[Swan] [Swan-announce] Libreswan 3.20 released
Nick Howitt
nick at howitts.co.uk
Thu Mar 23 17:18:09 UTC 2017
Hi Paul,
The libreswan el7 repo is giving a 403:
[root at server ~]# yum update libreswan
Loaded plugins: clearcenter-marketplace, fastestmirror
<snip>
libreswan | 2.9
kB 00:00
libreswan/7/x86_64/primary_db | 15 kB
00:00
<snip>
Resolving Dependencies
--> Running transaction check
---> Package libreswan.x86_64 0:3.19-1.el7_3 will be updated
---> Package libreswan.x86_64 0:3.20-1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
libreswan x86_64 3.20-1.el7 libreswan 1.3 M
Transaction Summary
================================================================================
Upgrade 1 Package
Total download size: 1.3 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
libreswan-3.20-1.el7.x86_64.rp FAILED
http://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-3.20-1.el7.x86_64.rpm:
[Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below knowledge base article
https://access.redhat.com/solutions/69319
If above article doesn't help to resolve this issue please create a
bug on https://bugs.centos.org/
Error downloading packages:
libreswan-3.20-1.el7.x86_64: [Errno 256] No more mirrors to try.
[root at server ~]# wget
http://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-3.20-1.el7.x86_64.rpm
--2017-03-23 17:13:08--
http://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-3.20-1.el7.x86_64.rpm
Resolving download.libreswan.org (download.libreswan.org)...
193.110.157.101, 188.127.201.229, 2a03:6000:1004:1::101, ...
Connecting to download.libreswan.org
(download.libreswan.org)|193.110.157.101|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location:
https://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-3.20-1.el7.x86_64.rpm
[following]
--2017-03-23 17:13:08--
https://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-3.20-1.el7.x86_64.rpm
Connecting to download.libreswan.org
(download.libreswan.org)|193.110.157.101|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-03-23 17:13:09 ERROR 403: Forbidden.
Same for https.
Regards,
Nick
On 23/03/2017 01:43, The Libreswan Project wrote:
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
>
> The Libreswan Project has released libreswan-3.20
>
> This is a bugfix and feature release.
>
> New Features:
>
> This releases completes support for the CREATE_CHILD_SA Exchange,
> support for the ECP DiffieHellman Groups (19-21), statistics support
> via ipsec whack --globalstatus and changed the IKE and ESP defaults to
> match rfc4307bis and rfc7321bis.
>
> Important bugfixes:
>
> A number of memory leaks were fixed, two use-after-free bugs, improved
> linking reducing binary sizes, and some misc bugfixes.
>
> Compatiblity changes:
>
> The uniqueids= keywords is ignored for PSK based connections, allowing
> uniqueids=yes and mixing RSA/PSK connections. Some minor logging
> changes.
>
> You can download libreswan via https at:
>
> https: //download.libreswan.org/libreswan-3.20.tar.gz
> https: //download.libreswan.org/libreswan-3.20.tar.gz.asc
>
> The full changelog is available at:
> https: //download.libreswan.org/CHANGES
>
> Please report bugs either via one of the mailinglists or at our bug
> tracker:
>
> https: //lists.libreswan.org/
> https: //bugs.libreswan.org/
>
> Binary packages for RHEL/EPEL and Debian/Ubuntu can be found at
> https: //download.libreswan.org/binaries/
>
> Binary packages for Fedora and Debian should be available in their
> respective
> repositories a few days after this release.
