rpm/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity
062c69a06d
strongswan/strongswan-5.6.0-rpmlintrc
Nirmoy Das 062c69a06d Accepting request 521273 from home:ndas:branches:network:vpn 
- Updated to strongSwan 5.6.0 providing the following changes:
    *Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
    when verifying RSA signatures, which requires decryption with the operation m^e mod n,
    where m is the signature, and e and n are the exponent and modulus of the public key.
    The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
    So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
    This result wasn't handled properly causing a null-pointer dereference.
    This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
    *New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
    Draft and has been demonstrated at the IETF 99 Prague Hackathon.
    *The IMV database template has been adapted to achieve full compliance with the
    ISO 19770-2:2015 SWID tag standard.
    *The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
    *By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
    swanctl.conf file.
    
    *The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
    *The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
    *libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
    * more on https://wiki.strongswan.org/versions/66

OBS-URL: https://build.opensuse.org/request/show/521273
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=104
2017-09-05 15:38:01 +00:00

10 lines
428 B
Plaintext
Raw Blame History

### Known warnings:
# - traditional name
addFilter("strongswan.* incoherent-init-script-name ipsec")
# - readme only, triggers full ipsec + ikev1&ikev2 install
addFilter("strongswan.* no-binary")
# - link to init script, covered by service(8)
addFilter("strongswan.* no-manual-page-for-binary rcipsec")
# - no, restating tunnels on update may break the update
addFilter("strongswan.*restart_on_update-postun /etc/init.d/ipsec")
View Git Blame Copy Permalink