Package Release Info

strongswan-5.8.2-150200.11.30.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4159
Available in Package Hub : 15 SP3 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

strongswan-nm

Change Logs

* Fri Oct 07 2022 meissner@suse.com
- strongswan-CVE-2022-40617.patch: Fixed that using untrusted URIs for
  revocation checking could lead to denial of service (CVE-2022-40617
  bsc#1203556)
Version: 5.8.2-150200.11.27.1
* Mon Feb 14 2022 hare@suse.de
- Enable auth_els plugin (jsc#SLE-20151)
Version: 5.8.2-11.8.4
* Mon Mar 29 2021 mbuil@suse.com
- Information added in README about the rcstrongswan-starter
* Mon Mar 29 2021 mbuil@suse.com
- Keep using ipsec as the main binary. Therefore, make strongswan.service point to it instead of swanctl
Version: 5.8.2-11.5.1
* Mon Jan 25 2021 mbuil@suse.com
- Fix FIPS bug (bsc #1180801)
  [+ 0008-gcrypt-Use-a-dummy-buffer-to-initialize-static-alloc.patch ]
* Fri Jan 15 2021 mbuil@suse.com
- Fix typo in README (bsc #1167880)
  [+ 0007-Fix-typo-in-README.patch ]
Version: 5.8.2-11.24.1
* Mon Jan 24 2022 meissner@suse.com
- strongswan-5.5.0-5.9.4_eap_success-CVE-2021-45079.patch:
  Fixed authentication bypass in EAP authentication (CVE-2021-45079
  bsc#1194471)
Version: 5.8.2-11.21.1
* Tue Oct 12 2021 abergmann@suse.com
- Fix integer overflow in gmp plugin (bsc#1191367, CVE-2021-41990)
  [* strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch]
- Fix integer overflow when replacing certificates in cache (bsc#1191435, CVE-2021-41991)
  [* strongswan-4.4.1-5.9.3_cert-cache-random.patch]
* Fri Jul 30 2021 hare@suse.de
- Add auth_els plugin to support Marvell FC-SP encryption (jsc#SLE-20151)
  [* strongswan-marvell-auth-els.patch]
Version: 5.8.2-11.17.3
* Mon Apr 05 2021 mbuil@suse.com
- Add config to run ipsec on namespaces (bsc #1183670)
Version: 5.8.2-11.14.1
* Fri May 07 2021 mt@suse.com
- Replace AEAD AES CCM patch with upstream variant (cc/fips,bsc#1185363)
  [* 0009-strongswan-openssl-aead-add-ccm-support.patch]
Version: 5.8.2-11.11.1
* Wed Apr 21 2021 mt@suse.com
- Add support for AES CCM aead algorithms to openssl plugin (cc/fips,bsc#1185363)
  [+ 0009-strongswan-openssl-aead-add-ccm-support.patch]
Version: 5.6.0-4.3.2
* Thu Nov 14 2019 mmnelemane@suse.com
- Added patch to fix vulnerability: CVE-2018-17540 (bsc#1109845)
  [+ 0010-strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch]
* Wed Nov 13 2019 mmnelemane@suse.com
- Added patch to fix vulnerability: CVE-2018-10811 (bsc#1093536)
  - denial-of-service vulnerability
  [+ 0009-strongswan-5.5.0-5.6.2_skeyseed_init.patch]
* Wed Nov 13 2019 mmnelemane@suse.com
- Added patch to fix vulnerability: CVE-2018-10811 (bsc#1093536)
  - denial-of-service vulnerability
  [+ 0009-strongswan-5.5.0-5.6.2_skeyseed_init.patch]
* Wed Nov 13 2019 mmnelemane@suse.com
- Added patch to fix vulnerability: CVE-2018-5388 (bsc#1094462)
  - Buffer Underflow in stroke_socket.c
  [+ 0008-strongswan-5.1.2-5.6.2_stroke_msg_len.patch]
* Wed Mar 14 2018 mmnelemane@suse.com
- Removed unused requires and macro calls(bsc#1083261)
* Tue Sep 05 2017 ndas@suse.de
- Updated to strongSwan 5.6.0 providing the following changes:
  * Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
    when verifying RSA signatures, which requires decryption with the operation m^e mod n,
    where m is the signature, and e and n are the exponent and modulus of the public key.
