Commit Graph

196 Commits

Author SHA256 Message Date
Dominique Leuenberger
5f45b7ef11 Accepting request 1132112 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1132112
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=93
2023-12-09 21:49:13 +00:00
83fb9474bf - Update to release 5.9.13
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=157
2023-12-01 10:34:18 +00:00
Ana Guerrero
caa40408d4 Accepting request 1129146 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1129146
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=92
2023-11-27 21:42:05 +00:00
f19225222f - Update to release 5.9.12
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=155
2023-11-20 13:44:45 +00:00
Dominique Leuenberger
e08e5b1209 Accepting request 1094810 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1094810
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=91
2023-06-24 18:13:38 +00:00
Mohd Saquib
26fbd0f033 Accepting request 1094809 from home:msaquib:branches:network:vpn
- Removed .hmac files + hmac integrity check logic from strongswan-hmac
  package as it is not mandated anymore by FIPS (boo#1185116)
- Removed folliwng files:
  [- strongswan_fipscheck.patch]
  [- fipscheck.sh.in]
  Note: strongswan-hmac package is not removed as it still provides a
  config file that doesn't allow non-fips approved algorithms

OBS-URL: https://build.opensuse.org/request/show/1094809
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=153
2023-06-23 09:01:07 +00:00
Dominique Leuenberger
9c6e69afad Accepting request 1092643 from network:vpn
- Remove pre-SLE15 build logic
- Update to release 5.9.11

OBS-URL: https://build.opensuse.org/request/show/1092643
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=90
2023-06-14 14:28:35 +00:00
8c5539213c compact/trim changelog - https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=151
2023-06-12 15:57:20 +00:00
a937e6040b OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=150 2023-06-12 15:55:07 +00:00
Mohd Saquib
73a1c9e320 Accepting request 1092621 from home:msaquib:branches:network:vpn
- Update to release 5.9.11
  * A long-standing deadlock in the vici plugin has been fixed that
    could get triggered when multiple connections were
    initiated/terminated concurrently and control-log events were
    raised by the watcher_t component (#566). 
  * In compliance with RFC 5280, CRLs now have to be signed by a
    certificate that either encodes the cRLSign keyUsage bit
    (even if it is a CA certificate), or is a CA certificate without
    a keyUsage extension. strongSwan encodes a keyUsage extension
    with cRLSign bit set in all CA certificates since 13 years. And
    before that it didn't encode the extension, so these certificates
    would also be accepted as CRL issuer in case they are still valid
    (7dc82de).
  * Support for optional CA labels in EST server URIs
    (e.g. https://www.example.org/.well-known/est/arbitraryLabel1/<operation>)
    was added to the pki --est and pki --estca commands (#1614).
  * The pkcs7 and openssl plugins now support CMS-style signatures in
    PKCS#7 containers, which allows verifying RSA-PSS and ECDSA
    signatures (#1615).
  * Fixed a regression in the server implementation of EAP-TLS when
    using TLS 1.2 or earlier that was introduced with 5.9.10
    (#1613, 3d0d3f5).
  * The EAP-TLS client does now enforce that the TLS handshake is
    complete when using TLS 1.2 or earlier. It was possible to
    shortcut it by sending an early EAP-Success message. Note that
    this isn't a security issue as the server is authenticated at
    that point (db87087).
  * On Linux, the kernel-libipsec plugin can now optionally handle
    ESP packets without UDP encapsulation (uses RAW sockets, disabled
    by default, e3cb756). The plugin and libipsec also gained support

OBS-URL: https://build.opensuse.org/request/show/1092621
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=149
2023-06-12 15:41:55 +00:00
Dominique Leuenberger
657b2da015 Accepting request 1077378 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/1077378
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=89
2023-04-07 16:16:14 +00:00
Mohd Saquib
8148349f08 Accepting request 1077377 from home:msaquib:branches:network:vpn
- Allow to use stroke aka ipsec interface by default instead of
  vici aka swanctl interface which is current upstream's default.
  strongswan.service which enables swanctl interface is masked to
  stop interfering with the ipsec interface (bsc#1184144)
- Removes deprecated SysV support

