* Mon Jun 24 2024 Troy Dawson - 4.12-3.3 - Bump release for June 2024 mass rebuild * Thu Jan 25 2024 Fedora Release Engineering - 4.12-3.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 4.12-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Sep 08 2023 Paul Wouters - 4.12-3 - Update libcap-ng patch, fix email addresses in changelog * Tue Sep 05 2023 Paul Wouters - 4.12-2 - Remove ipsec show and ipsec verify sub commands (not very useful, causes python requirement) - Patch for handling libcap-ng return values and fix capng_apply() call * Fri Aug 11 2023 Paul Wouters - 4.12-1 - Update to 4.12 for CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712 - Resolves: rhbz#2230225 libreswan-4.12 is available * Thu Jul 20 2023 Fedora Release Engineering - 4.11-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu May 04 2023 Paul Wouters - 4.11-1 - Update to 4.11 for CVE-2023-30570 * Wed Mar 01 2023 Paul Wouters - 4.10-1 - Update to 4.10 for CVE-2023-23009 * Thu Jan 19 2023 Fedora Release Engineering - 4.9-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Jan 10 2023 Paul Wouters - 4.9-2 - Use new GPG key location. * Thu Oct 13 2022 Paul Wouters - 4.9-1 - Update to 4.9 (maxbytes/maxpackets support, raw ECDSA support, misc fixes) * Thu Jul 21 2022 Fedora Release Engineering - 4.7-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue May 24 2022 Paul Wouters - 4.7-1 - Updated to 4.7 (EAPTLS support, bugfixes) * Thu Jan 20 2022 Fedora Release Engineering - 4.6-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jan 13 2022 Paul Wouters - 4.6-2 - Re-enable USE_DNSSEC again with patch to resolve header conflicts * Wed Jan 12 2022 Paul Wouters - 4.6-1 - Resolves: CVE-2022-23094 - Resolves: rhbz#2039604 libreswan-4.6 is available - Add gpg key and signature check for build - Temporarilly disable USE_DNSSEC in rawhide while we figure out openssl vs nss include clash * Thu Aug 26 2021 Paul Wouters - 4.5-1 - Resolves rhbz#1996250 libreswan-4.5 is available * Tue Aug 03 2021 Paul Wouters - 4.4-3 - Resolves rhbz#1989198 libreswan should depend on procps-ng or pidof * Thu Jul 22 2021 Fedora Release Engineering - 4.4-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Mon Jun 07 2021 Paul Wouters - 4.4-2 - Properly handle rpm sysctl config * Wed May 12 2021 Paul Wouters - 4.4-1 - Resolves: rhbz#1952602 libreswan-4.4 is available * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 4.3-1.1 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. * Sun Feb 21 2021 Paul Wouters - 4.3-1 - update to 4.3 (minor bugfix release) * Wed Feb 03 2021 Paul Wouters - 4.2-1 - Update to 4.2 * Tue Jan 26 2021 Fedora Release Engineering - 4.2-0.1.rc1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Sat Dec 19 19:59:55 EST 2020 Paul Wouters - 4.2-0.1.rc1 - Resolves: rhbz#1867580 pluto process frequently dumps core (disable USE_NSS_KDF until nss fixes have propagated) * Sat Dec 19 2020 Adam Williamson - 4.1-4 - Rebuild for ldns soname bump * Mon Nov 23 11:50:41 EST 2020 Paul Wouters - 4.1-3 - Resolves: rhbz#1894381 Libreswan 4.1-2 breaks l2tp connection to Windows VPN server * Mon Oct 26 10:21:57 EDT 2020 Paul Wouters - 4.1-2 - Resolves: rhbz#1889538 libreswan's /var/lib/ipsec/nss missing * Sun Oct 18 21:49:39 EDT 2020 Paul Wouters - 4.1-1 - Updated to 4.1 - interop fix for Cisco * Thu Oct 15 10:27:14 EDT 2020 Paul Wouters - 4.0-1 - Resolves: rhbz#1888448 libreswan-4.0 is available * Wed Sep 30 14:05:58 EDT 2020 Paul Wouters - 4.0-0.2.rc1 - Rebuild for libevent 2.1.12 with a soname bump * Sun Sep 27 22:49:40 EDT 2020 Paul Wouters - 4.0-0.1.rc1 - Updated to 4.0rc1 * Thu Aug 27 2020 Paul Wouters - 3.32-4 - Resolves: rhbz#1864043 libreswan: FTBFS in Fedora rawhide/f33 * Sat Aug 01 2020 Fedora Release Engineering - 