- 
    Sat Feb 08 2014 Paul Wouters <pwouters@redhat.com> - 2.6.32-7.3
    - Resolves: CVE-2013-6466 (fixup for delete/notify) 
- 
    Tue Jan 28 2014 Paul Wouters <pwouters@redhat.com> - 2.6.32-7.2
    - Resolves: CVE-2013-6466 missing IKEv2 payloads causes pluto daemon to restart 
- 
    Tue Oct 08 2013 Paul Wouters <pwouters@redhat.com> - 2.6.32-7.1
    - Resolves: CVE-2013-2053 Openswan: remote buffer overflow in atodn() 
- 
    Tue Jul 10 2012 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-4
    Resolves: #807772 
- 
    Sat Oct 29 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-3
    Resolves: #748968 cve-2011-4073 updated upstream patch
Resolves: #609343 
- 
    Wed Oct 26 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-2
    Resolves: #748968 cve-2011-4073 
- 
    Fri Oct 14 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.32-1
    Resolves: #698248 
- 
    Thu Feb 24 2011 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-10
    Resolves: #652733 
- 
    Wed May 12 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-9
    - Missed some changes in spec file, and because of that, changes
  for the bz 584987 did not get enabled. Rechecking correct spec
  file.
Resolves: #584987 
- 
    Tue May 11 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-8
    Resolves: #584987 
- 
    Tue Jan 19 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-7
    - Addresses bz 549811: nss database password logging issue
Resolves: #549811 
- 
    Tue Nov 10 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-6
    - Addresses bzs 524189 and 524191
- Addresses key zeroization
- Updates package description 
Resolves: #524191 
- 
    Wed Jul 15 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5
    - Improved FIPS integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking 
- 
    Sat Jun 27 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4
    - Added support for using PSK with NSS (rhbz 507844)
- Fixed several warnings and undid unnecessary comments
- Updated README.nss with an example configuration
- Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185)
Resolves: CVE-2009-2185
Resolves: #507844 
- 
    Tue May 19 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3
    - Revised patch to support fips integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking 
- 
    Sat May 09 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2
    - Revised patch to support fips integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking 
- 
    Wed Apr 22 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1
    - Upstream release
- Major patches for support of NSS and fipscheck libraries
Resolves: #444801 FIPS-140-2: Meet certification requirements for pluto
Resolves: #469763 FIPS-140: Add integrity checking
Resolves: #438998 Openswan's 'cannot route...' problem
Resolves: #449725 Openswan seg fault using manual keying.
Resolves: #463931 /etc/ipsec.conf includes /etc/ipsec.d/*.conf which is missing
Resolves: #466861 avc: denied { write } for pid=2193 comm="ip" path="/var/run/pluto/ipsec_setup.out"
Resolves: #487708 Misleading package description
- 
    Sat Mar 28 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.14-2
    - security update (CVE-2009-0790, CVE-2008-4190)
Resolves: CVE-2009-0790, CVE-2008-4190 
- 
    Sat Jun 07 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1
    - new upstream release
Resolves: #444575 openswan doesn't delete expired SA's 
- 
    Fri Jun 06 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc10-1
    - new upstream release 
- 
    Thu Jun 05 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc7-1
    - new upstream release
Resolves: #439771 openswan and strongswan fail to interoperate with IKEv2
Resolves: #441383 openswan should negotiate CCM algorithm
Resolves: #442955 openswan doesn't accept null esp auth alg
Resolves: #442956 openswan logging segfault when phase2alg=null
Resolves: #444166 openswan IKEv2 crashes when interoperating with racoon2 
- 
    Thu Apr 24 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-2
    Resolves: #442333 AVC denials on start of openswan host-to-host tunnel 
- 
    Wed Apr 23 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-1
    - new upstream release
Resolves: #432821 left/rightsourceip tags not working
Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024
Resolves: #441588 openswan IKEv2 crashes when interoperating with racoon2
Resolves: #442333 AVC denials on start of openswan host-to-host tunnel 
- 
    Thu Apr 10 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.11-1
    - new upstream release
Resolves: #438826 openswan IKEv2 hangs between intel and ppc64 machines
Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024 
- 
    Sat Mar 15 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-1
    Resolves: rhbz#432315
Resolves: rhbz#432805
Resolves: rhbz#432821
- Moved to latest upstream
- removed init script patch and will use upstream
- Added protostack=netkey to ipsec.conf
- New patch to include definition of HOST_NAME_MAX 
- 
    Sat Feb 09 2008 Linda Wang <lwang@redhat.com> - 2.6.07-2
    Related: rhbz#253052
- Latest upstream 
- 
    Sat Feb 09 2008 Linda Wang <lwang@redhat.com> - 2.6.07-1
    Related: rhbz#253052
- Latest upstream 
- 
    Fri Feb 08 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1
    - Latest upstream
- remove selinux test and message from verify script
- forgot the following bz earlier
Resolves: rhbz#253052 Request for IPSec IKEv2 
- 
    Wed Jan 30 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9
    - cleanup some init problems
Resolves: rhbz#430149 openswan init script errors
Resolves: rhbz#430150 openswan emits spurious warnings 
- 
    Tue Jan 22 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8
    Related: rhbz#235224
- rpmdiff spotted these:
- Cleaned out unused man page
- patch error in barf script 
- 
    Sat Jan 19 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7
