forked from pool/strongswan
Marius Tomaschewski
2645720915
- Fixed a security vulnerability in the gmp plugin. If this
plugin was used for RSA signature verification an empty or
zeroed signature was handled as a legitimate one
(bnc#761325, CVE-2012-2388).
- Fixed several issues with reauthentication and address updates.
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=46
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| README.SUSE | ||
| strongswan_modprobe_syslog.patch | ||
| strongswan-4.6.4-fmt-warnings.patch | ||
| strongswan-4.6.4-rpmlintrc | ||
| strongswan-4.6.4.tar.bz2 | ||
| strongswan-4.6.4.tar.bz2.sig | ||
| strongswan.changes | ||
| strongswan.init.in | ||
| strongswan.spec | ||
Dear Customer, please note, that the strongswan release 4.5 changes the keyexchange mode to IKEv2 as default -- from strongswan-4.5.0/NEWS: "[...] IMPORTANT: the default keyexchange mode 'ike' is changing with release 4.5 from 'ikev1' to 'ikev2', thus commemorating the five year anniversary of the IKEv2 RFC 4306 and its mature successor RFC 5996. The time has definitively come for IKEv1 to go into retirement and to cede its place to the much more robust, powerful and versatile IKEv2 protocol! [...]" This requires adoption of either the "conn %default" or all other IKEv1 "conn" sections in the /etc/ipsec.conf to use explicit: keyexchange=ikev1 The strongswan package does no provide any files any more, but triggers the installation of both, IKEv1 (pluto) and IKEv2 (charon) daemons and the traditional starter scripts inclusive of the /etc/init.d/ipsec init script and /etc/ipsec.conf file. There is a new strongswan-nm package with a NetworkManager plugin to control the charon IKEv2 daemon through D-Bus, designed to work using the NetworkManager-strongswan graphical user interface. It does not depend on the traditional starter scripts, but on the IKEv2 charon daemon and plugins only. Have a lot of fun...