SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libreswan-3.23-5.el7_5.x86_64.rpm :
Fri May 25 14:00:00 2018 Paul Wouters - 3.23-5
- Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode [spec file only update]

Wed May 2 14:00:00 2018 Paul Wouters - 3.23-4
- Resolves: rhbz#1573949 ipsec newhostkey fails in FIPS mode when RSA key is generated
- Resolves: rhbz#1574456 Shared IKE SA leads to rekey interop issues
- Resolves: rhbz#1574457 IKEv2 liveness false positive on IKEv2 idle connections causes tunnel to be restarted

Wed Feb 7 13:00:00 2018 Paul Wouters - 3.23-3
- Resolves: rhbz#1471553 libreswan postquantum preshared key (PPK) support [IANA update]

Tue Feb 6 13:00:00 2018 Paul Wouters - 3.23-2
- Resolves: rhbz#1457904 rebase libreswan to 3.23 [updated]
- Resolves: rhbz#1375750 SECCOMP support for libreswan [updated]

Thu Jan 25 13:00:00 2018 Paul Wouters - 3.23-1
- Resolves: rhbz#1457904 rebase libreswan to 3.23 [updated]

Thu Jan 11 13:00:00 2018 Paul Wouters - 3.23-0.1.rc4
- Resolves: rhbz#1471763 RFE: libreswan MOBIKE support (RFC-4555) [client support]
- Resolves: rhbz#1457904 rebase libreswan to 3.23 [updated]
- Resolves: rhbz#1471553 libreswan postquantum preshared key (PPK) support
- Resolves: rhbz#1492501 Reboot or \'systemctl stop ipsec\' brings down _ethernet_ interfaces on _both_ ends of ipv4 ipsec tunnel
- Resolves: rhbz#1324421 libreswan works not well when setting leftid field to be email address
- Resolves: rhbz#1136076 After IKE rekeying Pluto sends DPD even if there is active SA

Tue Dec 12 13:00:00 2017 Paul Wouters - 3.22-5
- Resolves: rhbz#1471763 RFE: libreswan MOBIKE support (RFC-4555) [updated]
- Resolves: rhbz#1471553 libreswan postquantum preshared key (PPK) support
- Resolves: rhbz#1375776 [IKEv2 Conformance] Test IKEv2.EN.R.1.2.2.1: Receipt of retransmitted CREATE_CHILD_SA reques failed
- Resolves: rhbz#1375750 SECCOMP support for libreswan [updated for libunbound syscalls]
- Resolves: rhbz#1300763 Implement draft-ietf-ipsecme-split-dns for libreswan

Thu Nov 30 13:00:00 2017 Paul Wouters - 3.22-4
- Resolves: rhbz#1463062 NIC-card hardware offload support backport

Thu Nov 16 13:00:00 2017 Paul Wouters - 3.22-3
- Resolves: rhbz#1475434 Add support for AES-GMAC for ESP (RFC-4543) to libreswan
- Resolves: rhbz#1300759 Implement RFC-7427 Digital Signature authentication

Tue Oct 31 13:00:00 2017 Paul Wouters - 3.22-2
- Resolves: rhbz#1471763 RFE: libreswan MOBIKE support (RFC-4555)
- Resolves: rhbz#1372050 RFE: Support IKE and ESP over TCP: RFC 8229

Mon Oct 23 14:00:00 2017 Paul Wouters - 3.22-1
- Resolves: rhbz#1457904 rebase libreswan to 3.22 [updated]

Mon Oct 16 14:00:00 2017 Paul Wouters - 3.21-2
- Resolves: rhbz#1499845 libreswan does not establish IKE with xauth enabled but modecfg disabled
- Resolves: rhbz#1497158 xauth password length limited to 64 bytes while XAUTH_MAX_PASS_LENGTH (128)

Wed Sep 20 14:00:00 2017 Paul Wouters - 3.21-1
- Resolves: rhbz#1457904 rebase libreswan to 3.22

