libreswan-5: update to v5.0
* IKEv1:
- globally disabled by default (ikev1-policy=drop); see RFC9395 [Daniel]
- limit default cryptosuite [Andrew, Paul, Tuomo]
IKE={AES_CBC,3DES_CBC}-{HMAC_SHA2_256,HMAC_SHA2_512HMAC_SHA1}-{MODP2048,MODP1536,DH19,DH31}
ESP={AES_CBC,3DES_CBC}-{HMAC_SHA1_96,HMAC_SHA2_512_256,HMAC_SHA2_256_128}-{AES_GCM_16_128,AES_GCM_16_256}
AH=HMAC_SHA1_96+HMAC_SHA2_512_256+HMAC_SHA2_256_128
- remove support for Labeled IPsec [Andrew]
- properly ignore dpdaction= [Andrew]
- see also IKEv2 routing/revival changes
* IKEv2:
- warn that fragmentation=force is ignored [Andrew]
- avoid post-authentication crash on corrupt TS payload [Andrew]
- support addresspool=v4/mask,v6/mask [Andrew]
- support subnet=SELECTOR,... using a single Child SA [Andrew]
- when non-MOBIKE never update NATed endpoint [#1492/Wofferl/Andrew]
- fix revival of IKE_AUTH (first) Child SA [Andrew]
- properly ignore dpdaction=, keyingtries= [Andrew]
[68 lines not shown]
lpjs: Update to 0.0.0.405
Shift responsibility for output transfer from the user script
to chaperone. This allows adding to the chaperone log after the
script terminates.