- 
    Wed Oct 06 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-8.1
    Resolves: #635058 CVE-2010-3302 CVE-2010-3308 
                  CVE-2010-2752 CVE-2010-3753
- 
    Wed Jul 21 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-8
    Resolves: #616910 
- 
    Wed Jun 30 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-7
    Resolves: #614250 
- 
    Wed Jun 30 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-6
    Resolves: #600174
Resolves: #600167 
- 
    Fri Jun 18 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-5
    Resolves: #529260 
- 
    Mon Jun 14 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-4
    Resolves: #579629
Resolves: #584224
Resolves: #586420
Resolves: #592630
Resolves: #594767
Resolves: #579747
Resolves: #587669 
- 
    Tue Mar 23 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-3
    Resolves: #568355 Implementation of new Diffie-Hellman groups 
                  described in RFC 5114
Resolves: #568493 Pluto's child process can not add routes
Resolves: #568648 some subcommand doesn't work
Resolves: #568652 the transport mode doesn't work
Resolves: #574833 Openswan client can not interop with 
                  Cisco VPN servers
Resolves: #574839 ImplicitDSOLinking
Resolves: #574841 Openswan Implementation issue related to 
                  hardcoded length of hash algorithms
- 
    Mon Feb 08 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-2
    - Modified summary in spec file
- Replaced buildroot with RPM_BUILD_ROOT in spec file
- Included html files in the doc package
- Patch for disabling openswan startup at the system
  boot by default 
- 
    Fri Jan 15 2010 Avesh Agarwal <avagarwa@redhat.com> - 2.6.24-1
    - New upstream release
- Cisco interop patches
- Improved init script
- Fix to allow ";" in the ike/esp parameters
- Fix to unset IKEv2 Critical flag for payloads defined in RFC 4306
- Fix to Zeroize ISAKMP and IPsec SA's when in FIPS mode
- Fix to the issue where Some programs were installed
  twice causing .old files
- lwdns.req.log moved from /var/tmp/ to /var/run/pluto/ .
  This is to avoid an SElinux AVC Denial
- Fix for the issueo where ipsec help shows the list twice
- Fix for compile time warnings 
- 
    Wed Sep 09 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.23-1
    - New upstream release
- Supports smartcards now
- Supports PSK with NSS
- Supports libcap-ng for lowering capabilities of pluto process 
- Updated README.nss 
- 
    Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.22-2
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 
- 
    Thu Jul 23 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.22-1
    - New upstream release
- Added support for using PSK with NSS
- Fixed several warnings and undid unnecessary debug messages
- Updated README.nss with an example configuration
- Moved README.nss to openswan/doc/
- Improved FIPS integrity check functionality 
- 
    Mon Jul 06 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-5
    - Added support for using PSK with NSS
- Fixed several warnings and undid unnecessary comments
- Updated README.nss with an example configuration
- Fixed Openswan ASN.1 parser vulnerability (CVE-2009-2185) 
- 
    Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-4
    - Updated the Openswan-NSS porting to enable nss and fipscheck by default
- fipscheck requires fipscheck-devel library 
- 
    Tue Apr 14 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-3
    - Updated the Openswan-NSS porting to enable nss by default
- The patch includes README.nss for information about NSS usage 
- 
    Mon Apr 13 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-2
    - Applied patch to support NSS, currently disabled due to
  dependency on rh bz #491693
- The patch also supports fips check integrity 
   (requires fipscheck-devel library) 
- 
    Mon Mar 30 2009 Avesh Agarwal <avagarwa@redhat.com> - 2.6.21-1
    - new upstream release
- Fix for CVE-2009-0790 DPD crasher
- Fix remaining SADB_EXT_MAX -> K_SADB_EXT_MAX entries
- Fix ipsec setup --status not showing amount of tunnels with netkey 
- 
    Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.19-2
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 
- 
    Tue Nov 25 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.19-1
    - new upstream release 
- 
    Mon Oct 13 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-2
    - Addressed some issues related to buzilla 447419
- Added xmlto and bind-devel to BuildRequires 
- Removed the patch openswan-2.6-noxmlto.patch
- Removed the command "rm -rf programs/readwriteconf" from the spec file
  as readwriteconf is used with "make check" for debugging purposes.
