diff --git a/changelog b/changelog new file mode 100644 index 0000000..87ef873 --- /dev/null +++ b/changelog @@ -0,0 +1,329 @@ +* Thu Jan 25 2024 Fedora Release Engineering - 4.12-3.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 4.12-3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Sep 08 2023 Paul Wouters - 4.12-3 +- Update libcap-ng patch, fix email addresses in changelog + +* Tue Sep 05 2023 Paul Wouters - 4.12-2 +- Remove ipsec show and ipsec verify sub commands (not very useful, causes python requirement) +- Patch for handling libcap-ng return values and fix capng_apply() call + +* Fri Aug 11 2023 Paul Wouters - 4.12-1 +- Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712 +- Resolves: rhbz#2230225 libreswan-4.12 is available + +* Thu Jul 20 2023 Fedora Release Engineering - 4.11-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu May 04 2023 Paul Wouters - 4.11-1 +- Update to 4.11 for CVE-2023-30570 + +* Wed Mar 01 2023 Paul Wouters - 4.10-1 +- Update to 4.10 for CVE-2023-23009 + +* Thu Jan 19 2023 Fedora Release Engineering - 4.9-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Jan 10 2023 Paul Wouters - 4.9-2 +- Use new GPG key location. + +* Thu Oct 13 2022 Paul Wouters - 4.9-1 +- Update to 4.9 (maxbytes/maxpackets support, raw ECDSA support, misc fixes) + +* Thu Jul 21 2022 Fedora Release Engineering - 4.7-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue May 24 2022 Paul Wouters - 4.7-1 +- Updated to 4.7 (EAPTLS support, bugfixes) + +* Thu Jan 20 2022 Fedora Release Engineering - 4.6-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jan 13 2022 Paul Wouters - 4.6-2 +- Re-enable USE_DNSSEC again with patch to resolve header conflicts + +* Wed Jan 12 2022 Paul Wouters - 4.6-1 +- Resolves: CVE-2022-23094 +- Resolves: rhbz#2039604 libreswan-4.6 is available +- Add gpg key and signature check for build +- Temporarilly disable USE_DNSSEC in rawhide while we figure out openssl vs nss include clash + +* Thu Aug 26 2021 Paul Wouters - 4.5-1 +- Resolves rhbz#1996250 libreswan-4.5 is available + +* Tue Aug 03 2021 Paul Wouters - 4.4-3 +- Resolves rhbz#1989198 libreswan should depend on procps-ng or pidof + +* Thu Jul 22 2021 Fedora Release Engineering - 4.4-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jun 07 2021 Paul Wouters - 4.4-2 +- Properly handle rpm sysctl config + +* Wed May 12 2021 Paul Wouters - 4.4-1 +- Resolves: rhbz#1952602 libreswan-4.4 is available + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 4.3-1.1 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Sun Feb 21 2021 Paul Wouters - 4.3-1 +- update to 4.3 (minor bugfix release) + +* Wed Feb 03 2021 Paul Wouters - 4.2-1 +- Update to 4.2 + +* Tue Jan 26 2021 Fedora Release Engineering - 4.2-0.1.rc1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Dec 19 19:59:55 EST 2020 Paul Wouters - 4.2-0.1.rc1 +- Resolves: rhbz#1867580 pluto process frequently dumps core + (disable USE_NSS_KDF until nss fixes have propagated) + +* Sat Dec 19 2020 Adam Williamson - 4.1-4 +- Rebuild for ldns soname bump + +* Mon Nov 23 11:50:41 EST 2020 Paul Wouters - 4.1-3 +- Resolves: rhbz#1894381 Libreswan 4.1-2 breaks l2tp connection to Windows VPN server + +* Mon Oct 26 10:21:57 EDT 2020 Paul Wouters - 4.1-2 +- Resolves: rhbz#1889538 libreswan's /var/lib/ipsec/nss missing + +* Sun Oct 18 21:49:39 EDT 2020 Paul Wouters - 4.1-1 +- Updated