OBS-URL: https://build.opensuse.org/request/show/1077377
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=147
2023-04-05 00:16:41 +00:00
Dominique Leuenberger
89db574bcf Accepting request 1068724 from network:vpn
- Update to release 5.9.10

OBS-URL: https://build.opensuse.org/request/show/1068724
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=88
2023-03-03 21:24:35 +00:00
9178e03a23 upgrade note
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=145
2023-03-02 14:21:28 +00:00
016cf7b1e8 - Update to release 5.9.10
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=144
2023-03-02 13:42:24 +00:00
Mohd Saquib
e8a63e6496 Accepting request 1068696 from home:msaquib:branches:network:vpn
- Added patch to fix a vulnerability in incorrectly accepted
  untrusted public key with incorrect refcount
  (CVE-2023-26463 boo#1208608)
  [+ CVE-2023-26463_tls_auth_bypass_exp_pointer.patch]

OBS-URL: https://build.opensuse.org/request/show/1068696
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=143
2023-03-02 13:26:11 +00:00
Mohd Saquib
fe861579d5 Accepting request 1068689 from home:msaquib:branches:network:vpn
- Fixed a vulnerability in incorrectly accepted untrusted public key
  with incorrect refcount (CVE-2023-26463 boo#1208608).

OBS-URL: https://build.opensuse.org/request/show/1068689
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=142
2023-03-02 12:45:07 +00:00
Dominique Leuenberger
0da0fea063 Accepting request 1046554 from network:vpn
- Update to release 5.9.9

OBS-URL: https://build.opensuse.org/request/show/1046554
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=87
2023-01-04 17:10:26 +00:00
3ce027ac91 - Update to release 5.9.9
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=140
2023-01-03 13:25:43 +00:00
Dominique Leuenberger
02464c0051 Accepting request 1009635 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1009635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=86
2022-10-12 16:22:45 +00:00
b632de741c - Update to release 5.9.8
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=138
2022-10-03 23:19:08 +00:00
Dominique Leuenberger
4e2b66f537 Accepting request 991802 from network:vpn
- Update to release 5.9.7

OBS-URL: https://build.opensuse.org/request/show/991802
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=85
2022-08-02 20:08:35 +00:00
ae2f35131d heed changelog syntax requirements
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=137
2022-07-30 09:44:05 +00:00
abbd490880 Accepting request 991798 from home:p_conrad:branches
This resolves one issue in particular that caused failures in Tumbleweed, see https://forums.opensuse.org/showthread.php/569960-Latest-strongswan-ipsec-crashes-on-startup .

- Update to release 5.9.7
  * The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
  * Inbound IKEv2 messages, in particular requests, are now processed differently.
  * The retransmission logic in the dhcp plugin has been fixed (#1154).
  * The connmark plugin now considers configured masks in installed firewall rules (#1087).
  * Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
  * The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
  * The openssl plugin supports AES and Camellia in CTR mode (112bb46).
  * The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
  * The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
  * The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).

OBS-URL: https://build.opensuse.org/request/show/991798
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=136
2022-07-30 09:43:14 +00:00
Dominique Leuenberger
f3e86a936a Accepting request 975521 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/975521
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=84
2022-05-08 19:52:07 +00:00
0bed40c9cb - Update to release 5.9.6
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=135
2022-04-30 08:43:01 +00:00
Dominique Leuenberger
2455babbdb Accepting request 963708 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/963708
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=83
2022-03-23 19:15:41 +00:00
e1b454dc30 Accepting request 962674 from home:msmeissn:branches:network:vpn
resubmit without hacky namespace change


- prf-plus-modularization.patch: updated from upstream branch
  after certifier feedback, SKEYSEED generated via HKDF-Extract.