- Removed USE_LWRES=false from the spec file as it has been 
  obsolete in upstream (using bind-devel instead) 
- 
    Mon Oct 06 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.18-1
    - new upstream release
- modified default ipsec.conf to address rhbz#463931 
- 
    Fri Sep 12 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-2
    - added initscript patch to prevent openswan service start by default 
- 
    Tue Sep 09 2008 Avesh Agarwal <avagarwa@redhat.com> - 2.6.16-1
    - new upstream release 
- 
    Sat Jul 05 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.15-1
    - new upstream release 
- 
    Fri Jun 06 2008 Steve Grubb <sgrubb@redhat.com> - 2.6.14-1
    - new upstream release 
- 
    Tue Mar 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.09-2
    - removing patch - using upstream init script as is 
- 
    Wed Mar 12 2008 Steve Conklin <sconklin@redhat.com> - 2.6.08-1
    - Moved to latest upstream
- Replaced the init script source file with a patch to the upstream one
-    (no functional changes to the init script)
- Added protostack=netkey to ipsec.conf
- New patch to include definition of HOST_NAME_MAX 
- 
    Mon Feb 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.07-1
    - Moved to latest upstream 
- 
    Thu Feb 07 2008 Steve Conklin <sconklin@redhat.com> - 2.6.05-1
    - Removed check for selinux enforcing mode in verify script
- Moved to latest upstream 
- 
    Mon Jan 28 2008 Steve Conklin <sconklin@redhat.com> - 2.6.04-1
    - Move to new upstream source 
- 
    Thu Jan 24 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-9
    - Added af_key module load to init script
- Removed spurious warning about interfaces= 
- 
    Mon Jan 21 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-8
    Related: rhbz#235224
- rpmdiff spotted these:
- Cleaned out unused man page
- patch error in barf script 
- 
    Fri Jan 18 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-7
    - Addressed the last set of small changes for package review 
- 
    Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-6
    - Moved everything else out of /usr/lib
- Added tmraz's patch to remove extra slashes in makefile
- Removed macros from changelog entries 
- 
    Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-5
    - Removed userland macros from spec file 
- 
    Thu Jan 17 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-4
    - Removed use of xmlto and the BuildRequires
- moved scripts from /usr/lib to /usr/libexec
- removed man3 pages for libopenswan functions (we don't deliver) 
- 
    Wed Jan 16 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-3
    - Removed _smp_mflags macro from from the spec file build section
- Added BuildRequires for xmlto
- Changed License from GPL to GPL+
- removed klips ifdefs from spec file
- Added patch to move example configs to doc dir
- Added a patch to make the link to init script relative, 
  for chroot environments 
- 
    Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-2
    - Removed copy of file that no longer exists 
- 
    Fri Jan 11 2008 Steve Conklin <sconklin@redhat.com> - 2.6.03-1
    - Latest upstream tarball, includes fixes 
- 
    Thu Jan 10 2008 Steve Conklin <sconklin@redhat.com> - 2.6.02-2
    - Rebase to 2.6.02, add initial ikev2 support 
- 
    Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-2
    - Forgot changelog on last entry 
- 
    Mon Sep 17 2007 Steve Conklin <sconklin@redhat.com> - 2.4.9-1
    - sync to upstream latest 
- 
    Tue Mar 20 2007 Florian La Roche <laroche@redhat.com> - 2.4.7-3
    - do not use epoch macro, it is unset 
- 
    Wed Feb 28 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-2
    - specfile review 
- 
    Fri Jan 26 2007 Harald Hoyer <harald@redhat.com> - 2.4.7-1
    - removed key generation from install phase
- version 2.4.7 
- 
    Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.4.5-2.1
    - rebuild 
- 
