1
0
forked from pool/strongswan
Commit Graph

78 Commits

Author SHA256 Message Date
5bcad554c1 - Disabled sqlite plugin on SLE-10 -- sqlite3 lib is too old there.
- Applied patch by Jiri Bohac fixing error-type range in parsing of
  NOTIFY payloads (RFC 4306, section 3.10.1).

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=19
2010-08-10 11:47:44 +00:00
60e7ee609f - Updated to strongSwan 4.4.1 release, changes since 4.4.0 are:
* Support of xfrm marks in IPsec SAs and IPsec policies introduced
    with the Linux 2.6.34 kernel.
    For details see the example scenarios ikev2/nat-two-rw-mark,
    ikev2/rw-nat-mark-in-out and ikev2/net2net-psk-dscp.
  * The PLUTO_MARK_IN and PLUTO_ESP_ENC environment variables can be
    used in a user-specific updown script to set marks on inbound ESP
    or ESP_IN_UDP packets.
  * The openssl plugin now supports X.509 certificate and CRL functions.
  * OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
    enabled by default.
    Plase update manual load directives in strongswan.conf.
  * RFC3779 ipAddrBlock constraint checking has been moved to the
    addrblock plugin, disabled by default. Enable it and update manual
    load directives in strongswan.conf, if required.
  * The pki utility supports CRL generation using the --signcrl command.
  * The ipsec pki --self, --issue and --req commands now support output
    in PEM format using the --outform pem option.
  * The major refactoring of the IKEv1 Mode Config functionality now
    allows the transport and handling of any Mode Config attribute.
  * The RADIUS proxy plugin eap-radius now supports multiple servers.
    Configured servers are chosen randomly, with the option to prefer
    a specific server.  Non-responding servers are degraded by the
    selection process.
  * The ipsec pool tool manages arbitrary configuration attributes
    stored in an SQL database. ipsec pool --help gives the details.
  * The new eap-simaka-sql plugin acts as a backend for EAP-SIM and
    EAP-AKA, reading triplets/quintuplets from an SQL database.
  * The High Availability plugin now supports a HA enabled in-memory
    address pool and Node reintegration without IKE_SA rekeying. The
    latter allows clients without IKE_SA rekeying support to keep
    connected during reintegration. Additionally, many other issues
    have been fixed in the ha plugin.
  * Fixed a potential remote code execution vulnerability resulting
    from the misuse of snprintf(). The vulnerability is exploitable
    by unauthenticated users.
- Removed obsolete snprintf security fix, adopted spec file
- Enabled the eap-sim,eap-sim-file,eap-simaka-sql,eap-simaka-reauth,
  eap-simaka-pseudonym,eap-aka-3gpp2,md4,blowfish,addrblock plugins.
- Enabled the mysql, sqlite, load-tester and test-vectors plugins,
  that are packaged into separate mysql,sqlite,tests sub packages.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=18
2010-08-10 11:02:18 +00:00
5b5f0218e2 osc copypac from project:openSUSE:11.3:Update:Test package:strongswan revision:1
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=16
2010-08-06 14:49:00 +00:00
OBS User buildservice-autocommit
e0300ff4a3 Updating link to change in openSUSE:Factory/strongswan revision 22.0
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=91f30aa8d69256168f002e92d5713ace
2010-07-02 14:47:18 +00:00
ea9aa4d490 - Added README.SUSE to source list in the spec file.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=14
2010-07-02 14:19:28 +00:00
OBS User buildservice-autocommit
34b5343619 Updating link to change in openSUSE:Factory/strongswan revision 21.0
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=d1558aa4e99adb1ae525217e7ae967f7
2010-05-31 16:22:37 +00:00
OBS User autobuild
8de2037089 Accepting request 40896 from network:vpn
checked in (request 40896)