to 4.1 - interop fix for Cisco + +* Thu Oct 15 10:27:14 EDT 2020 Paul Wouters - 4.0-1 +- Resolves: rhbz#1888448 libreswan-4.0 is available + +* Wed Sep 30 14:05:58 EDT 2020 Paul Wouters - 4.0-0.2.rc1 +- Rebuild for libevent 2.1.12 with a soname bump + +* Sun Sep 27 22:49:40 EDT 2020 Paul Wouters - 4.0-0.1.rc1 +- Updated to 4.0rc1 + +* Thu Aug 27 2020 Paul Wouters - 3.32-4 +- Resolves: rhbz#1864043 libreswan: FTBFS in Fedora rawhide/f33 + +* Sat Aug 01 2020 Fedora Release Engineering - 3.32-3.2 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 3.32-3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 30 2020 Jeff Law - 3.32-3 +- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized + object + +* Tue May 26 2020 Paul Wouters - 3.32-2 +- Backport NSS guarding fix for unannounced changed api in NSS causing segfault + +* Mon May 11 2020 Paul Wouters - 3.32-1 +- Resolves: rhbz#1809770 libreswan-3.32 is available + +* Tue Apr 14 2020 Paul Wouters - 3.31-2 +- Resolves: rhbz#1823823 Please drop the dependency on fipscheck + +* Tue Mar 03 2020 Paul Wouters - 3.31-1 +- Resolves: rhbz#1809770 libreswan-3.31 is available (fixes rekey regression) + +* Fri Feb 14 2020 Paul Wouters - 3.30-1 +- Resolves: rhbz#1802896 libreswan-3.30 is available +- Resolves: rhbz#1799598 libreswan: FTBFS in Fedora rawhide/f32 +- Resolves: rhbz#1760571 [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError: + +* Wed Jan 29 2020 Fedora Release Engineering - 3.29-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jan 09 2020 Paul Wouters - 3.29-2 +- _updown.netkey: fix syntax error in checking routes + +* Thu Jul 25 2019 Fedora Release Engineering - 3.29-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jun 10 2019 Paul Wouters - 3.29-1 +- Resolves: rhbz#1718986 Updated to 3.29 for CVE-2019-10155 + +* Tue May 21 2019 Paul Wouters - 3.28-1 +- Updated to 3.28 (many imported bugfixes, including CVE-2019-12312) + +* Fri Feb 01 2019 Fedora Release Engineering - 3.27-1.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Björn Esser - 3.27-1.1 +- Rebuilt for libcrypt.so.2 (#1666033) + +* Mon Oct 08 2018 Paul Wouters - 3.27-1 +- Updated to 3.27 (various bugfixes) + +* Thu Sep 27 2018 Paul Wouters - 3.26-3 +- Add fedora python fixup for _unbound-hook + +* Mon Sep 17 2018 Paul Wouters - 3.26-2 +- linking against freebl is no longer needed (and wasn't done in 3.25) + +* Mon Sep 17 2018 Paul Wouters - 3.26-1 +- Updated to 3.26 (CHACHA20POLY1305, ECDSA and RSA-PSS support) + +* Fri Jul 13 2018 Fedora Release Engineering - 3.25-3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 09 2018 Paul Wouters - 3.25-3 +- Fix Opportunistic IPsec _unbound-hook argument parsing +- Make rundir readable for all (so we can hand out permissions later) + +* Mon Jul 02 2018 Paul Wouters - 3.25-2 +- Relax deleting IKE SA's and IPsec SA's to avoid interop issues with third party VPN vendors + +* Wed Jun 27 2018 Paul Wouters - 3.25-1 +- Updated to 3.25 + +* Mon Feb 19 2018 Paul Wouters - 3.23-2 +- Support crypto-policies package +- Pull in some patches from upstream and IANA registry updates +- gcc7 format-truncate fixes and workarounds + +* Wed Feb 07 2018 Fedora Release Engineering - 3.23-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jan 25 2018 Paul Wouters - 3.23-1 +- Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements + +* Sat Jan 20 2018 Björn Esser - 3.22-1.1 +- Rebuilt for switch to libxcrypt + +* Mon Oct 23 2017 Paul Wouters - 3.22-1 +- Updated to 3.22 - many bugfixes, and unbound ipsecmod support + +* Wed Aug 9 2017 Paul Wouters - 3.21-1 +- Updated to 3.21 + +* Thu Aug 03 2017 Fedora Release Engineering - 3.20-1.