libreswan-5: update to v5.1 (Oct 8, 2024)

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: libreswan-5: update to v5.1 (Oct 8, 2024)
From: Andrew Cagney (via pkgsrc-wip) <commit-notify%pkgsrc.org@localhost>
Date: Tue, 8 Oct 2024 19:26:38 +0000

Module Name:	pkgsrc-wip
Committed By:	Andrew Cagney <andrew.cagney%gmail.com@localhost>
Pushed By:	cagney
Date:		Tue Oct 8 19:22:27 2024 +0000
Changeset:	525ff63acf064a14744559f9170c6a72f281baa7

Modified Files:
	libreswan-5/COMMIT_MSG
	libreswan-5/Makefile
	libreswan-5/distinfo

Log Message:
libreswan-5: update to v5.1 (Oct 8, 2024)

* IKEv2:
  - fix race when initiator-responder cross rekey requests [Andrew]
  - don't ignore Delete IKE SA request while waiting for Delete IKE SA response [Andrew]
  - log arrival of first IKE_AUTH request that triggers DH [Andrew]
  - rate limit logging of packets with invalid payloads
* IKEv1:
  - fix Quick mode installing 0.0.0.0/0 when no MSG_CONFIG exchange [Andrew, Tuomo]
  - fix iOS Quick mode request needing to re-recover lease [Andrew, Tuomo]
  - fix regression where deleting ISAKMP deleted IPsec [Andrew, Tuomo]
  - add config options of ah=sha2{256,512} [Andrew]
  - add DH29,DH31 to default proposals [Andrew]
  - reject ESP AEAD combined with non-NULL integrity [Andrew]
* Crypto:
  - update IKE to use NSS's FIPS compliant PK11_AEADOp() [Andrew, Robert Relyea]
  - support ESP with CHACHA20POLY1305 on FreeBSD and OpenBSD [Andrew]
* IPsec Interface:
  - fix check for an existing IPsec Interface address (Linux) [Wolfgang]
  - add IPsec Interface address when connection establishes [Wolfgang]
  - fix adding IPv6 address to IPsec interface [Wolfgang]
  - delete Ipsec Interface address when connection unroutes [Wolfgang]
  - fix setting metric on IPsec Interface [Wolfgang]
  - add IPsec Interface device when connection orients [Andrew]
  - support existing IPsec interface on FreeBSD and OpenBSD [Andrew]
  - log addition of IPsec Interface or Address [Andrew]
  - don't delete existing ipsec1 interface (Linux) [Andrew]
  - handle repeated connection adds [Wolfgang]
* Linux:
  - handle NLMSG_DONE at end of response for > 6.9.0 kernels [Andrew]
  - fix hang because of unhandled NLMSG_DONE at end of response (6.9.0-rc1) [Andrew, Ilya, github/1675]
  - fix hang when initiating an on-demand TCP connection [Daiki, github/1156]
* updown:
  - restore 4.x behaviour of running "updown unroute|down" when initiate fails [Wolfgang, Andrew]
  - add test demonstrating redundant tunnels [Wolfgang]
  - add plutodebug=updown for debugging updown scripts [Andrew]
* config:
  - verbosely ignore x-* style comments in ipsec.conf [Andrew, github/1725]
* whack:
  - ignore older whack as could trigger core dump [Andrew, github/1709]
  - add --narrowing {yes,no}, retain undocumented --allow-narrowing [Andrew]
* building:
  - replace calloc(size,nr) with alloc_things(), fixing compile error [Daiki]
  - remove USE_NSS_AVA_COPY and copy of nss source, remove license exception [Tuomo]
  - fix syntax error in ckaid.c allowed by GCC [yuncang123]

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=525ff63acf064a14744559f9170c6a72f281baa7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 libreswan-5/COMMIT_MSG | 2 +-
 libreswan-5/Makefile   | 2 +-
 libreswan-5/distinfo   | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diffs:
diff --git a/libreswan-5/COMMIT_MSG b/libreswan-5/COMMIT_MSG
index 47fe032ca9..41574d63c4 100644
--- a/libreswan-5/COMMIT_MSG
+++ b/libreswan-5/COMMIT_MSG
@@ -1,4 +1,4 @@
-Libreswan: import version 5.0pre0.20230808
+Libreswan: import version 5.1
 
 Libreswan is an Internet Key Exchange (IKE) daemon for managing IPsec.
 
diff --git a/libreswan-5/Makefile b/libreswan-5/Makefile
index 1718e7ba1e..25dd843d3d 100644
--- a/libreswan-5/Makefile
+++ b/libreswan-5/Makefile
@@ -15,7 +15,7 @@
 #
 # libreswan: 5.0 5.0nb1 ...
 
-DISTNAME=	libreswan-5.0
+DISTNAME=	libreswan-5.1
 MASTER_SITES=   https://download.libreswan.org/
 
 CATEGORIES=	security
diff --git a/libreswan-5/distinfo b/libreswan-5/distinfo
index 71b0aa3efc..efc353891b 100644
--- a/libreswan-5/distinfo
+++ b/libreswan-5/distinfo
@@ -1,5 +1,5 @@
 $NetBSD$
 
-BLAKE2s (libreswan-5.0.tar.gz) = dcbdd74e2b6a5f046b4a3e594d6843552c3e9c01a7f086ccc49a05c5af8b82b0
-SHA512 (libreswan-5.0.tar.gz) = b1c7cebe1ffc21aeaae76f2562764195d535ff5d51fb6ad570046678df19387df68f2d52586eb290844019cbdc17e6192773f9110531a26cf1583e2c016289c6
-Size (libreswan-5.0.tar.gz) = 3957806 bytes
+BLAKE2s (libreswan-5.1.tar.gz) = 7f2cb02367d6a3cb27c4b73ab48f30ec7e67641d1ecfd2df116c6d1318a6c242
+SHA512 (libreswan-5.1.tar.gz) = 9ee8b071be414737c61529420af22b789d8968e99e376250afe42e1a5890d864dc2697ecfeb33a6c50de38a361bddf125852a8eb86318e544fc2f162f8ff6522
+Size (libreswan-5.1.tar.gz) = 4031106 bytes

Prev by Date: jgenesis: require Rust 1.80.1
Next by Date: ti99sim: Update to 0.16.0.10
Previous by Thread: jgenesis: require Rust 1.80.1
Next by Thread: ti99sim: Update to 0.16.0.10
Indexes:

Home | Main Index | Thread Index | Old Index