File ipsec-tools.changes of Package ipsec-tools

-------------------------------------------------------------------
Fri Jan 26 17:07:35 UTC 2018 - jbohac@suse.com

- avoid-dos-with-fragment-out-of-order.patch (bsc#1047443, 
  CVE-2016-10396)

-------------------------------------------------------------------
Wed Nov 29 22:00:35 UTC 2017 - meissner@suse.com

- ipsec-tools-openssl1.1.patch: build against openssl 1.1 (bsc#1066950)

-------------------------------------------------------------------
Thu Nov 23 13:44:14 UTC 2017 - rbrown@suse.com

- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)

-------------------------------------------------------------------
Sat Sep  2 20:11:15 UTC 2017 - chris@computersalat.de

- add reminder for racoon-setkey.service to setkey.conf

-------------------------------------------------------------------
Wed Aug  5 10:58:13 UTC 2015 - meissner@suse.com

- do not run %fdupes over the whole tree, to avoid symlinking
  /etc/ config files and /usr/ sample configs.

-------------------------------------------------------------------
Wed Jun 10 15:39:46 UTC 2015 - chris@computersalat.de

- rework racoon.psk.patch
  * comment example entry (its not a backdoor just an example)

-------------------------------------------------------------------
Thu Jun  4 12:52:01 UTC 2015 - tchvatal@suse.com

- Cleanup most of the rpmlint warnings to have it in better shape

-------------------------------------------------------------------
Thu Apr 23 11:07:44 UTC 2015 - meissner@suse.com

- racoon-fips-rsa.patch: Use a default exponent of at least 65537
  (minimum FIPS required public exponent)
- racoon-no-md5.patch: replace one md5 usage by sha1 in an internal
  hash table. Allow md5 usage for an external visible interface,
  as it is also hashing only.

-------------------------------------------------------------------
Thu Jan 22 01:02:51 UTC 2015 - p.drouand@gmail.com

- Update to version 0.8.2
  * Fix admin port establish-sa for tunnel mode SAs
  * Fix source port selection regression from version 0.8.1
  * Various logging improvements
  * Additional compliance and build fixes
- Changes from version 0.8.1
  * Improved X.509 subject name comparation
  * Relax DPD cookie check for Cisco IOS compatibility
  * Allow simplified syntax for inherited remote blocks
  * Never shring pfkey socket buffer
  * Privilege separation child process exit fix
  * Multiple memory allocation and use-after-free fixes
- Remove some obsolete macros

-------------------------------------------------------------------
Tue Jul  8 14:03:13 UTC 2014 - meissner@suse.com

- ipsec-tools-0.8.0-certasn1txtbroken.patch:
  disable the certificate test in src/racoon/eaytest.c as the 
  internal X.509 ASN.1 string presentation was changed in openssl
  and the test currently does not work.

-------------------------------------------------------------------
Thu Mar 13 10:02:28 CET 2014 - jbohac@suse.cz

- add RemainAfterExit=yes to the .service file (bnc#856625)

-------------------------------------------------------------------
Fri Jan 10 14:06:41 CET 2014 - jbohac@suse.cz

- upgrade to version 0.8.0:
	o Fix authentication method ambiguity with kerberos and xauth
	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
	o Local address code rewrite to speed things up
	o Improved MIPv6 support (Arnaud Ebalard)
	o ISAKMP SA (phase1) rekeying
	o Improved scheduler (faster algorithm, support monotonic clock)
	o Handle RESPONDER-LIFETIME in quick mode
	o Handle INITIAL-CONTACT in from main mode too
	o Rewritten event handling framework for admin port
	o Ability to initiate IPsec SA through admin port
	o NAT-T Original Address handling (transport mode NAT-T support)
	o clean NAT-T - PFkey support
	o support for multiple anonymous remoteconfs
	o Remove various obsolete configuration options
	o A lot of other bug fixes, performance improvements and clean ups

- Remove ipsec-tools-linux-3.7-compat.diff which caused bnc#867055 
  by including wrong headers; fix by installing
  linux-glibc-devel and including /usr/include for kernel headers


-------------------------------------------------------------------
Thu Sep 19 02:34:45 UTC 2013 - crrodriguez@opensuse.org

- remove unused racoon.init from the package, it was 
  already removed from the spec file in the previous change.

-------------------------------------------------------------------
Thu Sep 19 02:25:39 UTC 2013 - crrodriguez@opensuse.org

- Add systemd support, systemctl enable racoon.service 
  also enables helper optional service racoon-setkey
- /etc/sysconfig/racoon was never created, fix that.