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.20-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Mar 14 2017 Paul Wouters - 3.20-1 +- Updated to 3.20 + +* Fri Mar 03 2017 Paul Wouters - 3.20-0.1.dr4 +- Update to 3.20dr4 to test mozbz#1336487 export CERT_CompareAVA + +* Fri Feb 10 2017 Fedora Release Engineering - 3.19-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Feb 03 2017 Paul Wouters - 3.19-2 +- Resolves: rhbz#1392191 libreswan: crash when OSX client connects +- Improved uniqueid and session replacing support +- Test Buffer warning fix on size_t +- Re-introduce --configdir for backwards compatibility + +* Sun Jan 15 2017 Paul Wouters - 3.19-1 +- Updated to 3.19 (see download.libreswan.org/CHANGES) + +* Mon Dec 19 2016 Miro Hrončok - 3.18-1.1 +- Rebuild for Python 3.6 + +* Fri Jul 29 2016 Paul Wouters - 3.18-1 +- Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support +- Remove support for /etc/sysconfig/pluto (use native systemd instead) + +* Thu May 05 2016 Paul Wouters - 3.17-2 +- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used + +* Thu Apr 07 2016 Paul Wouters - 3.17-1 +- Updated to 3.17 for CVE-2016-3071 +- Disable LIBCAP_NG as it prevents unbound-control from working properly +- Temporarilly disable WERROR due to a few minor known issues + +* Thu Feb 04 2016 Fedora Release Engineering - 3.16-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Dec 18 2015 Paul Wouters - 3.16-1 +- Updated to 3.16 (see https://download.libreswan.org/CHANGES) + +* Tue Aug 11 2015 Paul Wouters - 3.15-1 +- Updated to 3.15 (see http://download.libreswan.org/CHANGES) +- Resolves: rhbz#CVE-2015-3240 IKE daemon restart when receiving a bad DH gx +- NSS database creation moved from spec file to service file +- Run CAVS tests on package build +- Added BuildRequire systemd-units and xmlto +- Bumped minimum required nss to 3.16.1 +- Install tmpfiles +- Install sysctl file +- Update doc files to include + +* Mon Jul 13 2015 Paul Wouters - 3.13-2 +- Resolves: rhbz#1238967 Switch libreswan to use python3 + +* Wed Jun 17 2015 Fedora Release Engineering - 3.13-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 01 2015 Paul Wouters - 3.13-1 +- Updated to 3.13 for CVE-2015-3204 + +* Fri Nov 07 2014 Paul Wouters - 3.12-1 +- Updated to 3.12 Various IKEv2 fixes + +* Wed Oct 22 2014 Paul Wouters - 3.11-1 +- Updated to 3.11 (many fixes, including startup fixes) +- Resolves: rhbz#1144941 libreswan 3.10 upgrade breaks old ipsec.secrets configs +- Resolves: rhbz#1147072 ikev1 aggr mode connection fails after libreswan upgrade +- Resolves: rhbz#1144831 Libreswan appears to start with systemd before all the NICs are up and running + +* Tue Sep 09 2014 Paul Wouters - 3.10-3 +- Fix some coverity issues, auto=route on bootup and snprintf on 32bit machines + +* Mon Sep 01 2014 Paul Wouters - 3.10-1 +- Updated to 3.10, major bugfix release, new xauth status options + +* Sun Aug 17 2014 Fedora Release Engineering - 3.9-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Jul 10 2014 Paul Wouters - 3.9-1 +- Updated to 3.9. IKEv2 enhancements, ESP/IKE algo enhancements +- Mark