3.32-3.2 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering - 3.32-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 30 2020 Jeff Law - 3.32-3 - Initialize ppk_id_p in ikev2_parent_inR1outI2_tail to avoid uninitialized object * Tue May 26 2020 Paul Wouters - 3.32-2 - Backport NSS guarding fix for unannounced changed api in NSS causing segfault * Mon May 11 2020 Paul Wouters - 3.32-1 - Resolves: rhbz#1809770 libreswan-3.32 is available * Tue Apr 14 2020 Paul Wouters - 3.31-2 - Resolves: rhbz#1823823 Please drop the dependency on fipscheck * Tue Mar 03 2020 Paul Wouters - 3.31-1 - Resolves: rhbz#1809770 libreswan-3.31 is available (fixes rekey regression) * Fri Feb 14 2020 Paul Wouters - 3.30-1 - Resolves: rhbz#1802896 libreswan-3.30 is available - Resolves: rhbz#1799598 libreswan: FTBFS in Fedora rawhide/f32 - Resolves: rhbz#1760571 [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError: * Wed Jan 29 2020 Fedora Release Engineering - 3.29-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jan 09 2020 Paul Wouters - 3.29-2 - _updown.netkey: fix syntax error in checking routes * Thu Jul 25 2019 Fedora Release Engineering - 3.29-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Mon Jun 10 2019 Paul Wouters - 3.29-1 - Resolves: rhbz#1718986 Updated to 3.29 for CVE-2019-10155 * Tue May 21 2019 Paul Wouters - 3.28-1 - Updated to 3.28 (many imported bugfixes, including CVE-2019-12312) * Fri Feb 01 2019 Fedora Release Engineering - 3.27-1.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jan 14 2019 Björn Esser - 3.27-1.1 - Rebuilt for libcrypt.so.2 (#1666033) * Mon Oct 08 2018 Paul Wouters - 3.27-1 - Updated to 3.27 (various bugfixes) * Thu Sep 27 2018 Paul Wouters - 3.26-3 - Add fedora python fixup for _unbound-hook * Mon Sep 17 2018 Paul Wouters - 3.26-2 - linking against freebl is no longer needed (and wasn't done in 3.25) * Mon Sep 17 2018 Paul Wouters - 3.26-1 - Updated to 3.26 (CHACHA20POLY1305, ECDSA and RSA-PSS support) * Fri Jul 13 2018 Fedora Release Engineering - 3.25-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Jul 09 2018 Paul Wouters - 3.25-3 - Fix Opportunistic IPsec _unbound-hook argument parsing - Make rundir readable for all (so we can hand out permissions later) * Mon Jul 02 2018 Paul Wouters - 3.25-2 - Relax deleting IKE SA's and IPsec SA's to avoid interop issues with third party VPN vendors * Wed Jun 27 2018 Paul Wouters - 3.25-1 - Updated to 3.25 * Mon Feb 19 2018 Paul Wouters - 3.23-2 - Support crypto-policies package - Pull in some patches from upstream and IANA registry updates - gcc7 format-truncate fixes and workarounds * Wed Feb 07 2018 Fedora Release Engineering - 3.23-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jan 25 2018 Paul Wouters - 3.23-1 - Updated to 3.23 - support for MOBIKE, PPK, CMAC, nic offload and performance improvements * Sat Jan 20 2018 Björn Esser - 3.22-1.1 - Rebuilt for switch to libxcrypt * Mon Oct 23 2017 Paul Wouters - 3.22-1 - Updated to 3.22 - many bugfixes, and unbound ipsecmod support * Wed Aug 9 2017 Paul Wouters - 3.21-1 - Updated to 3.21 * Thu Aug 03 2017 Fedora Release Engineering - 3.20-1.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering - 3.20-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Tue Mar 14 2017 Paul Wouters - 3.20-1 - Updated to 3.20 * Fri Mar 03 2017 Paul Wouters - 3.20-0.1.dr4 - Update to 3.20dr4 to test mozbz#1336487 export CERT_CompareAVA * Fri Feb 10 2017 Fedora Release Engineering - 3.19-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Fri Feb 03 2017 Paul Wouters - 3.19-2 - Resolves: rhbz#1392191 libreswan: crash when OSX client connects - Improved uniqueid and session replacing support - Test Buffer warning fix on size_t - Re-introduce --configdir for backwards