Mon Jun 12 14:00:00 2017 Paul Wouters - 3.20-3
- Resolves: rhbz#1372279 ipsec auto --down CONNECTION returns error for tunnels [updated]
- Resolves: rhbz#1458227 CAVS test driver does not work in FIPS mode
- Resolves: rhbz#1452672 (new-ksk-libreswan-el7) DNSSEC trust anchor cannot be updated without recompilation

Thu Apr 13 14:00:00 2017 Paul Wouters - 3.20-2
- Resolves: rhbz#1372279 ipsec auto --down CONNECTION returns error for tunnels
- Resolves: rhbz#1444115 FIPS: libreswan must generate RSA keys with a minimal exponent of F4, nor E=3
- Resolves: rhbz#1341353 Allow Preshared Key authentication in FIPS mode for libreswan

Tue Mar 14 13:00:00 2017 Paul Wouters - 3.20-1
- Resolves: rhbz#1399883 rebase libreswan to 3.20 (full release)

Mon Feb 20 13:00:00 2017 Paul Wouters - 3.20-0.1.dr3
- Resolves: rhbz#1399883 rebase libreswan to 3.20

Wed Sep 7 14:00:00 2016 Paul Wouters - 3.15-8
- Resolves: rhbz#1361721 libreswan pluto segfault [UPDATED]
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request [UPDATED]
- Resolves: rhbz#1309764 ipsec barf [additional man page update and --no-pager]

Mon Aug 8 14:00:00 2016 Paul Wouters - 3.15-7
- Resolves: rhbz#1311360 When IKE rekeys, if on a different tunnel, all subsequent attempts to rekey fail
- Resolves: rhbz#1361721 libreswan pluto segfault

Tue Jul 5 14:00:00 2016 Paul Wouters - 3.15-6
- Resolves: rhbz#1283468 keyingtries=0 is broken
- Resolves: rhbz#1297816 When using SHA2 as PRF algorithm, nonce payload is below the RFC minimum size
- Resolves: rhbz#1344567 CVE-2016-5361 libreswan: IKEv1 protocol is vulnerable to DoS amplification attack
- Resolves: rhbz#1313747 ipsec pluto returns zero even if it fails
- Resolves: rhbz#1302778 fips does not check hash of some files (like _import_crl)
- Resolves: rhbz#1278063 Unable to authenticate with PAM for IKEv1 XAUTH
- Resolves: rhbz#1257079 Libreswan doesn\'t call NetworkManager helper in case of a connection error
- Resolves: rhbz#1272112 ipsec whack man page discrepancies
- Resolves: rhbz#1280449 PAM xauth method does not work with pam_sss
- Resolves: rhbz#1290907 ipsec initnss/checknss custom directory not recognized
- Resolves: rhbz#1309764 ipsec barf does not show pluto log correctly in the output
- Resolves: rhbz#1347735 libreswan needs to check additional CRLs after LDAP CRL distributionpoint fails
- Resolves: rhbz#1219049 Pluto does not handle delete message from responder site in ikev1
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request
- Resolves: rhbz#1315412 ipsec.conf manpage does not contain any mention about crl-strict option
- Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip address

Wed Oct 21 14:00:00 2015 Paul Wouters - 3.15-5
- Resolves: rhbz#1271811 libreswan FIPS test mistakenly looks for non-existent file hashes

Wed Sep 30 14:00:00 2015 Paul Wouters - 3.15-4
- Resolves: rhbz#1267370 libreswan should support strictcrlpolicy alias
- Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip address
- Resolves: rhbz#1166146 Pluto crashes on INITIATOR site during \'service ipsec stop\'
- Resolves: rhbz#1259209 CVE-2015-3240
- Resolves: rhbz#1199374 libreswan does not enforce all FIPS or IPsec Suite B restrictions
- Resolves: rhbz#1207689 libreswan ignores module blacklist rules
- Merge rhel6 and rhel7 spec into one
- Be lenient for racoon padding behaviour
- Fix seedev option to /dev/random
- Some IKEv1 PAM methods always gave \'Permission denied\'
- Parser workarounds for differences in gcc/flex/bison on rhel6/rhel7
- Parser fix to allow specifying time without unit (openswan compat)
- Fix Labeled IPsec on rekeyed IPsec SA\'s
- Workaround for wrong padding by racoon2
- Disable NSS HW GCM to workaround rhel6 xen builers bug

