[el5_latest] openswan-2.6.21-5.el5_6.4.i386

Openswan is a free implementation of IPsec & IKE for Linux.  IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Openswan. It supports the NETKEY/XFRM IPsec kernel stack that exists
in the default Linux kernel.

Openswan 2.6.x also supports IKEv2 (RFC4309)

Changelog (Show File list) (Show related packages)

• Thu Feb 24 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5.4

  Resolves: #680044

• Tue May 11 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5.3

  Resolves: #591105

• Fri Jan 22 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5.2

  - Fixes openswan logging NSS database password issue
  Resolves: #557688

• Mon Nov 09 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5.1

  - Addresses bz 533883
  - Addresses key zeroization
  - Updates package description 
  Resolves: #533883

• Tue Jul 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5

  - Improved FIPS integrity check functionality
  Resolves: #469763 FIPS-140: Add integrity checking

• Fri Jun 26 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4

  - Added support for using PSK with NSS (rhbz 507844)
  - Fixed several warnings and undid unnecessary comments
  - Updated README.nss with an example configuration
  - Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185)
  Resolves: CVE-2009-2185
  Resolves: #507844

• Mon May 18 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3

  - Revised patch to support fips integrity check functionality
  Resolves: #469763 FIPS-140: Add integrity checking

• Fri May 08 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2

  - Revised patch to support fips integrity check functionality
  Resolves: #469763 FIPS-140: Add integrity checking

• Tue Apr 21 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1

  - Upstream release
  - Major patches for support of NSS and fipscheck libraries
  Resolves: #444801 FIPS-140-2: Meet certification requirements for pluto
  Resolves: #469763 FIPS-140: Add integrity checking
  Resolves: #438998 Openswan's 'cannot route...' problem
  Resolves: #449725 Openswan seg fault using manual keying.
  Resolves: #463931 /etc/ipsec.conf includes /etc/ipsec.d/*.conf which is missing
  Resolves: #466861 avc: denied { write } for pid=2193 comm="ip" path="/var/run/pluto/ipsec_setup.out"
  Resolves: #487708 Misleading package description

• Fri Mar 27 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.14-2

  - security update (CVE-2009-0790, CVE-2008-4190)
  Resolves: CVE-2009-0790, CVE-2008-4190

• Fri Jun 06 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1

  - new upstream release
  Resolves: #444575 openswan doesn't delete expired SA's

• Thu Jun 05 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc10-1

  - new upstream release

• Wed Jun 04 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc7-1

  - new upstream release
  Resolves: #439771 openswan and strongswan fail to interoperate with IKEv2
  Resolves: #441383 openswan should negotiate CCM algorithm
  Resolves: #442955 openswan doesn't accept null esp auth alg
  Resolves: #442956 openswan logging segfault when phase2alg=null
  Resolves: #444166 openswan IKEv2 crashes when interoperating with racoon2

• Wed Apr 23 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-2

  Resolves: #442333 AVC denials on start of openswan host-to-host tunnel

• Tue Apr 22 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-1

  - new upstream release
  Resolves: #432821 left/rightsourceip tags not working
  Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024
  Resolves: #441588 openswan IKEv2 crashes when interoperating with racoon2
  Resolves: #442333 AVC denials on start of openswan host-to-host tunnel

• Wed Apr 09 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.11-1

  - new upstream release
  Resolves: #438826 openswan IKEv2 hangs between intel and ppc64 machines
  Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024

• Fri Mar 14 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-1

  Resolves: rhbz#432315
  Resolves: rhbz#432805
  Resolves: rhbz#432821
  - Moved to latest upstream
  - removed init script patch and will use upstream
  - Added protostack=netkey to ipsec.conf
  - New patch to include definition of HOST_NAME_MAX

• Fri Feb 08 2008 Linda Wang <lwang@redhat.com> - 2.6.07-2

  Related: rhbz#253052
  - Latest upstream

• Fri Feb 08 2008 Linda Wang <lwang@redhat.com> - 2.6.07-1

  Related: rhbz#253052
  - Latest upstream

• Thu Feb 07 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1

  - Latest upstream
  - remove selinux test and message from verify script
  - forgot the following bz earlier
  Resolves: rhbz#253052 Request for IPSec IKEv2

• Tue Jan 29 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9

  - cleanup some init problems
  Resolves: rhbz#430149 openswan init script errors
  Resolves: rhbz#430150 openswan emits spurious warnings

