Thu, 29 Jan 2015 14:22:51 UTC | login

Information for build openswan-2.6.33-1.fc15

ID245165
Package Nameopenswan
Version2.6.33
Release1.fc15
Epoch
SummaryIPSEC implementation with IKEv1 and IKEv2 keying protocols
DescriptionOpenswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up Openswan. It supports the NETKEY/XFRM IPsec kernel stack that exists in the default Linux kernel. Openswan 2.6.x also supports IKEv2 (RFC4306)
Built byavesh
State complete
StartedWed, 25 May 2011 18:38:37 UTC
CompletedWed, 25 May 2011 18:41:27 UTC
Taskbuild (dist-f15-updates-candidate, /openswan:c860156d538813bc2e0d28d67a496163f938dc2d)
Tags
dist-f15-updates
RPMs
src
openswan-2.6.33-1.fc15.src.rpm (info) (download)
i686 (build logs)
openswan-2.6.33-1.fc15.i686.rpm (info) (download)
openswan-doc-2.6.33-1.fc15.i686.rpm (info) (download)
openswan-debuginfo-2.6.33-1.fc15.i686.rpm (info) (download)
x86_64 (build logs)
openswan-2.6.33-1.fc15.x86_64.rpm (info) (download)
openswan-doc-2.6.33-1.fc15.x86_64.rpm (info) (download)
openswan-debuginfo-2.6.33-1.fc15.x86_64.rpm (info) (download)
Changelog * Wed May 25 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.33-1 - New upstream release openswan-2.6.33 - Updated local patches - Fixes for bz 704118: openswan-cisco interop issues - Fixes for bz 687870: openswan-cisco interop issues - Fixes for bz 700826: nss-tools requires issue - Fixes for bz 656649: %ghost issue for /var/run/pluto - Fixes for bz 679379: new upstream release - Fixes for gcc erros, picked it from upstream commit-da9a995 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Dec 20 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-1 - New upstream release openswan-2.6.32 - Updated local patches - Removed USE_MODP_RFC5114 as upstream enabled it by default * Wed Oct 20 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.31-1 - New upstream release openswan-2.6.31 * Thu Sep 30 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.29-2 - rhbz#636572, fix to openswan default start issue * Mon Sep 27 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.29-1 - New upstream release - Fixes for CVE-2010-3308 and CVE-2010-3302 * Tue Sep 07 2010 Tomas Mraz <tmraz@redhat.com> - 2.6.28-2 - Use new fipscheck to make .hmac files placement FHS compliant * Fri Aug 13 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.28-1 - New upstream release - Updated existing patches - Changed man to man-db in Buildrequires * Fri Jul 02 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.27-1 - NetworkManager-openswan plugin related changes - Fixes for bz 600167 - Fixes for bz 600174 - Fixes for bz 584224 - Updated old patches * Sat May 29 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.25-2 - NetworkManager-openswan plugin related changes - Fixes for bz 584224 * Mon Mar 29 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.25-1 - New upstream release - Updated existing patches that could not make into this release * Thu Mar 18 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-5 - Openswan-cisco interop functionality now inlcludes the processing of domain defintion attributes obtained from Cisco VPN server - Openswan client can update and restore /etc/resolv.conf file based on the DNS information obtained Cisco VPN server - Implementation of new Diffie-Hellman groups as in RFC 5114 * Wed Mar 03 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-4 - Fixes for openswan-cisco interop functionality - Fix for the issue of hardcoded 96 bits of hmac sha1/md5 - Fix for eliminating compile time warnings - Fix for the issueo where ipsec help shows the list twice (rhbz 524146, 509318) - Implementation of ikev2 transport mode support (rhbz 568652, 561042) - Fix for the issue when pluto's child can not add routes, related to libcan-ng (rhbz 568493, 550023) - Fix for the issue of xauth password when read from prompt - Some subcommad (spi, spigrp, tncfg) are not used with NETKEY, a proper error handling has been added for this issue. (rhbz 568648, 560596) - Fix for Openswan-win2k issue where ports are not handled correctly (rhbz 563779) * Thu Feb 18 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-3 - Fix for making explicit (or avoiding implicit) linking for pthread (#565410) - Modified package description - Fixed a typo (IKEv2 RFC number). * Mon Feb 08 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-2 - Modified summary in spec file - Replaced buildroot with RPM_BUILD_ROOT in spec file - Included html files in the doc package - Patch for disabling openswan startup at the system boot by default * Mon Jan 11 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-1 - New upstream release - Cisco interop patches - Improved init script - Fix to allow ";" in the ike/esp parameters - Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306 - Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode - Fix to the issue where Some programs were installed twice causing .old files - lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ . This is to avoid an SElinux AVC Denial * Wed Sep 09 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.23-1 - New upstream release - Supports smartcards now - Supports PSK with NSS - Supports libcap-ng for lowering capabilities of pluto process - Updated README.nss * Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.22-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Thu Jul 23 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.22-1 - New upstream release - Added support for using PSK with NSS - Fixed several warnings and undid unnecessary debug messages - Updated README.nss with an example configuration - Moved README.nss to openswan/doc/ - Improved FIPS integrity check functionality * Mon Jul 06 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5 - Added support for using PSK with NSS - Fixed several warnings and undid unnecessary comments - Updated README.nss with an example configuration - Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185) * Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4 - Updated the Openswan-NSS porting to enable nss and fipscheck by default - fipscheck requires fipscheck-devel library * Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3 - Updated the Openswan-NSS porting to enable nss by default - The patch includes README.nss for information about NSS usage * Mon Apr 13 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2 - Applied patch to support NSS, currently disabled due to dependency on rh bz #491693 - The patch also supports fips check integrity (requires fipscheck-devel library) * Mon Mar 30 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1 - new upstream release - Fix for CVE-2009-0790 DPD crasher - Fix remaining SADB_EXT_MAX -> K_SADB_EXT_MAX entries - Fix ipsec setup --status not showing amount of tunnels with netkey * Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.19-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Tue Nov 25 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.19-1 - new upstream release * Mon Oct 13 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-2 - Addressed some issues related to buzilla 447419 - Added xmlto and bind-devel to BuildRequires - Removed the patch openswan-2.6-noxmlto.patch - Removed the command "rm -rf