File ipsec-tools.changes of Package ipsec-tools
-------------------------------------------------------------------
Fri Jan 26 17:07:35 UTC 2018 - jbohac@suse.com
- avoid-dos-with-fragment-out-of-order.patch (bsc#1047443,
CVE-2016-10396)
-------------------------------------------------------------------
Wed Nov 29 22:00:35 UTC 2017 - meissner@suse.com
- ipsec-tools-openssl1.1.patch: build against openssl 1.1 (bsc#1066950)
-------------------------------------------------------------------
Thu Nov 23 13:44:14 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Sat Sep 2 20:11:15 UTC 2017 - chris@computersalat.de
- add reminder for racoon-setkey.service to setkey.conf
-------------------------------------------------------------------
Wed Aug 5 10:58:13 UTC 2015 - meissner@suse.com
- do not run %fdupes over the whole tree, to avoid symlinking
/etc/ config files and /usr/ sample configs.
-------------------------------------------------------------------
Wed Jun 10 15:39:46 UTC 2015 - chris@computersalat.de
- rework racoon.psk.patch
* comment example entry (its not a backdoor just an example)
-------------------------------------------------------------------
Thu Jun 4 12:52:01 UTC 2015 - tchvatal@suse.com
- Cleanup most of the rpmlint warnings to have it in better shape
-------------------------------------------------------------------
Thu Apr 23 11:07:44 UTC 2015 - meissner@suse.com
- racoon-fips-rsa.patch: Use a default exponent of at least 65537
(minimum FIPS required public exponent)
- racoon-no-md5.patch: replace one md5 usage by sha1 in an internal
hash table. Allow md5 usage for an external visible interface,
as it is also hashing only.
-------------------------------------------------------------------
Thu Jan 22 01:02:51 UTC 2015 - p.drouand@gmail.com
- Update to version 0.8.2
* Fix admin port establish-sa for tunnel mode SAs
* Fix source port selection regression from version 0.8.1
* Various logging improvements
* Additional compliance and build fixes
- Changes from version 0.8.1
* Improved X.509 subject name comparation
* Relax DPD cookie check for Cisco IOS compatibility
* Allow simplified syntax for inherited remote blocks
* Never shring pfkey socket buffer
* Privilege separation child process exit fix
* Multiple memory allocation and use-after-free fixes
- Remove some obsolete macros
-------------------------------------------------------------------
Tue Jul 8 14:03:13 UTC 2014 - meissner@suse.com
- ipsec-tools-0.8.0-certasn1txtbroken.patch:
disable the certificate test in src/racoon/eaytest.c as the
internal X.509 ASN.1 string presentation was changed in openssl
and the test currently does not work.
-------------------------------------------------------------------
Thu Mar 13 10:02:28 CET 2014 - jbohac@suse.cz
- add RemainAfterExit=yes to the .service file (bnc#856625)
-------------------------------------------------------------------
Fri Jan 10 14:06:41 CET 2014 - jbohac@suse.cz
- upgrade to version 0.8.0:
o Fix authentication method ambiguity with kerberos and xauth
o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
o Local address code rewrite to speed things up
o Improved MIPv6 support (Arnaud Ebalard)
o ISAKMP SA (phase1) rekeying
o Improved scheduler (faster algorithm, support monotonic clock)
o Handle RESPONDER-LIFETIME in quick mode
o Handle INITIAL-CONTACT in from main mode too
o Rewritten event handling framework for admin port
o Ability to initiate IPsec SA through admin port
o NAT-T Original Address handling (transport mode NAT-T support)
o clean NAT-T - PFkey support
o support for multiple anonymous remoteconfs
o Remove various obsolete configuration options
o A lot of other bug fixes, performance improvements and clean ups
- Remove ipsec-tools-linux-3.7-compat.diff which caused bnc#867055
by including wrong headers; fix by installing
linux-glibc-devel and including /usr/include for kernel headers
-------------------------------------------------------------------
Thu Sep 19 02:34:45 UTC 2013 - crrodriguez@opensuse.org
- remove unused racoon.init from the package, it was
already removed from the spec file in the previous change.
-------------------------------------------------------------------
Thu Sep 19 02:25:39 UTC 2013 - crrodriguez@opensuse.org
- Add systemd support, systemctl enable racoon.service
also enables helper optional service racoon-setkey
- /etc/sysconfig/racoon was never created, fix that.
-------------------------------------------------------------------
Thu Jan 31 06:48:18 UTC 2013 - mlin@suse.com
- Add ipsec-tools-linux-3.7-compat.diff(partly from openwrt)
* since pfkeyv2.h moved to include/uapi/linux as
http://lwn.net/Articles/507794/ explained, make the compiler found
header in valid path. there is a discussion about this issue at
https://dev.openwrt.org/ticket/12813
-------------------------------------------------------------------
Wed Oct 31 12:47:22 UTC 2012 - mvyskocil@suse.com
- unify the permissions of psk.txt to avoid false duplicate warnings
from fdupes (bnc#784670)
-------------------------------------------------------------------
Tue Jan 31 15:18:55 CET 2012 - meissner@suse.de
- remove suse_update_config macro usage
-------------------------------------------------------------------
Sat Oct 15 04:47:06 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to make the spec file more reliable
-------------------------------------------------------------------
Sun Sep 4 18:13:45 UTC 2011 - mkubecek@suse.cz
- create /var/run/racoon in the init script rather than including
it in the package as it doesn't work if /var/run is on tmpfs
(bnc#710277)
-------------------------------------------------------------------
Sun May 15 15:42:28 UTC 2011 - chris@computersalat.de
- remove Author from description
- add racoon.psk patch
-------------------------------------------------------------------
Wed May 4 12:02:13 UTC 2011 - idoenmez@novell.com
- Add ipsec-tools-0.7.3-linkerflag.patch: remove wrong linker flag
- Add ipsec-tools-0.7.2-nodevel.patch: don't install development
files, instead of manually removing them in the spec file.
- Drop no_werror.patch: Remove Werror flag by sed, its all over the
configure file, old patch was incomplete anyway.
-------------------------------------------------------------------
Tue Nov 3 19:09:21 UTC 2009 - coolo@novell.com
- updated patches to apply with fuzz=0
-------------------------------------------------------------------
Tue Oct 6 20:09:15 CEST 2009 - chris@computersalat.de
- cleanup spec
o sorted sections
o simplify clean
o sort install section
o sort files section
- added missing /etc/racoon/cert DIR
-------------------------------------------------------------------
Fri Sep 18 22:48:07 CEST 2009 - chris@computersalat.de
- cleanup spec
o sorted TAGS
o added configure macro
- rpmlint
o added fdupes
- fix selinux build
o if suse_version >= 1100
-------------------------------------------------------------------
Thu Jun 11 17:45:45 CEST 2009 - jbohac@suse.cz
- upgrade to 0.7.3
- integrated security patch
- enabled selinux support (--enable-security-context=yes)
-------------------------------------------------------------------
Thu Jun 11 17:45:45 CEST 2009 - jbohac@suse.cz
- fix_sockaddr_overflow_in_ipsec_doi.c.diff (bnc#506710)
-------------------------------------------------------------------
Wed May 6 15:54:01 CEST 2009 - jbohac@suse.cz
- Upgrade to 0.7.2
- fixed some rpmlint warnings/errors
- racoon.conf_macros.patch updates the .in file, not the result
- added /etc/pam.d/racoon
- added --with-libldap
-------------------------------------------------------------------
Tue Sep 23 15:08:40 CEST 2008 - jbohac@suse.cz
- fixed a memory leak in PH1 (bnc#416906, CVE-2008-3652)
-------------------------------------------------------------------
Thu Aug 14 19:30:51 CEST 2008 - jbohac@suse.cz
- Upgrade to 0.7.1
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
o Generates a log if cert validation has been disabled by configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to works better with huge SPD/SAD
o Corrected modecfg option syntax
o Many other various fixes...
-------------------------------------------------------------------
Wed Nov 7 19:46:03 CET 2007 - jbohac@suse.cz
- Upgrade to 0.7
-------------------------------------------------------------------
Thu Apr 12 11:36:01 CEST 2007 - jbohac@jikos.cz
- Fix a DoS in isakmp_info_recv (CVE-2007-1841, 260791)
-------------------------------------------------------------------
Thu Mar 29 16:12:01 CEST 2007 - aj@suse.de
- Add flex and bison to BuildRequires.
