libreswan-4.12-1.el9 RPM for x86_64

From CentOS Stream 9 AppStream for x86_64

Libreswan is a free implementation of IPsec & IKE for Linux.  IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan.

Libreswan also supports IKEv2 (RFC7296) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Provides

• libreswan
• config(libreswan)
• libreswan(x86-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /usr/bin/python3
• /usr/bin/sh
• bash
• config(libreswan) = 4.12-1.el9
• coreutils
• iproute >= 2.6.8
• libaudit.so.1()(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.27)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.2)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.7)(64bit)
• libcap-ng.so.0()(64bit)
• libcrypt.so.2()(64bit)
• libcrypt.so.2(XCRYPT_2.0)(64bit)
• libcurl.so.4()(64bit)
• libevent_core-2.1.so.7()(64bit)
• libevent_pthreads-2.1.so.7()(64bit)
• liblber.so.2()(64bit)
• liblber.so.2(OPENLDAP_2.200)(64bit)
• libldap.so.2()(64bit)
• libldap.so.2(OPENLDAP_2.200)(64bit)
• libldns.so.3()(64bit)
• libnspr4.so()(64bit)
• libnss3.so()(64bit)
• libnss3.so(NSS_3.10)(64bit)
• libnss3.so(NSS_3.11)(64bit)
• libnss3.so(NSS_3.11.2)(64bit)
• libnss3.so(NSS_3.11.7)(64bit)
• libnss3.so(NSS_3.12)(64bit)
• libnss3.so(NSS_3.12.3)(64bit)
• libnss3.so(NSS_3.15)(64bit)
• libnss3.so(NSS_3.15.4)(64bit)
• libnss3.so(NSS_3.18)(64bit)
• libnss3.so(NSS_3.2)(64bit)
• libnss3.so(NSS_3.22)(64bit)
• libnss3.so(NSS_3.3)(64bit)
• libnss3.so(NSS_3.30)(64bit)
• libnss3.so(NSS_3.4)(64bit)
• libnss3.so(NSS_3.5)(64bit)
• libnss3.so(NSS_3.6)(64bit)
• libnss3.so(NSS_3.7)(64bit)
• libnss3.so(NSS_3.8)(64bit)
• libnss3.so(NSS_3.9)(64bit)
• libnss3.so(NSS_3.9.2)(64bit)
• libnssutil3.so()(64bit)
• libnssutil3.so(NSSUTIL_3.38)(64bit)
• libpam.so.0()(64bit)
• libpam.so.0(LIBPAM_1.0)(64bit)
• libseccomp.so.2()(64bit)
• libselinux.so.1()(64bit)
• libselinux.so.1(LIBSELINUX_1.0)(64bit)
• libsmime3.so()(64bit)
• libsmime3.so(NSS_3.2)(64bit)
• libsmime3.so(NSS_3.3)(64bit)
• libsmime3.so(NSS_3.4)(64bit)
• libsmime3.so(NSS_3.9.3)(64bit)
• libssl3.so()(64bit)
• libssl3.so(NSS_3.14)(64bit)
• libssl3.so(NSS_3.2)(64bit)
• libssl3.so(NSS_3.24)(64bit)
• libsystemd.so.0()(64bit)
• libsystemd.so.0(LIBSYSTEMD_209)(64bit)
• libunbound.so.8()(64bit)
• nss >= 3.52
• nss-softokn
• nss-tools
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)
• systemd
• systemd
• systemd
• unbound-libs >= 1.6.6

License

GPLv2

Changelog

* Wed Aug 09 2023 Daiki Ueno <dueno@redhat.com> - 4.12-1
  - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
  - Resolves: rhbz#2215956
* Fri May 05 2023 Sahana Prasad <sahana@redhat.com> - 4.9-5
  - Just bumping up the version to include bugs for CVE-2023-2295. There is no
    code fix for it. Fix for it is including the code fix for CVE-2023-30570.
  - Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the
    Red Hat Enterprise Linux
  - Resolves: rhbz#2189777, rhbz#2190148
* Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-4
  - Just bumping up the version as an incorrect 9.3 build was created.
  - Related: rhbz#2187171
* Thu May 04 2023 Sahana Prasad <sahana@redhat.com> - 4.9-3
  - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash
    libreswan
  - Resolves: rhbz#2187171
* Tue Apr 04 2023 Daiki Ueno <dueno@redhat.com> - 4.9-2
  - Fix CVE-2023-23009: remote DoS via crafted TS payload with an
    incorrect selector length (rhbz#2173674)
* Wed Jan 04 2023 Daiki Ueno <dueno@redhat.com> - 4.9-1
  - Update to 4.9. Resolves: rhbz#2128669
  - Switch to using %autopatch as in Fedora
* Wed Feb 02 2022 Daiki Ueno <dueno@redhat.com> - 4.6-3
  - Drop IKEv1 packets by default, based on the Debian patch
    by Daniel Kahn Gillmor (rhbz#2039877)
* Mon Jan 17 2022 Daiki Ueno <dueno@redhat.com> - 4.6-2
  - Related: rhbz#2017355 rebuild to reflect gating.yaml change
* Mon Jan 17 2022 Daiki Ueno <dueno@redhat.com> - 4.6-1
  - Update to 4.6. Resolves: rhbz#2017355
* Mon Jan 10 2022 Daiki Ueno <dueno@redhat.com> - 4.5-1
  - Update to 4.5. Resolves: rhbz#2017355
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4-3.1
  - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
    Related: rhbz#1991688