    The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
    So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
    This result wasn't handled properly causing a null-pointer dereference.
    This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
  * New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
    Draft and has been demonstrated at the IETF 99 Prague Hackathon.
  * The IMV database template has been adapted to achieve full compliance with the
    ISO 19770-2:2015 SWID tag standard.
  * The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
  * By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
    swanctl.conf file.
  * The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
  * The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
  * libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
  * more on https://wiki.strongswan.org/versions/66
* Tue Sep 05 2017 ndas@suse.de
- Updated to strongSwan 5.6.0 providing the following changes:
  * Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
    when verifying RSA signatures, which requires decryption with the operation m^e mod n,
    where m is the signature, and e and n are the exponent and modulus of the public key.
    The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
    So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
    This result wasn't handled properly causing a null-pointer dereference.
    This vulnerability has been registered as CVE-2017-11185. (bsc#1051222)
  * New SWIMA IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet
    Draft and has been demonstrated at the IETF 99 Prague Hackathon.
  * The IMV database template has been adapted to achieve full compliance with the
    ISO 19770-2:2015 SWID tag standard.
  * The pt-tls-client can attach and use TPM 2.0 protected private keys via the --keyid parameter.
  * By default the /etc/swanctl/conf.d directory is created and *.conf files in it are included in the default
    swanctl.conf file.
  * The curl plugin now follows HTTP redirects (configurable via strongswan.conf).
  * The CHILD_SA rekeying was fixed in charon-tkm and the behavior is refined a bit more since 5.5.3
  * libtpmtss supports Intel's TSS2 Architecture Broker and Resource Manager interface (tcti-tabrmd).
  * more on https://wiki.strongswan.org/versions/66
* Mon Jul 31 2017 ndas@suse.de
- Updated to strongSwan 5.3.5(bsc#1050691) providing the following changes:
  * Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input
    validation when verifying RSA signatures. More specifically, mpz_powm_sec() has two
    requirements regarding the passed exponent and modulus that the plugin did not
    enforce, if these are not met the calculation will result in a floating point exception
    that crashes the whole process.
    This vulnerability has been registered as CVE-2017-9022.
    Please refer to our blog for details.
  * Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
    didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
    parsing X.509 extensions that use such types.
    This vulnerability has been registered as CVE-2017-9023.
    Please refer to our blog for details.
  * The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid
    traffic loss. When responding to a CREATE_CHILD_SA request to rekey a CHILD_SA
    the responder already has everything available to install and use the new CHILD_SA.
    However, this could lead to lost traffic as the initiator won't be able to process
    inbound packets until it processed the CREATE_CHILD_SA response and updated the
    inbound SA. To avoid this the responder now only installs the new inbound SA and
    delays installing the outbound SA until it receives the DELETE for the replaced CHILD_SA.
  * The messages transporting these DELETEs could reach the peer before packets sent
    with the deleted outbound SAs reach it. To reduce the chance of traffic loss due
    to this the inbound SA of the replaced CHILD_SA is not removed for a configurable
    amount of seconds (charon.delete_rekeyed_delay) after the DELETE has been processed.
  * The code base has been ported to Apple's ARM64 iOS platform, which required several
    changes regarding the use of variadic functions. This was necessary because the calling
    conventions for variadic and regular functions are different there.
    This means that assigning a non-variadic function to a variadic function pointer, as we
    did with our enumerator_t::enumerate() implementations and several callbacks, will
    result in crashes as the called function accesses the arguments differently than the
    caller provided them. To avoid this issue the enumerator_t interface has been changed
    and the signature of the callback functions for enumerator_create_filter() and two
    methods on linked_list_t have been changed. Refer to the developer notes below
    for details.
  * Adds support for fuzzing the certificate parser provided by the default plugins
    (x509, pem, gmp etc.) on Google's OSS-Fuzz infrastructure (or generally with
    libFuzzer). Several issues found while fuzzing these plugins were fixed.
  * Two new options have been added to charon's retransmission settings:
    retransmit_limit and retransmit_jitter. The former adds an upper limit to the
    calculated retransmission timeout, the latter randomly reduces it.