• Mon Jan 21 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8

  Related: rhbz#235224
  - rpmdiff spotted these:
  - Cleaned out unused man page
  - patch error in barf script

• Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7

  - Addressed the last set of small changes for package review

• Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6

  - Moved everything else out of /usr/lib
  - Added tmraz's patch to remove extra slashes in makefile
  - Removed macros from changelog entries

• Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5

  - Removed userland macros from spec file

• Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4

  - Removed use of xmlto and the BuildRequires
  - moved scripts from /usr/lib to /usr/libexec
  - removed man3 pages for libopenswan functions (we don't deliver)

• Wed Jan 16 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3

  - Removed _smp_mflags macro from from the spec file build section
  - Added BuildRequires for xmlto
  - Changed License from GPL to GPL+
  - removed klips ifdefs from spec file
  - Added patch to move example configs to doc dir
  - Added a patch to make the link to init script relative, 
    for chroot environments

• Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2

  - Removed copy of file that no longer exists

• Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1

  - Latest upstream tarball, includes fixes

• Thu Jan 10 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2

  - Rebase to 2.6.02, add initial ikev2 support

• Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2

  - Forgot changelog on last entry

• Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1

  - sync to upstream latest

• Tue Mar 20 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3

  - do not use epoch macro, it is unset

• Wed Feb 28 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2

  - specfile review

• Fri Jan 26 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1

  - removed key generation from install phase
  - version 2.4.7

• Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1

  - rebuild

• Wed May 17 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2

  - fixed typo (bug #191930)

• Fri May 05 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1

  - version 2.4.5

• Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1

  - bump again for double-long bug on ppc(64)

• Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2

  - rebuilt for new gcc4.1 snapshot and glibc changes

• Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>

  - rebuilt

• Fri Nov 18 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1

  - version 2.4.4
  - fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
  - fixes NISCC Advisory 3756/NISCC/ISAKMP

• Wed Nov 02 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1

  - version 2.4.2dr5

• Tue Oct 25 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1

  - version 2.4.2dr1

• Tue Sep 13 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1

  - version 2.4.0

• Wed Aug 31 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1

  - new version

• Sun Jul 31 2005 Florian La Roche <laroche@redhat.com>

  - remove sysv startup links to build with current rpm

• Thu May 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3

  - added openswan-2.3.1-nat_t_aggr.patch
  - added openswan-2.3.1-iproute2.patch
  - added openswan-2.3.1-cisco.patch
  - NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000

• Wed Apr 27 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2

  - added Requires(post) of coreutils bash (bug 155699)
  - added Requires(preun) initscripts chkconfig

• Wed Apr 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1

  - version 2.3.1

• Mon Apr 04 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6

  - remove some duplicate copies of the docs

• Wed Mar 02 2005 Harald Hoyer <harald@redhat.com>

  - rebuilt

• Mon Feb 21 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4

  - fixed bug rh#149164

• Fri Feb 18 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3

  - patched code to compile with gcc4

• Fri Jan 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2

  - Do not enable the initscript per default

• Tue Jan 11 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1

  - version 2.3.0
  - reimported specfile
  - PIEd openswan
  - cleaned up initial config files and added include directives
    for easy config drop in

• Wed Jan 05 2005 Paul Wouters <paul@xelerance.com>

  - Updated for x86_64 and klips on 2.6

• Tue Nov 02 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3

  - Apply selinux patch

• Thu Oct 21 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2

  - don't run by default. again.

• Wed Oct 13 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1

  - added selinux patch from Daniel Walsh
  - initscript now uses translated strings
  - version 2.1.5 with minor fixes

• Tue Sep 21 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7

  - added more build reqs (bug #132877)

• Thu Sep 09 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6

  - don't run by default
  - don't create/chmod directories in %post, just include them with the
    right perms
  - fix debuginfo
  - fix docs

• Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5

  - Added debuginfo package

• Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4

  - Install man-pages
  - Fix initscript 'fail()' func to write newline before failure()

• Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3

  - Fix 'service ipsec status' output

• Wed Aug 18 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2

  - Normalize initscripts for Red Hat and add translation string support

• Tue Aug 17 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1

  - initial import

• Tue May 25 2004 Ken Bantoft <ken@xelerance.com>

  - Initial version, based on FreeS/WAN .spec