——————————————————————————–
Fedora Update Notification
FEDORA-2014-5231
2014-04-16 07:33:00
——————————————————————————–
Name : strongswan
Product : Fedora 20
Version : 5.1.3
Release : 1.fc20
URL : http://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN Solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.
——————————————————————————–
Update Information:
CVE-2014-2338
——————————————————————————–
ChangeLog:
* Tue Apr 15 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.3-1
– new version 5.1.3
* Mon Apr 14 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.3rc1-1
– new version 5.1.3rc1
* Mon Mar 24 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-4
– #1069928 – updated libexec patch.
* Tue Mar 18 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-3
– fixed el6 initscript
– fixed pki directory location
* Fri Mar 14 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-2
– clean up the specfile a bit
– replace the initscript patch with an individual initscript
– patch to build for epel6
* Mon Mar 3 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-1
– #1071353 – bump to 5.1.2
– #1071338 – strongswan is compiled without xauth-pam plugin
– remove obsolete patches
– sent all patches upstream
– added comments to all patches
– don’t touch the config with sed
* Thu Feb 20 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-6
– Fixed full hardening for strongswan (full relro and PIE).
The previous macros had a typo and did not work
(see bz#1067119).
– Fixed tnc package description to reflect the current state of
the package.
– Fixed pki binary and moved it to /usr/libexece/strongswan as
others binaries are there too.
* Wed Feb 19 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-5
– #903638 – SELinux is preventing /usr/sbin/xtables-multi from ‘read’ accesses on the chr_file /dev/random
* Thu Jan 9 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-4
– Removed redundant patches and *.spec commands caused by branch merging
* Wed Jan 8 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-3
– rebuilt
* Mon Dec 2 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-2
– Resolves: 973315
– Resolves: 1036844
* Fri Nov 1 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-1
– Support for PT-TLS (RFC 6876)
– Support for SWID IMC/IMV
– Support for command line IKE client charon-cmd
– Changed location of pki to /usr/bin
– Added swid tags files
– Added man pages for pki and charon-cmd
– Renamed pki to strongswan-pki to avoid conflict with
pki-core/pki-tools package.
– Update local patches
– Fixes CVE-2013-6075
– Fixes CVE-2013-6076
– Fixed autoconf/automake issue as configure.ac got changed
and it required running autoreconf during the build process.
– added strongswan signature file to the sources.
* Thu Sep 12 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.0-3
– Fixed initialization crash of IMV and IMC particularly
attestation imv/imc as libstrongswas was not getting
initialized.
——————————————————————————–
References:
[ 1 ] Bug #1081760 – CVE-2014-2338 strongswan: authentication bypass flaw in IKEv2
https://bugzilla.redhat.com/show_bug.cgi?id=1081760
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update strongswan’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-5238
2014-04-16 07:33:17
——————————————————————————–
Name : strongswan
Product : Fedora 19
Version : 5.1.3
Release : 1.fc19
URL : http://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN Solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.
——————————————————————————–
Update Information:
CVE-2014-2338
——————————————————————————–
ChangeLog:
* Tue Apr 15 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.3-1
– new version 5.1.3
* Mon Apr 14 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.3rc1-1
– new version 5.1.3rc1
* Mon Mar 24 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-4
– #1069928 – updated libexec patch.
* Tue Mar 18 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-3
– fixed el6 initscript
– fixed pki directory location
* Fri Mar 14 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-2
– clean up the specfile a bit
– replace the initscript patch with an individual initscript
– patch to build for epel6
* Mon Mar 3 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-1
– #1071353 – bump to 5.1.2
– #1071338 – strongswan is compiled without xauth-pam plugin
– remove obsolete patches
– sent all patches upstream
– added comments to all patches
– don’t touch the config with sed
* Thu Feb 20 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-6
– Fixed full hardening for strongswan (full relro and PIE).
The previous macros had a typo and did not work
(see bz#1067119).
– Fixed tnc package description to reflect the current state of
the package.
– Fixed pki binary and moved it to /usr/libexece/strongswan as
others binaries are there too.