-------------------------------------------------------------------
Thu May 4 22:08:06 CEST 2006 - jbohac@suse.cz
- fixed a segfault in GSSAPI initialization (#172196)
-------------------------------------------------------------------
Thu May 4 22:08:06 CEST 2006 - jbohac@suse.cz
- the /var/run/racoon directory was missing from the package
which prevented racoon from starting (#170552) - fixed
- fixed unexpanded macros in racoon.conf (#170552)
-------------------------------------------------------------------
Tue Mar 21 17:27:19 CET 2006 - jbohac@suse.cz
- upgrade to 0.6.5 (bugfix release)
- Fixed zombie PH1 handler when isakmp_send() fails in
isakmp_ph1resend()
- Temporary fix for /32 subnets parsing.
- make software behave as the documentation advertise for
INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
avoid breaking backward compatibility.
- Fixed / cleaned up signal handling.
- added --with-libpam and --enable-adminport (#159647)
-------------------------------------------------------------------
Wed Jan 25 21:36:40 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Dec 13 20:30:55 CET 2005 - jbohac@suse.cz
- fixed build
-------------------------------------------------------------------
Tue Dec 13 17:45:04 CET 2005 - jbohac@suse.cz
- upgrade to 0.6.4
- added krb5 support ( --enable-gssapi)
- added statistics logging support ( --enable-stats)
-------------------------------------------------------------------
Wed Nov 23 16:56:34 CET 2005 - jbohac@suse.cz
- upgrade to 0.6.3 - fixes #134834 and an openssl incompatibility
issue
-------------------------------------------------------------------
Tue Nov 8 16:22:16 CET 2005 - jbohac@suse.cz
- fixed build for s390
-------------------------------------------------------------------
Thu Oct 20 19:43:28 CEST 2005 - jbohac@suse.cz
- upgraded to version 0.6.2
- enabled NAT-T
- fixed build with current openssl
-------------------------------------------------------------------
Wed Aug 31 17:17:02 CEST 2005 - jbohac@suse.cz
- fixed permissions for /etc/racoon/psk.txt (bug #114383)
-------------------------------------------------------------------
Tue Aug 23 14:53:58 CEST 2005 - jbohac@suse.cz
- upgrade to version 0.6.1
-------------------------------------------------------------------
Wed Aug 3 11:46:38 CEST 2005 - jbohac@suse.cz
- fixed build on beta (disabled -Werror again)
-------------------------------------------------------------------
Tue Aug 2 18:21:06 CEST 2005 - cthiel@suse.de
- fixed build
-------------------------------------------------------------------
Tue Aug 2 17:13:18 CEST 2005 - jbohac@suse.cz
- upgrade to version 0.6
-------------------------------------------------------------------
Thu May 5 18:11:32 CEST 2005 - jbohac@suse.cz
- upgrade to version 0.5.2
- disabled -Werror, because bison-generated code would not compile
-------------------------------------------------------------------
Wed Apr 13 18:11:44 CEST 2005 - jbohac@suse.cz
- upgrade to version 0.5.1
- fixed compilation warning/errors regarding char/int signedness
-------------------------------------------------------------------
Wed Apr 13 18:03:31 CEST 2005 - jbohac@suse.cz
- upgrade to version 0.5.1
- fixed compilation warning/errors regarding char/int signedness
-------------------------------------------------------------------
Wed Mar 16 12:50:02 CET 2005 - jbohac@suse.cz
The patch in the previous release was not applied correctly; fixed.
-------------------------------------------------------------------
Tue Mar 15 15:04:04 CET 2005 - jbohac@suse.cz
- security fix - insecure header parsing (Bug ID: 64726)
-------------------------------------------------------------------
Sat Feb 19 12:20:30 CET 2005 - lmuelle@suse.de
- Update to version 0.5.
-------------------------------------------------------------------
Wed Jan 05 16:15:17 CET 2005 - jbohac@suse.cz
- update to ipsec-tools-0.5-rc1
-------------------------------------------------------------------
Thu Nov 18 11:38:35 CET 2004 - mludvig@suse.cz
- Update to version 0.4
-------------------------------------------------------------------
Tue Sep 14 01:38:48 CEST 2004 - ro@suse.de
- undef __P first to make it build
-------------------------------------------------------------------
Tue Aug 10 11:09:23 CEST 2004 - mludvig@suse.cz
- Update to 0.4rc1
-------------------------------------------------------------------
Tue Jun 15 17:08:27 CEST 2004 - mludvig@suse.cz
- Update to 0.3.3 to fix a X.509 cert verification security bug.