-------------------------------------------------------------------
Thu Jan 31 06:48:18 UTC 2013 - mlin@suse.com

- Add ipsec-tools-linux-3.7-compat.diff(partly from openwrt)
  * since pfkeyv2.h moved to include/uapi/linux as 
    http://lwn.net/Articles/507794/ explained, make the compiler found
    header in valid path. there is a discussion about this issue at 
    https://dev.openwrt.org/ticket/12813

-------------------------------------------------------------------
Wed Oct 31 12:47:22 UTC 2012 - mvyskocil@suse.com

- unify the permissions of psk.txt to avoid false duplicate warnings
  from fdupes (bnc#784670)

-------------------------------------------------------------------
Tue Jan 31 15:18:55 CET 2012 - meissner@suse.de

- remove suse_update_config macro usage

-------------------------------------------------------------------
Sat Oct 15 04:47:06 UTC 2011 - coolo@suse.com

- add libtool as buildrequire to make the spec file more reliable

-------------------------------------------------------------------
Sun Sep  4 18:13:45 UTC 2011 - mkubecek@suse.cz

- create /var/run/racoon in the init script rather than including
  it in the package as it doesn't work if /var/run is on tmpfs
  (bnc#710277)

-------------------------------------------------------------------
Sun May 15 15:42:28 UTC 2011 - chris@computersalat.de

- remove Author from description
- add racoon.psk patch

-------------------------------------------------------------------
Wed May  4 12:02:13 UTC 2011 - idoenmez@novell.com

- Add ipsec-tools-0.7.3-linkerflag.patch: remove wrong linker flag
- Add ipsec-tools-0.7.2-nodevel.patch: don't install development 
  files, instead of manually removing them in the spec file.
- Drop no_werror.patch: Remove Werror flag by sed, its all over the
  configure file, old patch was incomplete anyway.

-------------------------------------------------------------------
Tue Nov  3 19:09:21 UTC 2009 - coolo@novell.com

- updated patches to apply with fuzz=0

-------------------------------------------------------------------
Tue Oct  6 20:09:15 CEST 2009 - chris@computersalat.de

- cleanup spec
  o sorted sections
  o simplify clean
  o sort install section
  o sort files section
- added missing /etc/racoon/cert DIR

-------------------------------------------------------------------
Fri Sep 18 22:48:07 CEST 2009 - chris@computersalat.de

- cleanup spec
  o sorted TAGS
  o added configure macro
- rpmlint
  o added fdupes
- fix selinux build
  o if suse_version >= 1100

-------------------------------------------------------------------
Thu Jun 11 17:45:45 CEST 2009 - jbohac@suse.cz

- upgrade to 0.7.3
- integrated security patch
- enabled selinux support (--enable-security-context=yes)

-------------------------------------------------------------------
Thu Jun 11 17:45:45 CEST 2009 - jbohac@suse.cz

- fix_sockaddr_overflow_in_ipsec_doi.c.diff (bnc#506710)

-------------------------------------------------------------------
Wed May  6 15:54:01 CEST 2009 - jbohac@suse.cz

- Upgrade to 0.7.2
- fixed some rpmlint warnings/errors
- racoon.conf_macros.patch updates the .in file, not the result
- added /etc/pam.d/racoon
- added --with-libldap

-------------------------------------------------------------------
Tue Sep 23 15:08:40 CEST 2008 - jbohac@suse.cz

- fixed a memory leak in PH1 (bnc#416906, CVE-2008-3652)

-------------------------------------------------------------------
Thu Aug 14 19:30:51 CEST 2008 - jbohac@suse.cz

- Upgrade to 0.7.1
  o Fixes a memory leak when invalid proposal received
  o Some fixes in DPD
  o do not set default gss id if xauth is used
  o fixed hybrid enabled builds
  o fixed compilation on FreeBSD8
  o cleanup in network port value manipulation
  o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
  o Generates a log if cert validation has been disabled by configuration
  o better handling for pfkey socket read errors
  o Fixes in yacc / bison stuff
  o new plog() macro (reduced CPU usage when logging is disabled)
  o Try to works better with huge SPD/SAD
  o Corrected modecfg option syntax
  o Many other various fixes...

-------------------------------------------------------------------
Wed Nov  7 19:46:03 CET 2007 - jbohac@suse.cz

- Upgrade to 0.7

-------------------------------------------------------------------
Thu Apr 12 11:36:01 CEST 2007 - jbohac@jikos.cz

- Fix a DoS in isakmp_info_recv (CVE-2007-1841, 260791) 

-------------------------------------------------------------------
Thu Mar 29 16:12:01 CEST 2007 - aj@suse.de

- Add flex and bison to BuildRequires.