OBS-URL: https://build.opensuse.org/request/show/962674
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=134
2022-03-21 14:06:21 +00:00
Dominique Leuenberger
7ab7c7ff71 Accepting request 960587 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/960587
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=82
2022-03-11 20:41:06 +00:00
00a00a6acf Accepting request 960489 from home:msmeissn:branches:network:vpn
- Added prf-plus-modularization.patch that outsources the IKE 
  key derivation to openssl. (will be merged to 5.9.6)
- package the kdf config, template and plugin

OBS-URL: https://build.opensuse.org/request/show/960489
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=133
2022-03-09 18:30:05 +00:00
Dominique Leuenberger
de536ef929 Accepting request 950403 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/950403
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=81
2022-02-03 23:45:45 +00:00
08b9de7ac5 Accepting request 950382 from home:msmeissn:branches:network:vpn
add more references for later sle import

OBS-URL: https://build.opensuse.org/request/show/950382
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=132
2022-02-01 11:40:00 +00:00
Dominique Leuenberger
3e374b588f Accepting request 949260 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/949260
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=80
2022-01-26 20:26:51 +00:00
61572aaddb - Update to release 5.9.5
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=131
2022-01-26 12:33:44 +00:00
d2eb7d5564 Accepting request 949255 from home:msmeissn:branches:network:vpn
This adds bug references to changes file that are in SLES 15 SP2,
to allow potential reintegration to SLES.

old: network:vpn/strongswan
new: home:msmeissn:branches:network:vpn/strongswan rev None
Index: strongswan.changes
===================================================================
--- strongswan.changes (revision 129)
+++ strongswan.changes (revision 2)
@@ -12,12 +12,12 @@
     was caused by an integer overflow when processing RSASSA-PSS
     signatures with very large salt lengths. This vulnerability has
     been registered as CVE-2021-41990. Please refer to our blog for
-    details.
+    details. (bsc#1191367)
   * Fixed a denial-of-service vulnerability in the in-memory
     certificate cache if certificates are replaced and a very large
     random value caused an integer overflow. This vulnerability has
     been registered as CVE-2021-41991. Please refer to our blog for
-    details.
+    details. (bsc#1191435)
   * Fixed a related flaw that caused the daemon to accept and cache
     an infinite number of versions of a valid certificate by
     modifying the parameters in the signatureAlgorithm field of the
@@ -46,7 +46,7 @@
 - Update to version 5.9.3:
   * Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
     plugin.
-  * Added AES-CCM support to the openssl plugin (#353).
+  * Added AES-CCM support to the openssl plugin (#353 bsc#1185363).
   * The x509 and the openssl plugins now consider the
     authorityKeyIdentifier, if available, before verifying
     signatures, which avoids unnecessary signature verifications
@@ -70,6 +70,9 @@
 - Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
   as this is what really checks for. Needed as libsoup-3.0 is
   released.
+- 5.9.1
+  - README: added a missing " to pki example command (bsc#1167880)
+  - fixed a libgcrypt call in FIPS mode (bsc#1180801)
 
 -------------------------------------------------------------------
 Mon Sep  7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