    - Addressed the last set of small changes for package review 
- 
    Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6
    - Moved everything else out of /usr/lib
- Added tmraz's patch to remove extra slashes in makefile
- Removed macros from changelog entries 
- 
    Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5
    - Removed userland macros from spec file 
- 
    Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4
    - Removed use of xmlto and the BuildRequires
- moved scripts from /usr/lib to /usr/libexec
- removed man3 pages for libopenswan functions (we don't deliver) 
- 
    Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3
    - Removed _smp_mflags macro from from the spec file build section
- Added BuildRequires for xmlto
- Changed License from GPL to GPL+
- removed klips ifdefs from spec file
- Added patch to move example configs to doc dir
- Added a patch to make the link to init script relative, 
  for chroot environments 
- 
    Sat Jan 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2
    - Removed copy of file that no longer exists 
- 
    Sat Jan 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1
    - Latest upstream tarball, includes fixes 
- 
    Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2
    - Rebase to 2.6.02, add initial ikev2 support 
- 
    Tue Sep 18 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2
    - Forgot changelog on last entry 
- 
    Tue Sep 18 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1
    - sync to upstream latest 
- 
    Wed Mar 21 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3
    - do not use epoch macro, it is unset 
- 
    Thu Mar 01 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2
    - specfile review 
- 
    Sat Jan 27 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1
    - removed key generation from install phase
- version 2.4.7 
- 
    Thu Jul 13 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1
    - rebuild 
- 
    Thu May 18 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2
    - fixed typo (bug #191930) 
- 
    Sat May 06 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1
    - version 2.4.5 
- 
    Sat Feb 11 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1
    - bump again for double-long bug on ppc(64) 
- 
    Wed Feb 08 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2
    - rebuilt for new gcc4.1 snapshot and glibc changes 
- 
    Sat Dec 10 2005 Jesse Keating <jkeating@redhat.com>
    - rebuilt 
- 
    Sat Nov 19 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1
    - version 2.4.4
- fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
- fixes NISCC Advisory 3756/NISCC/ISAKMP 
- 
    Thu Nov 03 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1
    - version 2.4.2dr5 
- 
    Wed Oct 26 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1
    - version 2.4.2dr1 
- 
    Wed Sep 14 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1
    - version 2.4.0 
- 
    Thu Sep 01 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1
    - new version 
- 
    Mon Aug 01 2005 Florian La Roche <laroche@redhat.com>
    - remove sysv startup links to build with current rpm 
- 
    Fri May 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3
    - added openswan-2.3.1-nat_t_aggr.patch
- added openswan-2.3.1-iproute2.patch
- added openswan-2.3.1-cisco.patch
- NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000 
- 
    Thu Apr 28 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2
    - added Requires(post) of coreutils bash (bug 155699)
- added Requires(preun) initscripts chkconfig 
- 
    Thu Apr 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1
    - version 2.3.1 
- 
    Tue Apr 05 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6
    - remove some duplicate copies of the docs 
- 
    Thu Mar 03 2005 Harald Hoyer <harald@redhat.com> 
    - rebuilt 
- 
    Tue Feb 22 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4
    - fixed bug rh#149164 
- 
    Sat Feb 19 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3
    - patched code to compile with gcc4 
- 
    Sat Jan 15 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2
    - Do not enable the initscript per default 
- 
    Wed Jan 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1
    - version 2.3.0
- reimported specfile
- PIEd openswan
- cleaned up initial config files and added include directives
  for easy config drop in 
- 
    Thu Jan 06 2005 Paul Wouters <paul@xelerance.com>
    - Updated for x86_64 and klips on 2.6 
- 
    Wed Nov 03 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
    - Apply selinux patch 
- 
    Fri Oct 22 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2
    - don't run by default. again. 
- 
    Thu Oct 14 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1
    - added selinux patch from Daniel Walsh
- initscript now uses translated strings
- version 2.1.5 with minor fixes 
- 
    Wed Sep 22 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7
    - added more build reqs (bug #132877) 
- 
    Fri Sep 10 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6
    - don't run by default
- don't create/chmod directories in %post, just include them with the
  right perms
- fix debuginfo
- fix docs 
- 
    Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5
    - Added debuginfo package 
- 
    Tue Aug 24 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4
    - Install man-pages
- Fix initscript 'fail()' func to write newline before failure() 
- 
    Fri Aug 20 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3
    - Fix 'service ipsec status' output 
- 
    Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2
    - Normalize initscripts for Red Hat and add translation string support 
- 
    Wed Aug 18 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1
    - initial import 
- 
    Wed May 26 2004 Ken Bantoft <ken@xelerance.com>
    - Initial version, based on FreeS/WAN .spec