- 
    Tue Jul 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5
    - Improved FIPS integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking 
- 
    Fri Jun 26 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4
    - Added support for using PSK with NSS (rhbz 507844)
- Fixed several warnings and undid unnecessary comments
- Updated README.nss with an example configuration
- Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185)
Resolves: CVE-2009-2185
Resolves: #507844 
- 
    Mon May 18 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3
    - Revised patch to support fips integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking 
- 
    Fri May 08 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2
    - Revised patch to support fips integrity check functionality
Resolves: #469763 FIPS-140: Add integrity checking 
- 
    Tue Apr 21 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1
    - Upstream release
- Major patches for support of NSS and fipscheck libraries
Resolves: #444801 FIPS-140-2: Meet certification requirements for pluto
Resolves: #469763 FIPS-140: Add integrity checking
Resolves: #438998 Openswan's 'cannot route...' problem
Resolves: #449725 Openswan seg fault using manual keying.
Resolves: #463931 /etc/ipsec.conf includes /etc/ipsec.d/*.conf which is missing
Resolves: #466861 avc: denied { write } for pid=2193 comm="ip" path="/var/run/pluto/ipsec_setup.out"
Resolves: #487708 Misleading package description
- 
    Fri Mar 27 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.14-2
    - security update (CVE-2009-0790, CVE-2008-4190)
Resolves: CVE-2009-0790, CVE-2008-4190 
- 
    Fri Jun 06 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1
    - new upstream release
Resolves: #444575 openswan doesn't delete expired SA's 
- 
    Thu Jun 05 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc10-1
    - new upstream release 
- 
    Wed Jun 04 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14rc7-1
    - new upstream release
Resolves: #439771 openswan and strongswan fail to interoperate with IKEv2
Resolves: #441383 openswan should negotiate CCM algorithm
Resolves: #442955 openswan doesn't accept null esp auth alg
Resolves: #442956 openswan logging segfault when phase2alg=null
Resolves: #444166 openswan IKEv2 crashes when interoperating with racoon2 
- 
    Wed Apr 23 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-2
    Resolves: #442333 AVC denials on start of openswan host-to-host tunnel 
- 
    Tue Apr 22 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.12-1
    - new upstream release
Resolves: #432821 left/rightsourceip tags not working
Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024
Resolves: #441588 openswan IKEv2 crashes when interoperating with racoon2
Resolves: #442333 AVC denials on start of openswan host-to-host tunnel 
- 
    Wed Apr 09 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.11-1
    - new upstream release
Resolves: #438826 openswan IKEv2 hangs between intel and ppc64 machines
Resolves: #439985 opeswan IKEv2 responder fails when encr=aes and dh=modp1024 
- 
    Fri Mar 14 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-1
    Resolves: rhbz#432315
Resolves: rhbz#432805
Resolves: rhbz#432821
- Moved to latest upstream
- removed init script patch and will use upstream
- Added protostack=netkey to ipsec.conf
- New patch to include definition of HOST_NAME_MAX 
- 
    Fri Feb 08 2008 Linda Wang <lwang@redhat.com> - 2.6.07-2
    Related: rhbz#253052
- Latest upstream 
- 
    Fri Feb 08 2008 Linda Wang <lwang@redhat.com> - 2.6.07-1
    Related: rhbz#253052
- Latest upstream 
- 
    Thu Feb 07 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1
    - Latest upstream
- remove selinux test and message from verify script
- forgot the following bz earlier
Resolves: rhbz#253052 Request for IPSec IKEv2 
- 
    Tue Jan 29 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9
    - cleanup some init problems
Resolves: rhbz#430149 openswan init script errors
Resolves: rhbz#430150 openswan emits spurious warnings 
- 
    Mon Jan 21 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8
    Related: rhbz#235224
- rpmdiff spotted these:
- Cleaned out unused man page
- patch error in barf script 
- 
    Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7
    - Addressed the last set of small changes for package review 
- 
    Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6
    - Moved everything else out of /usr/lib
- Added tmraz's patch to remove extra slashes in makefile
- Removed macros from changelog entries 
- 
    Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5
    - Removed userland macros from spec file 
- 
    Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4
    - Removed use of xmlto and the BuildRequires
- moved scripts from /usr/lib to /usr/libexec
- removed man3 pages for libopenswan functions (we don't deliver) 
- 
    Wed Jan 16 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3
    - Removed _smp_mflags macro from from the spec file build section
- Added BuildRequires for xmlto
- Changed License from GPL to GPL+