OBS-URL: https://build.opensuse.org/request/show/40896
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=13
2010-05-31 16:22:33 +00:00
6d0766776d - Enabled dhcp, farp, ha, socket-dynamic, agent, eap and sql plugins.
- Enabled NetworkManager nm plugin in a separate strongswan-nm package.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=12
2010-05-14 19:20:22 +00:00
a4ce526c51 Removed version check
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=11
2010-05-14 15:14:32 +00:00
bb81a4479d - Updated to strongSwan 4.4.0 release, changes since 4.3.6 are:
* The IKEv2 High Availability plugin has been integrated. It
  provides load sharing and failover capabilities in a cluster of
  currently two nodes, based on an extend ClusterIP kernel module.
  More information is available at
  http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
  The development of the High Availability functionality was sponsored
  by secunet Security Networks AG.
  * Added IKEv1 and IKEv2 configuration support for the AES-GMAC
  authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux
  2.6.34 kernel is required to make AES-GMAC available via the XFRM
  kernel interface.
  * Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp,
  gcrypt and openssl plugins, usable by both pluto and charon. The new
  proposal keywords are modp1024s160, modp2048s224 and modp2048s256.
  Thanks to Joy Latten from IBM for her contribution.
  * The IKEv1 pluto daemon supports RAM-based virtual IP pools using
  the rightsourceip directive with a subnet from which addresses
  are allocated.
  * The ipsec pki --gen and --pub commands now allow the output of
  private and public keys in PEM format using the --outform pem
  command line option.
  * The new DHCP plugin queries virtual IP addresses for clients from
  a DHCP server using broadcasts, or a defined server using the
  charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server
  information is additionally served to clients if the DHCP server
  provides such information. The plugin is used in ipsec.conf
  configurations having rightsourceip set to %dhcp.
  * A new plugin called farp fakes ARP responses for virtual IP
  addresses handed out to clients from the IKEv2 daemon charon. The
  plugin lets a road-warrior act as a client on the local LAN if it
  uses a virtual IP from the responders subnet, e.g. acquired using
  the DHCP plugin.
  * The existing IKEv2 socket implementations have been migrated to
  the socket-default and the socket-raw plugins.  The new
  socket-dynamic plugin binds sockets dynamically to ports configured
  via the left-/rightikeport ipsec.conf connection parameters.
  * The android charon plugin stores received DNS server information
  as "net.dns" system properties, as used by the Android platform.
- Splitted package into strongswan-ipsec, that install the traditional
  ipsec service starter scripts, -ikev1 and -ikev2 installing daemons
  and -libs0, that contains the library and plugins.
- Enabled NetworkManager, dhcp, farp, ha and socket-dynamic plugins,
  with NetworkManager plugin in a separate strongswan-nm package.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=10
2010-05-14 15:10:14 +00:00
OBS User autobuild
cf104ead60 Accepting request 33800 from network:vpn
Copy from network:vpn/strongswan based on submit request 33800 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/33800
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=19
2010-03-05 10:51:28 +00:00
OBS User autobuild
70feac5f48 Accepting request 20845 from network
Copy from network/strongswan based on submit request 20845 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/20845
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=17
2009-09-23 19:18:20 +00:00
OBS User autobuild
cf3fca2b32 Accepting request 19857 from network
Copy from network/strongswan based on submit request 19857 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/19857
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=16
2009-09-04 00:27:18 +00:00
OBS User autobuild
3ce3e4b5e0 Accepting request 19338 from network
Copy from network/strongswan based on submit request 19338 from user mtomaschewski

OBS-URL: https://build.opensuse.org/request/show/19338
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=15
2009-09-02 16:59:56 +00:00
OBS User unknown
704cfd98ac OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=14 2009-07-30 21:00:09 +00:00
OBS User unknown
380fc5b493 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=13 2009-07-14 21:56:37 +00:00
OBS User unknown
47413c56c2 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=12 2009-06-08 09:04:10 +00:00
OBS User unknown
18ed32232d OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=11 2009-06-07 21:01:03 +00:00
OBS User unknown
ed54a2e985 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=10 2009-04-02 16:51:38 +00:00
OBS User unknown
f1c08d14e3 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=9 2008-10-22 16:50:36 +00:00
OBS User unknown
ca63ce53ec OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=8 2008-10-14 17:24:21 +00:00
OBS User unknown
15ae089190 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=7 2008-08-28 23:51:42 +00:00
OBS User unknown
27260ae183 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=6 2008-08-28 10:57:23 +00:00
OBS User unknown
288f1b2851 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=5 2008-07-11 20:15:59 +00:00
OBS User unknown
0bd5d2a61e OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=4 2008-05-22 02:41:53 +00:00
OBS User unknown
ece66d5641 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=3 2008-04-25 14:46:58 +00:00
OBS User unknown
3a50c4dfde OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=2 2008-02-19 13:17:02 +00:00
OBS User unknown
6e9e4ef022 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 03:49:24 +00:00