Back to bug 1399883

Who When What Removed Added
RHEL Program Management 2016-11-30 01:40:34 UTC Keywords Rebase
Anita Tragler 2017-01-06 20:36:44 UTC CC atragler
Libor Miksik 2017-01-10 16:07:39 UTC Blocks 1411853
Siddharth Nagar 2017-02-07 15:50:33 UTC Priority unspecified medium
Chris Williams 2017-02-07 16:13:00 UTC CC eparis
Paul Wouters 2017-02-07 17:27:58 UTC Summary rebase libreswan to 3.19 rebase libreswan to 3.20
Tomas Mraz 2017-02-08 12:49:48 UTC Priority medium high
CC tmraz
Blocks 1367490
Ondrej Moriš 2017-02-10 09:11:25 UTC CC omoris, pwouters
Flags needinfo?(pwouters)
Paul Wouters 2017-02-10 18:34:10 UTC Flags needinfo?(pwouters)
Ondrej Moriš 2017-02-17 10:24:38 UTC Flags needinfo?(pwouters)
Ondrej Moriš 2017-02-21 07:03:28 UTC Flags needinfo?(pwouters)
Mirek Jahoda 2017-03-02 14:21:42 UTC Blocks 1428409
Ondrej Moriš 2017-03-06 15:20:13 UTC QA Contact qe-baseos-security omoris
Flags needinfo?(pwouters)
Paul Wouters 2017-03-14 21:11:11 UTC Status NEW MODIFIED
Flags needinfo?(pwouters)
errata-xmlrpc 2017-03-14 21:24:37 UTC Status MODIFIED ON_QA
Lenka Špačková 2017-04-11 14:48:46 UTC Docs Contact mjahoda
Mirek Jahoda 2017-05-11 16:20:28 UTC Doc Type If docs needed, set a value Rebase: Bug Fixes and Enhancements
Mirek Jahoda 2017-05-16 14:19:38 UTC Doc Text _libreswan_ rebased to version 3.20

The _libreswan_ packages have been upgraded to upstream version 3.20, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:

* Added support for Opportunistic IPsec (Mesh Encryption), which enables IPsec deployments that cover a large number of hosts using a single simple configuration on all hosts.

* FIPS further tightened.

* Added support for routed based VPN using Virtual Tunnel Interface (VTI).

* Improved support for non-root configurations.

* Improved Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL) support.

* Added new "whack" command options: "--fipsstatus", "--fetchcrls", "--globalstatus", and "--shuntstatus".

* Added support for secure computing mode (seccomp). The options are: "seccomp=enabled", "seccomp=tolerant", and "seccomp=disabled".

* Added support for the NAT Opportunistic Encryption (OE) Client Address Translation: "leftcat=yes".

* Added support for the Traffic Flow Confidentiality mechanism: "tfc=".

* Updated cipher preferences as per RFC 4307bis and RFC 7321bis.

* Added support for Extended Sequence Numbers (ESN): "esn=yes".

* Added support for disabling and increasing replay window: "replay-window=".
Paul Wouters 2017-05-16 19:05:49 UTC Doc Text _libreswan_ rebased to version 3.20

The _libreswan_ packages have been upgraded to upstream version 3.20, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:

* Added support for Opportunistic IPsec (Mesh Encryption), which enables IPsec deployments that cover a large number of hosts using a single simple configuration on all hosts.

* FIPS further tightened.

* Added support for routed based VPN using Virtual Tunnel Interface (VTI).

* Improved support for non-root configurations.

* Improved Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL) support.

* Added new "whack" command options: "--fipsstatus", "--fetchcrls", "--globalstatus", and "--shuntstatus".

* Added support for secure computing mode (seccomp). The options are: "seccomp=enabled", "seccomp=tolerant", and "seccomp=disabled".

* Added support for the NAT Opportunistic Encryption (OE) Client Address Translation: "leftcat=yes".

* Added support for the Traffic Flow Confidentiality mechanism: "tfc=".

* Updated cipher preferences as per RFC 4307bis and RFC 7321bis.