- removed klips ifdefs from spec file
- Added patch to move example configs to doc dir
- Added a patch to make the link to init script relative, 
  for chroot environments 
- 
    Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2
    - Removed copy of file that no longer exists 
- 
    Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1
    - Latest upstream tarball, includes fixes 
- 
    Thu Jan 10 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2
    - Rebase to 2.6.02, add initial ikev2 support 
- 
    Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2
    - Forgot changelog on last entry 
- 
    Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1
    - sync to upstream latest 
- 
    Tue Mar 20 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3
    - do not use epoch macro, it is unset 
- 
    Wed Feb 28 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2
    - specfile review 
- 
    Fri Jan 26 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1
    - removed key generation from install phase
- version 2.4.7 
- 
    Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1
    - rebuild 
- 
    Wed May 17 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2
    - fixed typo (bug #191930) 
- 
    Fri May 05 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1
    - version 2.4.5 
- 
    Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1
    - bump again for double-long bug on ppc(64) 
- 
    Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2
    - rebuilt for new gcc4.1 snapshot and glibc changes 
- 
    Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
    - rebuilt 
- 
    Fri Nov 18 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1
    - version 2.4.4
- fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
- fixes NISCC Advisory 3756/NISCC/ISAKMP 
- 
    Wed Nov 02 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1
    - version 2.4.2dr5 
- 
    Tue Oct 25 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1
    - version 2.4.2dr1 
- 
    Tue Sep 13 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1
    - version 2.4.0 
- 
    Wed Aug 31 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1
    - new version 
- 
    Sun Jul 31 2005 Florian La Roche <laroche@redhat.com>
    - remove sysv startup links to build with current rpm 
- 
    Thu May 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3
    - added openswan-2.3.1-nat_t_aggr.patch
- added openswan-2.3.1-iproute2.patch
- added openswan-2.3.1-cisco.patch
- NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000 
- 
    Wed Apr 27 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2
    - added Requires(post) of coreutils bash (bug 155699)
- added Requires(preun) initscripts chkconfig 
- 
    Wed Apr 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1
    - version 2.3.1 
- 
    Mon Apr 04 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6
    - remove some duplicate copies of the docs 
- 
    Wed Mar 02 2005 Harald Hoyer <harald@redhat.com> 
    - rebuilt 
- 
    Mon Feb 21 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4
    - fixed bug rh#149164 
- 
    Fri Feb 18 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3
    - patched code to compile with gcc4 
- 
    Fri Jan 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2
    - Do not enable the initscript per default 
- 
    Tue Jan 11 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1
    - version 2.3.0
- reimported specfile
- PIEd openswan
- cleaned up initial config files and added include directives
  for easy config drop in 
- 
    Wed Jan 05 2005 Paul Wouters <paul@xelerance.com>
    - Updated for x86_64 and klips on 2.6 
- 
    Tue Nov 02 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
    - Apply selinux patch 
- 
    Thu Oct 21 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2
    - don't run by default. again. 
- 
    Wed Oct 13 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1
    - added selinux patch from Daniel Walsh
- initscript now uses translated strings
- version 2.1.5 with minor fixes 
- 
    Tue Sep 21 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7
    - added more build reqs (bug #132877) 
- 
    Thu Sep 09 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6
    - don't run by default
- don't create/chmod directories in %post, just include them with the
  right perms
- fix debuginfo
- fix docs 
- 
    Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5
    - Added debuginfo package 
- 
    Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4
    - Install man-pages
- Fix initscript 'fail()' func to write newline before failure() 
- 
    Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3
    - Fix 'service ipsec status' output 
- 
    Wed Aug 18 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2
    - Normalize initscripts for Red Hat and add translation string support 
- 
    Tue Aug 17 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1
    - initial import 
- 
    Tue May 25 2004 Ken Bantoft <ken@xelerance.com>
    - Initial version, based on FreeS/WAN .spec