[ol6_latest_archive] openswan-doc-2.6.32-21.2.el6_4.i686

This package contains extensive documentation of the Openswan IPSEC
system.

Changelog (Show File list) (Show related packages)

• Thu Oct 10 2013 Paul Wouters <pwouters@redhat.com> - 2.6.32-21.2

  - Resolves: #1013925 - Openswan does not fully establish IKE tunnel with modecfgclient disabled 
  - Resolves: #1013984 - NAT-T transport bug affects Openswan+L2TP connections with NATed clients

• Wed Oct 09 2013 Paul Wouters <pwouters@redhat.com> - 2.6.32-21.1

  - Resolves: #1013971 - Openswan does not support IKE Fragmentation extension
  - Resolves: #1013985 - Openswan does not support RFC2407 Notify Payload
  - Resolves: #1012736 - initial loading of CRL always fails on pluto startup
  - Resolves: #1012735 - crl signature verification failure in when input signature is stripped of all leading zeros
  - Resolves: #1015810 - openswan does not allow SHA2 auth algorithms under FIPS

• Thu Jul 11 2013 Paul Wouters <pwouters@redhat.com> - 2.6.32-21

  Resolves: #983451 - barf and look should not cause loading of kernel modules

• Fri May 10 2013 Paul Wouters <pwouters@redhat.com> - 2.6.32-20

  Resolves: #960234 - CVE-2013-2053

• Fri Aug 24 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-19

  Resolves: #846797

• Fri Jul 06 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-18

  Resolves: #831676 : fixing loopback issue regression

• Fri Jun 22 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-17

  Resolves: #831669
  Resolves: #831676

• Mon Apr 30 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-16

  Resolves: #771467

• Fri Apr 20 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-15

  Resolves: #768442

• Wed Apr 11 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-14

  Resolves: #771461
  Resolves: #771472

• Fri Mar 02 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-13

  Resolves: #795842
  Resolves: #795850

• Thu Feb 16 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-12

  Resolves: #771457
  Resolves: #771460
  Resolves: #771463

• Tue Feb 14 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-11

  Resolves: #771464
  Resolves: #771465
  Resolves: #771466
  Resolves: #771467
  Resolves: #771473
  Resolves: #771475

• Tue Jan 31 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-10

  Resolves: #768162
  Resolves: #771470

• Fri Oct 28 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-9

  Resolves: #748970 cve-2011-4073 updated upstream patch
  Resolves: #749605

• Tue Oct 25 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-8

  Resolves: #748970 cve-2011-4073

• Mon Oct 03 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-7

  Resolves: #737973
  Resolves: #737975
  Resolves: #737976
  Resolves: #738385
  Resolves: #742632
  Resolves: #742070

• Fri Jun 17 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-6

  Resolves: #711975

• Fri Jun 03 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-5

  Resolves: #703985
  Resolves: #703473
  Resolves: #704548

• Thu Mar 17 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-4

  Resolves: #681974 
  Resolves: #683604

• Wed Mar 02 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-3

  Resolves: 235720

• Mon Feb 21 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-2

  Resolves: 235720

• Wed Jan 12 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-1

  Resolves: 642722
  Resolves: 642724
  Resolves: 646718
  Resolves: 628879
  Resolves: 621790
  Resolves: 668785
  Resolves: 658253
  Resolves: 658121

• Wed Oct 06 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-9

  Resolves: #635060 CVE-2010-3302 CVE-2010-3308 
                    CVE-2010-2752 CVE-2010-3753

• Wed Jul 21 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-8

  Resolves: #616910

• Wed Jun 30 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-7

  Resolves: #614250

• Wed Jun 30 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-6

  Resolves: #600174
  Resolves: #600167

• Fri Jun 18 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-5

  Resolves: #529260

• Mon Jun 14 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-4

  Resolves: #579629
  Resolves: #584224
  Resolves: #586420
  Resolves: #592630
  Resolves: #594767
  Resolves: #579747
  Resolves: #587669