libreswan-fips.conf as config file +- attr modifier for man pages no longer needed +- BUGS file no longer exists upstream + +* Sat Jun 07 2014 Fedora Release Engineering - 3.8-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Jan 18 2014 Paul Wouters - 3.8-1 +- Updated to 3.8, fixes rhbz#CVE-2013-6467 (rhbz#1054102) + +* Wed Dec 11 2013 Paul Wouters - 3.7-1 +- Updated to 3.7, fixes CVE-2013-4564 +- Fixes creating a bogus NSS db on startup (rhbz#1005410) + +* Thu Oct 31 2013 Paul Wouters - 3.6-1 +- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes) +- Generate empty NSS db if none exists + +* Mon Aug 19 2013 Paul Wouters - 3.5-3 +- Add a Provides: for openswan-doc + +* Sat Aug 03 2013 Fedora Release Engineering - 3.5-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Paul Wouters - 3.5-2 +- Added interop patch for (some?) Cisco VPN clients sending 16 zero + bytes of extraneous IKE data +- Removed fipscheck_version + +* Sat Jul 13 2013 Paul Wouters - 3.5-1 +- Updated to 3.5 + +* Thu Jun 06 2013 Paul Wouters - 3.4-1 +- Updated to 3.4, which only contains style changes to kernel coding style +- IN MEMORIAM: June 3rd, 2013 Hugh Daniel + +* Mon May 13 2013 Paul Wouters - 3.3-1 +- Updated to 3.3, which resolves CVE-2013-2052 + +* Sat Apr 13 2013 Paul Wouters - 3.2-1 +- Initial package for Fedora diff --git a/libreswan.spec b/libreswan.spec index 00ea575..8bb2223 100644 --- a/libreswan.spec +++ b/libreswan.spec @@ -30,7 +30,7 @@ Name: libreswan Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec # version is generated in the release script Version: 4.12 -Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist}.2 +Release: %autorelease # The code in lib/libswan/nss_copies.c is under MPL-2.0, while the # rest is under GPL-2.0-or-later License: GPL-2.0-or-later AND MPL-2.0 @@ -213,332 +213,4 @@ certutil -N -d sql:$tmpdir --empty-password %doc %{_mandir}/*/* %changelog -* Thu Jan 25 2024 Fedora Release Engineering - 4.12-3.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Sun Jan 21 2024 Fedora Release Engineering - 4.12-3.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Sep 08 2023 Paul Wouters - 4.12-3 -- Update libcap-ng patch, fix email addresses in changelog - -* Tue Sep 05 2023 Paul Wouters - 4.12-2 -- Remove ipsec show and ipsec verify sub commands (not very useful, causes python requirement) -- Patch for handling libcap-ng return values and fix capng_apply() call - -* Fri Aug 11 2023 Paul Wouters - 4.12-1 -- Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712 -- Resolves: rhbz#2230225 libreswan-4.12 is available - -* Thu Jul 20 2023 Fedora Release Engineering - 4.11-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Thu May 04 2023 Paul Wouters - 4.11-1 -- Update to 4.11 for CVE-2023-30570 - -* Wed Mar 01 2023 Paul Wouters - 4.10-1 -- Update to 4.10 for CVE-2023-23009 - -* Thu Jan 19 2023 Fedora Release Engineering - 4.9-2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Tue Jan 10 2023 Paul Wouters - 4.9-2 -- Use new GPG key location. - -* Thu Oct 13 2022 Paul Wouters - 4.9-1 -- Update to 4.9 (maxbytes/maxpackets support, raw ECDSA support, misc fixes) - -* Thu Jul 21 2022 Fedora Release Engineering - 4.7-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Tue May 24 2022 Paul Wouters - 4.7-1 -- Updated to 4.7 (EAPTLS support, bugfixes) - -* Thu Jan 20 2022 Fedora Release Engineering - 