- Tue Apr 15 2014 Paul Wouters <pwouters@redhat.com> - 2.6.32-9
- Resolves: #1070358 openswan breaks NAT-T draft clients
- Tue Feb 11 2014 Paul Wouters <pwouters@redhat.com> - 2.6.32-8.3
- Resolves: CVE-2013-6466 (rhbz#1050325 refix)
- Tue Jan 28 2014 Paul Wouters <pwouters@redhat.com> - 2.6.32-8.2
- Resolves: CVE-2013-6466 missing IKEv2 payloads causes pluto daemon to restart
- Tue Oct 8 2013 Paul Wouters <pwouters@redhat.com> - 2.6.32-8.1
- Resolves: CVE-2013-2053 Openswan: remote buffer overflow in atodn()
- Tue Jul 10 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-4
Resolves: #807772
- Sat Oct 29 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-3
Resolves: #748968 cve-2011-4073 updated upstream patch
Resolves: #609343 - Wed Oct 26 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-2
Resolves: #748968 cve-2011-4073
- Fri Oct 14 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-1
Resolves: #698248
- Thu Feb 24 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-10
Resolves: #652733
- Wed May 12 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-9
- Missed some changes in spec file, and because of that, changes
for the bz 584987 did not get enabled. Rechecking correct spec
file.
Resolves: #584987 - Tue May 11 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-8
Resolves: #584987
- Tue Jan 19 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-7
- Addresses bz 549811: nss database password logging issue
Resolves: #549811 - Tue Nov 10 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-6
- Addresses bzs 524189 and 524191
- Addresses key zeroization
- Updates package description
Resolves: #524191 - Wed Jul 15 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5
- Improved FIPS integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking - Sat Jun 27 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4
- Added support for using PSK with NSS (rhbz 507844)
- Fixed several warnings and undid unnecessary comments
- Updated README.nss with an example configuration
- Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185)
Resolves: CVE-2009-2185
Resolves: #507844 - Tue May 19 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3
- Revised patch to support fips integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking - Sat May 9 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2
- Revised patch to support fips integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking - Wed Apr 22 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1
- Upstream release
- Major patches for support of NSS and fipscheck libraries
Resolves: #444801 FIPS-140-2: Meet certification requirements for pluto
Resolves: #469763 FIPS-140: Add integrity checking
Resolves: #438998 Openswan's 'cannot route...' problem
Resolves: #449725 Openswan seg fault using manual keying.
Resolves: #463931 /etc/ipsec.conf includes /etc/ipsec.d/*.conf which is missing
Resolves: #466861 avc: denied { write } for pid=2193 comm="ip" path="/var/run/pluto/ipsec_setup.out"
Resolves: #487708 Misleading package description - Sat Mar 28 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.14-2
- security update (CVE-2009-0790, CVE-2008-4190)
Resolves: CVE-2009-0790, CVE-2008-4190 - Sat Jun 7 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1
- new upstream release
Resolves: #444575 openswan doesn't delete expired SA's - Fri Jun 6 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc10-1
- new upstream release
- Thu Jun 5 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc7-1
- new upstream release
Resolves: #439771 openswan and strongswan fail to interoperate with IKEv2
Resolves: #441383 openswan should negotiate CCM algorithm
Resolves: #442955 openswan doesn't accept null esp auth alg
Resolves: #442956 openswan logging segfault when phase2alg=null
Resolves: #444166 openswan IKEv2 crashes when interoperating with racoon2 - Thu Apr 24 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-2
Resolves: #442333 AVC denials on start of openswan host-to-host tunnel
- Wed Apr 23 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-1
- new upstream release
Resolves: #432821 left/rightsourceip tags not working
Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024
Resolves: #441588 openswan IKEv2 crashes when interoperating with racoon2
Resolves: #442333 AVC denials on start of openswan host-to-host tunnel - Thu Apr 10 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.11-1
- new upstream release
Resolves: #438826 openswan IKEv2 hangs between intel and ppc64 machines
Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024 - Sat Mar 15 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-1
Resolves: rhbz#432315
Resolves: rhbz#432805
Resolves: rhbz#432821
- Moved to latest upstream
- removed init script patch and will use upstream
- Added protostack=netkey to ipsec.conf
- New patch to include definition of HOST_NAME_MAX - Sat Feb 9 2008 Linda Wang <lwang@redhat.com> - 2.6.07-2
Related: rhbz#253052
- Latest upstream - Sat Feb 9 2008 Linda Wang <lwang@redhat.com> - 2.6.07-1
Related: rhbz#253052
- Latest upstream - Fri Feb 8 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1
- Latest upstream
- remove selinux test and message from verify script
- forgot the following bz earlier
Resolves: rhbz#253052 Request for IPSec IKEv2 - Wed Jan 30 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9
- cleanup some init problems
Resolves: rhbz#430149 openswan init script errors
Resolves: rhbz#430150 openswan emits spurious warnings - Tue Jan 22 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8
Related: rhbz#235224
- rpmdiff spotted these:
