jengelh/strongswan
SHA256
1
0
Fork 1
forked from pool/strongswan
Code Pull Requests Activity
d911ed5612
strongswan/strongswan-5.1.1-rpmlintrc
Marius Tomaschewski 2f4b26b633 - Updated to strongSwan 5.1.1 minor release addressing two security 
fixes (bnc#847506,CVE-2013-6075, bnc#847509,CVE-2013-6076):
  - Fixed a denial-of-service vulnerability and potential authorization
    bypass triggered by a crafted ID_DER_ASN1_DN ID payload. The cause
    is an insufficient length check when comparing such identities. The
    vulnerability has been registered as CVE-2013-6075.
  - Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
    fragmentation payload. The cause is a NULL pointer dereference. The
    vulnerability has been registered as CVE-2013-6076.
  - The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS
    session with a strongSwan policy enforcement point which uses the
    tnc-pdp charon plugin.
  - The new TCG TNC SWID IMC/IMV pair supports targeted SWID requests
    for either full SWID Tag or concise SWID Tag ID inventories.
  - The XAuth backend in eap-radius now supports multiple XAuth
    exchanges for different credential types and display messages.
    All user input gets concatenated and verified with a single
    User-Password RADIUS attribute on the AAA. With an AAA supporting
    it, one for example can implement Password+Token authentication with
    proper dialogs on iOS and OS X clients.  - charon supports IKEv1 Mode
    Config exchange in push mode. The ipsec.conf modeconfig=push option
    enables it for both client and server, the same way as pluto used it.
  - Using the "ah" ipsec.conf keyword on both IKEv1 and IKEv2
    connections, charon can negotiate and install Security Associations
    integrity-protected by the Authentication Header protocol. Supported
    are plain AH(+IPComp) SAs only, but not the deprecated RFC2401 style
    ESP+AH bundles.
  [...]

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=62
2013-11-01 12:47:59 +00:00

10 lines
428 B
Plaintext
Raw Blame History

### Known warnings:
# - traditional name
addFilter("strongswan.* incoherent-init-script-name ipsec")
# - readme only, triggers full ipsec + ikev1&ikev2 install
addFilter("strongswan.* no-binary")
# - link to init script, covered by service(8)
addFilter("strongswan.* no-manual-page-for-binary rcipsec")
# - no, restating tunnels on update may break the update
addFilter("strongswan.*restart_on_update-postun /etc/init.d/ipsec")
View Git Blame Copy Permalink