![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package strongswan
checked in at Fri Apr 25 16:46:57 CEST 2008.
--------
--- strongswan/strongswan.changes 2008-02-19 12:04:52.000000000 +0100
+++ /mounts/work_src_done/STABLE/strongswan/strongswan.changes 2008-04-23 14:29:16.013207000 +0200
@@ -1,0 +2,41 @@
+Wed Apr 23 14:28:41 CEST 2008 - mt@suse.de
+
+- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
+ release provides much more modularity and therefore much more
+ extensiblity and offers the following new features:
+ * libstrongswan has been modularized to attach crypto algorithms,
+ credential implementations (secret and private keys, certificates)
+ and http/ldap fetchers dynamically through plugins.
+ * A relational database API that uses pluggable database providers
+ was added to libstrongswan including plugins for MySQL and SQLite.
+ * The IKEv2 keying charon daemon has become more extensible. Generic
+ plugins can provide arbitrary interfaces to credential stores and
+ connection management interfaces. Also any EAP method can be added.
+ * The authentication and credential framework in charon has been
+ heavily refactored to support modular credential providers, proper
+ CERTREQ/CERT payload exchanges and extensible authorization rules.
+ * Support for "Hash and URL" encoded certificate payloads has been
+ implemented in the IKEv2 daemon charon.
+ * The IKEv2 daemon charon now supports the "uniqueids" option to
+ close multiple IKE_SAs with the same peer.
+ * The crypto factory in libstrongswan additionally supports random
+ number generators. Plugins may provide other sources of randomness.
+ * Extended the credential framework by a caching option to allow
+ plugins persistent caching of fetched credentials.
+ * The new trust chain verification introduced in 4.2.0 has been
+ parallelized. Threads fetching CRL or OCSP information no longer
+ block other threads.
+ * A new IKEv2 configuration attribute framework has been introduced
+ allowing plugins to provide virtual IP addresses, and in the future,
+ other configuration attribute services (e.g. DNS/WINS servers).
+ * The stroke plugin has been extended to provide virtual IP addresses
+ from a simple pool defined in ipsec.conf.
+ * Fixed compilation on uClibc and a couple of other minor bugs.
+ * The IKEv1 pluto daemon now supports the ESP encryption algorithm
+ CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
+ authentication algorithm AES_XCBC_MAC.
+- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
+ and adding inclusion of limits.h for PATH_MAX availability.
+- Added rpmlintrc file and a libtoolize call to the spec file.
+
+-------------------------------------------------------------------
Old:
----
strongswan-4.1.11.tar.bz2
strongswan-4.1.11.tar.bz2.sig
New:
----
strongswan-4.2.1.dif
strongswan-4.2.1-rpmlintrc
strongswan-4.2.1.tar.bz2
strongswan-4.2.1.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ strongswan.spec ++++++
--- /var/tmp/diff_new_pack.B21251/_old 2008-04-25 16:46:40.000000000 +0200
+++ /var/tmp/diff_new_pack.B21251/_new 2008-04-25 16:46:40.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package strongswan (Version 4.1.11)
+# spec file for package strongswan (Version 4.2.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -12,9 +12,9 @@
Name: strongswan
-%define upstream_version 4.1.11
+%define upstream_version 4.2.1
%define strongswan_docdir %{_docdir}/%{name}
-Version: 4.1.11
+Version: 4.2.1
Release: 1
License: GPL v2 or later
Group: Productivity/Networking/Security
@@ -29,7 +29,9 @@
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
Source2: %{name}.init.in
+Source3: %{name}-%{version}-rpmlintrc
Patch1: %{name}_modprobe_syslog.dif
+Patch2: %{name}-%{upstream_version}.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex gmp-devel gperf pkg-config
%if 0%{?suse_version} >= 1030
@@ -106,6 +108,7 @@
and others
%package doc
+License: GPL v2 or later
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
@@ -124,6 +127,7 @@
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
+%patch2 -p0
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
@@ -131,6 +135,7 @@
%build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -Wall"
export CFLAGS="$RPM_OPT_FLAGS"
+libtoolize --force
%{?suse_update_config:%{suse_update_config -f}}
autoreconf
%configure \
@@ -194,6 +199,7 @@
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
+%config(noreplace) %attr(600,root,root) %{_sysconfdir}/strongswan.conf
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
@@ -252,6 +258,44 @@
%{_mandir}/man8/starter.8*
%changelog
+* Wed Apr 23 2008 mt@suse.de
+- Updated to 4.2.1 release. A lot of code refactoring in the 4.2
+ release provides much more modularity and therefore much more
+ extensiblity and offers the following new features:
+ * libstrongswan has been modularized to attach crypto algorithms,
+ credential implementations (secret and private keys, certificates)
+ and http/ldap fetchers dynamically through plugins.
+ * A relational database API that uses pluggable database providers
+ was added to libstrongswan including plugins for MySQL and SQLite.
+ * The IKEv2 keying charon daemon has become more extensible. Generic
+ plugins can provide arbitrary interfaces to credential stores and
+ connection management interfaces. Also any EAP method can be added.
+ * The authentication and credential framework in charon has been
+ heavily refactored to support modular credential providers, proper
+ CERTREQ/CERT payload exchanges and extensible authorization rules.
+ * Support for "Hash and URL" encoded certificate payloads has been
+ implemented in the IKEv2 daemon charon.
+ * The IKEv2 daemon charon now supports the "uniqueids" option to
+ close multiple IKE_SAs with the same peer.
+ * The crypto factory in libstrongswan additionally supports random
+ number generators. Plugins may provide other sources of randomness.
+ * Extended the credential framework by a caching option to allow
+ plugins persistent caching of fetched credentials.
+ * The new trust chain verification introduced in 4.2.0 has been
+ parallelized. Threads fetching CRL or OCSP information no longer
+ block other threads.
+ * A new IKEv2 configuration attribute framework has been introduced
+ allowing plugins to provide virtual IP addresses, and in the future,
+ other configuration attribute services (e.g. DNS/WINS servers).
+ * The stroke plugin has been extended to provide virtual IP addresses
+ from a simple pool defined in ipsec.conf.
+ * Fixed compilation on uClibc and a couple of other minor bugs.
+ * The IKEv1 pluto daemon now supports the ESP encryption algorithm
+ CAMELLIA with key lengths of 128, 192, and 256 bits, as well as the
+ authentication algorithm AES_XCBC_MAC.
+- Applied a small patch defining _GNU_SOURCE for struct in6_pktinfo
+ and adding inclusion of limits.h for PATH_MAX availability.
+- Added rpmlintrc file and a libtoolize call to the spec file.
* Tue Feb 19 2008 mt@suse.de
- Updated to 4.1.11 maintenance release, providing following fixes:
* IKE rekeying in NAT situations did not inherit the NAT conditions
++++++ strongswan-4.2.1.dif ++++++
--- src/charon/network/socket-raw.c
+++ src/charon/network/socket-raw.c 2008/04/23 09:46:10
@@ -16,6 +16,9 @@
*
* $Id: socket-raw.c 3589 2008-03-13 14:14:44Z martin $
*/
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
#include
participants (1)
-
root@Hilbert.suse.de