* Added support for Extended Sequence Numbers (ESN): "esn=yes".

* Added support for disabling and increasing replay window: "replay-window=". 		_libreswan_ rebased to version 3.20

The _libreswan_ packages have been upgraded to upstream version 3.20, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:

* Added support for Opportunistic IPsec (Mesh Encryption), which enables IPsec deployments that cover a large number of hosts using a single simple configuration on all hosts.

* FIPS further tightened.

* Added support for routed based VPN using Virtual Tunnel Interface (VTI).

* Improved support for non-root configurations.

* Improved Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL) support.

* Added new "whack" command options: "--fipsstatus", "--fetchcrls", "--globalstatus", and "--shuntstatus".

* Added support for the NAT Opportunistic Encryption (OE) Client Address Translation: "leftcat=yes".

* Added support for the Traffic Flow Confidentiality mechanism: "tfc=".

* Updated cipher preferences as per RFC 4307bis and RFC 7321bis.

* Added support for Extended Sequence Numbers (ESN): "esn=yes".

* Added support for disabling and increasing replay window: "replay-window=".
Mirek Jahoda 2017-05-18 19:16:49 UTC Doc Text _libreswan_ rebased to version 3.20

The _libreswan_ packages have been upgraded to upstream version 3.20, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:

* Added support for Opportunistic IPsec (Mesh Encryption), which enables IPsec deployments that cover a large number of hosts using a single simple configuration on all hosts.

* FIPS further tightened.

* Added support for routed based VPN using Virtual Tunnel Interface (VTI).

* Improved support for non-root configurations.

* Improved Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL) support.

* Added new "whack" command options: "--fipsstatus", "--fetchcrls", "--globalstatus", and "--shuntstatus".

* Added support for the NAT Opportunistic Encryption (OE) Client Address Translation: "leftcat=yes".

* Added support for the Traffic Flow Confidentiality mechanism: "tfc=".

* Updated cipher preferences as per RFC 4307bis and RFC 7321bis.

* Added support for Extended Sequence Numbers (ESN): "esn=yes".

* Added support for disabling and increasing replay window: "replay-window=". 		_libreswan_ rebased to version 3.20

The _libreswan_ packages have been upgraded to upstream version 3.20, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:

* Added support for Opportunistic IPsec (Mesh Encryption), which enables IPsec deployments that cover a large number of hosts using a single simple configuration on all hosts.

* FIPS further tightened.

* Added support for routed-based VPN using Virtual Tunnel Interface (VTI).

* Improved support for non-root configurations.

* Improved Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRL) support.

* Added new "whack" command options: "--fipsstatus", "--fetchcrls", "--globalstatus", and "--shuntstatus".

* Added support for the NAT Opportunistic Encryption (OE) Client Address Translation: "leftcat=yes".

* Added support for the Traffic Flow Confidentiality mechanism: "tfc=".

* Updated cipher preferences as per RFC 4307bis and RFC 7321bis.

* Added support for Extended Sequence Numbers (ESN): "esn=yes".

* Added support for disabling and increasing the replay window: "replay-window=".
Evan Wheeler 2017-06-03 02:09:20 UTC CC evan.wheeler
Evan Wheeler 2017-06-03 02:09:52 UTC CC evan.wheeler
Evan Wheeler 2017-06-03 02:24:49 UTC CC emwdev
Ondrej Moriš 2017-06-20 14:41:17 UTC Blocks 1463317
Ondrej Moriš 2017-06-20 14:42:41 UTC Blocks 1463317
Ondrej Moriš 2017-06-28 09:29:18 UTC Hardware Unspecified All
Fixed In Version 3.20-3
OS Unspecified Linux
Severity unspecified high
Ondrej Moriš 2017-06-28 10:09:45 UTC Status ON_QA VERIFIED
errata-xmlrpc 2017-08-01 12:31:06 UTC Status VERIFIED CLOSED
Resolution --- ERRATA
Last Closed 2017-08-01 08:31:06 UTC

Back to bug 1399883