Andreas Steffen
ab1aa03bf5
Version bump to 5.8.1dr1
2019-06-26 17:32:33 +02:00
Andreas Steffen
55dd0361b8
Version bump to 5.8.0
2019-05-20 12:31:08 +02:00
Andreas Steffen
74ac0c9efd
Version bump to 5.8.0rc1
2019-05-10 12:55:48 +02:00
Tobias Brunner
1815c1de52
init: Rename systemd units
...
Use strongswan-starter for the legacy unit and simply strongswan for the
modern one (strongswan-swanctl is configured as alias, which should
cause the installation of symlinks when the service is enabled via
systemctl).
2019-04-24 13:57:48 +02:00
Tobias Brunner
d50bb81c7d
travis: Run tests against wolfSSL
...
Check for wolfssl/options.h because if it isn't included, checking other
headers will trigger a warning about hardening the wolfSSL build, which
will cause the check to fail with -Werror.
If the file doesn't exist because user_settings.h is used, the check may
be skipped by configuring with `ac_cv_header_wolfssl_options_h=yes`.
2019-04-24 12:26:08 +02:00
Sean Parkinson
c92eade82c
wolfssl: Add wolfSSL plugin for cryptographic implementations
2019-04-24 11:40:14 +02:00
Tobias Brunner
ebe2bedebd
configure: Fix package version for python packages for developer releases
...
According to PEP 440 the suffix for development releases is .devN and
not just devN.
2019-04-04 09:36:38 +02:00
Tobias Brunner
d74ddd7893
xfrmi: Move to a separate directory to fix monolithic build
2019-04-04 09:31:38 +02:00
Andreas Steffen
7b5eee65a0
Version bump to 5.8.0dr2
2019-03-30 17:11:34 +01:00
Andreas Steffen
08a7326181
Version bump to 5.8.0dr1
2019-03-13 19:02:42 +01:00
Andreas Steffen
eb16352232
Version bump to 5.7.2
2018-12-27 12:11:49 +01:00
Andreas Steffen
023b9c0edc
Version bump to 5.7.2rc1
2018-12-19 13:21:48 +01:00
Andreas Steffen
7cf3f97e56
Version bump to 5.7.2dr4
2018-12-09 19:53:31 +01:00
Andreas Steffen
ff3f09af45
Version bump to 5.7.2dr3
2018-11-12 16:24:53 +01:00
Andreas Steffen
0e80eb235d
Version bump to 5.7.2dr2
2018-10-31 14:22:03 +01:00
Andreas Steffen
f5565683b9
Version bump to 5.7.2dr1
2018-10-26 18:47:48 +02:00
Tobias Brunner
6e55856830
fuzzing: Add -lm to LDFLAGS if the coverage sanitizer is used
...
libFuzzer apparently uses math functions (e.g. ceilf) for that sanitizer.
2018-10-02 10:58:40 +02:00
Andreas Steffen
04ef28b4df
Version bump to 5.7.1
2018-10-01 17:46:17 +02:00
Andreas Steffen
2a327d438c
Version bump to 5.7.0
2018-09-24 11:10:12 +02:00
Andreas Steffen
1dd382b888
Version bump to 5.7.0rc2
2018-09-18 16:03:23 +02:00
Andreas Steffen
11b4a87050
Version bump to 5.7.0rc1
2018-09-16 09:30:18 +02:00
René Korthaus
af26cc4d85
botan: Add Botan plugin to libstrongswan
2018-09-12 16:25:00 +02:00
Tobias Brunner
66c4735f99
dumm: Remove the Dynamic UML Mesh Modeler framework
...
This has been pretty much defunct for several years (requires a
specially patched UML-enabled guest kernel).
