[Swan-announce] libreswan-3.26 released
The Libreswan Project
team at libreswan.org
Tue Sep 18 22:15:58 UTC 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Libreswan Project has released libreswan-3.26
This is a feature release with some minor bugfixes
New Features:
* Support for RSA-PSS (RFC 7427) via authby=rsa-sha2
* Support for ECDSA (RFC 7427) via authby=ecdsa-sha2
* Support for CHACHA20POLY1305 for IKE and ESP
Bugfixes:
* Fix optional key-length regression (in v3.25) with ESP proposal
* Be lenient with DH components in ESP when pfs=no
* Don't do bogus XAUTH message padding
* Fix traffic selector lookup for asymmetric conns
You can download libreswan via https at:
https: //download.libreswan.org/libreswan-3.26.tar.gz
https: //download.libreswan.org/libreswan-3.26.tar.gz.asc
The full changelog is available at:
https: //download.libreswan.org/CHANGES
Please report bugs either via one of the mailinglists or at our bug tracker:
https: //lists.libreswan.org/
https: //bugs.libreswan.org/
Binary packages for RHEL/EPEL and Debian/Ubuntu can be found at
https: //download.libreswan.org/binaries/
Binary packages for Fedora and Debian should be available in their respective
repositories a few days after this release.
See also https://libreswan.org/
v3.26 (September 16, 2018)
* IKEv2: Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 [Sahana Prasad]
* IKEv2: Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 [Sahana Prasad]
* IKEv2: Use DER handling code of NSS instead of our custom code [Andrew]
* IKEv2: Fix core dump when impaired and proposing esp=null-none [Andrew]
* IKEv2: Fix traffic selector lookup for asymmetric conns [Andrew/Paul]
* IKEv2: Add IKE and ESP support for chacha20poly1305 (RFC 7634) [Andrew]
* IKEv2: Fix leaks in ikev2_calculate_rsa_hash [Hugh]
* IKEv2: Simplify proposal generating [Hugh]
* IKEv1: Fix handling XAUTH empty passwords [Andrew]
* IKEv1: Fix XAUTH message padding [Hugh]
* IKEv1: Various code cleanup, next payload handling [Hugh]
* IKEv1: fix optional key-length regression (in v3.25) with ESP prop [Andrew]
* IKEv1: Don't delete replaced IKE SA, it confuses third party clients [Paul]
* pluto: Relax strictness of DH in ESP/AH proposals [Andrew]
* pluto: Fix for two roadwarriors using ID_IPv4 behind same NAT [Paul]
* pluto: Do not hand out old lease address for authby=secret conns [Paul]
* pluto: new --selftest option that exits pluto after startup tests [Paul]
* pluto: Updated known Vendor ID table [Paul]
* XFRM: Don't call init_pfkey() on boot so Linux upstream can kill it [Andrew]
*_unbound-hook: Fixup adding IPv4 pubkey, unbound now quotes arg as 1 [Paul]
* building: Fix listed patches for debian build [Paul]
* building: enable DH31 (curve25519) per default [Paul]
* testing: prepare to migrate from f22 to f28 [Andrew, Antony, Paul]
* Bugtracker bugs fixed:
#166 IPsec/XAuth reusing lease for multiple clients behind same NAT [Paul]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJbnyw4AAoJEIX/S0OzD8b5bsEP/Rb6SXkqFzW0N9o8pnurNwSl
LVDF2c3GwjGs0jHSvTlf5wKK5PTgDX18OxXb31rcQeivGLgv6wlgCynmqYiVxVMZ
gm7mjulC15PEI+DvGztRCDvYGBVMFr+lqVHYV8f25/InB0JW0bHE84TJRrudY9mV
xQBuyFHfv8eCHpYmjEz90wTHe6+9iXJPRlKcFZDxzZgLySgSlrVwnJ9Q32xrNrbC
WYBM4QjVAqgb4gLf7tOv7regMVP//YPaf1Xc9rbqYi6abdW4oNy8zS8N1ZkEYbo1
Ek7O8fcOeol5cSiF//G8z3gEZILlzFn1if3NQW0BrTiF2XQ7Z7tUUBpI9vCyH4Pw
5vOeaqrLUY4MZivxBdRiKYlZeBIdO+vT0VOpiyngjt6JS7MD72dHn4Tf+6rz9vbV
LyPeHVb+6JizqxJByI32Bn6O68u3uZ56VyJp8ATKLw51ii9IsMg+nwnS/DiSNgyp
irYNxYnRb5rChcP5qpLKsuB4kbGIu0ZTu1/e9cuvcYYNl/HSBcGyWpEuSbwJFL22
rskDEdCe9hhO0lcDFLZKljz6w4KkBS771kAP4J+XbIsoElHUjeiMU5oKDx+tsPZR
EE3vnv/58Mr6w8qNtCYE/sdoghRbCFHgyj0rOHV8Fr9V26RHNX8TQS5k80oVRzfj
kTmUHI2DQog0VqJ9LJi6
=MALs
-----END PGP SIGNATURE-----
More information about the Swan-announce
mailing list