- Cleaned out unused man page
- patch error in barf script - Sat Jan 19 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7
- Addressed the last set of small changes for package review
- Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6
- Moved everything else out of /usr/lib
- Added tmraz's patch to remove extra slashes in makefile
- Removed macros from changelog entries - Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5
- Removed userland macros from spec file
- Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4
- Removed use of xmlto and the BuildRequires
- moved scripts from /usr/lib to /usr/libexec
- removed man3 pages for libopenswan functions (we don't deliver) - Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3
- Removed _smp_mflags macro from from the spec file build section
- Added BuildRequires for xmlto
- Changed License from GPL to GPL+
- removed klips ifdefs from spec file
- Added patch to move example configs to doc dir
- Added a patch to make the link to init script relative,
for chroot environments - Sat Jan 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2
- Removed copy of file that no longer exists
- Sat Jan 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1
- Latest upstream tarball, includes fixes
- Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2
- Rebase to 2.6.02, add initial ikev2 support
- Tue Sep 18 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2
- Forgot changelog on last entry
- Tue Sep 18 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1
- sync to upstream latest
- Wed Mar 21 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3
- do not use epoch macro, it is unset
- Thu Mar 1 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2
- specfile review
- Sat Jan 27 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1
- removed key generation from install phase
- version 2.4.7 - Thu Jul 13 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1
- rebuild
- Thu May 18 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2
- fixed typo (bug #191930)
- Sat May 6 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1
- version 2.4.5
- Sat Feb 11 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1
- bump again for double-long bug on ppc(64)
- Wed Feb 8 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2
- rebuilt for new gcc4.1 snapshot and glibc changes
- Sat Dec 10 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
- Sat Nov 19 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1
- version 2.4.4
- fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
- fixes NISCC Advisory 3756/NISCC/ISAKMP - Thu Nov 3 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1
- version 2.4.2dr5
- Wed Oct 26 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1
- version 2.4.2dr1
- Wed Sep 14 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1
- version 2.4.0
- Thu Sep 1 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1
- new version
- Mon Aug 1 2005 Florian La Roche <laroche@redhat.com>
- remove sysv startup links to build with current rpm
- Fri May 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3
- added openswan-2.3.1-nat_t_aggr.patch
- added openswan-2.3.1-iproute2.patch
- added openswan-2.3.1-cisco.patch
- NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000 - Thu Apr 28 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2
- added Requires(post) of coreutils bash (bug 155699)
- added Requires(preun) initscripts chkconfig - Thu Apr 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1
- version 2.3.1
- Tue Apr 5 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6
- remove some duplicate copies of the docs
- Thu Mar 3 2005 Harald Hoyer <harald@redhat.com>
- rebuilt
- Tue Feb 22 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4
- fixed bug rh#149164
- Sat Feb 19 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3
- patched code to compile with gcc4
- Sat Jan 15 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2
- Do not enable the initscript per default
- Wed Jan 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1
- version 2.3.0
- reimported specfile
- PIEd openswan
- cleaned up initial config files and added include directives
for easy config drop in - Thu Jan 6 2005 Paul Wouters <paul@xelerance.com>
- Updated for x86_64 and klips on 2.6
- Wed Nov 3 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
- Apply selinux patch
- Fri Oct 22 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2
- don't run by default. again.
- Thu Oct 14 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1
- added selinux patch from Daniel Walsh
- initscript now uses translated strings
- version 2.1.5 with minor fixes - Wed Sep 22 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7
- added more build reqs (bug #132877)
- Fri Sep 10 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6
- don't run by default
- don't create/chmod directories in %post, just include them with the
right perms
- fix debuginfo
- fix docs - Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5
- Added debuginfo package
- Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4
- Install man-pages
- Fix initscript 'fail()' func to write newline before failure() - Fri Aug 20 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3
- Fix 'service ipsec status' output
- Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2
- Normalize initscripts for Red Hat and add translation string support
- Wed Aug 18 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1
- initial import
- Wed May 26 2004 Ken Bantoft <ken@xelerance.com>
- Initial version, based on FreeS/WAN .spec