    Refer to Retransmission for details.
  * A bug in swanctl's --load-creds command was fixed that caused unencrypted
    private keys to get unloaded if the command was called multiple times.
    The load-key VICI command now returns the key ID of the loaded key on success.
  * The credential manager now enumerates local credential sets before global ones.
    This means certificates supplied by the peer will now be preferred over certificates
    with the same identity that may be locally stored (e.g. in the certificate cache).
  * Adds support for hardware offload of IPsec SAs as introduced by Linux 4.11 for
    specific hardware that supports this.
  * The pki tool loads the curve25519 plugin by default.
    [- 0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
  - 0007-asn1-parser-Fix-CHOICE-parsing.patch]
- libhydra is removed as all kernel plugins moved to libcharon
* Tue May 23 2017 ndas@suse.de
- Applied patch for "Don't retransmit Aggressive Mode response"
  bsc#985012.
- Applied upstream patch for "Insufficient Input Validation in gmp Plugin"
  bsc#1039514(CVE-2017-9022).
- Applied upstream patch for "Incorrect x509 ASN.1 parser error handling"
  bsc#1039515(CVE-2017-9023).
  [+0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch,
  +0006-Make-sure-the-modulus-is-odd-and-the-exponent-not-zero.patch,
  +0007-asn1-parser-Fix-CHOICE-parsing.patch]
* Mon Jul 04 2016 doug@uq.edu.au
- Updated to strongSwan 5.3.5 providing the following changes:
  Changes in version 5.3.5:
  * Properly handle potential EINTR errors in sigwaitinfo(2) calls
    that replaced sigwait(3) calls with 5.3.4.
  * RADIUS retransmission timeouts are now configurable, courtesy
    of Thom Troy.
  Changes in version 5.3.4:
  * Fixed an authentication bypass vulnerability in the
    eap-mschapv2 plugin that was caused by insufficient
    verification of the internal state when handling MSCHAPv2
    Success messages received by the client. This vulnerability
    has been registered as CVE-2015-8023.
  * The sha3 plugin implements the SHA3 Keccak-F1600 hash
    algorithm family. Within the strongSwan framework SHA3 is
    currently used for BLISS signatures only because the OIDs for
    other signature algorithms haven't been defined yet. Also the
    use of SHA3 for IKEv2 has not been standardized yet.
  Changes in version 5.3.3:
  * Added support for the ChaCha20/Poly1305 AEAD cipher specified
    in RFC 7539 and RFC 7634 using the chacha20poly1305 ike/esp
    proposal keyword. The new chapoly plugin implements the
    cipher, if possible SSE-accelerated on x86/x64 architectures.
    It is usable both in IKEv2 and the strongSwan libipsec ESP
    backend. On Linux 4.2 or newer the kernel-netlink plugin can
    configure the cipher for ESP SAs.
  * The vici interface now supports the configuration of auxiliary
    certification authority information as CRL and OCSP URIs.
  * In the bliss plugin the c_indices derivation using a SHA-512
    based random oracle has been fixed, generalized and
    standardized by employing the MGF1 mask generation function
    with SHA-512. As a consequence BLISS signatures unsing the
    improved oracle are not compatible with the earlier
    implementation.
  * Support for auto=route with right=%any for transport mode
    connections has been added (the ikev2/trap-any scenario
    provides examples).
  * The starter daemon does not flush IPsec policies and SAs
    anymore when it is stopped. Already existing duplicate
    policies are now overwritten by the IKE daemon when it
    installs its policies.
  * Init limits (like charon.init_limit_half_open) can now
    optionally be enforced when initiating SAs via VICI. For this,
    IKE_SAs initiated by the daemon are now also counted as half
    open SAs, which, as a side-effect, fixes the status output
    while connecting (e.g. in ipsec status).
  * Symmetric configuration of EAP methods in left|rightauth is
    now possible when mutual EAP-only authentication is used
    (previously, the client had to configure rightauth=eap or
    rightauth=any, which prevented it from using this same config
    as responder).
  * The initiator flag in the IKEv2 header is compared again
    (wasn't the case since 5.0.0) and packets that have the flag
    set incorrectly are again ignored.
