[Announce] openswan-2.6.27 released

Paul Wouters paul at xelerance.com
Mon Jun 21 11:48:14 EDT 2010 

Xelerance has released openswan 2.6.26

http://www.openswan.org/download/openswan-2.6.27.tar.gz
http://www.openswan.org/download/openswan-2.6.27.tar.gz.asc

This is mostly a bugfix release, though there are some new features with
the MAST/SAref code included in this release that are active when using
the MAST stack (protostack=mast)

As always, please use http://bugs.openswan.org/ to report bugs, or
discuss issues on users at openswan.org or dev at openswan.org. Or linger
at FreeNode's #openswan / #openswan-dev

The changes:

v2.6.27 (June 21, 2010)
* Fixes to the SAREF / MAST code to avoid recursion loops [Bart]
* KLIPS compile fixes for 2.4 kernels [David]
* Memory leak fix unshare_connection_strings [Shinichi Furuso]
* define ALLOW_MICROSOFT_BAD_PROPOSAL to allow connecting to behind NAT [Paul]
* Missing load_oswcrypto() call 'ipsec showhostkey' [Kevin Locke]
   (this is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575757?)
* Log the netfilter mark (him/me) with HAVE_STATSD=true [Paul]
* saref-bind kernel patch that allows setsockopt() to an saref [Bart]
* Rename /bin/statsd to /bin/openswan-statsd with HAVE_STATSD=true [Paul]
* contrib/sarefnc is netcat (nc) with saref settable option [Bart]
* Allow multiple proposals in Aggressive Mode, as long as the DH group is
   the same for all of them [Michael H. Warfield]
* alg_info_addref() needed #ifdef KERNEL_ALG like  alg_info_delref() [Shinichi]
* Remove the obsolete _confread script. [Simon]
* Correct the creation of the directory /var/lock/subsys. [Simon]
* Set a default value for IPSECsyslog in setup to avoid logger errors. [Simon]
* Cleanup source code to use C-style comments [Tuomo]
* Enable addconn to read config from stdin when called with --config - [Simon]
* Fix for broken enum_names regarding ENCAPSULATION_MODE_TUNNEL* [Paul]
* Fix for a few gcc warnings in dnskey.c and xauth.c [Paul/Simon]
* Fix for kernel_pfkey.c bad_case(esatype) introduced in 2.6.25 [Bart]
* Bugtracker bugs fixed:
    #  76: ipsec verify warns about no RSA key when using X509 pem files [Paul]
    #1074: virtual_private broken on U2.6.19/K2.6.27.25-78.2.56.fc9.i686?
           Fix virtual_private checks to give correct warnings [Tuomo]
    #1101: protoport code and nat-t code are switching ports with netkey
           [Mika Ilmaranta/Tuomo]
    #1106: Incorrect xfrm policy with both-NAT client connection [Paul]

More information about the Announce mailing list