-------------------------------------------------------------------
Thu May  4 22:08:06 CEST 2006 - jbohac@suse.cz

- fixed a segfault in GSSAPI initialization (#172196)

-------------------------------------------------------------------
Thu May  4 22:08:06 CEST 2006 - jbohac@suse.cz

- the /var/run/racoon directory was missing from the package
  which prevented racoon from starting (#170552) - fixed
- fixed unexpanded macros in racoon.conf (#170552)

-------------------------------------------------------------------
Tue Mar 21 17:27:19 CET 2006 - jbohac@suse.cz

- upgrade to 0.6.5 (bugfix release)
  - Fixed zombie PH1 handler when isakmp_send() fails in
    isakmp_ph1resend()
  - Temporary fix for /32 subnets parsing.
  - make software behave as the documentation advertise for
    INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
    avoid breaking backward compatibility.
  - Fixed / cleaned up signal handling.
- added --with-libpam and --enable-adminport (#159647)

-------------------------------------------------------------------
Wed Jan 25 21:36:40 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Tue Dec 13 20:30:55 CET 2005 - jbohac@suse.cz

- fixed build

-------------------------------------------------------------------
Tue Dec 13 17:45:04 CET 2005 - jbohac@suse.cz

- upgrade to 0.6.4 
- added krb5 support ( --enable-gssapi)
- added statistics logging support ( --enable-stats)

-------------------------------------------------------------------
Wed Nov 23 16:56:34 CET 2005 - jbohac@suse.cz

- upgrade to 0.6.3 - fixes #134834 and an openssl incompatibility
  issue

-------------------------------------------------------------------
Tue Nov  8 16:22:16 CET 2005 - jbohac@suse.cz

- fixed build for s390

-------------------------------------------------------------------
Thu Oct 20 19:43:28 CEST 2005 - jbohac@suse.cz

- upgraded to version 0.6.2
- enabled NAT-T
- fixed build with current openssl

-------------------------------------------------------------------
Wed Aug 31 17:17:02 CEST 2005 - jbohac@suse.cz

- fixed permissions for /etc/racoon/psk.txt (bug #114383)

-------------------------------------------------------------------
Tue Aug 23 14:53:58 CEST 2005 - jbohac@suse.cz

- upgrade to version 0.6.1

-------------------------------------------------------------------
Wed Aug  3 11:46:38 CEST 2005 - jbohac@suse.cz

- fixed build on beta (disabled -Werror again)

-------------------------------------------------------------------
Tue Aug  2 18:21:06 CEST 2005 - cthiel@suse.de

- fixed build 

-------------------------------------------------------------------
Tue Aug  2 17:13:18 CEST 2005 - jbohac@suse.cz

- upgrade to version 0.6

-------------------------------------------------------------------
Thu May  5 18:11:32 CEST 2005 - jbohac@suse.cz

- upgrade to version 0.5.2
- disabled -Werror, because bison-generated code would not compile

-------------------------------------------------------------------
Wed Apr 13 18:11:44 CEST 2005 - jbohac@suse.cz

- upgrade to version 0.5.1
- fixed compilation warning/errors regarding char/int signedness

-------------------------------------------------------------------
Wed Apr 13 18:03:31 CEST 2005 - jbohac@suse.cz

- upgrade to version 0.5.1
- fixed compilation warning/errors regarding char/int signedness

-------------------------------------------------------------------
Wed Mar 16 12:50:02 CET 2005 - jbohac@suse.cz

The patch in the previous release was not applied correctly; fixed.

-------------------------------------------------------------------
Tue Mar 15 15:04:04 CET 2005 - jbohac@suse.cz

- security fix - insecure header parsing (Bug ID: 64726)

-------------------------------------------------------------------
Sat Feb 19 12:20:30 CET 2005 - lmuelle@suse.de

- Update to version 0.5.

-------------------------------------------------------------------
Wed Jan 05 16:15:17 CET 2005 - jbohac@suse.cz

- update to ipsec-tools-0.5-rc1

-------------------------------------------------------------------
Thu Nov 18 11:38:35 CET 2004 - mludvig@suse.cz

- Update to version 0.4

-------------------------------------------------------------------
Tue Sep 14 01:38:48 CEST 2004 - ro@suse.de

- undef __P first to make it build

-------------------------------------------------------------------
Tue Aug 10 11:09:23 CEST 2004 - mludvig@suse.cz

- Update to 0.4rc1

-------------------------------------------------------------------
Tue Jun 15 17:08:27 CEST 2004 - mludvig@suse.cz

