[Announce] openswan-2.6.25 released

Paul Wouters paul at xelerance.com
Sun Mar 21 13:48:37 EDT 2010

Xelerance has released openswan 2.6.25.


This is a bugfix and enhancement release.

As always, please use http://bugs.openswan.org/ to report bugs, or
discuss issues on users at openswan.org or dev at openswan.org. Or linger
at FreeNode's #openswan / #openswan-dev

The changes:

* Google Summer of Code 2009 project for osxApp merged in [Paul]
   code contributed by student Jose Quaresma and mentor Stefan Arentz
* Google Summer of Code 2009 project for livetest merged in [Paul]
   code contributed by student Daniel Snider and mentor Paul Wouters
* Added exceptsocket NULL kernel_ops for non-bsd stacks [Paul]
* Remove hardcoded sql: from nss db path (showhostkey, rsasigkey) [Tuomo]
* Remove version from README.nss [Tuomo]
* Fixed obvious errors on fedora and centos5 rpm specs [Tuomo]
* Remove --key option from showhostkey [Paul]
* Fix for NAT-T vendorid payload on some ARM processors [dhr]
* Fix reference to unused file in README.nss [Tuomo]
* Fix 'ip' failure when built against libcap-ng [Kyle McMartin]
* Split networking support for remote_peer_type=cisco [Avesh]
* Fixup for compiling with broken version of nspr [Avesh]
* Update ipsec.conf man page [Tuomo]
* In rare circumstances, DPD could kill an active tunnel [Shinichi Furuso]
* Compile fixes for NETKEY without KLIPS [Ajay.V.Sarraju]
* Fix tcpdump operation on KLIPS/ipsecX interfaces [David]
* Report NETDEV_TX_BUSY when klips is overloaded with requests [David]
* Fix usage of KLIPS_IP_SELECT_IDENT to prevent kernel trace/warnings [David]
* Auth corruption due to unprotected data in sha1 (work_space) [Shinichi Furuso]
* Correct locking for SA tables in pfkey interface [Shinichi Furuso/David]
* Add locking to PRNG to prevent possible corruption [Shinichi Furuso/David]
* Fix oops on held packets [David]
* Implement remove_orphaned_holds for NETKEY [Tuomo]
* Fix _plutorun to use standard restart option for ipsec setup [Tuomo]
* Disable auto skb_dst_release so that icmp_send works [Ronen Shitrit/David]
* Fix for unloading KLIPS module on latish kernels [Ronen Shitrit]
* Fix init script default not to start up on boot by default [Tuomo]
* Do not store XAUTH password in a variable if read from the prompt [Avesh]
* spi/spigrp/tncfg blindly assumed KLIPS. Give nicer error output [Avesh]
* Fix for _updown.netkey not being able to delete route [Tuomo]
* Fix bad bare_shunt entry that break tunnel routing [David]
* Fix oops when network driver doesn't support all header_ops [David]
* Fix for hardcoded hmac 96 bits length [Avesh]
* Check for clrngd as well as rngd in ipsec verify [Paul]
* Fix default value for ikev2 in ipsec.conf man page [Tuomo]
* Support for USE_TRANSPORT_MODE in IKEv2 [Avesh]
* Fix fox implicit DSO linking with NSS [Avesh]
   - redhat bz#565140
* Fix various spelling errors [Harald]
* Fix for leftid=@[foo] notation [Michael H. Warfield]
* Interop issue with Cisco where with XAUTH and ModeConfig we expected
* Support for receiving Cisco dns and domain settings and updating
   /etc/resolv.conf. Requires remote_peer_type=cisco [Avesh]

More information about the Announce mailing list