rpm/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity

heed changelog syntax requirements

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=137
This commit is contained in:
Jan Engelhardt 2022-07-30 09:44:05 +00:00 committed by Git OBS Bridge
parent abbd490880
commit ae2f35131d
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
strongswan.changes
View File

@ -2,16 +2,23 @@
Sat Jul 30 06:48:29 UTC 2022 - Peter Conrad <conrad@quisquis.de>
- Update to release 5.9.7
* The IKEv2 key derivation is now delayed until the keys are actually needed to process or send the next message.
* Inbound IKEv2 messages, in particular requests, are now processed differently.
* The retransmission logic in the dhcp plugin has been fixed (#1154).
* The connmark plugin now considers configured masks in installed firewall rules (#1087).
* Child config selection has been fixed as responder in cases where multiple children use transport mode traffic selectors (#1143).
* The outbound SA/policy is now also removed after IKEv1 CHILD_SA rekeyings (#1041).
* The openssl plugin supports AES and Camellia in CTR mode (112bb46).
* The AES-XCBC/CMAC PRFs are demoted in the default proposal (after HMAC-based PRFs) since they were never widely adopted
* The kdf plugin is now automatically enabled if any of the aesni, cmac or xcbc plugins are enabled, or if none of the plugins that directly provide HMAC-based KDFs are enabled (botan, openssl or wolfssl).
* The CALLBACK macros (and some other issues) have been fixed when compiling with GCC 12 (#1053).
* The IKEv2 key derivation is now delayed until the keys are
actually needed to process or send the next message.
* Inbound IKEv2 messages, in particular requests, are now
processed differently.
* The retransmission logic in the dhcp plugin has been fixed.
* The connmark plugin now considers configured masks in
installed firewall rules.
* Child config selection has been fixed as responder in cases
where multiple children use transport mode traffic selectors.
* The outbound SA/policy is now also removed after IKEv1
CHILD_SA rekeyings.
* The openssl plugin supports AES and Camellia in CTR mode.
* The AES-XCBC/CMAC PRFs are demoted in the default proposal
(after HMAC-based PRFs) since they were never widely adopted.
* The kdf plugin is now automatically enabled if any of the
aesni, cmac or xcbc plugins are enabled, or if none of the
plugins that directly provide HMAC-based KDFs are enabled.
-------------------------------------------------------------------
Sat Apr 30 08:21:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>