- Update to 0.3.3 to fix a X.509 cert verification security bug.
  (http://marc.theaimsgroup.com/?l=bugtraq&m=108726102304507&w=2)

-------------------------------------------------------------------
Mon May 17 10:21:31 CEST 2004 - mludvig@suse.cz

- Fixed comment in racoon.conf (#40576)

-------------------------------------------------------------------
Wed Apr 21 11:25:04 CEST 2004 - mludvig@suse.cz

- Update to 0.3.1 to fix CAN-2004-0403

-------------------------------------------------------------------
Thu Apr 15 16:25:06 CEST 2004 - mludvig@suse.cz

- Update to final 0.3. We had all patches in the
  package anyway...

-------------------------------------------------------------------
Thu Apr 08 14:20:44 CEST 2004 - mludvig@suse.cz

- Fixed setkey to support multiline commands in interactive mode.
- Added 'exit' command to setkey. 
  The two changes fix TAHI/ipsec tests.
- Emit messages about Keep-Alive packets with DEBUG severity
  instead of INFO. With INFO it only polutes syslog every 20s.

-------------------------------------------------------------------
Mon Apr 05 17:58:29 CEST 2004 - mludvig@suse.cz

- Fixed X.509 security bug (#38373)

-------------------------------------------------------------------
Thu Apr 01 15:39:56 CEST 2004 - mludvig@suse.cz

- Report received SADB_X_NAT_T_NEW_MAPPING message.
- Avoid segfault with unknown PF_KEY messages.
- Move encmode update out of the loop. NAT-T now works
  even with more than one proposal.

-------------------------------------------------------------------
Tue Mar 30 09:41:36 CEST 2004 - mludvig@suse.cz

- Rewritten the testsuite to avoid
  failures on 32b platforms.

-------------------------------------------------------------------
Fri Mar 26 14:01:57 CET 2004 - mludvig@suse.cz

- Handle input lines one by one in interactive mode
  (preventing premature exit on syntax error).

-------------------------------------------------------------------
Thu Mar 25 18:22:31 CET 2004 - mludvig@suse.cz

- Update to 0.3rc4:
  - Fixed adding "null" encryption via 'setkey'.
  - Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
  - Fixed NAT-T in aggresive mode.
  - Fixed testsuite and added testsuite run into make check.

-------------------------------------------------------------------
Tue Mar 23 10:14:14 CET 2004 - mludvig@suse.cz

- Fix segfault with AES.
- Enable testsuite.

-------------------------------------------------------------------
Mon Mar 22 11:28:00 CET 2004 - mludvig@suse.cz

- Fix "null" encryption setup in setkey.

-------------------------------------------------------------------
Fri Mar 19 18:21:15 CET 2004 - mludvig@suse.cz

- Fix duplicate ipsec service (#36575)
- Update to 0.3rc3

-------------------------------------------------------------------
Thu Mar 11 17:05:50 CET 2004 - mludvig@suse.cz

- Update to 0.3rc2

-------------------------------------------------------------------
Mon Mar 08 17:57:18 CET 2004 - mludvig@suse.cz

- Add sysconfig and init.d files.

-------------------------------------------------------------------
Fri Mar 05 16:26:51 CET 2004 - mludvig@suse.cz

- Include samples config files in the RPM.

-------------------------------------------------------------------
Thu Mar 04 18:57:28 CET 2004 - mludvig@suse.cz

- update to 0.3rc1

-------------------------------------------------------------------
Tue Feb 03 15:32:05 CET 2004 - mludvig@suse.cz

- Update to 0.2.4

-------------------------------------------------------------------
Mon Jan 26 22:26:58 CET 2004 - ro@suse.de

- updated neededforbuild "kernel-source-26" -> "kernel-source"

-------------------------------------------------------------------
Thu Jan 15 14:55:01 CET 2004 - mludvig@suse.cz

- update to ipsec-tools-0.2.3

-------------------------------------------------------------------
Sat Jan 10 22:00:47 CET 2004 - adrian@suse.de

- remove obsolete %run_ldconfig

-------------------------------------------------------------------
Tue Dec 23 09:36:57 CET 2003 - mludvig@suse.cz

- Recognize IPSEC_DIR_FWD when dumping SPD.

-------------------------------------------------------------------
Fri Dec 19 17:57:19 CET 2003 - mludvig@suse.cz

- Added many fixes gathered from the mailing list.
- Added support for specifying SA lifebytes.

-------------------------------------------------------------------
Wed Dec 17 19:52:19 CET 2003 - garloff@suse.de

- Package ipsec-tools 0.2.2.