(http://marc.theaimsgroup.com/?l=bugtraq&m=108726102304507&w=2)
-------------------------------------------------------------------
Mon May 17 10:21:31 CEST 2004 - mludvig@suse.cz
- Fixed comment in racoon.conf (#40576)
-------------------------------------------------------------------
Wed Apr 21 11:25:04 CEST 2004 - mludvig@suse.cz
- Update to 0.3.1 to fix CAN-2004-0403
-------------------------------------------------------------------
Thu Apr 15 16:25:06 CEST 2004 - mludvig@suse.cz
- Update to final 0.3. We had all patches in the
package anyway...
-------------------------------------------------------------------
Thu Apr 08 14:20:44 CEST 2004 - mludvig@suse.cz
- Fixed setkey to support multiline commands in interactive mode.
- Added 'exit' command to setkey.
The two changes fix TAHI/ipsec tests.
- Emit messages about Keep-Alive packets with DEBUG severity
instead of INFO. With INFO it only polutes syslog every 20s.
-------------------------------------------------------------------
Mon Apr 05 17:58:29 CEST 2004 - mludvig@suse.cz
- Fixed X.509 security bug (#38373)
-------------------------------------------------------------------
Thu Apr 01 15:39:56 CEST 2004 - mludvig@suse.cz
- Report received SADB_X_NAT_T_NEW_MAPPING message.
- Avoid segfault with unknown PF_KEY messages.
- Move encmode update out of the loop. NAT-T now works
even with more than one proposal.
-------------------------------------------------------------------
Tue Mar 30 09:41:36 CEST 2004 - mludvig@suse.cz
- Rewritten the testsuite to avoid
failures on 32b platforms.
-------------------------------------------------------------------
Fri Mar 26 14:01:57 CET 2004 - mludvig@suse.cz
- Handle input lines one by one in interactive mode
(preventing premature exit on syntax error).
-------------------------------------------------------------------
Thu Mar 25 18:22:31 CET 2004 - mludvig@suse.cz
- Update to 0.3rc4:
- Fixed adding "null" encryption via 'setkey'.
- Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
- Fixed NAT-T in aggresive mode.
- Fixed testsuite and added testsuite run into make check.
-------------------------------------------------------------------
Tue Mar 23 10:14:14 CET 2004 - mludvig@suse.cz
- Fix segfault with AES.
- Enable testsuite.
-------------------------------------------------------------------
Mon Mar 22 11:28:00 CET 2004 - mludvig@suse.cz
- Fix "null" encryption setup in setkey.
-------------------------------------------------------------------
Fri Mar 19 18:21:15 CET 2004 - mludvig@suse.cz
- Fix duplicate ipsec service (#36575)
- Update to 0.3rc3
-------------------------------------------------------------------
Thu Mar 11 17:05:50 CET 2004 - mludvig@suse.cz
- Update to 0.3rc2
-------------------------------------------------------------------
Mon Mar 08 17:57:18 CET 2004 - mludvig@suse.cz
- Add sysconfig and init.d files.
-------------------------------------------------------------------
Fri Mar 05 16:26:51 CET 2004 - mludvig@suse.cz
- Include samples config files in the RPM.
-------------------------------------------------------------------
Thu Mar 04 18:57:28 CET 2004 - mludvig@suse.cz
- update to 0.3rc1
-------------------------------------------------------------------
Tue Feb 03 15:32:05 CET 2004 - mludvig@suse.cz
- Update to 0.2.4
-------------------------------------------------------------------
Mon Jan 26 22:26:58 CET 2004 - ro@suse.de
- updated neededforbuild "kernel-source-26" -> "kernel-source"
-------------------------------------------------------------------
Thu Jan 15 14:55:01 CET 2004 - mludvig@suse.cz
- update to ipsec-tools-0.2.3
-------------------------------------------------------------------
Sat Jan 10 22:00:47 CET 2004 - adrian@suse.de
- remove obsolete %run_ldconfig
-------------------------------------------------------------------
Tue Dec 23 09:36:57 CET 2003 - mludvig@suse.cz
- Recognize IPSEC_DIR_FWD when dumping SPD.
-------------------------------------------------------------------
Fri Dec 19 17:57:19 CET 2003 - mludvig@suse.cz
- Added many fixes gathered from the mailing list.
- Added support for specifying SA lifebytes.
-------------------------------------------------------------------
Wed Dec 17 19:52:19 CET 2003 - garloff@suse.de
- Package ipsec-tools 0.2.2.