2018-09-12 15:53:55 +02:00
Andreas Steffen
a019c95b72
Version bump to 5.7.0dr8
2018-08-02 07:30:05 +02:00
Andreas Steffen
041efa6ed3
Version bump to 5.7.0dr6
2018-07-21 09:30:53 +02:00
Andreas Steffen
9a7a962348
Version bump to 5.7.0dr5
2018-07-19 14:57:18 +02:00
Andreas Steffen
e74e920bbc
libtpmtss: Support for TSS2 v2 libraries
2018-07-19 12:40:42 +02:00
Andreas Steffen
5b91e8c03c
Version bump to 5.7.0dr4
2018-06-22 11:21:02 +02:00
Andreas Steffen
711e0bdbe4
Version bumpt to 5.7.0dr3
2018-06-14 17:07:59 +02:00
Andreas Steffen
78584d7efc
Version bump to 5.7.0dr2
2018-06-13 17:07:58 +02:00
Andreas Steffen
75181f4836
fuzz: Added PB-TNC fuzzer
2018-06-12 21:47:40 +02:00
Andreas Steffen
a31f9b7691
libimcv: Removed TCG SWID IMC/IMV support
2018-06-12 21:47:39 +02:00
Andreas Steffen
3a8a9c7029
Version bump to 5.7.0dr1
2018-05-30 23:02:57 +02:00
Andreas Steffen
b2ab0995c1
Version bump to 5.6.3
2018-05-28 15:38:58 +02:00
Andreas Steffen
88205674e5
Version bump to 5.6.3rc1
2018-05-23 22:36:39 +02:00
Andreas Steffen
26b45beda9
Version bump to 5.6.3dr2
2018-05-22 21:58:32 +02:00
Tobias Brunner
3594663166
eap-aka-3gpp: Add test vectors from 3GPP TS 35.207 14.0.0
2018-05-18 17:37:39 +02:00
Andreas Steffen
69ee158e2a
Version bump to 5.6.3dr1
2018-04-19 16:34:06 +02:00
Andreas Steffen
68c00bc839
Version bump to 5.6.2
2018-02-19 12:59:37 +01:00
Andreas Steffen
0bb4d2179d
Version bump to 5.6.2rc1
2018-02-16 13:37:00 +01:00
Codrut Cristian Grosu
345cd4684c
save-keys: Add save-keys plugin
...
This plugin will export IKE_SA and CHILD_SA secret keys in the format used
by Wireshark.
It has to be loaded explicitly.
2018-02-15 23:03:29 +01:00
Andreas Steffen
476200ecc6
Version bump to 5.6.2dr4
2018-02-03 11:05:21 +01:00
Lubomir Rintel
9a71b7219c
charon-nm: Port to libnm
...
libnm-glib is deprecated for several years and reaching the end of its
life. Let's switch to the more up-to-date library.
Closes strongswan/strongswan#85 .
2017-12-22 10:05:10 +01:00
Andreas Steffen
344e1b6060
Version bump to 5.6.2dr3
2017-12-13 08:54:54 +01:00
Andreas Steffen
0fb293fc91
tpm_extendpcr: Extend digests into a TPM PCR
2017-12-13 07:10:28 +01:00
Andreas Steffen
5d3eb57cfd
Version bump to 5.6.2dr2
2017-12-10 21:42:02 +01:00
Andreas Steffen
4f60b72a81
Version bump to 5.6.2dr1
2017-12-05 22:23:43 +01:00
Andreas Steffen
203a86ecb8
Version bump to 5.6.1
2017-11-17 22:42:28 +01:00
Tobias Brunner
7f1d944bc9
The pacman tool got replaced by the sec-updater tool
2017-11-15 12:18:17 +01:00
Andreas Steffen
b20bf062e8
Version bump to 5.6.1rc1
2017-11-11 18:25:17 +01:00
Tobias Brunner
c9a2b3b784
configure: Enable mgf1 plugin if gmp plugin is enabled
2017-11-08 16:48:10 +01:00
Martin Willi
63ffcfaa49
configure: Fix check for libtpmtss to build it only when needed
...
Testing for x$tpm always yields true, hence libtpmtss is built even if it
is unneeded. Properly test against xtrue as we do in all other tests.
2017-11-08 16:43:18 +01:00
Tobias Brunner
6f74b8748a
counters: Move IKE event counter collection from stroke to a separate plugin
2017-11-08 16:28:28 +01:00
Tobias Brunner
23e76d250f
streams: Named systemd sockets are only supported since systemd v227
2017-10-13 10:17:37 +02:00
Tobias Brunner
4f575d62ed
configure: Also check for libcrypto on Windows
...
With OpenSSL 1.1.0 the library is now named libcrypto too on Windows.
Check for libeay32 first so we don't link against the build environment's
version of OpenSSL instead of the native one that might be available.