  * Implemented a demo Hardcopy Device IMC/IMV pair based on the
    "Hardcopy Device Health Assessment Trusted Network Connect
    Binding" (HCD-TNC) document drafted by the IEEE Printer
    Working Group (PWG).
  * Fixed IF-M segmentation which failed in the presence of
    multiple small attributes in front of a huge attribute to be
    segmented.
  Changes in version 5.3.2:
  * Fixed a vulnerability that allowed rogue servers with a valid
    certificate accepted by the client to trick it into disclosing
    its username and even password (if the client accepts
    EAP-GTC).  This was caused because constraints against the
    responder's authentication were enforced too late. This
    vulnerability has been registered as CVE-2015-4171.
  Changes in version 5.3.1:
  * Fixed a denial-of-service and potential remote code execution
    vulnerability triggered by IKEv1/IKEv2 messages that contain
    payloads for the respective other IKE version. Such payload
    are treated specially since 5.2.2 but because they were still
    identified by their original payload type they were used as
    such in some places causing invalid function pointer
    dereferences. The vulnerability has been registered as
    CVE-2015-3991.
  * The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and
    GCM crypto primitives for AES-128/192/256. The plugin requires
    AES-NI and PCLMULQDQ instructions and works on both x86 and
    x64 architectures. It provides superior crypto performance in
    userland without any external libraries.
  Changes in version 5.3.0:
  * Added support for IKEv2 make-before-break reauthentication. By
    using a global CHILD_SA reqid allocation mechanism, charon
    supports overlapping CHILD_SAs. This allows the use of
    make-before-break instead of the previously supported
    break-before-make reauthentication, avoiding connectivity gaps
    during that procedure. As the new mechanism may fail with peers
    not supporting it (such as any previous strongSwan release) it
    must be explicitly enabled using the charon.make_before_break
    strongswan.conf option.
  * Support for "Signature Authentication in IKEv2" (RFC 7427) has
    been added. This allows the use of stronger hash algorithms
    for public key authentication. By default, signature schemes
    are chosen based on the strength of the signature key, but
    specific hash algorithms may be configured in leftauth.
  * Key types and hash algorithms specified in rightauth are now
    also checked against IKEv2 signature schemes. If such
    constraints are used for certificate chain validation in
    existing configurations, in particular with peers that don't
    support RFC 7427, it may be necessary to disable this feature
    with the charon.signature_authentication_constraints setting,
    because the signature scheme used in classic IKEv2 public key
    authentication may not be strong enough.
  * The new connmark plugin allows a host to bind conntrack flows
    to a specific CHILD_SA by applying and restoring the SA mark
    to conntrack entries. This allows a peer to handle multiple
    transport mode connections coming over the same NAT device for
    client-initiated flows. A common use case is to protect
    L2TP/IPsec, as supported by some systems.
  * The forecast plugin can forward broadcast and multicast
    messages between connected clients and a LAN. For CHILD_SA
    using unique marks, it sets up the required Netfilter rules
    and uses a multicast/broadcast listener that forwards such
    messages to all connected clients. This plugin is designed for
    Windows 7 IKEv2 clients, which announces its services over the
    tunnel if the negotiated IPsec policy allows it.
  * For the vici plugin a Python Egg has been added to allow
    Python applications to control or monitor the IKE daemon using
    the VICI interface, similar to the existing ruby gem. The
    Python library has been contributed by Björn Schuberg.
  * EAP server methods now can fulfill public key constraints,
    such as rightcert or rightca. Additionally, public key and
    signature constraints can be specified for EAP methods in the
    rightauth keyword. Currently the EAP-TLS and EAP-TTLS methods
    provide verification details to constraints checking.
  * Upgrade of the BLISS post-quantum signature algorithm to the
    improved BLISS-B variant. Can be used in conjunction with the
    SHA256, SHA384 and SHA512 hash algorithms with SHA512 being
    the default.
  * The IF-IMV 1.4 interface now makes the IP address of the TNC
    access requestor as seen by the TNC server available to all
    IMVs. This information can be forwarded to policy enforcement
    points (e.g. firewalls or routers).
  * The new mutual tnccs-20 plugin parameter activates mutual TNC
    measurements in PB-TNC half-duplex mode between two endpoints
    over either a PT-EAP or PT-TLS transport medium.