>
> See also https://libreswan.org/
>
> v3.20 (March 14, 2017)
> * pluto: Add ECP dh19(secp256r1), dh20(secp384r1) and dh21(secp521r1)
> [Andrew]
> * pluto: Add dh= aliases for all modp= groups (eg "dh2" for
> "modp1024") [Paul]
> * pluto: Add statistics support to ipsec whack --globalstatus [Paul]
> * pluto: Add statistics clearing support using ipsec whack
> --clearstats [Paul]
> * pluto: Fix use-after-free in whack event handler (since v3.19) [Andrew]
> * pluto: Cleanup kernel_netlink.c [Hugh]
> * pluto: Print AH= algorithm and ESN when established [Paul/Andrew]
> * pluto: strip file path from abort messages [Andrew]
> * pluto: Support initiating template conn with --remote-host <ipaddr>
> [Paul]
> * pluto/libswan: Change most ttoaddr() to ttoaddr_num() to prevent DNS
> [Paul]
> * pluto: fix use-after-free with EVENT_v2_RELEASE_WHACK [Andrew]
> * pluto: orient() asserted on SPLIT_INC without remote-peer-type=cisco
> [Paul]
> (reported by Oleg Rosowiecki)
> * pluto: accurately size a buffer for the decimal representation [Hugh]
> (debian bug 853507)
> * pluto: avoid gcc unused variable warnings when USE_KLIPS=false [dkg]
> * pluto: Support for Linux systems without IFA_F_TENTATIVE (CentOS5)
> [Paul]
> * pluto: Ignore uniqueids= for roadwarrior PSK and assume non-unique
> [Paul]
> * IKEv2: CREATE_CHILD support for Parent SA and Child SA rekeying
> [Antony]
> * IKEv2: Various refactoring for CREATE_CHILD support [Antony]
> * IKEV2: OE/CAT: Don't send CP request when responder is behind NAT
> [Antony]
> * IKEv2: log first notify payload when we receive an Notify Error [Paul]
> * IKEv2: Fix memory leak in DH secret calculation (since v3.9) [Andrew]
> (reported by Eric Andresson)
> * IKEv2: If re-entering ikev2_crypto_start(), reset msgid [Paul]
> * IKEv2: prevent copying bogus peer id when ID kind is IPv4/IPv6 [Paul]
> (rhbz#1392191)
> * IKEv2: suppress DELETE notifies for connections being replaced [Paul]
> * IKEv2: re-instate ISAKMP_SA_established() [Paul]
> * IKEv1: For IKE (phase 1), prefer 256-bit bit encryption [Andrew]
> * IKEv1: Print conn algo's when using XAUTH [Andrew]
> * IKEv1: Simplify ike= defaults (drop MODP1024, MD5, add MODP2048)
> [Andrew]
> * IKEv1: Prefer 256-bit keys over 128-bit keys for IKE [Andrew]
> * IKEv1: Also call ISAKMP_SA_established() in Aggressive Mode [Paul]
> * newhostkey: Convert remaining --configdir for --nssdir [Tuomo]
> * barf: Ensure proper macros are used. Add certutil/crlutil output [Paul]
> * misc: Fix various spelling errors in code/comments/man pages [dkg]
> * packaging: spec files should use 0 and 1, not true and false [David
> Arnold]
> * building: NSS_REQ_AVA_COPY?=true to support new NSS lib export fix
> [Paul]
> * building: Remove no longer needed NSSCERT_CheckCrlTimes() copy [Paul]
> * building: fetch: remove support for ancient LDAP version 2 [Tuomo]
> * building: move whack to separate programs/whack/ directory [Andrew]
> * building: Various Makefile variable cleanups and double link fixes
> [Andrew]
> * building: Don't check runtime for SElinux/systemd with DESTDIR [Paul]
> * documentation: added oe-letsencrypt-* example configs [Paul]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBCgAGBQJY0yfEAAoJEIX/S0OzD8b50ycP/0pP4UGlf3c7rwWmydgI88jF
> 9lNYxZvL7Gy+g69LY7TeqJ/XVVZ/kvX4e0a/AuZeZ+2YWPstjwa13xhTcdDQRiGa
> 6VXWj3fW88alHHxY15MNPdgDFUC2UmvBiy5TGRg+dICRdHtK/ydsKs5kRR7rB/G+
> WA3h9VAOMUyZbkwaR79cTfCfAyy9GFDMeFpd0IFE+wfJ//l3n5QlEuBKB0OyLP4P
> 0LHD3VZprxvpkfIzKR2adkQuITRBze6sXAJrbC+glz8FRvkNYUL+g3WR1gYX9Y/A
> zT6n+S9LT+sZRhIOSYa2uBKOI+pq09UGPG4xZLwfa7qh3CBePZPkPVuzRl7UODwR
> m7rn8rdfuKrIPh7rrwFaWeWnnTNkZbB1QKLyHk95WWDj+blQCR3lECTtZLdFf/eI
> HQGtAo1p57JAyB7vN7soj8RZtjrdq5vn5dJ3E1sMwYI9umc2/YRX+2bL6e9FaYV+
> zIjopM1q0AhqM0Wipgx/xLfFq+ICNN3YPuqReyXdPzZiSaLXtdCSt3YSrH9dO0cg
> v9dQ/3NlK33KljWw8gFWvR9yU85FuUHxu92cREN407h3OsWtr/qlQGvh4ZFc/Xxl
> bnv7LRfzxec3oAWkRjGEUqZPS2slCJ9NqKopVj+dp5HN7Alh8E5cRopTpTeqmoUQ
> EULyZggo6LL4tCuEAZo3
> =P0o7
> -----END PGP SIGNATURE-----
> _______________________________________________
> Swan-announce mailing list
> Swan-announce at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-announce
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list