Files

/etc/ipsec.conf
/etc/ipsec.d
/etc/ipsec.d/policies
/etc/ipsec.d/policies/block
/etc/ipsec.d/policies/clear
/etc/ipsec.d/policies/clear-or-private
/etc/ipsec.d/policies/portexcludes.conf
/etc/ipsec.d/policies/private
/etc/ipsec.d/policies/private-or-clear
/etc/ipsec.secrets
/etc/logrotate.d/libreswan
/etc/pam.d/pluto
/etc/sysctl.d/50-libreswan.conf
/run/pluto
/usr/lib/.build-id
/usr/lib/.build-id/16
/usr/lib/.build-id/16/974128894e4b93dcd1a27cc7e8cc6cf54dbd89
/usr/lib/.build-id/48
/usr/lib/.build-id/48/ebb042e61e46ae370ad3721615e5df285653fa
/usr/lib/.build-id/74
/usr/lib/.build-id/74/dd94985321a24b03fb1a0c5846452c1d472fb3
/usr/lib/.build-id/7e
/usr/lib/.build-id/7e/4d982970f9c6742daef38476bad94a7b479e66
/usr/lib/.build-id/90
/usr/lib/.build-id/90/9c85c04a62f320a59ef6dc43787c1478705125
/usr/lib/.build-id/af
/usr/lib/.build-id/af/2c71b2cc204018a446b25b4a9893edead58b58
/usr/lib/.build-id/b4
/usr/lib/.build-id/b4/c52540b4319847dbaba4c996dbe4ec60987f7b
/usr/lib/.build-id/b6
/usr/lib/.build-id/b6/d6cf26d74ad0fc9fbf617298246bd4ea076a1b
/usr/lib/.build-id/bb
/usr/lib/.build-id/bb/569e06a7dedfe09e1111cd635690c4d0f155bd
/usr/lib/.build-id/c5
/usr/lib/.build-id/c5/e58e9743a0dd59215e215405094a6d9cf28de4
/usr/lib/.build-id/e7
/usr/lib/.build-id/e7/7760064efdc2e1d2dfcefc5a3d142f5c1ce89e
/usr/lib/.build-id/fe
/usr/lib/.build-id/fe/2859d79a76b3cfdb6643d8eca09801a294c9a4
/usr/lib/systemd/system/ipsec.service
/usr/lib/tmpfiles.d/libreswan.conf
/usr/libexec/ipsec
/usr/libexec/ipsec/_import_crl
/usr/libexec/ipsec/_plutorun
/usr/libexec/ipsec/_secretcensor
/usr/libexec/ipsec/_stackmanager
/usr/libexec/ipsec/_unbound-hook
/usr/libexec/ipsec/_updown
/usr/libexec/ipsec/_updown.xfrm
/usr/libexec/ipsec/addconn
/usr/libexec/ipsec/algparse
/usr/libexec/ipsec/auto
/usr/libexec/ipsec/barf
/usr/libexec/ipsec/cavp
/usr/libexec/ipsec/ecdsasigkey
/usr/libexec/ipsec/getpeercon_server
/usr/libexec/ipsec/letsencrypt
/usr/libexec/ipsec/look
/usr/libexec/ipsec/newhostkey
/usr/libexec/ipsec/pluto
/usr/libexec/ipsec/readwriteconf
/usr/libexec/ipsec/rsasigkey
/usr/libexec/ipsec/setup
/usr/libexec/ipsec/show
/usr/libexec/ipsec/showhostkey
/usr/libexec/ipsec/showroute
/usr/libexec/ipsec/verify
/usr/libexec/ipsec/whack
/usr/sbin/ipsec
/usr/share/doc/libreswan
/usr/share/doc/libreswan/CHANGES
/usr/share/doc/libreswan/CHANGES.freeswan.pluto
/usr/share/doc/libreswan/CHANGES.openswan
/usr/share/doc/libreswan/COPYING
/usr/share/doc/libreswan/CREDITS
/usr/share/doc/libreswan/CREDITS.freeswan
/usr/share/doc/libreswan/CREDITS.openswan
/usr/share/doc/libreswan/LICENSE
/usr/share/doc/libreswan/PlutoFlow.png
/usr/share/doc/libreswan/PlutoFlow.svg
/usr/share/doc/libreswan/ProgrammingConventions.txt
/usr/share/doc/libreswan/README.IANA-PEN
/usr/share/doc/libreswan/README.XAUTH