- Adjusted file lists and removed obsolete patches
  [- 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch,
  - 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch,
  - 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]
* Fri Nov 13 2015 mt@suse.de
- Applied upstream fix for a authentication bypass vulnerability
  in the eap-mschapv2 plugin (CVE-2015-8023,bsc#953817).
  [+ 0007-strongswan-4.4.0-5.3.3_eap_mschapv2_state.patch]
* Thu Jun 04 2015 mt@suse.de
- Applied upstream fix for a rogue servers vulnerability, that may
  enable rogue servers able to authenticate itself with certificate
  issued by any CA the client trusts, to gain user credentials from
  a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171).
  [+ 0006-strongswan-5.1.0-5.3.1_enforce_remote_auth.patch]
- Fix to apply unknown_payload patch if fips is disabled (<= 13.1)
  and renamed it to use number prefix corresponding with patch nr.
  [- strongswan-5.2.2-5.3.0_unknown_payload.patch,
  + 0005-strongswan-5.2.2-5.3.0_unknown_payload.patch]
* Mon Jun 01 2015 mt@suse.de
- Applied upstream fix for a DoS and potential remote code execution
  vulnerability through payload type (bsc#931272,CVE-2015-3991)
  [+ strongswan-5.2.2-5.3.0_unknown_payload.patch]
* Mon Jan 05 2015 mt@suse.de
- Updated to strongSwan 5.2.2 providing the following changes:
  Changes in version 5.2.2:
  * Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
    payload that contains the Diffie-Hellman group 1025. This identifier was
    used internally for DH groups with custom generator and prime. Because
    these arguments are missing when creating DH objects based on the KE
    payload an invalid pointer dereference occurred.  This allowed an attacker
    to crash the IKE daemon with a single IKE_SA_INIT message containing such
    a KE payload. The vulnerability has been registered as CVE-2014-9221.
  * The left/rightid options in ipsec.conf, or any other identity in
    strongSwan, now accept prefixes to enforce an explicit type, such as
    email: or fqdn:. Note that no conversion is done for the remaining string,
    refer to ipsec.conf(5) for details.
  * The post-quantum Bimodal Lattice Signature Scheme (BLISS) can be used as
    an IKEv2 public key authentication method. The pki tool offers full
    support for the generation of BLISS key pairs and certificates.
  * Fixed mapping of integrity algorithms negotiated for AH via IKEv1.
    This could cause interoperability issues when connecting to older versions
    of charon.
  Changes in version 5.2.1:
  * The new charon-systemd IKE daemon implements an IKE daemon tailored for
    use with systemd. It avoids the dependency on ipsec starter and uses
    swanctl as configuration backend, building a simple and lightweight
    solution. It supports native systemd journal logging.
  * Support for IKEv2 fragmentation as per RFC 7383 has been added. Like IKEv1
    fragmentation it can be enabled by setting fragmentation=yes in ipsec.conf.
  * Support of the TCG TNC IF-M Attribute Segmentation specification proposal.
    All attributes can be segmented. Additionally TCG/SWID Tag, TCG/SWID Tag ID
    and IETF/Installed Packages attributes can be processed incrementally on a
    per segment basis.
  * The new ext-auth plugin calls an external script to implement custom IKE_SA
    authorization logic, courtesy of Vyronas Tsingaras.
  * For the vici plugin a ruby gem has been added to allow ruby applications to
    control or monitor the IKE daemon. The vici documentation has been updated
    to include a description of the available operations and some simple
    examples using both the libvici C interface and the ruby gem.
  Changes in version 5.2.0:
  * strongSwan has been ported to the Windows platform. Using a MinGW toolchain,
    many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2
    and newer releases. charon-svc implements a Windows IKE service based on
    libcharon, the kernel-iph and kernel-wfp plugins act as networking and IPsec
    backend on the Windows platform. socket-win provides a native IKE socket
    implementation, while winhttp fetches CRL and OCSP information using the
    WinHTTP API.
  * The new vici plugin provides a Versatile IKE Configuration Interface for
    charon. Using the stable IPC interface, external applications can configure,
    control and monitor the IKE daemon. Instead of scripting the ipsec tool
    and generating ipsec.conf, third party applications can use the new interface
    for more control and better reliability.