4.6-2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Thu Jan 13 2022 Paul Wouters - 4.6-2 -- Re-enable USE_DNSSEC again with patch to resolve header conflicts - -* Wed Jan 12 2022 Paul Wouters - 4.6-1 -- Resolves: CVE-2022-23094 -- Resolves: rhbz#2039604 libreswan-4.6 is available -- Add gpg key and signature check for build -- Temporarilly disable USE_DNSSEC in rawhide while we figure out openssl vs nss include clash - -* Thu Aug 26 2021 Paul Wouters - 4.5-1 -- Resolves rhbz#1996250 libreswan-4.5 is available - -* Tue Aug 03 2021 Paul Wouters - 4.4-3 -- Resolves rhbz#1989198 libreswan should depend on procps-ng or pidof - -* Thu Jul 22 2021 Fedora Release Engineering - 4.4-2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon Jun 07 2021 Paul Wouters - 4.4-2 -- Properly handle rpm sysctl config - -* Wed May 12 2021 Paul Wouters - 4.4-1 -- Resolves: rhbz#1952602 libreswan-4.4 is available - -* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 4.3-1.1 -- Rebuilt for updated systemd-rpm-macros - See https://pagure.io/fesco/issue/2583. - -* Sun Feb 21 2021 Paul Wouters - 4.3-1 -- update to 4.3 (minor bugfix release) - -* Wed Feb 03 2021 Paul Wouters - 4.2-1 -- Update to 4.2 - -* Tue Jan 26 2021 Fedora Release Engineering - 4.2-0.1.rc1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sat Dec 19 19:59:55 EST 2020 Paul Wouters - 4.2-0.1.rc1 -- Resolves: rhbz#1867580 pluto process frequently dumps core - (disable USE_NSS_KDF until nss fixes have propagated) - -* Sat Dec 19 2020 Adam Williamson - 4.1-4 -- Rebuild for ldns soname bump - -* Mon Nov 23 11:50:41 EST 2020 Paul Wouters - 4.1-3 -- Resolves: rhbz#1894381 Libreswan 4.1-2 breaks l2tp connection to Windows VPN server - -* Mon Oct 26 10:21:57 EDT 2020 Paul Wouters - 4.1-2 -- Resolves: rhbz#1889538 libreswan's /var/lib/ipsec/nss missing - -* Sun Oct 18 21:49:39 EDT 2020 Paul Wouters - 4.1-1 -- Updated to 4.1 - interop fix for Cisco - -* Thu Oct 15 10:27:14 EDT 2020 Paul Wouters - 4.0-1 -- Resolves: rhbz#1888448 libreswan-4.0 is available - -* Wed Sep 30 14:05:58 EDT 2020 Paul Wouters - 4.0-0.2.rc1 -- Rebuild for libevent 2.1.12 with a soname bump - -* Sun Sep 27 22:49:40 EDT 2020 Paul Wouters - 4.0-0.1.rc1 -- Updated to 4.0rc1 - -* Thu Aug 27 2020 Paul Wouters - 3.32-4 -- Resolves: rhbz#1864043 libreswan: FTBFS in Fedora rawhide/f33 - -* Sat Aug 01 2020 Fedora Release Engineering - 3.32-3.2 -- Second attempt - Rebuilt for - https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jul 28 2020 Fedora Release Engineering - 3.32-3.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jun 30 2020 Jeff Law - 3.32-3 -- Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized - object - -* Tue May 26 2020 Paul Wouters - 3.32-2 -- Backport NSS guarding fix for unannounced changed api in NSS causing segfault - -* Mon May 11 2020 Paul Wouters - 3.32-1 -- Resolves: rhbz#1809770 libreswan-3.32 is available - -* Tue Apr 14 2020 Paul Wouters - 3.31-2 -- Resolves: rhbz#1823823 Please drop the dependency on fipscheck - -* Tue Mar 03 2020 Paul Wouters - 3.31-1 -- Resolves: rhbz#1809770 libreswan-3.31 is available (fixes rekey regression) - -* Fri Feb 14 2020 Paul Wouters - 3.30-1 -- Resolves: rhbz#1802896 libreswan-3.30 is available -- Resolves: rhbz#1799598 libreswan: FTBFS in Fedora rawhide/f32 -- Resolves: rhbz#1760571 [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError: - -* Wed Jan 29 2020 Fedora Release Engineering - 3.29-2.