Fri May 29 14:00:00 2015 Paul Wouters - 3.12-12
- Resolves: rhbz#1212121 Support CAVS [updated bogus fips mode fix]

Fri May 29 14:00:00 2015 Paul Wouters - 3.12-11
- Resolves: rhbz#1226408 CVE-2015-3204 libreswan: crafted IKE packet causes daemon restart

Tue May 5 14:00:00 2015 Paul Wouters - 3.12-10
- Resolves: rhbz#1212121 Support CAVS testing of the PRF/PRF+ functions
- Resolves: rhbz#1127313 Libreswan with IPv6 [updated patch by Jaroslav Aster]
- Resolves: rhbz#1207689 libreswan ignores module blacklist [updated modprobe handling]
- Resolves: rhbz#1218358 pluto crashes in fips mode without dracut-fips package

Sat Feb 21 13:00:00 2015 Paul Wouters - 3.12-6
- Resolves: rhbz#1056559 loopback support deprecated
- Resolves: rhbz#1182224 Add new option for BSI random requirement
- Resolves: rhbz#1170018 [increase] SELinux context string size limit
- Resolves: rhbz#1127313 Libreswan with IPv6 in RHEL7 fails after reboot
- Resolves: rhbz#1207689 libreswan ignores module blacklist rules
- Resolves: rhbz#1203794 pluto crashes in fips mode

Tue Jan 20 13:00:00 2015 Paul Wouters - 3.12-5
- Resolves: rhbz#826264 aes-gcm implementation support (for IKEv2)
- Resolves: rhbz#1074018 Audit key agreement (integ gcm fixup)

Tue Dec 30 13:00:00 2014 Paul Wouters - 3.12-4
- Resolves: rhbz#1134297 aes-ctr cipher is not supported
- Resolves: rhbz#1131503 non-zero rSPI on INVALID_KE (and proper INVALID_KE handling)

Thu Dec 4 13:00:00 2014 Paul Wouters - 3.12-2
- Resolves: rhbz#1105171 (Update man page entry)
- Resolves: rhbz#1144120 (Update for ESP CAMELLIA with IKEv2)
- Resolves: rhbz#1074018 Audit key agreement

Fri Nov 7 13:00:00 2014 Paul Wouters - 3.12-1
- Resolves: rhbz#1136124 rebase to libreswan 3.12
- Resolves: rhbz#1052811 [TAHI] (also clear reserved flags for isakmp_sa header)
- Resolves: rhbz#1157379 [TAHI][IKEv2] IKEv2.EN.R.1.3.3.1: Non RESERVED fields in INFORMATIONAL request

Mon Oct 27 13:00:00 2014 Paul Wouters - 3.11-2
- Resolves: rhbz#1136124 rebase to libreswan 3.11 (coverity fixup, dpdaction=clear fix)