OBS-URL: https://build.opensuse.org/request/show/949255
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=130
2022-01-26 12:24:59 +00:00
Dominique Leuenberger
ff45f5ef5d Accepting request 934253 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/934253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=79
2021-12-01 19:46:40 +00:00
0e5610efdc Accepting request 933481 from home:jsegitz:branches:systemdhardening:network:vpn
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/933481
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=129
2021-11-27 14:21:41 +00:00
Dominique Leuenberger
86d1597046 Accepting request 933164 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/933164
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=78
2021-11-26 23:50:27 +00:00
9d37f89cf7 Accepting request 933151 from home:iznogood:branches:network:vpn
- Update to version 5.9.4:
  * Fixed a denial-of-service vulnerability in the gmp plugin that
    was caused by an integer overflow when processing RSASSA-PSS
    signatures with very large salt lengths. This vulnerability has
    been registered as CVE-2021-41990. Please refer to our blog for
    details.
  * Fixed a denial-of-service vulnerability in the in-memory
    certificate cache if certificates are replaced and a very large
    random value caused an integer overflow. This vulnerability has
    been registered as CVE-2021-41991. Please refer to our blog for
    details.
  * Fixed a related flaw that caused the daemon to accept and cache
    an infinite number of versions of a valid certificate by
    modifying the parameters in the signatureAlgorithm field of the
    outer X.509 Certificate structure.
  * AUTH_LIFETIME notifies are now only sent by a responder if it
    can't reauthenticate the IKE_SA itself due to asymmetric
    authentication (i.e. EAP) or the use of virtual IPs.
  * Several corner cases with reauthentication have been fixed
    (48fbe1d, 36161fe, 0d373e2).
  * Serial number generation in several pki sub-commands has been
    fixed so they don't start with an unintended zero byte.
  * Loading SSH public keys via vici has been improved.
  * Shared secrets, PEM files, vici messages, PF_KEY messages,
    swanctl configs and other data is properly wiped from memory.
  * Use a longer dummy key to initialize HMAC instances in the
    openssl plugin in case it's used in FIPS-mode.
  * The --enable-tpm option now implies --enable-tss-tss2 as the
    plugin doesn't do anything without a TSS 2.0.
  * libtpmtss is initialized in all programs and libraries that use
    it.
  * Migrated testing scripts to Python 3.

OBS-URL: https://build.opensuse.org/request/show/933151
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=128
2021-11-22 20:53:44 +00:00
Dominique Leuenberger
722030227c Accepting request 921963 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/921963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=77
2021-09-29 18:18:12 +00:00
22be53cdf9 Accepting request 921885 from home:iznogood:branches:network:vpn
- Update to version 5.9.3:
  * Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
    plugin.
  * Added AES-CCM support to the openssl plugin (#353).
  * The x509 and the openssl plugins now consider the
    authorityKeyIdentifier, if available, before verifying
    signatures, which avoids unnecessary signature verifications
    after a CA key rollover if both CA certificates are loaded.
    The openssl plugin now does the same also for CRLs (the x509
    plugin already did).
  * The pkcs11 plugin better handles optional attributes like
    CKA_TRUSTED, which previously depended on a version check.
  * The NetworkManager backend (charon-nm) now supports using SANs
    as client identities, not only full DNs (#437).
  * charon-tkm now handles IKE encryption.
  * Send a MOBIKE update again if a a change in the NAT mappings is
    detected but the endpoints stay the same (e143a7d).
  * A deadlock in the HA plugin introduced with 5.9.2 has been
    fixed (#456).
  * DSCP values are now also set for NAT keepalives.
  * The ike_derived_keys() hook now receives more keys but in a
    different order (4e29d6f).
  * Converted most of the test case scenarios to the vici
    interface.
- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
  as this is what really checks for. Needed as libsoup-3.0 is
  released.

OBS-URL: https://build.opensuse.org/request/show/921885
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=127
2021-09-28 09:20:42 +00:00
Dominique Leuenberger
0a0c8efb6c Accepting request 834251 from network:vpn
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/834251
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=76
2020-09-23 16:36:53 +00:00
2a35cd6ca5 - Update to release 5.9.0
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=126
2020-09-07 08:40:36 +00:00
Dominique Leuenberger
2e1fd31c95 Accepting request 831324 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/831324
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=75
2020-09-05 21:57:31 +00:00
f54d9f5083 Accepting request 831323 from home:monosoul:branches:network:vpn
Disable bypass-lan strongswan plugin by default, so update to the new version would not change existing strongswan behavior

