- Update to release 5.9.6

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=135
2022-04-30 08:43:01 +00:00
parent e1b454dc30
commit 0bed40c9cb
7 changed files with 40 additions and 15942 deletions
--- a/strongswan.changes
+++ b/strongswan.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 5.9.6
+  * Support for labeled IPsec with IKEv2
+    (draft-ietf-ipsecme-labeled-ipsec) has been added. Two modes
+    are currently supported.
+  * The secrets used for generating COOKIE payloads are now
+    switched based on a time limit (2 minutes) and not the
+    previous usage limit (10'000 generated cookies).
+  * Actively initiating duplicate CHILD_SAs within the same
+    IKE_SA is now largely prevented.
+  * If the source address is unknown when initiating an IKEv2 SA,
+    a NAT situation is now forced for IPv4 (for IPv6, NAT-T is
+    disabled) to avoid causing asymmetric enabling of
+    UDP-encapsulation.
+  * The main two steps of the IKEv2 key derivation (PRF/prf+)
+    have been modularized. In particular, prf+ is now provided by
+    a plugin.
+- Drop prf-plus-modularization.patch
+
 -------------------------------------------------------------------
 Wed Mar 16 12:57:46 UTC 2022 - Marcus Meissner <meissner@suse.com>