    Wed May 17 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-2
    - fixed typo (bug #191930) 
- 
    Fri May 05 2006 Harald Hoyer <harald@redhat.com> - 2.4.5-1
    - version 2.4.5 
- 
    Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2.1
    - bump again for double-long bug on ppc(64) 
- 
    Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.4.4-1.1.2
    - rebuilt for new gcc4.1 snapshot and glibc changes 
- 
    Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
    - rebuilt 
- 
    Fri Nov 18 2005 Harald Hoyer <harald@redhat.com> - 2.4.4-1.1
    - version 2.4.4
- fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
- fixes NISCC Advisory 3756/NISCC/ISAKMP 
- 
    Wed Nov 02 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr5.1
    - version 2.4.2dr5 
- 
    Tue Oct 25 2005 Harald Hoyer <harald@redhat.com> - 2.4.2-0.dr1.1
    - version 2.4.2dr1 
- 
    Tue Sep 13 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-1
    - version 2.4.0 
- 
    Wed Aug 31 2005 Harald Hoyer <harald@redhat.com> - 2.4.0-0.rc4.1
    - new version 
- 
    Sun Jul 31 2005 Florian La Roche <laroche@redhat.com>
    - remove sysv startup links to build with current rpm 
- 
    Thu May 12 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-3
    - added openswan-2.3.1-nat_t_aggr.patch
- added openswan-2.3.1-iproute2.patch
- added openswan-2.3.1-cisco.patch
- NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000 
- 
    Wed Apr 27 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-2
    - added Requires(post) of coreutils bash (bug 155699)
- added Requires(preun) initscripts chkconfig 
- 
    Wed Apr 13 2005 Harald Hoyer <harald@redhat.com> - 2.3.1-1
    - version 2.3.1 
- 
    Mon Apr 04 2005 Jeremy Katz <katzj@redhat.com> - 2.3.0-6
    - remove some duplicate copies of the docs 
- 
    Wed Mar 02 2005 Harald Hoyer <harald@redhat.com> 
    - rebuilt 
- 
    Mon Feb 21 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-4
    - fixed bug rh#149164 
- 
    Fri Feb 18 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-3
    - patched code to compile with gcc4 
- 
    Fri Jan 14 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-2
    - Do not enable the initscript per default 
- 
    Tue Jan 11 2005 Harald Hoyer <harald@redhat.com> - 2.3.0-1
    - version 2.3.0
- reimported specfile
- PIEd openswan
- cleaned up initial config files and added include directives
  for easy config drop in 
- 
    Wed Jan 05 2005 Paul Wouters <paul@xelerance.com>
    - Updated for x86_64 and klips on 2.6 
- 
    Tue Nov 02 2004 Dan Walsh <dwalsh@redhat.com> - 2.1.5-3
    - Apply selinux patch 
- 
    Thu Oct 21 2004 Bill Nottingham <notting@redhat.com> - 2.1.5-2
    - don't run by default. again. 
- 
    Wed Oct 13 2004 Harald Hoyer <harald@redhat.com> - 2.1.5-1
    - added selinux patch from Daniel Walsh
- initscript now uses translated strings
- version 2.1.5 with minor fixes 
- 
    Tue Sep 21 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-7
    - added more build reqs (bug #132877) 
- 
    Thu Sep 09 2004 Bill Nottingham <notting@redhat.com> - 2.1.4-6
    - don't run by default
- don't create/chmod directories in %post, just include them with the
  right perms
- fix debuginfo
- fix docs 
- 
    Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-5
    - Added debuginfo package 
- 
    Mon Aug 23 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-4
    - Install man-pages
- Fix initscript 'fail()' func to write newline before failure() 
- 
    Thu Aug 19 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-3
    - Fix 'service ipsec status' output 
- 
    Wed Aug 18 2004 Jason Vas Dias <jvdias@redhat.com> - 2.1.4-2
    - Normalize initscripts for Red Hat and add translation string support 
- 
    Tue Aug 17 2004 Harald Hoyer <harald@redhat.com> - 2.1.4-1
    - initial import 
- 
    Tue May 25 2004 Ken Bantoft <ken@xelerance.com>
    - Initial version, based on FreeS/WAN .spec