* Wed Feb 19 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-5
– #903638 – SELinux is preventing /usr/sbin/xtables-multi from ‘read’ accesses on the chr_file /dev/random
* Thu Jan 9 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-4
– Removed redundant patches and *.spec commands caused by branch merging
* Wed Jan 8 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-3
– rebuilt
* Mon Dec 2 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-2
– Resolves: 973315
– Resolves: 1036844
* Fri Nov 1 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-1
– Support for PT-TLS (RFC 6876)
– Support for SWID IMC/IMV
– Support for command line IKE client charon-cmd
– Changed location of pki to /usr/bin
– Added swid tags files
– Added man pages for pki and charon-cmd
– Renamed pki to strongswan-pki to avoid conflict with
pki-core/pki-tools package.
– Update local patches
– Fixes CVE-2013-6075
– Fixes CVE-2013-6076
– Fixed autoconf/automake issue as configure.ac got changed
and it required running autoreconf during the build process.
– added strongswan signature file to the sources.
* Thu Sep 12 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.0-3
– Fixed initialization crash of IMV and IMC particularly
attestation imv/imc as libstrongswas was not getting
initialized.
* Fri Aug 30 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.0-2
– Enabled fips support
– Enabled TNC’s ifmap support
– Enabled TNC’s pdp support
– Fixed hardocded package name in this spec file
* Wed Aug 7 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.0-1
– rhbz#981429: New upstream release
– Fixes CVE-2013-5018: rhbz#991216, rhbz#991215
– Fixes rhbz#991859 failed to build in rawhide
– Updated local patches and removed which are not needed
– Fixed errors around charon-nm
– Added plugins libstrongswan-pkcs12.so, libstrongswan-rc2.so,
libstrongswan-sshkey.so
– Added utility imv_policy_manager
* Thu Jul 25 2013 Jamie Nguyen <jamielinux@fedoraproject.org> – 5.0.4-5
– rename strongswan-NetworkManager to strongswan-charon-nm
– fix enable_nm macro
* Mon Jul 15 2013 Jamie Nguyen <jamielinux@fedoraproject.org> – 5.0.4-4
– %files tries to package some of the shared objects as directories (#984437)
– fix broken systemd unit file (#984300)
– fix rpmlint error: description-line-too-long
– fix rpmlint error: macro-in-comment
– fix rpmlint error: spelling-error Summary(en_US) fuctionality
– depend on ‘systemd’ instead of ‘systemd-units’
– use new systemd scriptlet macros
– NetworkManager subpackage should have a copy of the license (#984490)
– enable hardened_build as this package meets the PIE criteria (#984429)
– invocation of “ipsec _updown iptables” is broken as ipsec is renamed
to strongswan in this package (#948306)
– invocation of “ipsec scepclient” is broken as ipsec is renamed
to strongswan in this package
– add /etc/strongswan/ipsec.d and missing subdirectories
– conditionalize building of strongswan-NetworkManager subpackage as the
version of NetworkManager in EL6 is too old (#984497)
* Fri Jun 28 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.0.4-3
– Patch to fix a major crash issue when Freeradius loads
attestatiom-imv and does not initialize libstrongswan which
causes crash due to calls to PTS algorithms probing APIs.
So this patch fixes the order of initialization. This issues
does not occur with charon because libstrongswan gets
initialized earlier.
– Patch that allows to outputs errors when there are permission
issues when accessing strongswan.conf.
– Patch to make loading of modules configurable when libimcv
is used in stand alone mode without charon with freeradius
and wpa_supplicant.
* Tue Jun 11 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.0.4-2
– Enabled TNCCS 1.1 protocol
– Fixed libxm2-devel build dependency
– Patch to fix the issue with loading of plugins
* Wed May 1 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.0.4-1
– New upstream release
– Fixes for CVE-2013-2944
– Enabled support for OS IMV/IMC
– Created and applied a patch to disable ECP in fedora, because
Openssl in Fedora does not allow ECP_256 and ECP_384. It makes
it non-compliant to TCG’s PTS standard, but there is no choice
right now. see redhat bz # 319901.
– Enabled Trousers support for TPM based operations.
* Sat Apr 20 2013 Pavel Šimerda <psimerda@redhat.com> – 5.0.3-2
– Rebuilt for a single specfile for rawhide/f19/f18/el6
* Fri Apr 19 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.0.3-1
– New upstream release
– Enabled curl and eap-identity plugins
– Enabled support for eap-radius plugin.
* Thu Apr 18 2013 Pavel Šimerda <psimerda@redhat.com> – 5.0.2-3
– Add gettext-devel to BuildRequires because of epel6
– Remove unnecessary comments
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update strongswan’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce