jengelh/strongswan
SHA256
1
0
Fork 3
forked from pool/strongswan
Code Pull Requests Activity
212 Commits 2 Branches 0 Tags
master
Commit Graph

212 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Jan Engelhardt
53632c49fa Add iptfs.conf to %files 2025-07-18 10:46:57 +02:00
Jan Engelhardt
c518881469 strongswan 6.0.2 2025-07-15 09:43:41 +02:00
Jan Engelhardt
a349c94a20 Remove more SOUP remnants 2025-06-05 09:45:03 +02:00
Jan Engelhardt
e3502ad9e6 Use pkgconfig() 2025-06-05 09:43:41 +02:00
Mike Gorse
536eb7d187 Disable soup fetcher 2025-06-03 12:47:17 -05:00
Friedrich Haubensak
80eefc4b75 Add patches (upstream commits) to fix build errors with gcc-15 2025-05-07 01:55:40 +02:00
Jan Engelhardt
e7014e37ae strongswan 6.0.1 2025-03-11 21:45:25 +01:00
Jan Engelhardt
46bea02645 Re-enable stroke backend for now 2024-12-12 12:06:25 +01:00
Jan Engelhardt
b5f8ae4845 strongswan 6.0.0 2024-12-04 02:21:06 +01:00
Dirk Mueller
da8f2965e2 rename -hmac subpackage to -fips 2024-11-26 13:56:30 +02:00
Ana Guerrero
3e9069345b Accepting request 1181997 from network:vpn 
- Update description of ipsec package: no longer mention
  /etc/init.d, which is not there for a long time anymore.
- Drop legacy rc* -> sbin/service symlink. This was compatibilty
  boilerplate to transparently move between SySV and systemd
  [jsc#PED-264]. (forwarded request 1181914 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/1181997
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=96
 2024-06-21 14:02:56 +00:00
Jan Engelhardt
233d1d3c87 - Update description of ipsec package: no longer mention 
/etc/init.d, which is not there for a long time anymore.
- Drop legacy rc* -> sbin/service symlink. This was compatibilty
  boilerplate to transparently move between SySV and systemd
  [jsc#PED-264].

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=163
 2024-06-20 17:00:41 +00:00
Ana Guerrero
6f280319a6 Accepting request 1160698 from network:vpn 
- Update to release 5.9.14

OBS-URL: https://build.opensuse.org/request/show/1160698
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=95
 2024-03-26 18:24:36 +00:00
Jan Engelhardt
f66e3493f1 - Update to release 5.9.14 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=161
 2024-03-19 15:09:14 +00:00
Ana Guerrero
254c06c48b Accepting request 1151765 from network:vpn 
OBS-URL: https://build.opensuse.org/request/show/1151765
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=94
 2024-02-27 21:45:09 +00:00
Mohd Saquib
a9e9a1d03f Accepting request 1151555 from home:dimstar:rpm4.20:s 
Prepare for RPM 4.20

OBS-URL: https://build.opensuse.org/request/show/1151555
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=159
 2024-02-26 14:21:48 +00:00
Dominique Leuenberger
5f45b7ef11 Accepting request 1132112 from network:vpn 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1132112
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=93
 2023-12-09 21:49:13 +00:00
Jan Engelhardt
83fb9474bf - Update to release 5.9.13 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=157
 2023-12-01 10:34:18 +00:00
Ana Guerrero
caa40408d4 Accepting request 1129146 from network:vpn 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1129146
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=92
 2023-11-27 21:42:05 +00:00
Jan Engelhardt
f19225222f - Update to release 5.9.12 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=155
 2023-11-20 13:44:45 +00:00
Dominique Leuenberger
e08e5b1209 Accepting request 1094810 from network:vpn 
OBS-URL: https://build.opensuse.org/request/show/1094810
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=91
 2023-06-24 18:13:38 +00:00
Mohd Saquib
26fbd0f033 Accepting request 1094809 from home:msaquib:branches:network:vpn 
- Removed .hmac files + hmac integrity check logic from strongswan-hmac
  package as it is not mandated anymore by FIPS (boo#1185116)
- Removed folliwng files:
  [- strongswan_fipscheck.patch]
  [- fipscheck.sh.in]
  Note: strongswan-hmac package is not removed as it still provides a
  config file that doesn't allow non-fips approved algorithms