• Tue Mar 23 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-3

  Resolves: #568355 Implementation of new Diffie-Hellman groups 
                    described in RFC 5114
  Resolves: #568493 Pluto's child process can not add routes
  Resolves: #568648 some subcommand doesn't work
  Resolves: #568652 the transport mode doesn't work
  Resolves: #574833 Openswan client can not interop with 
                    Cisco VPN servers
  Resolves: #574839 ImplicitDSOLinking
  Resolves: #574841 Openswan Implementation issue related to 
                    hardcoded length of hash algorithms

• Mon Feb 08 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-2

  - Modified summary in spec file
  - Replaced buildroot with RPM_BUILD_ROOT in spec file
  - Included html files in the doc package
  - Patch for disabling openswan startup at the system
    boot by default

• Fri Jan 15 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-1

  - New upstream release
  - Cisco interop patches
  - Improved init script
  - Fix to allow ";" in the ike/esp parameters
  - Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306
  - Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode
  - Fix to the issue where Some programs were installed
    twice causing .old files
  - lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ .
    This is to avoid an SElinux AVC Denial
  - Fix for the issueo where ipsec help shows the list twice
  - Fix for compile time warnings

• Wed Sep 09 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.23-1

  - New upstream release
  - Supports smartcards now
  - Supports PSK with NSS
  - Supports libcap-ng for lowering capabilities of pluto process 
  - Updated README.nss

• Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.22-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

• Thu Jul 23 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.22-1

  - New upstream release
  - Added support for using PSK with NSS
  - Fixed several warnings and undid unnecessary debug messages
  - Updated README.nss with an example configuration
  - Moved README.nss to openswan/doc/
  - Improved FIPS integrity check functionality

• Mon Jul 06 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5

  - Added support for using PSK with NSS
  - Fixed several warnings and undid unnecessary comments
  - Updated README.nss with an example configuration
  - Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185)

• Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4

  - Updated the Openswan-NSS porting to enable nss and fipscheck by default
  - fipscheck requires fipscheck-devel library

• Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3

  - Updated the Openswan-NSS porting to enable nss by default
  - The patch includes README.nss for information about NSS usage

• Mon Apr 13 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2

  - Applied patch to support NSS, currently disabled due to
    dependency on rh bz #491693
  - The patch also supports fips check integrity 
     (requires fipscheck-devel library)

• Mon Mar 30 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1

  - new upstream release
  - Fix for CVE-2009-0790 DPD crasher
  - Fix remaining SADB_EXT_MAX -> K_SADB_EXT_MAX entries
  - Fix ipsec setup --status not showing amount of tunnels with netkey

• Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.19-2

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

• Tue Nov 25 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.19-1

  - new upstream release

• Mon Oct 13 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-2

  - Addressed some issues related to buzilla 447419
  - Added xmlto and bind-devel to BuildRequires 
  - Removed the patch openswan-2.6-noxmlto.patch
  - Removed the command "rm -rf programs/readwriteconf" from the spec file
    as readwriteconf is used with "make check" for debugging purposes.
  - Removed USE_LWRES=false from the spec file as it has been 
    obsolete in upstream (using bind-devel instead)

• Mon Oct 06 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-1

  - new upstream release
  - modified default ipsec.conf to address rhbz#463931

• Fri Sep 12 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-2

  - added initscript patch to prevent openswan service start by default

• Tue Sep 09 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-1

  - new upstream release

• Sat Jul 05 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.15-1

  - new upstream release

• Fri Jun 06 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1

  - new upstream release

• Tue Mar 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-2

  - removing patch - using upstream init script as is

• Wed Mar 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.08-1

  - Moved to latest upstream
  - Replaced the init script source file with a patch to the upstream one
  -    (no functional changes to the init script)
  - Added protostack=netkey to ipsec.conf
  - New patch to include definition of HOST_NAME_MAX

• Mon Feb 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.07-1

  - Moved to latest upstream

• Thu Feb 07 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1

  - Removed check for selinux enforcing mode in verify script
  - Moved to latest upstream

• Mon Jan 28 2008 Steve Conklin <sconklin@redhat.com> - 2.6.04-1

  - Move to new upstream source

• Thu Jan 24 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9

  - Added af_key module load to init script
  - Removed spurious warning about interfaces=

• Mon Jan 21 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8

  Related: rhbz#235224
  - rpmdiff spotted these:
  - Cleaned out unused man page
  - patch error in barf script

• Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7

  - Addressed the last set of small changes for package review

• Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6

  - Moved everything else out of /usr/lib
  - Added tmraz's patch to remove extra slashes in makefile
  - Removed macros from changelog entries

• Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5

  - Removed userland macros from spec file

• Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4

  - Removed use of xmlto and the BuildRequires
  - moved scripts from /usr/lib to /usr/libexec
  - removed man3 pages for libopenswan functions (we don't deliver)

• Wed Jan 16 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3

  - Removed _smp_mflags macro from from the spec file build section
  - Added BuildRequires for xmlto
  - Changed License from GPL to GPL+
  - removed klips ifdefs from spec file
  - Added patch to move example configs to doc dir
  - Added a patch to make the link to init script relative, 
    for chroot environments

• Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2

  - Removed copy of file that no longer exists

• Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1

  - Latest upstream tarball, includes fixes

• Thu Jan 10 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2

  - Rebase to 2.6.02, add initial ikev2 support

• Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2

  - Forgot changelog on last entry

• Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1

  - sync to upstream latest

• Tue Mar 20 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3

  - do not use epoch macro, it is unset

• Wed Feb 28 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2

  - specfile review

• Fri Jan 26 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1

  - removed key generation from install phase
  - version 2.4.7

• Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1

  - rebuild

• Wed May 17 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2

  - fixed typo (bug #191930)

• Fri May 05 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1

  - version 2.4.5

• Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1

  - bump again for double-long bug on ppc(64)

• Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2

  - rebuilt for new gcc4.1 snapshot and glibc changes

• Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>

  - rebuilt

• Fri Nov 18 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1

  - version 2.4.4
  - fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
  - fixes NISCC Advisory 3756/NISCC/ISAKMP

• Wed Nov 02 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1

  - version 2.4.2dr5

• Tue Oct 25 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1

  - version 2.4.2dr1

• Tue Sep 13 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1

  - version 2.4.0

• Wed Aug 31 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1

  - new version

• Sun Jul 31 2005 Florian La Roche <laroche@redhat.com>

  - remove sysv startup links to build with current rpm

• Thu May 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3

  - added openswan-2.3.1-nat_t_aggr.patch
  - added openswan-2.3.1-iproute2.patch
  - added openswan-2.3.1-cisco.patch
  - NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000

• Wed Apr 27 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2

  - added Requires(post) of coreutils bash (bug 155699)
  - added Requires(preun) initscripts chkconfig

• Wed Apr 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1

  - version 2.3.1

• Mon Apr 04 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6

  - remove some duplicate copies of the docs

• Wed Mar 02 2005 Harald Hoyer <harald@redhat.com>

  - rebuilt

• Mon Feb 21 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4

  - fixed bug rh#149164

• Fri Feb 18 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3

  - patched code to compile with gcc4

• Fri Jan 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2

  - Do not enable the initscript per default

• Tue Jan 11 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1

  - version 2.3.0
  - reimported specfile
  - PIEd openswan
  - cleaned up initial config files and added include directives
    for easy config drop in

• Wed Jan 05 2005 Paul Wouters <paul@xelerance.com>

  - Updated for x86_64 and klips on 2.6

• Tue Nov 02 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3

  - Apply selinux patch

• Thu Oct 21 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2

  - don't run by default. again.

• Wed Oct 13 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1

  - added selinux patch from Daniel Walsh
  - initscript now uses translated strings
  - version 2.1.5 with minor fixes

• Tue Sep 21 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7

  - added more build reqs (bug #132877)

• Thu Sep 09 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6

  - don't run by default
  - don't create/chmod directories in %post, just include them with the
    right perms
  - fix debuginfo
  - fix docs

• Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5

  - Added debuginfo package

• Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4

  - Install man-pages
  - Fix initscript 'fail()' func to write newline before failure()

• Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3

  - Fix 'service ipsec status' output

• Wed Aug 18 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2

  - Normalize initscripts for Red Hat and add translation string support

• Tue Aug 17 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1

  - initial import

• Tue May 25 2004 Ken Bantoft <ken@xelerance.com>

  - Initial version, based on FreeS/WAN .spec