openSUSE Build Service

Dominique Leuenberger (dimstar_suse) accepted request 831324 from

Jan Engelhardt (jengelh) over 3 years ago (revision 75)

Dominique Leuenberger (dimstar_suse) accepted request 800175 from

Jan Engelhardt (jengelh) about 4 years ago (revision 74)

Dominique Leuenberger (dimstar_suse) accepted request 790269 from

Jan Engelhardt (jengelh) about 4 years ago (revision 73)

Dominique Leuenberger (dimstar_suse) accepted request 775000 from

Jan Engelhardt (jengelh) over 4 years ago (revision 72)

Dominique Leuenberger (dimstar_suse) accepted request 769616 from

Jan Engelhardt (jengelh) over 4 years ago (revision 71)

Dominique Leuenberger (dimstar_suse) accepted request 767305 from

Jan Engelhardt (jengelh) over 4 years ago (revision 70)

- Update to version 5.8.2:
  * Fix CVE-2018-17540, CVE-2018-16151 and CVE-2018-16152.
  * boo#1109845 and boo#1107874.

Dominique Leuenberger (dimstar_suse) accepted request 624096 from

Madhu Mohan Nelemane (mmnelemane) almost 6 years ago (revision 69)

Dominique Leuenberger (dimstar_suse) accepted request 613646 from

Madhu Mohan Nelemane (mmnelemane) almost 6 years ago (revision 68)

Dominique Leuenberger (dimstar_suse) accepted request 590079 from

Madhu Mohan Nelemane (mmnelemane) about 6 years ago (revision 67)

Dominique Leuenberger (dimstar_suse) accepted request 573411 from

Dominique Leuenberger (dimstar_suse) over 6 years ago (revision 66)

- Update summaries and descriptions. Trim filler words and
  author list.
- Drop %if..%endif guards that are idempotent and do not affect
  the build result.
- Replace old $RPM_ shell variables. (forwarded request 534431 from jengelh)

Dominique Leuenberger (dimstar_suse) accepted request 521289 from

Nirmoy Das (ndas) over 6 years ago (revision 65)

Dominique Leuenberger (dimstar_suse) accepted request 514549 from

Nirmoy Das (ndas) almost 7 years ago (revision 64)

Dominique Leuenberger (dimstar_suse) accepted request 442527 from

Marius Tomaschewski (mtomaschewski) over 7 years ago (revision 63)

Dominique Leuenberger (dimstar_suse) accepted request 344762 from

Marius Tomaschewski (mtomaschewski) over 8 years ago (revision 62)

- Applied upstream fix for a authentication bypass vulnerability
  in the eap-mschapv2 plugin (CVE-2015-8023,bsc#953817).
  [+ 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]

Dominique Leuenberger (dimstar_suse) accepted request 311158 from

Marius Tomaschewski (mtomaschewski) almost 9 years ago (revision 61)

- Applied upstream fix for a rogue servers vulnerability, that may
  enable rogue servers able to authenticate itself with certificate
  issued by any CA the client trusts, to gain user credentials from
  a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
  [+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
  and renamed it to use number prefix corresponding with patch nr.
  [- strongswan-5.2.2-5.3.0_unknown_payload.patch,
   + 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]

Dominique Leuenberger (dimstar_suse) accepted request 309675 from

Marius Tomaschewski (mtomaschewski) almost 9 years ago (revision 60)

- Applied upstream fix for a DoS and potential remote code execution
  vulnerability through payload type (bsc#931272,CVE-2015-3991)
  [+ strongswan-5.2.2-5.3.0_unknown_payload.patch]

Dominique Leuenberger (dimstar_suse) accepted request 287701 from

Factory Maintainer (factory-maintainer) about 9 years ago (revision 59)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 262968 from

Marius Tomaschewski (mtomaschewski) over 9 years ago (revision 58)

- Updated strongswan-hmac package description (bsc#856322).

- Disabled explicit gpg validation; osc source_validator does it.
- Guarded fipscheck and hmac package in the spec file for >13.1.

- Added generation of fips hmac hash files using fipshmac utility
  and a _fipscheck script to verify binaries/libraries/plugings
  shipped in the strongswan-hmac package.
  With enabled fips in the kernel, the ipsec script will call it
  before any action or in a enforced/manual "ipsec _fipscheck" call.
  Added config file to load openssl and kernel af-alg plugins, but
  not all the other modules which provide further/alternative algs.
  Applied a filter disallowing non-approved algorithms in fips mode.
  (fate#316931,bnc#856322).
  [+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
- Fixed file list in the optional (disabled) strongswan-test package.
- Fixed build of the strongswan built-in integrity checksum library
  and enabled building it only on architectures tested to work.
- Fix to use bug number 897048 instead 856322 in last changes entry.
- Applied an upstream patch reverting to store algorithms in the
  registration order again as ordering them by identifier caused
  weaker algorithms to be proposed first by default (bsc#897512).
  [+0001-restore-registration-algorithm-order.bug897512.patch]

- Re-enabled gcrypt plugin and reverted to not enforce fips again
  as this breaks gcrypt and openssl plugins when the fips pattern
  option is not installed (fate#316931,bnc#856322).
  [- strongswan-fips-disablegcrypt.patch]
- Added empty strongswan-hmac package supposed to provide fips hmac
  files and enforce fips compliant operation later (bnc#856322).

Adrian Schröter (adrianSuSE) committed over 9 years ago (revision 57)

Split 13.2 from Factory

Stephan Kulow (coolo) accepted request 241746 from

Marius Tomaschewski (mtomaschewski) almost 10 years ago (revision 56)

- disable gcrypt plugin by default, so it will only use openssl
  fate#316931 [+strongswan-fips-disablegcrypt.patch]
- enable fips mode 2

Places

Revisions of strongswan

Places