OBS-URL: https://build.opensuse.org/request/show/1094809
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=153
 2023-06-23 09:01:07 +00:00
Dominique Leuenberger
9c6e69afad Accepting request 1092643 from network:vpn 
- Remove pre-SLE15 build logic
- Update to release 5.9.11

OBS-URL: https://build.opensuse.org/request/show/1092643
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=90
 2023-06-14 14:28:35 +00:00
Jan Engelhardt
8c5539213c compact/trim changelog - https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM) 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=151
 2023-06-12 15:57:20 +00:00
Jan Engelhardt
a937e6040b OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=150 2023-06-12 15:55:07 +00:00
Mohd Saquib
73a1c9e320 Accepting request 1092621 from home:msaquib:branches:network:vpn 
- Update to release 5.9.11
  * A long-standing deadlock in the vici plugin has been fixed that
    could get triggered when multiple connections were
    initiated/terminated concurrently and control-log events were
    raised by the watcher_t component (#566). 
  * In compliance with RFC 5280, CRLs now have to be signed by a
    certificate that either encodes the cRLSign keyUsage bit
    (even if it is a CA certificate), or is a CA certificate without
    a keyUsage extension. strongSwan encodes a keyUsage extension
    with cRLSign bit set in all CA certificates since 13 years. And
    before that it didn't encode the extension, so these certificates
    would also be accepted as CRL issuer in case they are still valid
    (7dc82de).
  * Support for optional CA labels in EST server URIs
    (e.g. https://www.example.org/.well-known/est/arbitraryLabel1/<operation>)
    was added to the pki --est and pki --estca commands (#1614).
  * The pkcs7 and openssl plugins now support CMS-style signatures in
    PKCS#7 containers, which allows verifying RSA-PSS and ECDSA
    signatures (#1615).
  * Fixed a regression in the server implementation of EAP-TLS when
    using TLS 1.2 or earlier that was introduced with 5.9.10
    (#1613, 3d0d3f5).
  * The EAP-TLS client does now enforce that the TLS handshake is
    complete when using TLS 1.2 or earlier. It was possible to
    shortcut it by sending an early EAP-Success message. Note that
    this isn't a security issue as the server is authenticated at
    that point (db87087).
  * On Linux, the kernel-libipsec plugin can now optionally handle
    ESP packets without UDP encapsulation (uses RAW sockets, disabled
    by default, e3cb756). The plugin and libipsec also gained support

OBS-URL: https://build.opensuse.org/request/show/1092621
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=149
 2023-06-12 15:41:55 +00:00
Dominique Leuenberger
657b2da015 Accepting request 1077378 from network:vpn 
OBS-URL: https://build.opensuse.org/request/show/1077378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=89
 2023-04-07 16:16:14 +00:00
Mohd Saquib
8148349f08 Accepting request 1077377 from home:msaquib:branches:network:vpn 
- Allow to use stroke aka ipsec interface by default instead of
  vici aka swanctl interface which is current upstream's default.
  strongswan.service which enables swanctl interface is masked to
  stop interfering with the ipsec interface (bsc#1184144)
- Removes deprecated SysV support

OBS-URL: https://build.opensuse.org/request/show/1077377
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=147
 2023-04-05 00:16:41 +00:00
Dominique Leuenberger
89db574bcf Accepting request 1068724 from network:vpn 
- Update to release 5.9.10

OBS-URL: https://build.opensuse.org/request/show/1068724
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=88
 2023-03-03 21:24:35 +00:00
Jan Engelhardt
9178e03a23 upgrade note 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=145
 2023-03-02 14:21:28 +00:00
Jan Engelhardt
016cf7b1e8 - Update to release 5.9.10 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=144
 2023-03-02 13:42:24 +00:00
Mohd Saquib
e8a63e6496 Accepting request 1068696 from home:msaquib:branches:network:vpn 
- Added patch to fix a vulnerability in incorrectly accepted
  untrusted public key with incorrect refcount
  (CVE-2023-26463 boo#1208608)
  [+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]

OBS-URL: https://build.opensuse.org/request/show/1068696
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=143
 2023-03-02 13:26:11 +00:00
Mohd Saquib
fe861579d5 Accepting request 1068689 from home:msaquib:branches:network:vpn 
- Fixed a vulnerability in incorrectly accepted untrusted public key
  with incorrect refcount (CVE-2023-26463 boo#1208608).

