rpm/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity

- Applied upstream fix for a rogue servers vulnerability, that may

Browse Source 
enable rogue servers able to authenticate itself with certificate
  issued by any CA the client trusts, to gain user credentials from
  a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
  [+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
  and renamed it to use number prefix corresponding with patch nr.
  [- strongswan-5.2.2-5.3.0_unknown_payload.patch,
   + 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=93
This commit is contained in:
Marius Tomaschewski
2015-06-08 13:41:42 +00:00
committed by Git OBS Bridge
parent 76b52dda20
commit cfde0c0ea7
4 changed files with 119 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
strongswan.changes
View File

@@ -1,3 +1,16 @@
-------------------------------------------------------------------
Thu Jun 4 10:54:29 UTC 2015 - mt@suse.de
- Applied upstream fix for a rogue servers vulnerability, that may
enable rogue servers able to authenticate itself with certificate
issued by any CA the client trusts, to gain user credentials from
a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
[+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
and renamed it to use number prefix corresponding with patch nr.
[- strongswan-5.2.2-5.3.0_unknown_payload.patch,
+ 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
-------------------------------------------------------------------
Mon Jun 1 16:18:35 UTC 2015 - mt@suse.de