[ol7_latest] libreswan-3.25-9.1.0.1.el7_9.aarch64

Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan. It supports the NETKEY/XFRM IPsec kernel stack that exists
in the default Linux kernel.

Libreswan also supports IKEv2 (RFC-7296) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Changelog (Show File list) (Show related packages)

• Wed Oct 07 2020 Alan Steinberg <alan.steinberg@oracle.com> - 3.25-9.1.0.1

  - add libreswan-oracle.patch to detect Oracle Linux distro

• Tue Jun 16 2020 Paul Wouters <pwouters@redhat.com> - 3.25-9.1

  - Resolves: rhbz#1844621 Backport FIPS keysize fixes from RHEL8

• Mon Aug 26 2019 Paul Wouters <pwouters@redhat.com> - 3.25-9

  - Resolves: rhbz#1724200 libreswan: XFRM policy for OE/32 peer is deleted when shunts for previous half-open state expire

• Tue May 07 2019 Paul Wouters <pwouters@redhat.com> - 3.25-8

  - Resolves: rhbz#1686991 IKEv1 traffic interruption when responder deletes SAs 60 seconds before EVENT_SA_REPLACE

• Wed Feb 27 2019 Paul Wouters <pwouters@redhat.com> - 3.25-7

  - Resolves: rhbz#1673105 Opportunistic IPsec instances of /32 groups or auto=start that receive delete won't restart

• Mon Feb 04 2019 Paul Wouters <pwouters@redhat.com> - 3.25-6

  - Resolves: rhbz#1630355 Libreswan crash upon receiving ISAKMP_NEXT_D with appended ISAKMP_NEXT_N [updated]
  - Resolves: rhbz#1679735 libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure

• Thu Dec 20 2018 Paul Wouters <pwouters@redhat.com> - 3.25-5

  - Resolves: rhbz#1639404 Unable to verify certificate with non-empty Extended Key Usage which does not include serverAuth or clientAuth
  - Resolves: rhbz#1630355 Libreswan crash upon receiving ISAKMP_NEXT_D with appended ISAKMP_NEXT_N
  - Resolves: rhbz#1629902 libreswan assertion failed when OAKLEY_KEY_LENGTH is zero for IKE using AES_CBC
  - Resolves: rhbz#1623279 [abrt] [faf] libreswan: strncpy(): /usr/libexec/ipsec/pluto killed by 11
  - Resolves: rhbz#1625303 config: recursive include check doesn't work
  - Resolves: rhbz#1664521 libreswan 3.25 in FIPS mode is incorrectly rejecting X.509 public keys that are >= 3072 bits

• Mon Jul 02 2018 Paul Wouters <pwouters@redhat.com> - 3.25-2

  - Resolves: rhbz#1597322 Relax deleting IKE SA's and IPsec SA's to avoid interop issues with third party VPN vendors

• Wed Jun 27 2018 Paul Wouters <pwouters@redhat.com> - 3.25-1

  - Resolves: rhbz#1591817 rebase libreswan to 3.25
  - Resolves: rhbz#1536404 CERT_PKCS7_WRAPPED_X509 error
  - Resolves: rhbz#1544143 ipsec newhostkey fails in FIPS mode when RSA key is generated
  - Resolves: rhbz#1574011 libreswan is missing a Requires: unbound-libs >= 1.6.6

• Fri Apr 27 2018 Paul Wouters <pwouters@redhat.com> - 3.23-4

  - Resolves: rhbz#1544143 ipsec newhostkey fails in FIPS mode when RSA key is generated
  - Resolves: rhbz#1553406 IKEv2 liveness false positive on IKEv2 idle connections causes tunnel to be restarted
  - Resolves: rhbz#1572425 shared IKE SA leads to rekey interop issues