programs/readwriteconf" from the spec file as readwriteconf is used with "make check" for debugging purposes. - Removed USE_LWRES=false from the spec file as it has been obsolete in upstream (using bind-devel instead) * Mon Oct 06 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-1 - new upstream release - modified default ipsec.conf to address rhbz#463931 * Fri Sep 12 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-2 - added initscript patch to prevent openswan service start by default * Tue Sep 09 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-1 - new upstream release * Sat Jul 05 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.15-1 - new upstream release * Fri Jun 06 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1 - new upstream release * Tue Mar 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-2 - removing patch - using upstream init script as is * Wed Mar 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.08-1 - Moved to latest upstream - Replaced the init script source file with a patch to the upstream one - (no functional changes to the init script) - Added protostack=netkey to ipsec.conf - New patch to include definition of HOST_NAME_MAX * Mon Feb 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.07-1 - Moved to latest upstream * Thu Feb 07 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1 - Removed check for selinux enforcing mode in verify script - Moved to latest upstream * Mon Jan 28 2008 Steve Conklin <sconklin@redhat.com> - 2.6.04-1 - Move to new upstream source * Thu Jan 24 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9 - Added af_key module load to init script - Removed spurious warning about interfaces= * Mon Jan 21 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8 Related: rhbz#235224 - rpmdiff spotted these: - Cleaned out unused man page - patch error in barf script * Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7 - Addressed the last set of small changes for package review * Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6 - Moved everything else out of /usr/lib - Added tmraz's patch to remove extra slashes in makefile - Removed macros from changelog entries * Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5 - Removed userland macros from spec file * Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4 - Removed use of xmlto and the BuildRequires - moved scripts from /usr/lib to /usr/libexec - removed man3 pages for libopenswan functions (we don't deliver) * Wed Jan 16 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3 - Removed _smp_mflags macro from from the spec file build section - Added BuildRequires for xmlto - Changed License from GPL to GPL+ - removed klips ifdefs from spec file - Added patch to move example configs to doc dir - Added a patch to make the link to init script relative, for chroot environments * Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2 - Removed copy of file that no longer exists * Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1 - Latest upstream tarball, includes fixes * Thu Jan 10 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2 - Rebase to 2.6.02, add initial ikev2 support * Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2 - Forgot changelog on last entry * Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1 - sync to upstream latest * Tue Mar 20 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3 - do not use epoch macro, it is unset * Wed Feb 28 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2 - specfile review * Fri Jan 26 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1 - removed key generation from install phase - version 2.4.7 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1 - rebuild * Wed May 17 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2 - fixed typo (bug #191930) * Fri May 05 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1 - version 2.4.5 * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2 - rebuilt for new gcc4.1 snapshot and glibc changes * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com> - rebuilt * Fri Nov 18 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1 - version 2.4.4 - fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP - fixes NISCC Advisory 3756/NISCC/ISAKMP * Wed Nov 02 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1 - version 2.4.2dr5 * Tue Oct 25 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1 - version 2.4.2dr1 * Tue Sep 13 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1 - version 2.4.0 * Wed Aug 31 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1 - new version * Sun Jul 31 2005 Florian La Roche <laroche@redhat.com> - remove sysv startup links to build with current rpm * Thu May 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3 - added openswan-2.3.1-nat_t_aggr.patch - added openswan-2.3.1-iproute2.patch - added openswan-2.3.1-cisco.patch - NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000 * Wed Apr 27 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2 - added Requires(post) of coreutils bash (bug 155699) - added Requires(preun) initscripts chkconfig * Wed Apr 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1 - version 2.3.1 * Mon Apr 04 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6 - remove some duplicate copies of the docs * Wed Mar 02 2005 Harald Hoyer <harald@redhat.com> - rebuilt * Mon Feb 21 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4 - fixed bug rh#149164 * Fri Feb 18 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3 - patched code to compile with gcc4 * Fri Jan 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2 - Do not enable the initscript per default * Tue Jan 11 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1 - version 2.3.0 - reimported specfile - PIEd openswan - cleaned up initial config files and added include directives for easy config drop in * Wed Jan 05 2005 Paul Wouters <paul@xelerance.com> - Updated for x86_64 and klips on 2.6 * Tue Nov 02 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3 - Apply selinux patch * Thu Oct 21 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2 - don't run by default. again. * Wed Oct 13 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1 - added selinux patch from Daniel Walsh - initscript now uses translated strings - version 2.1.5 with minor fixes * Tue Sep 21 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7 - added more build reqs (bug #132877) * Thu Sep 09 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6 - don't run by default - don't create/chmod directories in %post, just include them with the right perms - fix debuginfo - fix docs * Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5 - Added debuginfo package * Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4 - Install man-pages - Fix initscript 'fail()' func to write newline before failure() * Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3 - Fix 'service ipsec status' output * Wed Aug 18 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2 - Normalize initscripts for Red Hat and add translation string support * Tue Aug 17 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1 - initial import * Tue May 25 2004 Ken Bantoft <ken@xelerance.com> - Initial version, based on FreeS/WAN .spec