OBS-URL: https://build.opensuse.org/request/show/831323
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=125
2020-09-01 22:39:10 +00:00
b9f4a82f2e - Enable bypass-lan strongswan plugin
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=124
2020-09-01 16:31:18 +00:00
3babeff858 Accepting request 831234 from home:monosoul:branches:network:vpn
Enable bypass-lan strongswan plugin 
https://wiki.strongswan.org/projects/strongswan/wiki/Bypass-lan

OBS-URL: https://build.opensuse.org/request/show/831234
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=123
2020-09-01 15:38:16 +00:00
Dominique Leuenberger
b280c57b1d Accepting request 800175 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/800175
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=74
2020-05-07 13:05:48 +00:00
29d549ad98 Accepting request 800173 from home:iznogood:branches:network:vpn
- Update to version 5.8.4:
  * In IKEv1 Quick Mode make sure that a proposal exists before
    determining lifetimes (fixes a crash due to a null-pointer
    dereference in 5.8.3).
  * OpenSSL currently doesn't support squeezing bytes out of a
    SHAKE128/256 XOF (support was added with 5.8.3) multiple times.
    Unfortunately, EVP_DigestFinalXOF() completely resets the
    context and later calls not simply fail, they cause a
    null-pointer dereference in libcrypto. c5c1898d73 fixes the
    crash at the cost of repeating initializing the whole state and
    allocating too much data for subsequent calls (hopefully, once
    the OpenSSL issue 7894 is resolved we can implement this more
    efficiently).
  * On 32-bit platforms, reading arbitrary 32-bit integers from
    config files (e.g. for charon.spi_min/max) has been fixed.
  * charon-nm now allows using fixed source ports.
- Changes from version 5.8.3:
  * Updates for the NM plugin (and backend, which has to be updated
    to be compatible):
    + EAP-TLS authentication (#2097)
    + Certificate source (file, agent, smartcard) is selectable
      independently
    + Add support to configure local and remote identities (#2581)
    + Support configuring a custom server port (#625)
    + Show hint regarding password storage policy
    + Replaced the term "gateway" with "server"
    + Fixes build issues due to use of deprecated GLib
      macros/functions
    + Updated Glade file to GTK 3.2
  * The NM backend now supports reauthentication and redirection.
  * Previously used reqids are now reallocated, which works around
    an issue on FreeBSD where the kernel doesn't allow the daemon
    to use reqids > 16383 (#2315).
  * On Linux, throw type routes are installed in table 220 for
    passthrough policies. The kernel will then fall back on routes
    in routing tables with lower priorities for matching traffic.
    This way, they require less information (e.g. no interface or
    source IP) and can be installed earlier and are not affected by
    updates.
  * For IKEv1, the lifetimes of the actually selected transform are
    returned to the initiator, which is an issue if the peer uses
    different lifetimes for different transforms (#3329). We now
    also return the correct transform and proposal IDs (proposal ID
    was always 0, transform ID 1). IKE_SAs are now not
    re-established anymore (e.g. after several retransmits) if a
    deletion has been queued (#3335).
  * Added support for Ed448 keys and certificates via openssl
    plugin and pki tool.
  * Added support for SHA-3 and SHAKE128/256 in the openssl plugin.
  * The use of algorithm IDs from the private use range can now be
    enabled globally, to use them even if no strongSwan vendor ID
    was exchanged (05e373aeb0).
  * Fixed a compiler issue that may have caused invalid keyUsage
    extensions in certificates (#3249).
  * A lot of spelling fixes.
  * Fixed several reported issues.
- Drop 0006-Resolve-multiple-definition-of-swanctl_dir.patch: Fixed
  upstream.

OBS-URL: https://build.opensuse.org/request/show/800173
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=122
2020-05-04 22:37:00 +00:00
Dominique Leuenberger
e87376d36d Accepting request 790269 from network:vpn
OBS-URL: https://build.opensuse.org/request/show/790269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=73
2020-04-02 15:42:30 +00:00