-
Thu Aug 06 2020 EL Errata <el-errata_ww@oracle.com> - 3.25-9.1.0.1
- add libreswan-oracle.patch to detect Oracle Linux distro
-
Tue Jun 16 2020 Paul Wouters <pwouters@redhat.com> - 3.25-9.1
- Resolves: rhbz#1844621 Backport FIPS keysize fixes from RHEL8
-
Mon Aug 26 2019 Paul Wouters <pwouters@redhat.com> - 3.25-9
- Resolves: rhbz#1724200 libreswan: XFRM policy for OE/32 peer is deleted when shunts for previous half-open state expire
-
Tue May 07 2019 Paul Wouters <pwouters@redhat.com> - 3.25-8
- Resolves: rhbz#1686991 IKEv1 traffic interruption when responder deletes SAs 60 seconds before EVENT_SA_REPLACE
-
Wed Feb 27 2019 Paul Wouters <pwouters@redhat.com> - 3.25-7
- Resolves: rhbz#1673105 Opportunistic IPsec instances of /32 groups or auto=start that receive delete won't restart
-
Mon Feb 04 2019 Paul Wouters <pwouters@redhat.com> - 3.25-6
- Resolves: rhbz#1630355 Libreswan crash upon receiving ISAKMP_NEXT_D with appended ISAKMP_NEXT_N [updated]
- Resolves: rhbz#1679735 libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure
-
Thu Dec 20 2018 Paul Wouters <pwouters@redhat.com> - 3.25-5
- Resolves: rhbz#1639404 Unable to verify certificate with non-empty Extended Key Usage which does not include serverAuth or clientAuth
- Resolves: rhbz#1630355 Libreswan crash upon receiving ISAKMP_NEXT_D with appended ISAKMP_NEXT_N
- Resolves: rhbz#1629902 libreswan assertion failed when OAKLEY_KEY_LENGTH is zero for IKE using AES_CBC
- Resolves: rhbz#1623279 [abrt] [faf] libreswan: strncpy(): /usr/libexec/ipsec/pluto killed by 11
- Resolves: rhbz#1625303 config: recursive include check doesn't work
- Resolves: rhbz#1664521 libreswan 3.25 in FIPS mode is incorrectly rejecting X.509 public keys that are >= 3072 bits
-
Mon Jul 02 2018 Paul Wouters <pwouters@redhat.com> - 3.25-2
- Resolves: rhbz#1597322 Relax deleting IKE SA's and IPsec SA's to avoid interop issues with third party VPN vendors
-
Wed Jun 27 2018 Paul Wouters <pwouters@redhat.com> - 3.25-1
- Resolves: rhbz#1591817 rebase libreswan to 3.25
- Resolves: rhbz#1536404 CERT_PKCS7_WRAPPED_X509 error
- Resolves: rhbz#1544143 ipsec newhostkey fails in FIPS mode when RSA key is generated
- Resolves: rhbz#1574011 libreswan is missing a Requires: unbound-libs >= 1.6.6
-
Fri Apr 27 2018 Paul Wouters <pwouters@redhat.com> - 3.23-4
- Resolves: rhbz#1544143 ipsec newhostkey fails in FIPS mode when RSA key is generated
- Resolves: rhbz#1553406 IKEv2 liveness false positive on IKEv2 idle connections causes tunnel to be restarted
- Resolves: rhbz#1572425 shared IKE SA leads to rekey interop issues