libreswan-5: update to v5.0

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: libreswan-5: update to v5.0
From: Andrew Cagney <andrew.cagney%gmail.com@localhost>
Date: Thu, 25 Apr 2024 13:39:16 +0000
Module Name:	pkgsrc-wip
Committed By:	Andrew Cagney <andrew.cagney%gmail.com@localhost>
Pushed By:	cagney
Date:		Thu Apr 25 13:33:58 2024 +0000
Changeset:	24b0cd5af8092914e17acaf9b68e6db1792b4c29

Modified Files:
	libreswan-5/Makefile
	libreswan-5/distinfo

Log Message:
libreswan-5: update to v5.0

* IKEv1:
  - globally disabled by default (ikev1-policy=drop); see RFC9395 [Daniel]
  - limit default cryptosuite [Andrew, Paul, Tuomo]
    IKE={AES_CBC,3DES_CBC}-{HMAC_SHA2_256,HMAC_SHA2_512HMAC_SHA1}-{MODP2048,MODP1536,DH19,DH31}
    ESP={AES_CBC,3DES_CBC}-{HMAC_SHA1_96,HMAC_SHA2_512_256,HMAC_SHA2_256_128}-{AES_GCM_16_128,AES_GCM_16_256}
    AH=HMAC_SHA1_96+HMAC_SHA2_512_256+HMAC_SHA2_256_128
  - remove support for Labeled IPsec [Andrew]
  - properly ignore dpdaction= [Andrew]
  - see also IKEv2 routing/revival changes
* IKEv2:
  - warn that fragmentation=force is ignored [Andrew]
  - avoid post-authentication crash on corrupt TS payload [Andrew]
  - support addresspool=v4/mask,v6/mask [Andrew]
  - support subnet=SELECTOR,... using a single Child SA [Andrew]
  - when non-MOBIKE never update NATed endpoint [#1492/Wofferl/Andrew]
  - fix revival of IKE_AUTH (first) Child SA [Andrew]
  - properly ignore dpdaction=, keyingtries= [Andrew]
  - when reviving, install trap then block [Andrew]
  - for auto=keep only retry once [Andrew]
  - when redirect fails, fall back to revival [Andrew]
* Linux:
  - HW packet offload support [Raed Salem <raeds%nvidia.com@localhost>,Paul]
  - XFRM interface IP management with ref-counting [Brady Johnson]
  - fix IPcomp with XFRM interfaces [Wolfgang]
* BSD:
  - fix esp=aes_gcm [github/1220, Igor V. Gubenko, Andrew]
* whack:
  - review ipsec-whack.8 [Tuomo, Andrew, Paul]
  - change defaults to match addconn [Andrew]
  - add --{rekey,delete,down}-{ike,child} --name <conn> [Andrew]
  - match whack and addconn option names [Andrew]
  - drop NNN_ prefix from all output [Andrew]
* config (ipsec.conf, addconn):
  - update ipsec.conf.5 [Tuomo, Andrew, Paul]
  - log ipsec.conf errors and warnings in Pluto [Andrew]
  - <<include {a,b,c}.conf>> no longer supported [Andrew]
  - fix keyexchange={ikev1,ikev2}; deprecate ikev2= [Andrew]
  - remove nic-offload=auto option, only accept packet,crypto,yes [Paul]
  - warn when converting legacy ",," to "\," in {left,right}id= [Andrew]
  - change also= to expand inline (more like C's #include) [Andrew]
  - fix KEYWORD= sometimes causing Pluto to exit [Andrew]
  - parse <<KEYWORD=>> as <<KEYWORD=''>>, i.e., empty [Andrew]
  - warn when, within a conn, there are duplicate keys [Andrew]
  - add encap-dscp= [Wolfgang]
  - implement interface-ip= [Brady]
  - implement subnet=SELECTOR,SELECTOR,... [Andrew]
  - default ikev1-policy to drop [Daniel]
  - add ppk-ids= [Vukasin]
  - add experimental per-connection debug= [Andrew]
  - drop obsolete forceencaps= [Andrew]
  - add groundhog= [Andrew]
  - reject non-numeric sourceip=<address> [Andrew]
  - fix crash when dpdtimeout= missing [Andrew]
* building:
  - remove dependency on libxz via libsystemd [Tuomo Andrew]
  - use INSTALL_INITSYSTEM=false to prevent update of /etc/<initsystem> [Andrew]
  - use INSTALL_CONFIGS=false prevents update of /etc/ipsec.d et.al. [Andrew]
  - drop FINAL* make variables; see mk/config.mk for alternatives [Andrew]
  - remove old copy of unbound headers [Andrew]
  - use DESTDIR instead of FINAL* env vars [Andrew]
  - fix "make git-rpm" [Paul/Tuomo]
  - check return values of libcap-ng functions [Paul]
  - don't call ischar(signed char) [Andrew]
* packaging:
  - fix Debian systemd service install [Antonio Silva]
* testing:
  - fix namespace tests for super long dir names [Paul]
  - add Alpine, Debian, NetBSD and FreeBSD KVMs [Andrew]
  - add Alpine, Debian, NetBSD, FreeBSD and OpenBSD to nightly builds [Andrew]
  - add man pages to nightly build [Andrew]
* initsystem:
  - use documented ipsec sub-commands [Tuomo]
  - stop using _stackmanager [Tuomo]
* documentation:
  - update to docbook xml 4.5 [Tuomo]
  - re-org pages adding libreswan.5 [Andrew]
* ipsec utilities:
  - ipsec auto sub-command: deprecate [Tuomo]
  - ipsec auto --{cmd} connection -> ipsec {cmd} connection [Tuomo]
  - ipsec look: script moved to contrib/; use ip xfrm et.al. [Andrew]
  - ipsec portexcludes: script moved to contrib/ [Andrew]
  - ipsec barf: script moved to contrib/ [Andrew]
  - ipsec _secretsensor: script moved to contrib/ [Andrew]
  - ipsec show: drop ipsec subcommand (old, incomplete) [Paul]
  - ipsec verify: drop ipsec subcommand (old, incomplete) [Paul]

