[SECURITY] Fedora 19 Update: strongswan-5.1.0-1.fc19

updates at fedoraproject.org updates at fedoraproject.org
Wed Aug 21 00:01:39 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-14481
2013-08-09 14:58:09
--------------------------------------------------------------------------------

Name        : strongswan
Product     : Fedora 19
Version     : 5.1.0
Release     : 1.fc19
URL         : http://www.strongswan.org/
Summary     : An OpenSource IPsec-based VPN Solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

--------------------------------------------------------------------------------
Update Information:

rhbz#981429: New upstream release
Fixes CVE-2013-5018: rhbz#991216, rhbz#991215
Fixes rhbz#991859 failed to build in rawhide
Updated local patches and removed which are not needed
Fixed errors around charon-nm
Added plugins libstrongswan-pkcs12.so, libstrongswan-rc2.so, libstrongswan-sshkey.so
Added utility imv_policy_manager
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  7 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.1.0-1
- rhbz#981429: New upstream release
- Fixes CVE-2013-5018: rhbz#991216, rhbz#991215
- Fixes rhbz#991859 failed to build in rawhide
- Updated local patches and removed which are not needed
- Fixed errors around charon-nm
- Added plugins libstrongswan-pkcs12.so, libstrongswan-rc2.so,
  libstrongswan-sshkey.so
- Added utility imv_policy_manager
* Thu Jul 25 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 5.0.4-5
- rename strongswan-NetworkManager to strongswan-charon-nm
- fix enable_nm macro
* Mon Jul 15 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 5.0.4-4
- %files tries to package some of the shared objects as directories (#984437)
- fix broken systemd unit file (#984300)
- fix rpmlint error: description-line-too-long
- fix rpmlint error: macro-in-comment
- fix rpmlint error: spelling-error Summary(en_US) fuctionality
- depend on 'systemd' instead of 'systemd-units'
- use new systemd scriptlet macros
- NetworkManager subpackage should have a copy of the license (#984490)
- enable hardened_build as this package meets the PIE criteria (#984429)
- invocation of "ipsec _updown iptables" is broken as ipsec is renamed
  to strongswan in this package (#948306)
- invocation of "ipsec scepclient" is broken as ipsec is renamed
  to strongswan in this package
- add /etc/strongswan/ipsec.d and missing subdirectories
- conditionalize building of strongswan-NetworkManager subpackage as the
  version of NetworkManager in EL6 is too old (#984497)
* Fri Jun 28 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.0.4-3
- Patch to fix a major crash issue when Freeradius loads
  attestatiom-imv and does not initialize libstrongswan which
  causes crash due to calls to PTS algorithms probing APIs.
  So this patch fixes the order of initialization. This issues
  does not occur with charon because libstrongswan gets
  initialized earlier.
- Patch that allows to outputs errors when there are permission
  issues when accessing strongswan.conf.
- Patch to make loading of modules configurable when libimcv
  is used in stand alone mode without charon with freeradius
  and wpa_supplicant.
* Tue Jun 11 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.0.4-2
- Enabled TNCCS 1.1 protocol
- Fixed libxm2-devel build dependency
- Patch to fix the issue with loading of plugins
* Wed May  1 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.0.4-1
- New upstream release
- Fixes for CVE-2013-2944
- Enabled support for OS IMV/IMC
- Created and applied a patch to disable ECP in fedora, because
  Openssl in Fedora does not allow ECP_256 and ECP_384. It makes
  it non-compliant to TCG's PTS standard, but there is no choice
  right now. see redhat bz # 319901.
- Enabled Trousers support for TPM based operations.
* Sat Apr 20 2013 Pavel Šimerda <psimerda at redhat.com> - 5.0.3-2
- Rebuilt for a single specfile for rawhide/f19/f18/el6
* Fri Apr 19 2013 Avesh Agarwal <avagarwa at redhat.com> - 5.0.3-1
- New upstream release
- Enabled curl and eap-identity plugins
- Enabled support for eap-radius plugin.
* Thu Apr 18 2013 Pavel Šimerda <psimerda at redhat.com> - 5.0.2-3
- Add gettext-devel to BuildRequires because of epel6
- Remove unnecessary comments
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #981429 - strongswan-5.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=981429
  [ 2 ] Bug #991216 - CVE-2013-5018 strongswan: denial of service flaw in strongswan 5.0.3/5.0.4 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=991216
  [ 3 ] Bug #991859 - strongswan: FTBFS in rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=991859
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update strongswan' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list