2017-10-10 10:17:09 +02:00
Tobias Brunner
0ae19f0ced
configure: Fix gperf length parameter determination
...
gperf is not actually a build dependency as the generated files are
shipped in the tarball. So the type depends on the gperf version on
the host that ran gperf and created the tarball, which might not be
the same as that on the actual build host, and gperf might not even
be installed there, leaving the type undetermined.
Fixes: e0e4322973
("configure: Detect type of length parameter for gperf generated function")
2017-10-02 17:21:42 +02:00
Andreas Steffen
a9fb529b84
Version bump to 5.6.1dr3
2017-09-26 22:43:38 +02:00
Tobias Brunner
e0e4322973
configure: Detect type of length parameter for gperf generated function
...
Since 3.1 gperf uses size_t for the length parameter instead of an
unsigned int.
2017-09-19 13:24:43 +02:00
Andreas Steffen
c80cec2d5e
Version bump to 5.6.1dr2
2017-09-13 16:56:45 +02:00
Andreas Steffen
d43b84dcb4
Version bump to 5.6.1dr1
2017-09-01 13:49:09 +02:00
Andreas Steffen
b84817375d
sec-updater: Checks for security updates
...
sec-updater checks for security updates and backports in Debian/
Ubuntu repositories and sets the security flags in the strongTNC
policy database accordingly.
2017-09-01 11:19:40 +02:00
Tobias Brunner
17840fa18e
configure: Detect mpz_powm_sec() when built with -Werror
2017-08-15 10:35:20 +02:00
Tobias Brunner
be1beea7a4
fuzzing: Add driver to run fuzz targets on a given list of files
...
This is enabled if the path to libFuzzer.a is not specified when running
the configure script.
2017-08-15 10:35:20 +02:00
Andreas Steffen
9cc37212c6
Version bump to 5.6.0
2017-08-14 10:07:47 +02:00
Andreas Steffen
d35183e33e
Version bump to 5.6.0rc2
2017-08-09 14:23:28 +02:00
Andreas Steffen
285c077d2c
Version bump to 5.6.0rc1
2017-08-07 18:25:52 +02:00
Andreas Steffen
f0ae8c1761
Version bump to 5.6.0dr4
2017-08-04 21:15:45 +02:00
Andreas Steffen
05f8e64d79
Version bump to 5.6.0dr3
2017-07-18 20:53:35 +02:00
Andreas Steffen
964bf73237
sw-collector: Moved to its own directory and added man page
2017-07-18 07:25:45 +02:00
Andreas Steffen
693705c74e
Version bump to 5.6.0dr2
2017-07-13 14:24:32 +02:00
Andreas Steffen
eab650d62f
libtpmtss: Support of Intel TABRMD interface
2017-07-12 17:07:34 +02:00
Andreas Steffen
991703007a
Version bump to 5.6.0dr1
...
This major version includes the new SWIMA IMC/IMV pair which
implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft.
Full compliance to the ISO 19770-2:2015 SWID tag standard has
been achieved.
2017-07-08 23:21:56 +02:00
Andreas Steffen
8ba6bf511e
libimcv: Moved REST API from imv_swid and imv_swima to libimcv
2017-07-08 23:19:51 +02:00
Andreas Steffen
3a7c594c14
imv-swima: Created SWIMA IMV plugin
2017-07-08 23:19:51 +02:00
Andreas Steffen
2821c0f740
imc-swima: Created SWIMA IMC plugin
2017-07-08 23:19:51 +02:00
Tobias Brunner
ef6b710f19
pki: Load pubkey plugin to print public keys
...
Since 3317d0e77b
the public keys are printed via certificate printer,
but that only works if the public key is actually wrapped, which
requires the pubkey plugin.
Fixes: 3317d0e77b
("Standardized printing of certificate information")
2017-07-05 10:15:45 +02:00
Tobias Brunner
1aba82bfd7
eap-aka-3gpp: Add plugin that implements 3GPP MILENAGE algorithm in software
...
This is similar to the eap-aka-3gpp2 plugin. K (optionally concatenated
with OPc) may be configured as binary EAP secret in ipsec.secrets or
swanctl.conf.
Based on a patch by Thomas Strangert.
Fixes #2326 .
2017-07-05 10:03:38 +02:00
Tobias Brunner
45f45fed1e
configure: Install charon-systemd.conf
...
Fixes #2370 .
