved an incomplete state
which caused a null pointer dereference if a subsequent
CREATE_CHILD_SA request was sent
+ sending an IKE_AUTH request with either a missing TSi or TSr payload
caused a null pointer derefence because the checks for TSi and TSr
were interchanged
+ patch2 unneeded (included upstream) - thanks crux@ for heads-up (closes: #20206)
- 4.2.14 fixes CVE-2009-0790: DoS against dead peer detection code
- fixed FTBFS with glibc-2.9
- appled vendor patch fixing invalid IKE state issue
- added a patch to avoid superfluous file dependencies
- fixed ntpd comments in initscript ;-)
- 4.2.10
- removed patches (builds as is)
- spec cleanup
- new version
- many new features
- spec refactoring
- Rebuild for x86_64
- cleanup spec
- move libraries to separate package
- new version
- initial packaging