From: Wang Mingyu <[email protected]> Changelog: ========== - A deadlock in the vici plugin has been fixed that could get triggered when multiple connections were initiated/terminated concurrently and control-log events were raised by the watcher_t component. - CRLs have to be signed by a certificate that has the cRLSign keyUsage bit encoded (even if it's a CA), or a CA certificate without keyUsage extension. - Optional CA labels in EST server URIs are supported by `pki --est/estca`. - CMS-style signatures in PKCS#7 containers are supported by the pkcs7 and openssl plugins, which allows verifying RSA-PSS and ECDSA signatures. - Fixed a regression in the server implementation of EAP-TLS with TLS 1.2 or earlier that was introduced with 5.9.10. - Ensure the TLS handshake is complete in the EAP-TLS client with TLS <= 1.2. - kernel-libipsec can process raw ESP packets on Linux (disabled by default) and gained support for trap policies. - The dhcp plugin uses an alternate method to determine the source address for unicast DHCP requests that's not affected by interface filtering. - Certificate and trust chain selection as initiator has been improved in case the local trust chain is incomplete and an unrelated certreq is received. - ECDSA and EdDSA keys in IPSECKEY RRs are supported by the ipseckey plugin. - To bypass tunnel mode SAs/policies, the kernel-wfp plugin installs bypass policies also on the FWPM_SUBLAYER_IPSEC_TUNNEL sublayer. - Stale OCSP responses are now replace in-place in the certificate cache. - Fixed parsing of SCEP server capabilities by `pki --scep/scepca`.
Signed-off-by: Wang Mingyu <[email protected]> --- .../strongswan/{strongswan_5.9.10.bb => strongswan_5.9.11.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-support/strongswan/{strongswan_5.9.10.bb => strongswan_5.9.11.bb} (99%) diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.10.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb similarity index 99% rename from meta-networking/recipes-support/strongswan/strongswan_5.9.10.bb rename to meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb index aecd32139..fb1bea2d8 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.10.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb @@ -11,7 +11,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ " -SRC_URI[sha256sum] = "3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654" +SRC_URI[sha256sum] = "ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103379): https://lists.openembedded.org/g/openembedded-devel/message/103379 Mute This Topic: https://lists.openembedded.org/mt/99618728/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
