Репозитории ALT
S: | 5.9.11-alt1 |
5.1: | 4.3.7-alt1.M51.1 |
4.1: | 4.2.17-alt0.M41.1 |
4.0: | 4.2.17-alt0.M40.1 |
Группа :: Система/Серверы
Пакет: strongswan
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
12 июня 2023 Michael Shigorin <mike at altlinux.org> 5.9.11-alt1
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- don't package pki manpages
- fix conflict with pki-tools (Closes: 32705)
- package strongswan-starter unit
- build charon-nm subpackage with NetworkManager support
- enable charon-cmd build
- fix elf skiplist for plugins
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- NMU: Rebuild with new openssl 1.1.0.
- NMU (by repocop). See http://www.altlinux.org/Tools/Repocop
- applied repocop fixes:
* backup-file-in-package for strongswan-testing
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
+ fixups upon 5.3.4
- new version (watch file uupdate)
+ fixes CVE-2015-8023: authentication bypass in eap-mschapv2, see
https://www.strongswan.org/blog/2015/11/16/
- new version (watch file uupdate)
- new version (watch file uupdate)
+ fixes CVE-2015-4171: client info disclosure, see
https://www.strongswan.org/blog/2015/06/08/
- new version (watch file uupdate)
+ fixes CVE-2015-3991: DoS with potential code execution, see
https://www.strongswan.org/blog/2015/06/01/
- added systemd service
- compiled with swanctl
- built for Sisyphus (thx Vadim)
- new version (watch file uupdate)
- new version (watch file uupdate)
- fixes CVE-2014-9221 (DoS)
- new version (watch file uupdate)
- new version (watch file uupdate)
- new version (watch file uupdate)
- fixes CVE-2014-2338 (authentication bypass via rekeying)
- added watch file
- 5.1.2: http://wiki.strongswan.org/versions/50
+ new default configuration file layout is introduced
+ NTRUEncrypt support - dropped patches (done upstream in a slightly different way)
- 5.1.0: CVE-2013-5018 fix (charon DoS, see also
http://www.strongswan.org/blog/2013/08/01/)
- 5.0.4: CVE-2013-2944 fix (ECDSA signature vulnerability
if openssl backend is loaded)
- 5.0.3
- 5.0.1
- 5.0.0
- buildreq
- 5.0.0rc1
+ pluto is there no more, see also
http://www.strongswan.org/blog/2012/06/20/bye-bye-pluto.html
- 4.6.4
+ CVE-2012-2388 is fixed (an attacker presenting a forged
signature and/or certificate can authenticate as any
legitimate user provided that "gmp" plugin is in use
and a connection definition using RSA auth exists)
- 4.6.3
+ patch2 unneeded (included upstream)
- 4.6.2
- added upstream patch to fix trivial FTBFS
- add configure options: pkcs11,eap-*,dhcp,farp,ha,ctr,ccm,gcm,addrblock
- fix subst_enable for options with "-"
- build with libcap
- drop testing/do-tests as it's not targeted at deployments
but rather used for regression testing by upstream
(maybe the whole subpackage should be purged) - include all plugin-related files
- buildreq
- 4.5.3
+ NB: libstrongswan and plugins moved into a private directory
- 4.5.2
- fix buildrequires
- 4.5.1
+ NB: strongswan.conf parser changes: - 'include' statements implemented
- configuration syntax for the attr plugin has changed
- 4.5.0
+ see http://download.strongswan.org/CHANGES4.txt
+ IMPORTANT: IKEv2 becomes the default key exchange mode - disabled patch0 (deals with non-issue, actually)
- rebuilt against openssl-1.0.0a
- 4.4.1
- added patch following earlier explanation by Tobias Brunner
to force proper linking of libcharon and libhydra against
libstrongswan (this breaks optional integrity tests though)
- 4.3.7: major security fix for snprintf() misuse
introduced in 4.3.3
- 4.4.0
+ see http://download.strongswan.org/CHANGES4.txt - updated patch
- buildreq
- 4.3.6
+ NB: 4.3.5 has seen some plugin shuffling,
check upstream changelog in case of doubt - buildreq (including gperf)
- 4.3.4
- fixed incomplete patch (forgot to actually use prepared variable)
- moved testing docs into a noarch subpackage (thanks repocop)
- patched testing script to avoid 100% predictable /tmp paths
- 4.3.3 (closes: #20849)
+ the RDN parser vulnerability discovered by Orange Labs research team
was not completely fixed in version 4.3.2. Some more modifications
had to be applied to the asn1_length() function to make it robust.
+ thanks crux@ for prompt notification
- 4.3.2
+ disabled patch0 (applied upstream)
+ dropped patch1 (irrelevant with 4.3.x) - finally got around to merging strongswan.git by ildar@
(also closes: #18260)
+ including library subpackage removal
+ initscript status fix - disabled VIA Padlock support on non-x86_32 (fails to build)
- spec cleanup
- buildreq
- 4.2.16 fixes DoS vulnerability in the ASN.1 parser;
thanks crux@ for notification (closes: #20527)
- 4.2.15 fixes two DoS issues with charon
+ sending a malformed IKE_SA_INIT request leaved an incomplete state
which caused a null pointer dereference if a subsequent
CREATE_CHILD_SA request was sent
+ sending an IKE_AUTH request with either a missing TSi or TSr payload
caused a null pointer derefence because the checks for TSi and TSr
were interchanged
+ patch2 unneeded (included upstream) - thanks crux@ for heads-up (closes: #20206)
- 4.2.14 fixes CVE-2009-0790: DoS against dead peer detection code
- fixed FTBFS with glibc-2.9
- appled vendor patch fixing invalid IKE state issue
- added a patch to avoid superfluous file dependencies
- fixed ntpd comments in initscript ;-)
- 4.2.10
- removed patches (builds as is)
- spec cleanup
- new version
- many new features
- spec refactoring
- Rebuild for x86_64
- cleanup spec
- move libraries to separate package
- new version
- initial packaging