OBS-URL: https://build.opensuse.org/request/show/1068689
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=142
 2023-03-02 12:45:07 +00:00
Dominique Leuenberger
0da0fea063 Accepting request 1046554 from network:vpn 
- Update to release 5.9.9

OBS-URL: https://build.opensuse.org/request/show/1046554
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=87
 2023-01-04 17:10:26 +00:00
Jan Engelhardt
3ce027ac91 - Update to release 5.9.9 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=140
 2023-01-03 13:25:43 +00:00
Dominique Leuenberger
02464c0051 Accepting request 1009635 from network:vpn 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1009635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=86
 2022-10-12 16:22:45 +00:00
Jan Engelhardt
b632de741c - Update to release 5.9.8 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=138
 2022-10-03 23:19:08 +00:00
Dominique Leuenberger
4e2b66f537 Accepting request 991802 from network:vpn 
- Update to release 5.9.7

OBS-URL: https://build.opensuse.org/request/show/991802
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=85
 2022-08-02 20:08:35 +00:00
Jan Engelhardt
ae2f35131d heed changelog syntax requirements 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=137
 2022-07-30 09:44:05 +00:00
Jan Engelhardt
abbd490880 Accepting request 991798 from home:p_conrad:branches 
This resolves one issue in particular that caused failures in Tumbleweed, see https://forums.opensuse.org/showthread.php/569960-Latest-strongswan-ipsec-crashes-on-startup .

- Update to release 5.9.7
  * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
  * Inbound IKEv2 messages, in particular requests, are now processed differently.
  * The retransmission logic in the dhcp plugin has been fixed (#1154).
  * The connmark plugin now considers configured masks in installed firewall rules (#1087).
  * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
  * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
  * The openssl plugin supports AES and Camellia in CTR mode (112bb46).
  * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
  * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
  * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).

OBS-URL: https://build.opensuse.org/request/show/991798
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=136
 2022-07-30 09:43:14 +00:00
Dominique Leuenberger
f3e86a936a Accepting request 975521 from network:vpn 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/975521
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=84
 2022-05-08 19:52:07 +00:00
Jan Engelhardt
0bed40c9cb - Update to release 5.9.6 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=135
 2022-04-30 08:43:01 +00:00
Dominique Leuenberger
2455babbdb Accepting request 963708 from network:vpn 
OBS-URL: https://build.opensuse.org/request/show/963708
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=83
 2022-03-23 19:15:41 +00:00
Jan Engelhardt
e1b454dc30 Accepting request 962674 from home:msmeissn:branches:network:vpn 
resubmit without hacky namespace change


- prf-plus-modularization.patch: updated from upstream branch
  after certifier feedback, SKEYSEED generated via HKDF-Extract.

OBS-URL: https://build.opensuse.org/request/show/962674
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=134
 2022-03-21 14:06:21 +00:00
Dominique Leuenberger
7ab7c7ff71 Accepting request 960587 from network:vpn 
OBS-URL: https://build.opensuse.org/request/show/960587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=82
 2022-03-11 20:41:06 +00:00
Jan Engelhardt
00a00a6acf Accepting request 960489 from home:msmeissn:branches:network:vpn 
- Added prf-plus-modularization.patch that outsources the IKE 
  key derivation to openssl. (will be merged to 5.9.6)
- package the kdf config, template and plugin

OBS-URL: https://build.opensuse.org/request/show/960489
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=133
 2022-03-09 18:30:05 +00:00
Dominique Leuenberger
de536ef929 Accepting request 950403 from network:vpn 
OBS-URL: https://build.opensuse.org/request/show/950403
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=81
 2022-02-03 23:45:45 +00:00
Jan Engelhardt
08b9de7ac5 Accepting request 950382 from home:msmeissn:branches:network:vpn 
add more references for later sle import

OBS-URL: https://build.opensuse.org/request/show/950382
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=132
 2022-02-01 11:40:00 +00:00
Dominique Leuenberger
3e374b588f Accepting request 949260 from network:vpn 
OBS-URL: https://build.opensuse.org/request/show/949260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=80
 2022-01-26 20:26:51 +00:00
Jan Engelhardt
61572aaddb - Update to release 5.9.5 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=131
 2022-01-26 12:33:44 +00:00