Wed Oct 22 14:00:00 2014 Paul Wouters - 3.11-1
- Resolves: rhbz#1136124 rebase to libreswan 3.11
- Resolves: rhbz#1099905 ikev2 delete payloads are not delivered to peer
- Resolves: rhbz#1147693 NetworkManger-libreswan can not connect to Red Hat IPSec Xauth VPN
- Resolves: rhbz#1055865 [TAHI][IKEv2] libreswan do not ignore the content of version bit
- Resolves: rhbz#1146106 Pluto crashes after start when some ah algorithms are used
- Resolves: rhbz#1108256 addconn compatibility with openswan
- Resolves: rhbz#1152625 [TAHI][IKEv2] IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96 fail
- Resolves: rhbz#1119704 [TAHI][IKEv2]IKEv2Interop.1.13a test fail
- Resolves: rhbz#1100261 libreswan does not send response when when it receives Delete Payload for a CHILD_SA
- Resolves: rhbz#1100239 ikev2 IKE SA responder does not send delete request to IKE SA initiator
- Resolves: rhbz#1052811 [TAHI][IKEv2]IKEv2.EN.I.1.1.11.1: Non zero RESERVED fields in IKE_SA_INIT response
- Resolves: rhbz#1126868 ikev2 sequence numbers are implemented incorrectly
- Resolves: rhbz#1145245 Libreswan appears to start with systemd before all the NICs are up and running.
- Resolves: rhbz#1145231 libreswan 3.10 upgrade breaks old ipsec.secrets configs
- Resolves: rhbz#1144123 Add ESP support for AES_XCBC hash for USGv6 and IPsec-v3 compliance
- Resolves: rhbz#1144120 Add ESP support for CAMELLIA for USGv6 and IPsec-v3 compliance
- Resolves: rhbz#1099877 Missing man-pages ipsec_whack, ipsec_manual
- Resolves: rhbz#1100255 libreswan Ikev2 implementation does not send an INFORMATIONAL response when it receives an INFORMATIONAL request with a Delete Payload for an IKE_SA

Tue Sep 9 14:00:00 2014 Paul Wouters - 3.10-3
- Resolves: rhbz#1136124 rebase to 3.10 (auto=route bug on startup)

Mon Sep 8 14:00:00 2014 Paul Wouters - 3.10-2
- Resolves: rhbz#1136124 rebase to libreswan 3.10

Mon Jul 14 14:00:00 2014 Paul Wouters - 3.8-6
- Resolves: rhbz#1092047 pluto cannot write to directories not owned by root

Thu Apr 10 14:00:00 2014 Paul Wouters - 3.8-5
- Resolves: rhbz#1052834 create_child_sa message ID handling

Tue Mar 18 13:00:00 2014 Paul Wouters - 3.8-4
- Resolves: rhbz#1052834 create_child_sa response

Wed Mar 5 13:00:00 2014 Paul Wouters - 3.8-3
- Resolves: rhbz#1069024 erroneous debug line with mixture [...]
- Resolves: rhbz#1030939 update nss/x509 documents, don\'t load acerts
- Resolves: rhbz#1058813 newhostkey returns zero value when it fails

Fri Jan 24 13:00:00 2014 Daniel Mach - 3.8-2
- Mass rebuild 2014-01-24

Thu Jan 16 13:00:00 2014 Paul Wouters - 3.8-1
- Resolves: rhbz#CVE-2013-6467
- Resolves: rhbz#1043642 rebase to version 3.8
- Resolves: rhbz#1029912 ipsec force-reload doesn\'t work
- Resolves: rhbz#826261 Implement SHA384/512 support for Openswan
- Resolves: rhbz#1039655 ipsec newhostkey generates false configuration

Fri Dec 27 13:00:00 2013 Daniel Mach - 3.6-3
- Mass rebuild 2013-12-27

Fri Nov 8 13:00:00 2013 Paul Wouters - 3.6-2
- Fix race condition in post for creating nss db

Thu Oct 31 13:00:00 2013 Paul Wouters - 3.6-1
- Updated to version 3.6 (IKEv2, MODECFG, Cisco interop fixes)
- Generate empty NSS db if none exists
- FIPS update using /etc/system-fips
- Provide: openswan-doc

Fri Aug 9 14:00:00 2013 Paul Wouters - 3.5-2
- rebuilt and bumped EVR to avoid confusion of import->delete->import
- require iproute

Mon Jul 15 14:00:00 2013 Paul Wouters - 3.5-1
- Initial package for RHEL7
- Added interop patch for (some?) Cisco VPN clients sending 16 zero
bytes of extraneous IKE data
- Removed fipscheck_version


  
ICM