compatibility * Sun Jan 15 2017 Paul Wouters - 3.19-1 - Updated to 3.19 (see download.libreswan.org/CHANGES) * Mon Dec 19 2016 Miro Hrončok - 3.18-1.1 - Rebuild for Python 3.6 * Fri Jul 29 2016 Paul Wouters - 3.18-1 - Updated to 3.18 for CVE-2016-5391 rhbz#1361164 and VTI support - Remove support for /etc/sysconfig/pluto (use native systemd instead) * Thu May 05 2016 Paul Wouters - 3.17-2 - Resolves: rhbz#1324956 prelink is gone, /etc/prelink.conf.d/* is no longer used * Thu Apr 07 2016 Paul Wouters - 3.17-1 - Updated to 3.17 for CVE-2016-3071 - Disable LIBCAP_NG as it prevents unbound-control from working properly - Temporarilly disable WERROR due to a few minor known issues * Thu Feb 04 2016 Fedora Release Engineering - 3.16-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Fri Dec 18 2015 Paul Wouters - 3.16-1 - Updated to 3.16 (see https://download.libreswan.org/CHANGES) * Tue Aug 11 2015 Paul Wouters - 3.15-1 - Updated to 3.15 (see http://download.libreswan.org/CHANGES) - Resolves: rhbz#CVE-2015-3240 IKE daemon restart when receiving a bad DH gx - NSS database creation moved from spec file to service file - Run CAVS tests on package build - Added BuildRequire systemd-units and xmlto - Bumped minimum required nss to 3.16.1 - Install tmpfiles - Install sysctl file - Update doc files to include * Mon Jul 13 2015 Paul Wouters - 3.13-2 - Resolves: rhbz#1238967 Switch libreswan to use python3 * Wed Jun 17 2015 Fedora Release Engineering - 3.13-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Mon Jun 01 2015 Paul Wouters - 3.13-1 - Updated to 3.13 for CVE-2015-3204 * Fri Nov 07 2014 Paul Wouters - 3.12-1 - Updated to 3.12 Various IKEv2 fixes * Wed Oct 22 2014 Paul Wouters - 3.11-1 - Updated to 3.11 (many fixes, including startup fixes) - Resolves: rhbz#1144941 libreswan 3.10 upgrade breaks old ipsec.secrets configs - Resolves: rhbz#1147072 ikev1 aggr mode connection fails after libreswan upgrade - Resolves: rhbz#1144831 Libreswan appears to start with systemd before all the NICs are up and running * Tue Sep 09 2014 Paul Wouters - 3.10-3 - Fix some coverity issues, auto=route on bootup and snprintf on 32bit machines * Mon Sep 01 2014 Paul Wouters - 3.10-1 - Updated to 3.10, major bugfix release, new xauth status options * Sun Aug 17 2014 Fedora Release Engineering - 3.9-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jul 10 2014 Paul Wouters - 3.9-1 - Updated to 3.9. IKEv2 enhancements, ESP/IKE algo enhancements - Mark libreswan-fips.conf as config file - attr modifier for man pages no longer needed - BUGS file no longer exists upstream * Sat Jun 07 2014 Fedora Release Engineering - 3.8-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Jan 18 2014 Paul Wouters - 3.8-1 - Updated to 3.8, fixes rhbz#CVE-2013-6467 (rhbz#1054102) * Wed Dec 11 2013 Paul Wouters - 3.7-1 - Updated to 3.7, fixes CVE-2013-4564 - Fixes creating a bogus NSS db on startup (rhbz#1005410) * Thu Oct 31 2013 Paul Wouters - 3.6-1 - Updated to 3.6 (IKEv2, MODECFG, Cisco interop fixes) - Generate empty NSS db if none exists * Mon Aug 19 2013 Paul Wouters - 3.5-3 - Add a Provides: for openswan-doc * Sat Aug 03 2013 Fedora Release Engineering - 3.5-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Mon Jul 15 2013 Paul Wouters - 3.5-2 - Added interop patch for (some?) Cisco VPN clients sending 16 zero bytes of extraneous IKE data - Removed fipscheck_version * Sat Jul 13 2013 Paul Wouters - 3.5-1 - Updated to 3.5 * Thu Jun 06 2013 Paul Wouters - 3.4-1 - Updated to 3.4, which only contains style changes to kernel coding style - IN MEMORIAM: June 3rd, 2013 Hugh Daniel * Mon May 13 2013 Paul Wouters - 3.3-1 - Updated to 3.3, which resolves CVE-2013-2052 * Sat Apr 13 2013 Paul Wouters - 3.2-1 - Initial package for Fedora