strongswan/strongswan.changes

-------------------------------------------------------------------
Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de

- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
  release provides much more modularity and therefore much more
  extensiblity and offers the following new features:
  * libstrongswan has been modularized to attach crypto algorithms,
  credential implementations (secret and private keys, certificates)
  and http/ldap fetchers dynamically through plugins.
  * A relational database API that uses pluggable database providers
  was added to libstrongswan including plugins for MySQL and SQLite.
  * The IKEv2 keying charon daemon has become more extensible. Generic
  plugins can provide arbitrary interfaces to credential stores and
  connection management interfaces. Also any EAP method can be added.
  * The authentication and credential framework in charon has been
  heavily refactored to support modular credential providers, proper
  CERTREQ/CERT payload exchanges and extensible authorization rules.
  * Support for "Hash and URL" encoded certificate payloads has been
  implemented in the IKEv2 daemon charon.
  * The IKEv2 daemon charon now supports the "uniqueids" option to
  close multiple IKE_SAs with the same peer.
  * The crypto factory in libstrongswan additionally supports random
  number generators. Plugins may provide other sources of randomness.
  * Extended the credential framework by a caching option to allow
  plugins persistent caching of fetched credentials.
  * The new trust chain verification introduced in 4.2.0 has been
  parallelized. Threads fetching CRL or OCSP information no longer
  block other threads.
  * A new IKEv2 configuration attribute framework has been introduced
  allowing plugins to provide virtual IP addresses, and in the future,
  other configuration attribute services (e.g. DNS/WINS servers).
  * The stroke plugin has been extended to provide virtual IP addresses
  from a simple pool defined in ipsec.conf.
  * Fixed compilation on uClibc and a couple of other minor bugs.
  * The IKEv1 pluto daemon now supports the ESP encryption algorithm
  CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
  authentication algorithm AES_XCBC_MAC.
- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
  and adding inclusion of limits.h for PATH_MAX availability.
- Added rpmlintrc file and a libtoolize call to the spec file.

-------------------------------------------------------------------
Tue Feb 19 11:44:03 CET 2008 - mt@suse.de

- Updated to 4.1.11 maintenance release, providing following fixes:
  * IKE rekeying in NAT situations did not inherit the NAT conditions
  to the rekeyed IKE_SA so that the UDP encapsulation was lost with
  the next CHILD_SA rekeying.
  * Wrong type definition of the next_payload variable in id_payload.c
  caused an INVALID_SYNTAX error on PowerPC platforms. 
  * Implemented IKEv2 EAP-SIM server and client test modules that use
  triplets stored in a file. For details on the configuration see
  the scenario 'ikev2/rw-eap-sim-rsa'.
- The 4.1.10 final version, declared upstream as "Fully tested support
  of IPv6 IPsec tunnel connections", fixes ordering error in oscp cache,
  IPv6 defaults of the nexthop parameter, adds support for new EAP
  modules [disabled in this build] and obsoletes our strongswan_path
  and strongswan_ipsec_script_msg patches.
- Removed a sed call from init script.

-------------------------------------------------------------------
Sat Dec  8 13:03:42 CET 2007 - mt@suse.de

- Updated to 4.1.9 final, including all our patches.
- Changed init script to use ipsec cmd using LSB codes now.
- Added strongswan_path.dif setting a PATH in scripts (updown).
- Added strongswan_ipsec_script_msg.dif for consistent look of
  ipsec script messages.
- Added strongswan_modprobe_syslog.dif redirecting modprobe
  output to syslog.

-------------------------------------------------------------------
Mon Nov 26 10:19:40 CET 2007 - mt@suse.de

- Renamed charon plugins to avoid rpm conflicts with existing
  libraries (libstroke). Patch: strongswan-libconflicts.dif
- Added init script. Template file: strongswan.init.in

-------------------------------------------------------------------
Thu Nov 22 10:25:56 CET 2007 - mt@suse.de

- Initial, unfinished package
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=3 2008-04-25 16:46:58 +02:00			`-------------------------------------------------------------------`
			`Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de`