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Thu Jan 09 2020 Paul Wouters - 3.29-2 -- _updown.netkey: fix syntax error in checking routes - -* Thu Jul 25 2019 Fedora Release Engineering - 3.29-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Mon Jun 10 2019 Paul Wouters - 3.29-1 -- Resolves: rhbz#1718986 Updated to 3.29 for CVE-2019-10155 - -* Tue May 21 2019 Paul Wouters - 3.28-1 -- Updated to 3.28 (many imported bugfixes, including CVE-2019-12312) - -* Fri Feb 01 2019 Fedora Release Engineering - 3.27-1.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Jan 14 2019 Björn Esser - 3.27-1.1 -- Rebuilt for libcrypt.so.2 (#1666033) - -* Mon Oct 08 2018 Paul Wouters - 3.27-1 -- Updated to 3.27 (various bugfixes) - -* Thu Sep 27 2018 Paul Wouters - 3.26-3 -- Add fedora python fixup for _unbound-hook - -* Mon Sep 17 2018 Paul Wouters - 3.26-2 -- linking against freebl is no longer needed (and wasn't done in 3.25) - -* Mon Sep 17 2018 Paul Wouters - 3.26-1 -- Updated to 3.26 (CHACHA20POLY1305, ECDSA and RSA-PSS support) - -* Fri Jul 13 2018 Fedora Release Engineering - 3.25-3.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Mon Jul 09 2018 Paul Wouters - 3.25-3 -- Fix Opportunistic IPsec _unbound-hook argument parsing -- Make rundir readable for all (so we can hand out permissions later) - -* Mon Jul 02 2018 Paul Wouters - 3.25-2 -- Relax deleting IKE SA's and IPsec SA's to avoid interop issues with third party VPN vendors - -* Wed Jun 27 2018 Paul Wouters - 3.25-1 -- Updated to 3.25 - -* Mon Feb 19 2018 Paul Wouters - 3.23-2 -- Support crypto-policies package -- Pull in some patches from upstream and IANA registry updates -- gcc7 format-truncate fixes and workarounds - -* Wed Feb 07 2018 Fedora Release Engineering - 3.23-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Jan 25 2018 Paul Wouters - 3.23-1 -- Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements - -* Sat Jan 20 2018 Björn Esser - 3.22-1.1 -- Rebuilt for switch to libxcrypt - -* Mon Oct 23 2017 Paul Wouters - 3.22-1 -- Updated to 3.22 - many bugfixes, and unbound ipsecmod support - -* Wed Aug 9 2017 Paul Wouters - 3.21-1 -- Updated to 3.21 - -* Thu Aug 03 2017 Fedora Release Engineering - 3.20-1.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 3.20-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Tue Mar 14 2017 Paul Wouters - 3.20-1 -- Updated to 3.20 - -* Fri Mar 03 2017 Paul Wouters - 3.20-0.1.dr4 -- Update to 3.20dr4 to test mozbz#1336487 export CERT_CompareAVA - -* Fri Feb 10 2017 Fedora Release Engineering - 3.19-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Fri Feb 03 2017 Paul Wouters - 3.19-2 -- Resolves: rhbz#1392191 libreswan: crash when OSX client connects -- Improved uniqueid and session replacing support -- Test Buffer warning fix on size_t -- Re-introduce --configdir for backwards compatibility - -* Sun Jan 15 2017 Paul Wouters - 3.19-1 -- Updated to 3.19 (see download.libreswan.org/CHANGES) - -* Mon Dec 19 2016 Miro Hrončok - 3.18-1.1 -- Rebuild for Python 3.6 - -* Fri Jul 29 2016 Paul Wouters - 3.18-1 -- Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support -- Remove support for /etc/sysconfig/pluto (use native systemd instead) - -* Thu May 05 2016 Paul Wouters - 3.17-2 -- Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used - -* Thu Apr 07 2016 Paul