2017-06-29 08:43:00 +02:00
Tobias Brunner
56ffcdb166
configure: Enable coverage for all plugins via PLUGIN_CFLAGS
2017-06-20 13:52:16 +02:00
Tobias Brunner
d29531c226
configure: Use pkg-config to determine Ruby CFLAGS/LIBS
2017-06-07 16:48:02 +02:00
Andreas Steffen
65ce7ec0c4
Version bump to 5.5.3
2017-05-29 12:02:48 +02:00
Tobias Brunner
f5aef3a020
configure: Don't modify CFLAGs if fuzzing is enabled
...
Just rely on the flags passed by the build process.
2017-05-23 18:29:12 +02:00
Tobias Brunner
92a10e4645
x509: Manually print CRL/OCSP URIs when fuzzing
...
This avoids a warning about the custom %Y printf specifier.
2017-05-23 18:29:12 +02:00
Tobias Brunner
1a06bf03f9
plugin-loader: Add facility to register plugin constructors
...
Enabled when building monolithically and statically.
This should allow us to work around the -whole-archive issue with
libtool. If the libraries register the plugin constructors they provide
they reference the constructors and will therefore prevent the linker from
removing these seemingly unused symbols from the final executable.
For use cases where dlsym() can be used, e.g. because the static libraries
are manually linked with -whole-archive (Linux) or -force-load (Apple),
this can be disabled by passing ss_cv_static_plugin_constructors=no to
the configure script.
2017-05-23 18:29:12 +02:00
Tobias Brunner
6ce649a8a6
configure: Don't build static libraries by default
...
This way we can actually detect if someone wants to build strongSwan
statically because --enable-static has to be passed explicitly.
2017-05-23 18:29:11 +02:00
Tobias Brunner
8806b00f43
fuzz: Make path to libFuzzer.a configurable
2017-05-23 18:29:11 +02:00
Tobias Brunner
157742be7d
fuzz: Add fuzzing boilerplate
2017-05-23 18:29:11 +02:00
Andreas Steffen
a5f7a4c790
Version bump to 5.3.3dr2
2017-05-08 22:38:12 +02:00
Andreas Steffen
d38d1fcd68
Version bump to 5.5.3dr1
2017-04-26 21:29:42 +02:00
Martin Willi
e419b010aa
configure: Include curve25519 in the pki default plugin list
...
The plugin provides ed25519 public key support, and is required to generate
keys or sign certificates with pki.
2017-04-26 20:41:33 +02:00
Andreas Steffen
bb2ba9f15d
Version bump to 5.5.2
2017-03-27 16:57:03 +02:00
Tobias Brunner
5e8e71d405
configure: Fix test for libunwind
...
Most functions in libunwind.h are actually mapped via macros to obscure
function names, so checking for these would require some elaborate test
via AC_LINK_IFELSE(). However, unw_backtrace() seems to be one of the few
actual functions so lets use this for now, even though we don't call it
ourselves later.
Fixes: 016228c158
("configure: Check for actual functions in libraries
with AC_CHECK_LIB")
2017-03-23 18:29:18 +01:00
Andreas Steffen
7c672e6118
Version bump to 5.2.2rc1
2017-03-21 09:09:43 +01:00
Andreas Steffen
25bfb338a2
Version bump to 5.5.2dr7
2017-03-06 20:21:40 +01:00
Andreas Steffen
4a620a97a0
aikpub2: Removed aikpub2 tool
...
The aikpub2 tool has been replaced by pki --pub|--req --keyid hex ..
where keyid indicates the TPM 2.0 private key object handle. Thus
either the public key in PKCS#1 format can be extracted or a PKCS#10
certificate request signed by the TPM private key can be generated.
2017-03-06 19:35:05 +01:00
Andreas Steffen
6885375e66
Version bump to 5.5.2dr6
2017-03-03 09:34:50 +01:00
Andreas Steffen
f43850b3b9
Version bump to 5.5.2dr5
2017-02-23 17:31:11 +01:00
Andreas Steffen
af9341c2c0
Use of TPM 2.0 private keys for signatures via tpm plugin
2017-02-22 12:18:26 +01:00
Tobias Brunner
f8a362bfbc
bypass-lan: Add plugin that installs bypass policies for locally attached subnets
2017-02-08 10:38:28 +01:00
Andreas Steffen
9ad147ac63
Version bump to 5.5.2dr4
2017-01-02 15:46:27 +01:00