			`- Updated to 4.2.1 release. A lot of code refactoring in the 4.2`
			`release provides much more modularity and therefore much more`
			`extensiblity and offers the following new features:`
			`* libstrongswan has been modularized to attach crypto algorithms,`
			`credential implementations (secret and private keys, certificates)`
			`and http/ldap fetchers dynamically through plugins.`
			`* A relational database API that uses pluggable database providers`
			`was added to libstrongswan including plugins for MySQL and SQLite.`
			`* The IKEv2 keying charon daemon has become more extensible. Generic`
			`plugins can provide arbitrary interfaces to credential stores and`
			`connection management interfaces. Also any EAP method can be added.`
			`* The authentication and credential framework in charon has been`
			`heavily refactored to support modular credential providers, proper`
			`CERTREQ/CERT payload exchanges and extensible authorization rules.`
			`* Support for "Hash and URL" encoded certificate payloads has been`
			`implemented in the IKEv2 daemon charon.`
			`* The IKEv2 daemon charon now supports the "uniqueids" option to`
			`close multiple IKE_SAs with the same peer.`
			`* The crypto factory in libstrongswan additionally supports random`
			`number generators. Plugins may provide other sources of randomness.`
			`* Extended the credential framework by a caching option to allow`
			`plugins persistent caching of fetched credentials.`
			`* The new trust chain verification introduced in 4.2.0 has been`
			`parallelized. Threads fetching CRL or OCSP information no longer`
			`block other threads.`
			`* A new IKEv2 configuration attribute framework has been introduced`
			`allowing plugins to provide virtual IP addresses, and in the future,`
			`other configuration attribute services (e.g. DNS/WINS servers).`
			`* The stroke plugin has been extended to provide virtual IP addresses`
			`from a simple pool defined in ipsec.conf.`
			`* Fixed compilation on uClibc and a couple of other minor bugs.`
			`* The IKEv1 pluto daemon now supports the ESP encryption algorithm`
			`CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the`
			`authentication algorithm AES_XCBC_MAC.`
			`- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo`
			`and adding inclusion of limits.h for PATH_MAX availability.`
			`- Added rpmlintrc file and a libtoolize call to the spec file.`

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=2 2008-02-19 14:17:02 +01:00			`-------------------------------------------------------------------`
			`Tue Feb 19 11:44:03 CET 2008 - mt@suse.de`

			`- Updated to 4.1.11 maintenance release, providing following fixes:`
			`* IKE rekeying in NAT situations did not inherit the NAT conditions`
			`to the rekeyed IKE_SA so that the UDP encapsulation was lost with`
			`the next CHILD_SA rekeying.`
			`* Wrong type definition of the next_payload variable in id_payload.c`
			`caused an INVALID_SYNTAX error on PowerPC platforms.`
			`* Implemented IKEv2 EAP-SIM server and client test modules that use`
			`triplets stored in a file. For details on the configuration see`
			`the scenario 'ikev2/rw-eap-sim-rsa'.`
			`- The 4.1.10 final version, declared upstream as "Fully tested support`
			`of IPv6 IPsec tunnel connections", fixes ordering error in oscp cache,`
			`IPv6 defaults of the nexthop parameter, adds support for new EAP`
			`modules [disabled in this build] and obsoletes our strongswan_path`
			`and strongswan_ipsec_script_msg patches.`
			`- Removed a sed call from init script.`

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 2007-12-13 04:49:24 +01:00			`-------------------------------------------------------------------`
			`Sat Dec 8 13:03:42 CET 2007 - mt@suse.de`

			`- Updated to 4.1.9 final, including all our patches.`
			`- Changed init script to use ipsec cmd using LSB codes now.`
			`- Added strongswan_path.dif setting a PATH in scripts (updown).`
			`- Added strongswan_ipsec_script_msg.dif for consistent look of`
			`ipsec script messages.`
			`- Added strongswan_modprobe_syslog.dif redirecting modprobe`
			`output to syslog.`

			`-------------------------------------------------------------------`
			`Mon Nov 26 10:19:40 CET 2007 - mt@suse.de`

			`- Renamed charon plugins to avoid rpm conflicts with existing`
			`libraries (libstroke). Patch: strongswan-libconflicts.dif`
			`- Added init script. Template file: strongswan.init.in`

			`-------------------------------------------------------------------`
			`Thu Nov 22 10:25:56 CET 2007 - mt@suse.de`

			`- Initial, unfinished package`