- Fri Oct 28 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.33-3
- Fixes for cve-2011-4073
- Wed Oct 5 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.33-2
- Fixes for cve-2011-3380
- Wed Mar 9 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.33-1
- New upstream release openswan
- Updated local patches
- Removed USE_MODP_RFC5114 as upstream enabled it by default
- updated spec file to reflect upstream changes related to doc - Wed Oct 20 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.31-1
- New upstream release openswan-2.6.31
- Thu Sep 30 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.29-2
- rhbz#636572, fix to openswan default start issue
- Mon Sep 27 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.29-1
- New upstream release
- Fixes for CVE-2010-3308 and CVE-2010-3302 - Fri Aug 13 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.28-1
- New upstream release
- Updated existing patches
- Changed man to man-db in Buildrequires - Fri Jul 2 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.27-1
- NetworkManager-openswan plugin related changes
- Fixes for bz 600167
- Fixes for bz 600174
- Fixes for bz 584224
- Updated old patches - Sat May 29 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.25-2
- NetworkManager-openswan plugin related changes
- Fixes for bz 584224 - Mon Mar 29 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.25-1
- New upstream release
- Updated existing patches that could not make into this release - Thu Mar 18 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-5
- Openswan-cisco interop functionality now inlcludes the
processing of domain defintion attributes obtained from Cisco
VPN server
- Openswan client can update and restore /etc/resolv.conf file
based on the DNS information obtained Cisco VPN server
- Implementation of new Diffie-Hellman groups as in RFC 5114 - Wed Mar 3 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-4
- Fixes for openswan-cisco interop functionality
- Fix for the issue of hardcoded 96 bits of hmac sha1/md5
- Fix for eliminating compile time warnings
- Fix for the issueo where ipsec help shows the list twice
(rhbz 524146, 509318)
- Implementation of ikev2 transport mode support
(rhbz 568652, 561042)
- Fix for the issue when pluto's child can not add routes,
related to libcan-ng (rhbz 568493, 550023)
- Fix for the issue of xauth password when read from prompt
- Some subcommad (spi, spigrp, tncfg) are not used with NETKEY,
a proper error handling has been added for this issue.
(rhbz 568648, 560596)
- Fix for Openswan-win2k issue where ports are not handled
correctly (rhbz 563779) - Thu Feb 18 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-3
- Fix for making explicit (or avoiding implicit) linking
for pthread (#565410)
- Modified package description
- Fixed a typo (IKEv2 RFC number). - Mon Feb 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-2
- Modified summary in spec file
- Replaced buildroot with RPM_BUILD_ROOT in spec file
- Included html files in the doc package
- Patch for disabling openswan startup at the system
boot by default - Mon Jan 11 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-1
- New upstream release
- Cisco interop patches
- Improved init script
- Fix to allow ";" in the ike/esp parameters
- Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306
- Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode
- Fix to the issue where Some programs were installed
twice causing .old files
- lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ .
This is to avoid an SElinux AVC Denial - Wed Sep 9 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.23-1
- New upstream release
- Supports smartcards now
- Supports PSK with NSS
- Supports libcap-ng for lowering capabilities of pluto process
- Updated README.nss - Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Thu Jul 23 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.22-1
- New upstream release
- Added support for using PSK with NSS
- Fixed several warnings and undid unnecessary debug messages
- Updated README.nss with an example configuration
- Moved README.nss to openswan/doc/
- Improved FIPS integrity check functionality - Mon Jul 6 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5
- Added support for using PSK with NSS
- Fixed several warnings and undid unnecessary comments
- Updated README.nss with an example configuration
- Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185) - Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4
- Updated the Openswan-NSS porting to enable nss and fipscheck by default
- fipscheck requires fipscheck-devel library - Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3
- Updated the Openswan-NSS porting to enable nss by default
- The patch includes README.nss for information about NSS usage - Mon Apr 13 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2
- Applied patch to support NSS, currently disabled due to
dependency on rh bz #491693
- The patch also supports fips check integrity
(requires fipscheck-devel library) - Mon Mar 30 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1
- new upstream release
- Fix for CVE-2009-0790 DPD crasher
- Fix remaining SADB_EXT_MAX -> K_SADB_EXT_MAX entries
- Fix ipsec setup --status not showing amount of tunnels with netkey - Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
- Tue Nov 25 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.19-1
- new upstream release
- Mon Oct 13 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-2
- Addressed some issues related to buzilla 447419
- Added xmlto and bind-devel to BuildRequires
- Removed the patch openswan-2.6-noxmlto.patch
- Removed the command "rm -rf programs/readwriteconf" from the spec file
as readwriteconf is used with "make check" for debugging purposes.