/usr/share/doc/libreswan/README.labeledipsec
/usr/share/doc/libreswan/README.md
/usr/share/doc/libreswan/README.nss
/usr/share/doc/libreswan/README.rfcs
/usr/share/doc/libreswan/README.x509
/usr/share/doc/libreswan/examples
/usr/share/doc/libreswan/examples/hub-spoke.conf
/usr/share/doc/libreswan/examples/ipv6.conf
/usr/share/doc/libreswan/examples/l2tp-cert.conf
/usr/share/doc/libreswan/examples/l2tp-psk.conf
/usr/share/doc/libreswan/examples/linux-linux.conf
/usr/share/doc/libreswan/examples/oe-authnull.conf
/usr/share/doc/libreswan/examples/oe-dnssec-client.conf
/usr/share/doc/libreswan/examples/oe-dnssec-server.conf
/usr/share/doc/libreswan/examples/oe-exclude-dns.conf
/usr/share/doc/libreswan/examples/oe-letsencrypt-README.txt
/usr/share/doc/libreswan/examples/oe-letsencrypt-client.conf
/usr/share/doc/libreswan/examples/oe-letsencrypt-server.conf
/usr/share/doc/libreswan/examples/oe-upgrade-authnull.conf
/usr/share/doc/libreswan/examples/sysctl.conf
/usr/share/doc/libreswan/examples/xauth.conf
/usr/share/doc/libreswan/l2tp-overhead.txt
/usr/share/doc/libreswan/nss-howto.txt
/usr/share/doc/libreswan/opportunistic-v1.historic
/usr/share/doc/libreswan/opportunistic-v1.historic/opportunism-spec.txt
/usr/share/doc/libreswan/opportunistic-v1.historic/opportunism.nr
/usr/share/doc/libreswan/pluto-internals.txt
/usr/share/doc/libreswan/win2k-notes.txt
/usr/share/doc/libreswan/windows-cross-compile.txt
/usr/share/man/man5/ipsec.conf.5.gz
/usr/share/man/man5/ipsec.secrets.5.gz
/usr/share/man/man8/ipsec.8.gz
/usr/share/man/man8/ipsec__import_crl.8.gz
/usr/share/man/man8/ipsec__plutorun.8.gz
/usr/share/man/man8/ipsec__secretcensor.8.gz
/usr/share/man/man8/ipsec__stackmanager.8.gz
/usr/share/man/man8/ipsec__unbound-hook.8.gz
/usr/share/man/man8/ipsec__updown.8.gz
/usr/share/man/man8/ipsec__updown.xfrm.8.gz
/usr/share/man/man8/ipsec_addconn.8.gz
/usr/share/man/man8/ipsec_auto.8.gz
/usr/share/man/man8/ipsec_barf.8.gz
/usr/share/man/man8/ipsec_checknss.8.gz
/usr/share/man/man8/ipsec_ecdsasigkey.8.gz
/usr/share/man/man8/ipsec_import.8.gz
/usr/share/man/man8/ipsec_initnss.8.gz
/usr/share/man/man8/ipsec_letsencrypt.8.gz
/usr/share/man/man8/ipsec_look.8.gz
/usr/share/man/man8/ipsec_newhostkey.8.gz
/usr/share/man/man8/ipsec_pluto.8.gz
/usr/share/man/man8/ipsec_readwriteconf.8.gz
/usr/share/man/man8/ipsec_rsasigkey.8.gz
/usr/share/man/man8/ipsec_setup.8.gz
/usr/share/man/man8/ipsec_show.8.gz
/usr/share/man/man8/ipsec_showhostkey.8.gz
/usr/share/man/man8/ipsec_showroute.8.gz
/usr/share/man/man8/ipsec_vendorid.8.gz
/usr/share/man/man8/ipsec_verify.8.gz
/usr/share/man/man8/ipsec_whack.8.gz
/usr/share/man/man8/pluto.8.gz
/var/lib/ipsec
/var/lib/ipsec/nss

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Apr 24 05:18:34 2024