[Announce] openswan-2.6.26 released

Paul Wouters paul at xelerance.com
Tue May 25 18:44:20 EDT 2010

Xelerance has released openswan 2.6.26


This is a bugfix and enhancement release.

As always, please use http://bugs.openswan.org/ to report bugs, or
discuss issues on users at openswan.org or dev at openswan.org. Or linger
at FreeNode's #openswan / #openswan-dev

The changes:

* SAref updated to 2.6.32 kernel [Bart/Paul]
* KLIPS fixes for 2.6.33 kernel [Greg Ungerger/David]
* RFC-5114 Diffie-Hellman group 22, 23 and 24 support [Avesh]
* Revert broken work-around for nspr4 warning [Tuomo]
* Copy David's klips fixes to netlink where they are needed too [Tuomo]
* Fix bogus initiations of existing tunnels on netkey introduced
   in 2.6.25 [Tuomo]
* Compile fixes for compiling without NAT_TRAVERSAL [Paul]
* Fix pfkey error on tunnel deletion [David]
* Fix up eroute_connection for klips [David]
* When we ASSERT, show where we asserted [Bart]
* Merge in #osx branch [Paul]
* Fix eroute_type to satype conversion for pfkey [Bart]
* Fix confusion about transport_proto and proto in comments and bsdkame [Tuomo]
* Updated SecureClient patch for hybrid mode in contrib [Yair Elharrar] 
* remote_peer_type= support for whack [Avesh Agarwal]
* Cisco banner support in _updown via PLUTO_PEER_BANNER [Avesh Agarwal]
* New option nm_configured=yes will skip reconfiguring resolv.conf, so
   that NetworkManager can handle this. Can be directory whack'ed using
   the --nm_controlled option. [Avesh Agarwal]
* Clean up DPD logging. [Tuomo]
* Fix for protostack=auto when KLIPS or NETKEY is not compiled in [Paul]
* Fix for compiling without XAUTH (introduced with remote_peer=cisco support)
           [Thomas Geulig]
* Fix %prompt for encrypted X.509 private keys [Harald]
* Fix plutodebug=natt being accepted just like whack --debug-natt [Tuomo]
* Bugtracker bugs fixed:
    # 414: Y2K38 bug in X.509 Digital Certificate handling [Andreas Steffen]
           (happened only on 32bit machines for certs expiring after 2038)
    # 428: Fix for representation of [...] used algorithms
           in ipsec auto --status [Martin Schiller]
    #1032: ipsec_xmit_send ignored mark of skb. causing ignoring of ip rules
           and only main routing table was used. [Wolfgang Nothdurft]
    #1035: Allow specifying interface name, eg left=%ppp0 [Martin Schiller]
    #1080: duplicate of #414
    #1087: acquires cause invalid policies being inserted into xfrm policy
           introduced in 2.6.25 [Tuomo]
    #1093: enc alg=0 not found in constants.c:oakley_enc_names [Henry N.]
    #1094: IPSEC_RCV_DECAPFAIL with auth=ah [Wolfgang Nothdurft]
    #1104: Compile for NETKEY without KLIPS fails with missing symbols
           [Henry N.]
    #1107: buildfix for showpolicy.c when using gcc 4.5 by Paweł Zuzelski
    #1108: gcc-4.5.0 enum warning fix [Paweł Zuzelski]
    #1004: Better fix for bug #1004 [Mika Ilmaranta/Tuomo]
    #1085: Random disconnects of (ipsec+l2tpd) tunnels [Mika Ilmaranta/Tuomo]

More information about the Announce mailing list