- Removed USE_LWRES=false from the spec file as it has been
obsolete in upstream (using bind-devel instead) - Mon Oct 6 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-1
- new upstream release
- modified default ipsec.conf to address rhbz#463931 - Fri Sep 12 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-2
- added initscript patch to prevent openswan service start by default
- Tue Sep 9 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-1
- new upstream release
- Sat Jul 5 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.15-1
- new upstream release
- Fri Jun 6 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1
- new upstream release
- Tue Mar 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-2
- removing patch - using upstream init script as is
- Wed Mar 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.08-1
- Moved to latest upstream
- Replaced the init script source file with a patch to the upstream one
- (no functional changes to the init script)
- Added protostack=netkey to ipsec.conf
- New patch to include definition of HOST_NAME_MAX - Mon Feb 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.07-1
- Moved to latest upstream
- Thu Feb 7 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1
- Removed check for selinux enforcing mode in verify script
- Moved to latest upstream - Mon Jan 28 2008 Steve Conklin <sconklin@redhat.com> - 2.6.04-1
- Move to new upstream source
- Thu Jan 24 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9
- Added af_key module load to init script
- Removed spurious warning about interfaces= - Mon Jan 21 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8
Related: rhbz#235224
- rpmdiff spotted these:
- Cleaned out unused man page
- patch error in barf script - Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7
- Addressed the last set of small changes for package review
- Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6
- Moved everything else out of /usr/lib
- Added tmraz's patch to remove extra slashes in makefile
- Removed macros from changelog entries - Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5
- Removed userland macros from spec file
- Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4
- Removed use of xmlto and the BuildRequires
- moved scripts from /usr/lib to /usr/libexec
- removed man3 pages for libopenswan functions (we don't deliver) - Wed Jan 16 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3
- Removed _smp_mflags macro from from the spec file build section
- Added BuildRequires for xmlto
- Changed License from GPL to GPL+
- removed klips ifdefs from spec file
- Added patch to move example configs to doc dir
- Added a patch to make the link to init script relative,
for chroot environments - Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2
- Removed copy of file that no longer exists
- Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1
- Latest upstream tarball, includes fixes
- Thu Jan 10 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2
- Rebase to 2.6.02, add initial ikev2 support
- Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2
- Forgot changelog on last entry
- Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1
- sync to upstream latest
- Tue Mar 20 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3
- do not use epoch macro, it is unset
- Wed Feb 28 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2
- specfile review
- Fri Jan 26 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1
- removed key generation from install phase
- version 2.4.7 - Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1
- rebuild
- Wed May 17 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2
- fixed typo (bug #191930)
- Fri May 5 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1
- version 2.4.5
- Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1
- bump again for double-long bug on ppc(64)
- Tue Feb 7 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2
- rebuilt for new gcc4.1 snapshot and glibc changes
- Fri Dec 9 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
- Fri Nov 18 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1
- version 2.4.4
- fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
- fixes NISCC Advisory 3756/NISCC/ISAKMP - Wed Nov 2 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1
- version 2.4.2dr5
- Tue Oct 25 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1
- version 2.4.2dr1
- Tue Sep 13 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1
- version 2.4.0
- Wed Aug 31 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1
- new version
- Sun Jul 31 2005 Florian La Roche <laroche@redhat.com>
- remove sysv startup links to build with current rpm
- Thu May 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3
- added openswan-2.3.1-nat_t_aggr.patch
- added openswan-2.3.1-iproute2.patch
- added openswan-2.3.1-cisco.patch
- NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000 - Wed Apr 27 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2
- added Requires(post) of coreutils bash (bug 155699)
- added Requires(preun) initscripts chkconfig - Wed Apr 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1
- version 2.3.1
- Mon Apr 4 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6
- remove some duplicate copies of the docs
- Wed Mar 2 2005 Harald Hoyer <harald@redhat.com>
- rebuilt
- Mon Feb 21 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4
- fixed bug rh#149164
- Fri Feb 18 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3
- patched code to compile with gcc4
- Fri Jan 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2
- Do not enable the initscript per default
- Tue Jan 11 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1
- version 2.3.0
- reimported specfile
- PIEd openswan
- cleaned up initial config files and added include directives
for easy config drop in - Wed Jan 5 2005 Paul Wouters <paul@xelerance.com>
- Updated for x86_64 and klips on 2.6
- Tue Nov 2 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
- Apply selinux patch
- Thu Oct 21 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2
- don't run by default. again.
- Wed Oct 13 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1
- added selinux patch from Daniel Walsh
- initscript now uses translated strings
- version 2.1.5 with minor fixes - Tue Sep 21 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7
- added more build reqs (bug #132877)
- Thu Sep 9 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6
- don't run by default
- don't create/chmod directories in %post, just include them with the
right perms
- fix debuginfo
- fix docs - Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5
- Added debuginfo package
- Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4
- Install man-pages
- Fix initscript 'fail()' func to write newline before failure() - Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3
- Fix 'service ipsec status' output
- Wed Aug 18 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2
- Normalize initscripts for Red Hat and add translation string support
- Tue Aug 17 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1
- initial import
- Tue May 25 2004 Ken Bantoft <ken@xelerance.com>
- Initial version, based on FreeS/WAN .spec