-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 [ We forgot to announce it via email ! ] The Libreswan Project has released libreswan 5.1 This is a bugfix release. Most importantly, a fix to work properly with Linux 6.9+ kernels, and a workaround for a but in reconnecting iOS/OSX clients that use IKEv1 with XAUTH/ModeConfig. The handling of ipsec interfaces was improved as well. This latest version of libreswan can be downloaded from: https://download.libreswan.org/libreswan-5.1.tar.gz https://download.libreswan.org/libreswan-5.1.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES Please report bugs either via one of the mailinglists or at our github bug tracker: https://lists.libreswan.org/ https://github.com/libreswan/libreswan/issues See also https://libreswan.org/ v5.1 (Oct 8, 2024) * IKEv2: - fix race when initiator-responder cross rekey requests [Andrew] - don't ignore Delete IKE SA request while waiting for Delete IKE SA response [Andrew] - log arrival of first IKE_AUTH request that triggers DH [Andrew] - rate limit logging of packets with invalid payloads * IKEv1: - fix Quick mode installing 0.0.0.0/0 when no MSG_CONFIG exchange [Andrew, Tuomo] - fix iOS Quick mode request needing to re-recover lease [Andrew, Tuomo] - fix regression where deleting ISAKMP deleted IPsec [Andrew, Tuomo] - add config options of ah=sha2{256,512} [Andrew] - add DH29,DH31 to default proposals [Andrew] - reject ESP AEAD combined with non-NULL integrity [Andrew] * Crypto: - update IKE to use NSS's FIPS compliant PK11_AEADOp() [Andrew, Robert Relyea] - support ESP with CHACHA20POLY1305 on FreeBSD and OpenBSD [Andrew] * IPsec Interface: - fix check for an existing IPsec Interface address (Linux) [Wolfgang] - add IPsec Interface address when connection establishes [Wolfgang] - fix adding IPv6 address to IPsec interface [Wolfgang] - delete Ipsec Interface address when connection unroutes [Wolfgang] - fix setting metric on IPsec Interface [Wolfgang] - add IPsec Interface device when connection orients [Andrew] - support existing IPsec interface on FreeBSD and OpenBSD [Andrew] - log addition of IPsec Interface or Address [Andrew] - don't delete existing ipsec1 interface (Linux) [Andrew] - handle repeated connection adds [Wolfgang] * Linux: - handle NLMSG_DONE at end of response for > 6.9.0 kernels [Andrew] - fix hang because of unhandled NLMSG_DONE at end of response (6.9.0-rc1) [Andrew, Ilya, github/1675] - fix hang when initiating an on-demand TCP connection [Daiki, github/1156] * updown: - restore 4.x behaviour of running "updown unroute|down" when initiate fails [Wolfgang, Andrew] - add test demonstrating redundant tunnels [Wolfgang] - add plutodebug=updown for debugging updown scripts [Andrew] * config: - verbosely ignore x-* style comments in ipsec.conf [Andrew, github/1725] * whack: - ignore older whack as could trigger core dump [Andrew, github/1709] - add --narrowing {yes,no}, retain undocumented --allow-narrowing [Andrew] * building: - replace calloc(size,nr) with alloc_things(), fixing compile error [Daiki] - remove USE_NSS_AVA_COPY and copy of nss source, remove license exception [Tuomo] - fix syntax error in ckaid.c allowed by GCC [yuncang123] -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmcQJDATHHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+aoGEACf6JYgtWgZr1TOxsIsXsABLkpG7Kud vxL8ZIX++Wvz6/ornCVrlE8qI1ro0i4PMSopZUlhcIngaZ9LFF03KSHkAxe3+kng ojQT07cPrONEHNO4/sCxJDEpxza1nTDo2cPNofiV5RrwokgnO6G5LwCoC4jRQ5eO D7lAjQOgVx/mZvhkM2c/DV+ZeZ7BdA/daFTl7++1ZNExJt43q5HZm99YNBgC/v0V OPYh9aLDRvrPgRq950IjN4nICkwMT/725PnsGfd04e4FRYwRrYTHPGP5bK/CDT/P 5I3C9XN/1tyeOE+h68VbfuyakTZ9AMoQH2I6agdfRV8PIx+9IxazkfJoneVsT+wU Wh9lkZpIjzQbJQ0ka1qbvrBsyamEAV9T3hyKhk3dgIeIQDNZhvNOqc6cEtApn17T XeO+dEBIaUzSGLA4GPVVUY0CfmL3hHVkgaCQ0lYgrvbUxi5ldKeEgA6325vNi882 KxoCRukaqD7tLaRDNznrjfEWPMQ1n3vEIQ/Yhxq8Vi/VPoA/rstBSATz3JfovCyN g8vweOIq+vfFuTfCujDpsoTL4Q6jhTRqSp1A5b4xtUR/gGLt7C/Gy1GBvdGVgzko F1h8WIkqzny8FpfxTGLHEiBWOMmFuX+4ralj6kTcqFhAyqHzsBf08xnFUEylQusG GvlLId0XppD7/w== =agmE -----END PGP SIGNATURE----- _______________________________________________ Swan-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ Swan-dev mailing list -- [email protected] To unsubscribe send an email to [email protected]
[Swan-dev] [Swan-announce] libreswan-5.1 released on Oct 8
The Libreswan Team via Swan-dev Wed, 16 Oct 2024 13:40:41 -0700
