-
v4.133236c784 · ·
* Security: Fixes http://libreswan.org/security/CVE-2024-2357 * Linux: make libcap-ng failures non-fatal [Andrew] * BSD: fix esp=aes_gcm [Andrew] * NetBSD: fix compiler warning in lib/libswan/x509.c [Andrew] * x509: unpack IPv6 general names based on length [Andrew] * pluto: TFC padding was not set for AEAD algorithms [SaiKumarCholleti@github]
-
v5.0rc187956ac7 · ·
v5.0rc1 (Unreleased) * BSD: fix esp=aes_gcm [github/1220, Igor V. Gubenko, Andrew] * ipsec: deprecate ipsec auto sub-command [Tuomo] - ipsec auto --{cmd} connection -> ipsec {cmd} connection * IKEv1: globally disabled by default (ikev1-policy=drop) See RFC9395 * IKEv1: drop support for Labeled IPsec [Andrew] * IKEv2: warn that fragmentation=force is ignored [Andrew] * whack: add --fragmentation option; change default to yes [Andrew] * config: fix keyexchange={ikev1,ikev2}; deprecate ikev2= [Andrew] * pluto: retry and revival code merged (dpdaction=, keyingtries= ignored) [Andrew] * pluto: avoid post-authentication crash on corrupt TS payload [Andrew] * pluto: Support addresspool=v4/mask,v6/mask [Andrew] * pluto: Support multiple TSes per Child SA [Andrew] * pluto: HW packet offload support [Raed Salem <raeds@nvidia.com>] * pluto: XFRM interface IP management with ref-counting [Brady Johnson] * pluto: Check return values of libcap-ng functions [Paul] * pluto: Fix IPcomp with XFRM interfaces [Wolfgang] * building: remove old copy of unbound headers [Andrew] * building: Use DESTDIR instead of FINAL* env vars [Andrew] * building: Fix "make git-rpm" [Paul/Tuomo] * install: overhaul [Andrew] - use INSTALL_INITSYSTEM=false to prevent update of /etc/<initsystem> - use INSTALL_CONFIGS=false prevents update of /etc/ipsec.d et.al. - drop FINAL* make variables; see mk/config.mk for alternatives * show/verify: drop these ipsec subcommands (old, incomplete) [Paul] * packaging: Fix debian systemd service install [Antonio Silva] * testing: Fix namespace tests for super long dir names [Paul] * initsystem: Use documented ipsec sub-commands [Tuomo] * initsystem: Stop using _stackmanager [Tuomo] * documentation: update to docbook xml 4.5 [Tuomo] * output: drop NNN_ prefix from all output [Andrew] * ipsec look: script moved to contrib/; use ip xfrm et.al. [Andrew] * ipsec portexcludes: script moved to contrib/ [Andrew] * ipsec barf: script moved to contrib/ [Andrew] * ipsec _secretsensor: script moved to contrib/ [Andrew]