[Announce] openswan-2.6.26 released
Paul Wouters
paul at xelerance.com
Tue May 25 18:44:20 EDT 2010
Xelerance has released openswan 2.6.26
http://www.openswan.org/download/openswan-2.6.26.tar.gz
http://www.openswan.org/download/openswan-2.6.26.tar.gz.asc
This is a bugfix and enhancement release.
As always, please use http://bugs.openswan.org/ to report bugs, or
discuss issues on users at openswan.org or dev at openswan.org. Or linger
at FreeNode's #openswan / #openswan-dev
The changes:
v2.6.26
* SAref updated to 2.6.32 kernel [Bart/Paul]
* KLIPS fixes for 2.6.33 kernel [Greg Ungerger/David]
* RFC-5114 Diffie-Hellman group 22, 23 and 24 support [Avesh]
* Revert broken work-around for nspr4 warning [Tuomo]
* Copy David's klips fixes to netlink where they are needed too [Tuomo]
* Fix bogus initiations of existing tunnels on netkey introduced
in 2.6.25 [Tuomo]
* Compile fixes for compiling without NAT_TRAVERSAL [Paul]
* Fix pfkey error on tunnel deletion [David]
* Fix up eroute_connection for klips [David]
* When we ASSERT, show where we asserted [Bart]
* Merge in #osx branch [Paul]
* Fix eroute_type to satype conversion for pfkey [Bart]
* Fix confusion about transport_proto and proto in comments and bsdkame [Tuomo]
* Updated SecureClient patch for hybrid mode in contrib [Yair Elharrar]
* remote_peer_type= support for whack [Avesh Agarwal]
* Cisco banner support in _updown via PLUTO_PEER_BANNER [Avesh Agarwal]
* New option nm_configured=yes will skip reconfiguring resolv.conf, so
that NetworkManager can handle this. Can be directory whack'ed using
the --nm_controlled option. [Avesh Agarwal]
* Clean up DPD logging. [Tuomo]
* Fix for protostack=auto when KLIPS or NETKEY is not compiled in [Paul]
* Fix for compiling without XAUTH (introduced with remote_peer=cisco support)
[Thomas Geulig]
* Fix %prompt for encrypted X.509 private keys [Harald]
* Fix plutodebug=natt being accepted just like whack --debug-natt [Tuomo]
* Bugtracker bugs fixed:
# 414: Y2K38 bug in X.509 Digital Certificate handling [Andreas Steffen]
(happened only on 32bit machines for certs expiring after 2038)
# 428: Fix for representation of [...] used algorithms
in ipsec auto --status [Martin Schiller]
#1032: ipsec_xmit_send ignored mark of skb. causing ignoring of ip rules
and only main routing table was used. [Wolfgang Nothdurft]
#1035: Allow specifying interface name, eg left=%ppp0 [Martin Schiller]
#1080: duplicate of #414
#1087: acquires cause invalid policies being inserted into xfrm policy
introduced in 2.6.25 [Tuomo]
#1093: enc alg=0 not found in constants.c:oakley_enc_names [Henry N.]
#1094: IPSEC_RCV_DECAPFAIL with auth=ah [Wolfgang Nothdurft]
#1104: Compile for NETKEY without KLIPS fails with missing symbols
[Henry N.]
#1107: buildfix for showpolicy.c when using gcc 4.5 by Paweł Zuzelski
#1108: gcc-4.5.0 enum warning fix [Paweł Zuzelski]
#1004: Better fix for bug #1004 [Mika Ilmaranta/Tuomo]
#1085: Random disconnects of (ipsec+l2tpd) tunnels [Mika Ilmaranta/Tuomo]
More information about the Announce
mailing list