[ol7_security_validation] libreswan-3.15-8.0.1.el7.x86_64

Name:	libreswan
Version:	3.15
Release:	8.0.1.el7
Architecture:	x86_64
Group:	System Environment/Daemons
Size:	4861312
License:	GPLv2
RPM:	libreswan-3.15-8.0.1.el7.x86_64.rpm
Source RPM:	libreswan-3.15-8.0.1.el7.src.rpm
Build Date:	Fri Nov 04 2016
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	https://libreswan.org/
Summary:	IPsec implementation with IKEv1 and IKEv2 keying protocols
Description:	Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up Libreswan. It supports the NETKEY/XFRM IPsec kernel stack that exists in the default Linux kernel. Libreswan also supports IKEv2 (RFC-7296) and Secure Labeling Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Changelog (Show File list) (Show related packages)

Thu Nov 03 2016 EL Errata <el-errata_ww@oracle.com> - 3.15-8.0.1
```
- add libreswan-oracle.patch to detect Oracle Linux distro
```

Wed Sep 07 2016 Paul Wouters <pwouters@redhat.com> - 3.15-8

- Resolves: rhbz#1361721 libreswan pluto segfault [UPDATED]
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request [UPDATED]
- Resolves: rhbz#1309764 ipsec barf [additional man page update and --no-pager]

Mon Aug 08 2016 Paul Wouters <pwouters@redhat.com> - 3.15-7

- Resolves: rhbz#1311360  When IKE rekeys, if on a different tunnel, all subsequent attempts to rekey fail
- Resolves: rhbz#1361721 libreswan pluto segfault

Tue Jul 05 2016 Paul Wouters <pwouters@redhat.com> - 3.15-6

- Resolves: rhbz#1283468 keyingtries=0 is broken
- Resolves: rhbz#1297816 When using SHA2 as PRF algorithm, nonce payload is below the RFC minimum size
- Resolves: rhbz#1344567 CVE-2016-5361 libreswan: IKEv1 protocol is vulnerable to DoS amplification attack
- Resolves: rhbz#1313747 ipsec pluto returns zero even if it fails
- Resolves: rhbz#1302778 fips does not check hash of some files (like _import_crl)
- Resolves: rhbz#1278063 Unable to authenticate with PAM for IKEv1 XAUTH
- Resolves: rhbz#1257079 Libreswan doesn't call NetworkManager helper in case of a connection error
- Resolves: rhbz#1272112 ipsec whack man page discrepancies
- Resolves: rhbz#1280449 PAM xauth method does not work with pam_sss
- Resolves: rhbz#1290907 ipsec initnss/checknss custom directory not recognized
- Resolves: rhbz#1309764 ipsec barf does not show pluto log correctly in the output
- Resolves: rhbz#1347735 libreswan needs to check additional CRLs after LDAP CRL distributionpoint fails
- Resolves: rhbz#1219049 Pluto does not handle delete message from responder site in ikev1
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request
- Resolves: rhbz#1315412 ipsec.conf manpage does not contain any mention about crl-strict option
- Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip address

Wed Oct 21 2015 Paul Wouters <pwouters@redhat.com> - 3.15-5

- Resolves: rhbz#1271811 libreswan FIPS test mistakenly looks for non-existent file hashes

Wed Sep 30 2015 Paul Wouters <pwouters@redhat.com> - 3.15-4

- Resolves: rhbz#1267370 libreswan should support strictcrlpolicy alias
- Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip address
- Resolves: rhbz#1166146 Pluto crashes on INITIATOR site during 'service ipsec stop'
- Resolves: rhbz#1259209 CVE-2015-3240
- Resolves: rhbz#1199374 libreswan does not enforce all FIPS or IPsec Suite B restrictions
- Resolves: rhbz#1207689 libreswan ignores module blacklist rules
- Merge rhel6 and rhel7 spec into one
- Be lenient for racoon padding behaviour
- Fix seedev option to /dev/random
- Some IKEv1 PAM methods always gave 'Permission denied'
- Parser workarounds for differences in gcc/flex/bison on rhel6/rhel7
- Parser fix to allow specifying time without unit (openswan compat)
- Fix Labeled IPsec on rekeyed IPsec SA's
- Workaround for wrong padding by racoon2
- Disable NSS HW GCM to workaround rhel6 xen builers bug

Fri May 29 2015 Paul Wouters <pwouters@redhat.com> - 3.12-12

- Resolves: rhbz#1212121 Support CAVS [updated bogus fips mode fix]

Fri May 29 2015 Paul Wouters <pwouters@redhat.com> - 3.12-11

- Resolves: rhbz#1226408 CVE-2015-3204 libreswan: crafted IKE packet causes daemon restart

Tue May 05 2015 Paul Wouters <pwouters@redhat.com> - 3.12-10

- Resolves: rhbz#1212121 Support CAVS testing of the PRF/PRF+ functions
- Resolves: rhbz#1127313 Libreswan with IPv6 [updated patch by Jaroslav Aster]
- Resolves: rhbz#1207689 libreswan ignores module blacklist [updated modprobe handling]
- Resolves: rhbz#1218358 pluto crashes in fips mode without dracut-fips package

Sat Feb 21 2015 Paul Wouters <pwouters@redhat.com> - 3.12-6

- Resolves: rhbz#1056559 loopback support deprecated
- Resolves: rhbz#1182224 Add new option for BSI random requirement
- Resolves: rhbz#1170018 [increase] SELinux context string size limit
- Resolves: rhbz#1127313 Libreswan with IPv6 in RHEL7 fails after reboot
- Resolves: rhbz#1207689 libreswan ignores module blacklist rules
- Resolves: rhbz#1203794 pluto crashes in fips mode