Hello community, here is the log from the commit of package strongswan for openSUSE:Factory checked in at 2013-05-02 12:01:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/strongswan (Old) and /work/SRC/openSUSE:Factory/.strongswan.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "strongswan" Changes: -------- --- /work/SRC/openSUSE:Factory/strongswan/strongswan.changes 2012-12-14 11:18:09.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.strongswan.new/strongswan.changes 2013-05-02 12:01:36.000000000 +0200 @@ -1,0 +2,25 @@ +Tue Apr 30 12:48:44 UTC 2013 - mt@suse.de + +- Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944): + - Fixed a security vulnerability in the openssl plugin which was + reported by Kevin Wojtysiak. The vulnerability has been registered + as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA + signature verification was used, due to a misinterpretation of the + error code returned by the OpenSSL ECDSA_verify() function, an empty + or zeroed signature was accepted as a legitimate one. Refer to our + blog for details. + - The handling of a couple of other non-security relevant OpenSSL + return codes was fixed as well. + - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses + via its TCG TNC IF-MAP 2.1 interface. + - The charon.initiator_only strongswan.conf option causes charon to + ignore IKE initiation requests. + - The openssl plugin can now use the openssl-fips library. + The version 5.0.3 provides new ipseckey plugin, enabling authentication + based on trustworthy public keys stored as IPSECKEY resource records in + the DNS and protected by DNSSEC and new openssl plugin using the AES-NI + accelerated version of AES-GCM if the hardware supports it. + See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50 + for a list of all changes since the 5.0.1 release. + +------------------------------------------------------------------- Old: ---- strongswan-5.0.1-rpmlintrc strongswan-5.0.1.tar.bz2 strongswan-5.0.1.tar.bz2.sig New: ---- strongswan-5.0.4-rpmlintrc strongswan-5.0.4.tar.bz2 strongswan-5.0.4.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ strongswan.spec ++++++ --- /var/tmp/diff_new_pack.cVMGaj/_old 2013-05-02 12:01:38.000000000 +0200 +++ /var/tmp/diff_new_pack.cVMGaj/_new 2013-05-02 12:01:38.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package strongswan # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: strongswan -Version: 5.0.1 +Version: 5.0.4 Release: 0 %define upstream_version %{version} %define strongswan_docdir %{_docdir}/%{name} @@ -28,12 +28,12 @@ %else %bcond_with tests %endif -%if 1 +%if 0%{suse_version} > 1110 %bcond_without mysql %else %bcond_with mysql %endif -%if 0%{suse_version} >= 1110 +%if 0%{suse_version} > 1110 %bcond_without sqlite %bcond_without gcrypt %bcond_without nm @@ -319,6 +319,8 @@ %endif %if %{with nm} --enable-nm \ +%else + --disable-nm \ %endif %if %{with tests} --enable-load-tester \ @@ -351,7 +353,7 @@ # EOT # -rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan}.so +rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{charon,hydra,strongswan,pttls}.so rm -f $RPM_BUILD_ROOT%{strongswan_libdir}/lib{radius,simaka,tls,tnccs,imcv}.so find $RPM_BUILD_ROOT%{strongswan_libdir} \ -name "*.a" -o -name "*.la" | xargs -r rm -f @@ -464,6 +466,7 @@ %{strongswan_libdir}/libchecksum.so %{strongswan_libdir}/libcharon.so.* %{strongswan_libdir}/libhydra.so.* +%{strongswan_libdir}/libpttls.so.* %{strongswan_libdir}/libradius.so.* %{strongswan_libdir}/libsimaka.so.* %{strongswan_libdir}/libstrongswan.so.* @@ -532,6 +535,7 @@ %{strongswan_plugins}/libstrongswan-pgp.so %{strongswan_plugins}/libstrongswan-pkcs1.so %{strongswan_plugins}/libstrongswan-pkcs11.so +%{strongswan_plugins}/libstrongswan-pkcs7.so %{strongswan_plugins}/libstrongswan-pkcs8.so %{strongswan_plugins}/libstrongswan-pubkey.so %{strongswan_plugins}/libstrongswan-radattr.so ++++++ strongswan-5.0.1-rpmlintrc -> strongswan-5.0.4-rpmlintrc ++++++ ++++++ strongswan-5.0.1.tar.bz2 -> strongswan-5.0.4.tar.bz2 ++++++ ++++ 247583 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org