2008-07-11 22:15:59 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jun 30 22:40:31 CEST 2008 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- Added fix that explicitly enables version 1 linux capabilities
|
|
|
|
|
on version 2 systems to aviod that the charon and pluto daemons
|
|
|
|
|
exit because of failed capset call (bnc#404989).
|
|
|
|
|
|
2008-05-22 04:41:53 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 19 16:17:16 CEST 2008 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- Applied fix (strongswan_crash_badcfg_reload.dif) to avoid
|
|
|
|
|
a crash after reloading with bad config (bnc#392062).
|
|
|
|
|
|
2008-04-25 16:46:58 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
|
|
|
|
|
release provides much more modularity and therefore much more
|
|
|
|
|
extensiblity and offers the following new features:
|
|
|
|
|
* libstrongswan has been modularized to attach crypto algorithms,
|
|
|
|
|
credential implementations (secret and private keys, certificates)
|
|
|
|
|
and http/ldap fetchers dynamically through plugins.
|
|
|
|
|
* A relational database API that uses pluggable database providers
|
|
|
|
|
was added to libstrongswan including plugins for MySQL and SQLite.
|
|
|
|
|
* The IKEv2 keying charon daemon has become more extensible. Generic
|
|
|
|
|
plugins can provide arbitrary interfaces to credential stores and
|
|
|
|
|
connection management interfaces. Also any EAP method can be added.
|
|
|
|
|
* The authentication and credential framework in charon has been
|
|
|
|
|
heavily refactored to support modular credential providers, proper
|
|
|
|
|
CERTREQ/CERT payload exchanges and extensible authorization rules.
|
|
|
|
|
* Support for "Hash and URL" encoded certificate payloads has been
|
|
|
|
|
implemented in the IKEv2 daemon charon.
|
|
|
|
|
* The IKEv2 daemon charon now supports the "uniqueids" option to
|
|
|
|
|
close multiple IKE_SAs with the same peer.
|
|
|
|
|
* The crypto factory in libstrongswan additionally supports random
|
|
|
|
|
number generators. Plugins may provide other sources of randomness.
|
|
|
|
|
* Extended the credential framework by a caching option to allow
|
|
|
|
|
plugins persistent caching of fetched credentials.
|
|
|
|
|
* The new trust chain verification introduced in 4.2.0 has been
|
|
|
|
|
parallelized. Threads fetching CRL or OCSP information no longer
|
|
|
|
|
block other threads.
|
|
|
|
|
* A new IKEv2 configuration attribute framework has been introduced
|
|
|
|
|
allowing plugins to provide virtual IP addresses, and in the future,
|
|
|
|
|
other configuration attribute services (e.g. DNS/WINS servers).
|
|
|
|
|
* The stroke plugin has been extended to provide virtual IP addresses
|
|
|
|
|
from a simple pool defined in ipsec.conf.
|
|
|
|
|
* Fixed compilation on uClibc and a couple of other minor bugs.
|
|
|
|
|
* The IKEv1 pluto daemon now supports the ESP encryption algorithm
|
|
|
|
|
CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
|
|
|
|
|
authentication algorithm AES_XCBC_MAC.
|
|
|
|
|
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
|
|
|
|
|
and adding inclusion of limits.h for PATH_MAX availability.
|
|
|
|
|
- Added rpmlintrc file and a libtoolize call to the spec file.
|
|
|
|
|
|
2008-02-19 14:17:02 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 19 11:44:03 CET 2008 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- Updated to 4.1.11 maintenance release, providing following fixes:
|
|
|
|
|
* IKE rekeying in NAT situations did not inherit the NAT conditions
|
|
|
|
|
to the rekeyed IKE_SA so that the UDP encapsulation was lost with
|
|
|
|
|
the next CHILD_SA rekeying.
|
|
|
|
|
* Wrong type definition of the next_payload variable in id_payload.c
|
|
|
|
|
caused an INVALID_SYNTAX error on PowerPC platforms.
|
|
|
|
|
* Implemented IKEv2 EAP-SIM server and client test modules that use
|
|
|
|
|
triplets stored in a file. For details on the configuration see
|
|
|
|
|
the scenario 'ikev2/rw-eap-sim-rsa'.
|
|
|
|
|
- The 4.1.10 final version, declared upstream as "Fully tested support
|
|
|
|
|
of IPv6 IPsec tunnel connections", fixes ordering error in oscp cache,
|
|
|
|
|
IPv6 defaults of the nexthop parameter, adds support for new EAP
|
|
|
|
|
modules [disabled in this build] and obsoletes our strongswan_path
|
|
|
|
|
and strongswan_ipsec_script_msg patches.
|
|
|
|
|
- Removed a sed call from init script.
|
|
|
|
|
|
2007-12-13 04:49:24 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Dec 8 13:03:42 CET 2007 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- Updated to 4.1.9 final, including all our patches.
|
|
|
|
|
- Changed init script to use ipsec cmd using LSB codes now.
|
|
|
|
|
- Added strongswan_path.dif setting a PATH in scripts (updown).
|
|
|
|
|
- Added strongswan_ipsec_script_msg.dif for consistent look of
|
|
|
|
|
ipsec script messages.
|
|
|
|
|
- Added strongswan_modprobe_syslog.dif redirecting modprobe
|
|
|
|
|
output to syslog.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Nov 26 10:19:40 CET 2007 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- Renamed charon plugins to avoid rpm conflicts with existing
|
|
|
|
|
libraries (libstroke). Patch: strongswan-libconflicts.dif
|
|
|
|
|
- Added init script. Template file: strongswan.init.in
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Nov 22 10:25:56 CET 2007 - mt@suse.de
|
|
|
|
|
|
|
|
|
|
- Initial, unfinished package
|
|
|
|
|
|
