SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openswan-2.6.16-1.1.x86_64.rpm :
Mon Sep 7 14:00:00 2009 mtAATTsuse.de
- Applied fixes for the asn1_length() function checks to complete
the fixes for the RDN parser DoS vulnerability discovered by
Orange Labs research team two months ago (bnc#525388).

Thu Jun 25 14:00:00 2009 mtAATTsuse.de
- Applied fixes for a Denial-of-Service vulnerabilities found by
Orange Labs vulnerability research team in the parsing of ASN.1
Relative Distinguished Names (RDNs), GENERALIZEDTIME and UTCTIME
strings. Malformed X.509 certificate RDNs can cause the pluto
and charon IKE daemons to crash and restart (CVE-2009-2185,
bnc#515130).

Mon Mar 23 13:00:00 2009 mtAATTsuse.de
- Fix for a Denial-of-Service vulnerability where a DPD R_U_THERE
or R_U_THERE_ACK NOTIFY message (RFC 3706, Dead Peer Detection)
received on UDP port 500 or 4500 and not related to an existing
ISAKMP Security Association causes an immediate crash of the IKEv1
pluto daemon while dereferencing a NULL state pointer (bnc#487762).

Tue Mar 10 13:00:00 2009 mtAATTsuse.de
- Removed moot livetest tool (bnc#483803, CVE-2008-4190).

Fri Sep 5 14:00:00 2008 mtAATTsuse.de
- Updated from openswan-2.4.7 to 2.6.16, a new version series. It
adopts to the actual NETKEY code in the linux kernel, provides
many fixes and implements new features, as IKEv2 / IPv6 support.
Review the CHANGES file for all details.
- Dropped obsolete patches and hooks, adopted other patches and
the spec file.

Mon Sep 10 14:00:00 2007 mtAATTsuse.de
- Moved html and man3 documentation into openswan-doc
- Added a Short-Description LSB tag and $remote_fs start
requirement to the init script (openswan_40_rcscript.dif)
- Added stop_on_removal/restart_on_update to rpm pre/postun
- Cleaned up installation of the documentation as well as
another problems mentioned by rpmlint.

Thu Jun 21 14:00:00 2007 adrianAATTsuse.de
- fix changelog entry order

Fri Mar 23 13:00:00 2007 mtAATTsuse.de
- Bug #234042: Changed back internal nhelpers option default to
use number of CPU-1 crypto worker. Added fallback to perform
inline calculations in main process, when all worker are busy.
Obsolete patch file: openswan_16_nhelpers_default.dif
New patch file name: openswan_16_crypto_inline_fallback.dif

Fri Mar 16 13:00:00 2007 mtAATTsuse.de
- Bug #234042: Applied proposed patch fixing bogus crypto helper
management code. The number of crypto helpers (nhelpers option)
has to be set at least to number of tunnels/2 + 1 to take effect.
New patch file: openswan_15_crypto_helper_fix.dif
- Bug #234042: Applied fix to display correct crypto helper number
in debug output of the pluto_do_crypto_op function. Changed the
default of the nhelpers option to 0 (instead of number of CPU-1).
This disables the crypto helpers by default (inline calculation).
New patch file: openswan_16_nhelpers_default.dif

Fri Jan 19 13:00:00 2007 mtAATTsuse.de
- Updated to openswan-2.4.7, providing interop fix for Sonicwall
and many other fixes and cleanups, see CHANGES file.
- Adopted patches, removed obsolete patches:
openswan_35_quiet-insmod.dif, openswan_37_aes_insmod.dif

Thu Jan 18 13:00:00 2007 mtAATTsuse.de
- Minimal patch fixing strncat calls and casts breaking strict
aliasing rules as mentioned by the compiler, Bug #233586

Wed Aug 30 14:00:00 2006 mtAATTsuse.de
- updated to openswan-2.4.6, adopted patches. Now, the default
ipsec.conf file contains \"nhelpers=0\" to avoid \"failed to find
any available worker\" problems -- see also Bug #186061.


  
ICM