  * Built upon the libvici client library, swanctl implements the first user of
    the VICI interface. Together with a swanctl.conf configuration file,
    connections can be defined, loaded and managed. swanctl provides a portable,
    complete IKE configuration and control interface for the command line.
    The first six swanctl example scenarios have been added.
  * The SWID IMV implements a JSON-based REST API which allows the exchange
    of SWID tags and Software IDs with the strongTNC policy manager.
  * The SWID IMC can extract all installed packages from the dpkg (Debian,
    Ubuntu, Linux Mint etc.), rpm (Fedora, RedHat, OpenSUSE, etc.), or
    pacman (Arch Linux, Manjaro, etc.) package managers, respectively, using
    the swidGenerator (https://github.com/strongswan/swidGenerator) which
    generates SWID tags according to the new ISO/IEC 19770-2:2014 standard.
  * All IMVs now share the access requestor ID, device ID and product info
    of an access requestor via a common imv_session object.
  * The Attestation IMC/IMV pair supports the IMA-NG measurement format
    introduced with the Linux 3.13 kernel.
  * The aikgen tool generates an Attestation Identity Key bound to a TPM.
  * Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network
    Connect.
  * The ipsec.conf replay_window option defines connection specific IPsec
    replay windows. Original patch courtesy of Zheng Zhong and Christophe
    Gouault from 6Wind.
- Adjusted file lists and removed obsolete patches
  [- 0005-restore-registration-algorithm-order.bug897512.patch,
  - 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
- Adopted/Merged fipscheck patches
  [* strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
* Wed Dec 17 2014 mt@suse.de
- Disallow brainpool elliptic curve groups in fips mode (bnc#856322).
  [* strongswan_fipsfilter.patch]
* Thu Dec 11 2014 mt@suse.de
- Applied an upstream fix for a denial-of-service vulnerability,
  which can be triggered by an IKEv2 Key Exchange payload, that
  contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
  [+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
- Adjusted whilelist of approved algorithms in fips mode (bsc#856322).
  [* strongswan_fipsfilter.patch]
- Renamed patch file to match it's patch number:
  [- 0001-restore-registration-algorithm-order.bug897512.patch,
  + 0005-restore-registration-algorithm-order.bug897512.patch]
* Tue Nov 25 2014 mt@suse.de
- Updated strongswan-hmac package description (bsc#856322).
* Fri Nov 21 2014 mt@suse.de
- Disabled explicit gpg validation; osc source_validator does it.
- Guarded fipscheck and hmac package in the spec file for >13.1.
* Thu Nov 20 2014 mt@suse.de
- Added generation of fips hmac hash files using fipshmac utility
  and a _fipscheck script to verify binaries/libraries/plugings
  shipped in the strongswan-hmac package.
  With enabled fips in the kernel, the ipsec script will call it
  before any action or in a enforced/manual "ipsec _fipscheck" call.
  Added config file to load openssl and kernel af-alg plugins, but
  not all the other modules which provide further/alternative algs.
  Applied a filter disallowing non-approved algorithms in fips mode.
  (fate#316931,bnc#856322).
  [+ strongswan_fipscheck.patch, strongswan_fipsfilter.patch]
- Fixed file list in the optional (disabled) strongswan-test package.
- Fixed build of the strongswan built-in integrity checksum library
  and enabled building it only on architectures tested to work.
- Fix to use bug number 897048 instead 856322 in last changes entry.
- Applied an upstream patch reverting to store algorithms in the
  registration order again as ordering them by identifier caused
  weaker algorithms to be proposed first by default (bsc#897512).
  [+0001-restore-registration-algorithm-order.bug897512.patch]
* Fri Sep 26 2014 mt@suse.de
- Re-enabled gcrypt plugin and reverted to not enforce fips again
  as this breaks gcrypt and openssl plugins when the fips pattern
  option is not installed (fate#316931,bnc#856322).
  [- strongswan-fips-disablegcrypt.patch]
- Added empty strongswan-hmac package supposed to provide fips hmac
  files and enforce fips compliant operation later (bnc#856322).
- Cleaned up conditional build flags in the rpm spec file.