diff options
| author | Wang Mingyu <wangmy@fujitsu.com> | 2023-06-19 14:48:28 +0800 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2023-06-19 10:24:49 -0700 |
| commit | 4c8b3a91c664635d1e6b7f99069b60ea35851938 (patch) | |
| tree | 3e494e0f1fe44a60e20a2c3b710f303fb6e864fc | |
| parent | ed1a754819dfaa779dff17ff6981bddbd4a3ef93 (diff) | |
| download | meta-openembedded-4c8b3a91c664635d1e6b7f99069b60ea35851938.tar.gz | |
strongswan: upgrade 5.9.10 -> 5.9.11
Changelog:
==========
- A deadlock in the vici plugin has been fixed that could get triggered when
multiple connections were initiated/terminated concurrently and control-log
events were raised by the watcher_t component.
- CRLs have to be signed by a certificate that has the cRLSign keyUsage bit
encoded (even if it's a CA), or a CA certificate without keyUsage extension.
- Optional CA labels in EST server URIs are supported by `pki --est/estca`.
- CMS-style signatures in PKCS#7 containers are supported by the pkcs7 and
openssl plugins, which allows verifying RSA-PSS and ECDSA signatures.
- Fixed a regression in the server implementation of EAP-TLS with TLS 1.2 or
earlier that was introduced with 5.9.10.
- Ensure the TLS handshake is complete in the EAP-TLS client with TLS <= 1.2.
- kernel-libipsec can process raw ESP packets on Linux (disabled by default) and
gained support for trap policies.
- The dhcp plugin uses an alternate method to determine the source address
for unicast DHCP requests that's not affected by interface filtering.
- Certificate and trust chain selection as initiator has been improved in case
the local trust chain is incomplete and an unrelated certreq is received.
- ECDSA and EdDSA keys in IPSECKEY RRs are supported by the ipseckey plugin.
- To bypass tunnel mode SAs/policies, the kernel-wfp plugin installs bypass
policies also on the FWPM_SUBLAYER_IPSEC_TUNNEL sublayer.
- Stale OCSP responses are now replace in-place in the certificate cache.
- Fixed parsing of SCEP server capabilities by `pki --scep/scepca`.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb (renamed from meta-networking/recipes-support/strongswan/strongswan_5.9.10.bb) | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.10.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb index aecd32139..fb1bea2d8 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.10.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.11.bb | |||
| @@ -11,7 +11,7 @@ DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', | |||
| 11 | SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ | 11 | SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ |
| 12 | " | 12 | " |
| 13 | 13 | ||
| 14 | SRC_URI[sha256sum] = "3b72789e243c9fa6f0a01ccaf4f83766eba96a5e5b1e071d36e997572cf34654" | 14 | SRC_URI[sha256sum] = "ddf53f1f26ad26979d5f55e8da95bd389552f5de3682e35593f9a70b2584ed2d" |
| 15 | 15 | ||
| 16 | UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" | 16 | UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" |
| 17 | 17 | ||