rpm/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity

Accepting request 949255 from home:msmeissn:branches:network:vpn

Browse Source 
This adds bug references to changes file that are in SLES 15 SP2,
to allow potential reintegration to SLES.

old: network:vpn/strongswan
new: home:msmeissn:branches:network:vpn/strongswan rev None
Index: strongswan.changes
===================================================================
--- strongswan.changes (revision 129)
+++ strongswan.changes (revision 2)
@@ -12,12 +12,12 @@
     was caused by an integer overflow when processing RSASSA-PSS
     signatures with very large salt lengths. This vulnerability has
     been registered as CVE-2021-41990. Please refer to our blog for
-    details.
+    details. (bsc#1191367)
   * Fixed a denial-of-service vulnerability in the in-memory
     certificate cache if certificates are replaced and a very large
     random value caused an integer overflow. This vulnerability has
     been registered as CVE-2021-41991. Please refer to our blog for
-    details.
+    details. (bsc#1191435)
   * Fixed a related flaw that caused the daemon to accept and cache
     an infinite number of versions of a valid certificate by
     modifying the parameters in the signatureAlgorithm field of the
@@ -46,7 +46,7 @@
 - Update to version 5.9.3:
   * Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
     plugin.
-  * Added AES-CCM support to the openssl plugin (#353).
+  * Added AES-CCM support to the openssl plugin (#353 bsc#1185363).
   * The x509 and the openssl plugins now consider the
     authorityKeyIdentifier, if available, before verifying
     signatures, which avoids unnecessary signature verifications
@@ -70,6 +70,9 @@
 - Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
   as this is what really checks for. Needed as libsoup-3.0 is
   released.
+- 5.9.1
+  - README: added a missing " to pki example command (bsc#1167880)
+  - fixed a libgcrypt call in FIPS mode (bsc#1180801)
 
 -------------------------------------------------------------------
 Mon Sep  7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

OBS-URL: https://build.opensuse.org/request/show/949255
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=130
This commit is contained in:
Jan Engelhardt 2022-01-26 12:24:59 +00:00 committed by Git OBS Bridge
parent 0e5610efdc
commit d2eb7d5564
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
strongswan.changes
View File

@ -12,12 +12,12 @@ Mon Nov 22 16:19:08 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
was caused by an integer overflow when processing RSASSA-PSS was caused by an integer overflow when processing RSASSA-PSS
signatures with very large salt lengths. This vulnerability has signatures with very large salt lengths. This vulnerability has
been registered as CVE-2021-41990. Please refer to our blog for been registered as CVE-2021-41990. Please refer to our blog for
details. details. (bsc#1191367)
* Fixed a denial-of-service vulnerability in the in-memory * Fixed a denial-of-service vulnerability in the in-memory
certificate cache if certificates are replaced and a very large certificate cache if certificates are replaced and a very large
random value caused an integer overflow. This vulnerability has random value caused an integer overflow. This vulnerability has
been registered as CVE-2021-41991. Please refer to our blog for been registered as CVE-2021-41991. Please refer to our blog for
details. details. (bsc#1191435)
* Fixed a related flaw that caused the daemon to accept and cache * Fixed a related flaw that caused the daemon to accept and cache
an infinite number of versions of a valid certificate by an infinite number of versions of a valid certificate by
modifying the parameters in the signatureAlgorithm field of the modifying the parameters in the signatureAlgorithm field of the
@ -46,7 +46,7 @@ Mon Sep 27 19:01:38 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 5.9.3: - Update to version 5.9.3:
* Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl * Added AES-ECB, SHA-3 and SHAKE-256 support to the wolfssl
plugin. plugin.
* Added AES-CCM support to the openssl plugin (#353). * Added AES-CCM support to the openssl plugin (#353 bsc#1185363).
* The x509 and the openssl plugins now consider the * The x509 and the openssl plugins now consider the
authorityKeyIdentifier, if available, before verifying authorityKeyIdentifier, if available, before verifying
signatures, which avoids unnecessary signature verifications signatures, which avoids unnecessary signature verifications
@ -70,6 +70,9 @@ Mon Sep 27 19:01:38 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
- Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires, - Replace libsoup-devel with pkgconfig(libsoup-2.4) BuildRequires,
as this is what really checks for. Needed as libsoup-3.0 is as this is what really checks for. Needed as libsoup-3.0 is
released. released.
- 5.9.1
- README: added a missing " to pki example command (bsc#1167880)
- fixed a libgcrypt call in FIPS mode (bsc#1180801)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de> Mon Sep 7 08:38:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>