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=24b0cd5af8092914e17acaf9b68e6db1792b4c29

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 libreswan-5/Makefile | 4 ++--
 libreswan-5/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diffs:
diff --git a/libreswan-5/Makefile b/libreswan-5/Makefile
index 353cecffa2..1718e7ba1e 100644
--- a/libreswan-5/Makefile
+++ b/libreswan-5/Makefile
@@ -15,8 +15,8 @@
 #
 # libreswan: 5.0 5.0nb1 ...
 
-DISTNAME=	libreswan-5.0rc3
-MASTER_SITES=   https://download.libreswan.org/development/
+DISTNAME=	libreswan-5.0
+MASTER_SITES=   https://download.libreswan.org/
 
 CATEGORIES=	security
 MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
diff --git a/libreswan-5/distinfo b/libreswan-5/distinfo
index 5323fb50b5..71b0aa3efc 100644
--- a/libreswan-5/distinfo
+++ b/libreswan-5/distinfo
@@ -1,5 +1,5 @@
 $NetBSD$
 
-BLAKE2s (libreswan-5.0rc3.tar.gz) = 0cf5453bf7c5ba74f3aeb3428db8cf3f797b9892f60dbf62b3a0820eacdbcc59
-SHA512 (libreswan-5.0rc3.tar.gz) = d6fb36b182d86550f7782d388350056e6258b0adf53d062d0e65eb2a57eb9711c2782e3fe8a14ce2019c9c9c8514461a8459916f009dcfb7701102778deecb97
-Size (libreswan-5.0rc3.tar.gz) = 3958177 bytes
+BLAKE2s (libreswan-5.0.tar.gz) = dcbdd74e2b6a5f046b4a3e594d6843552c3e9c01a7f086ccc49a05c5af8b82b0
+SHA512 (libreswan-5.0.tar.gz) = b1c7cebe1ffc21aeaae76f2562764195d535ff5d51fb6ad570046678df19387df68f2d52586eb290844019cbdc17e6192773f9110531a26cf1583e2c016289c6
+Size (libreswan-5.0.tar.gz) = 3957806 bytes
Prev by Date: tinygo: put back serial patches
Next by Date: fceux: Add reference to CVE-2024-32258
Previous by Thread: tinygo: put back serial patches
Next by Thread: fceux: Add reference to CVE-2024-32258
Indexes:
Home | Main Index | Thread Index | Old Index