Wouters - 3.17-1 -- Updated to 3.17 for CVE-2016-3071 -- Disable LIBCAP_NG as it prevents unbound-control from working properly -- Temporarilly disable WERROR due to a few minor known issues - -* Thu Feb 04 2016 Fedora Release Engineering - 3.16-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Fri Dec 18 2015 Paul Wouters - 3.16-1 -- Updated to 3.16 (see https://download.libreswan.org/CHANGES) - -* Tue Aug 11 2015 Paul Wouters - 3.15-1 -- Updated to 3.15 (see http://download.libreswan.org/CHANGES) -- Resolves: rhbz#CVE-2015-3240 IKE daemon restart when receiving a bad DH gx -- NSS database creation moved from spec file to service file -- Run CAVS tests on package build -- Added BuildRequire systemd-units and xmlto -- Bumped minimum required nss to 3.16.1 -- Install tmpfiles -- Install sysctl file -- Update doc files to include - -* Mon Jul 13 2015 Paul Wouters - 3.13-2 -- Resolves: rhbz#1238967 Switch libreswan to use python3 - -* Wed Jun 17 2015 Fedora Release Engineering - 3.13-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Mon Jun 01 2015 Paul Wouters - 3.13-1 -- Updated to 3.13 for CVE-2015-3204 - -* Fri Nov 07 2014 Paul Wouters - 3.12-1 -- Updated to 3.12 Various IKEv2 fixes - -* Wed Oct 22 2014 Paul Wouters - 3.11-1 -- Updated to 3.11 (many fixes, including startup fixes) -- Resolves: rhbz#1144941 libreswan 3.10 upgrade breaks old ipsec.secrets configs -- Resolves: rhbz#1147072 ikev1 aggr mode connection fails after libreswan upgrade -- Resolves: rhbz#1144831 Libreswan appears to start with systemd before all the NICs are up and running - -* Tue Sep 09 2014 Paul Wouters - 3.10-3 -- Fix some coverity issues, auto=route on bootup and snprintf on 32bit machines - -* Mon Sep 01 2014 Paul Wouters - 3.10-1 -- Updated to 3.10, major bugfix release, new xauth status options - -* Sun Aug 17 2014 Fedora Release Engineering - 3.9-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Thu Jul 10 2014 Paul Wouters - 3.9-1 -- Updated to 3.9. IKEv2 enhancements, ESP/IKE algo enhancements -- Mark libreswan-fips.conf as config file -- attr modifier for man pages no longer needed -- BUGS file no longer exists upstream - -* Sat Jun 07 2014 Fedora Release Engineering - 3.8-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Sat Jan 18 2014 Paul Wouters - 3.8-1 -- Updated to 3.8, fixes rhbz#CVE-2013-6467 (rhbz#1054102) - -* Wed Dec 11 2013 Paul Wouters - 3.7-1 -- Updated to 3.7, fixes CVE-2013-4564 -- Fixes creating a bogus NSS db on startup (rhbz#1005410) - -* Thu Oct 31 2013 Paul Wouters - 3.6-1 -- Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes) -- Generate empty NSS db if none exists - -* Mon Aug 19 2013 Paul Wouters - 3.5-3 -- Add a Provides: for openswan-doc - -* Sat Aug 03 2013 Fedora Release Engineering - 3.5-1.1 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Mon Jul 15 2013 Paul Wouters - 3.5-2 -- Added interop patch for (some?) Cisco VPN clients sending 16 zero - bytes of extraneous IKE data -- Removed fipscheck_version - -* Sat Jul 13 2013 Paul Wouters - 3.5-1 -- Updated to 3.5 - -* Thu Jun 06 2013 Paul Wouters - 3.4-1 -- Updated to 3.4, which only contains style changes to kernel coding style -- IN MEMORIAM: June 3rd, 2013 Hugh Daniel - -* Mon May 13 2013 Paul Wouters - 3.3-1 -- Updated to 3.3, which resolves CVE-2013-2052 - -* Sat Apr 13 2013 Paul Wouters - 3.2-1 -- Initial package for Fedora +%autochangelog