Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at Tue Jun 28 11:25:18 CEST 2011.
-------- --- strongswan/strongswan.changes 2010-11-22 10:12:07.000000000 +0100 +++ /mounts/work_src_done/STABLE/strongswan/strongswan.changes 2011-05-29 16:37:57.000000000 +0200 @@ -1,0 +2,58 @@ +Sun May 29 16:37:00 UTC 2011 - jcnen...@googlemail.com + +- Updated to strongSwan 4.5.2 release, changes overview since 4.5.1: + * The whitelist plugin for the IKEv2 daemon maintains an in-memory identity + whitelist. Any connection attempt of peers not whitelisted will get rejected. + The 'ipsec whitelist' utility provides a simple command line frontend for + whitelist administration. + * The duplicheck plugin provides a specialized form of duplicate checking, + doing a liveness check on the old SA and optionally notify a third party + application about detected duplicates. + * The coupling plugin permanently couples two or more devices by limiting + authentication to previously used certificates. + * In the case that the peer config and child config don't have the same name + (usually in SQL database defined connections), ipsec up|route <peer config> + starts|routes all associated child configs and ipsec up|route <child config> + only starts|routes the specific child config. + * fixed the encoding and parsing of X.509 certificate policy statements (CPS). + * Duncan Salerno contributed the eap-sim-pcsc plugin implementing a + pcsc-lite based SIM card backend. + * The eap-peap plugin implements the EAP PEAP protocol. Interoperates + successfully with a FreeRADIUS server and Windows 7 Agile VPN clients. + * The IKEv2 daemon charon rereads strongswan.conf on SIGHUP and instructs + all plugins to reload. Currently only the eap-radius and the attr plugins + support configuration reloading. + * Added userland support to the IKEv2 daemon for Extended Sequence Numbers + support coming with Linux 2.6.39. To enable ESN on a connection, add + the 'esn' keyword to the proposal. The default proposal uses 32-bit sequence + numbers only ('noesn'), and the same value is used if no ESN mode is + specified. To negotiate ESN support with the peer, include both, e.g. + esp=aes128-sha1-esn-noesn. + * In addition to ESN, Linux 2.6.39 gained support for replay windows larger + than 32 packets. The new global strongswan.conf option 'charon.replay_window' + configures the size of the replay window, in packets. + +------------------------------------------------------------------- +Mon Mar 14 10:59:32 UTC 2011 - m...@suse.de + +- Updated to strongSwan 4.5.1 release, changes overview since 4.5.0: + * Implements RFC 5793 Posture Broker Protocol (BP) + * Re-implemented TNCCS 1.1 protocol + * Allows to store IKE and ESP proposals in an SQL database + * Allows to store CRL and OCSP cert points in an SQL database + * New 'include' statement in strongswan.conf allows recursions + * Modifications of strongswan.conf parser, cause syntax attr plugin + syntax changes. + * ipsec listalgs now appends the plugin registering an algo + * Adds support for Traffic Flow Confidentiality with Linux 2.6.38 + * New af-alg plugin allows to use new primitives in 2.6.38 crypto api + and removes the need for additional userland implementations. + * IKEv2 daemon supports the INITIAL_CONTACT notify + * conftest conformance testing framework + * new constraints plugin provides advanced X.509 constraint checking + * left/rightauth ipsec.conf keywords accept minimum strengths + * basic support for delta CRLs + See the NEWS file or http://download.strongswan.org/CHANGES4.txt + for a detailed description of the changes. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- strongswan-4.4.0-rpmlintrc strongswan-4.5.0-rpmlintrc strongswan-4.5.0.tar.bz2 strongswan-4.5.0.tar.bz2.sig New: ---- _service _service:download_url:strongswan-4.5.2.tar.bz2 _service:download_url:strongswan-4.5.2.tar.bz2.sig strongswan-4.5.2-rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.YtzpYH/_old 2011-06-28 11:13:12.000000000 +0200 +++ /var/tmp/diff_new_pack.YtzpYH/_new 2011-06-28 11:13:12.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package strongswan (Version 4.5.0) +# spec file for package strongswan # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ Name: strongswan -%define upstream_version 4.5.0 +%define upstream_version 4.5.2 %define strongswan_docdir %{_docdir}/%{name} %define strongswan_plugins %{_libexecdir}/ipsec/plugins %define with_mysql 1 @@ -27,8 +27,8 @@ %define with_gcrypt 0%{suse_version} >= 1110 %define with_nm 0%{suse_version} >= 1110 %define with_tests 0 -Version: 4.5.0 -Release: 2 +Version: 4.5.2 +Release: 1 License: GPLv2+ Group: Productivity/Networking/Security Summary: OpenSource IPsec-based VPN Solution @@ -419,14 +419,11 @@ %{_mandir}/man3/anyaddr.3* %{_mandir}/man3/atoaddr.3* %{_mandir}/man3/atoasr.3* -%{_mandir}/man3/atosa.3* %{_mandir}/man3/atoul.3* %{_mandir}/man3/goodmask.3* %{_mandir}/man3/initaddr.3* %{_mandir}/man3/initsubnet.3* -%{_mandir}/man3/keyblobtoid.3* %{_mandir}/man3/portof.3* -%{_mandir}/man3/prng.3* %{_mandir}/man3/rangetosubnet.3* %{_mandir}/man3/sameaddr.3* %{_mandir}/man3/subnetof.3* @@ -434,13 +431,11 @@ %{_mandir}/man3/ttodata.3* %{_mandir}/man3/ttosa.3* %{_mandir}/man3/ttoul.3* -%{_mandir}/man8/_copyright.8* %{_mandir}/man8/_updown.8* %{_mandir}/man8/_updown_espmark.8* %{_mandir}/man8/openac.8* %{_mandir}/man8/pluto.8* %{_mandir}/man8/scepclient.8* -%{_mandir}/man8/starter.8* %files libs0 %defattr(-,root,root) @@ -461,6 +456,7 @@ %{strongswan_plugins}/libstrongswan-attr.so %{strongswan_plugins}/libstrongswan-attr-sql.so %{strongswan_plugins}/libstrongswan-blowfish.so +%{strongswan_plugins}/libstrongswan-constraints.so %{strongswan_plugins}/libstrongswan-curl.so %{strongswan_plugins}/libstrongswan-des.so %{strongswan_plugins}/libstrongswan-dhcp.so ++++++ _service ++++++ <services> <service name="download_url"><param name="path">/strongswan-4.5.2.tar.bz2.sig</param><param name="host">download.strongswan.org</param></service> <service name="download_url"><param name="path">/strongswan-4.5.2.tar.bz2</param><param name="host">download.strongswan.org</param></service></services>++++++ strongswan-4.4.0-rpmlintrc -> strongswan-4.5.2-rpmlintrc ++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org