[Announce] openswan 2.6.38 released
Tuomo Soini
tis at foobar.fi
Fri Mar 23 19:22:46 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear community,
As Paul Wouters is currently unable to perform his role as Release
Manager, I have stepped in to temporarily take over his
responsibilities.
Openswan 2.6.38 released to the community
https://www.openswan.org/download/openswan-2.6.38.tar.gz
https://www.openswan.org/download/openswan-2.6.38.tar.gz.asc
https://www.openswan.org/download/CHANGES
Mirror site:
ftp://ftp.openswan.fi/pub/openswan/openswan-2.6.38.tar.gz
ftp://ftp.openswan.fi/pub/openswan/openswan-2.6.38.tar.gz.asc
ftp://ftp.openswan.fi/pub/openswan/CHANGES
This is a major bugfix release. It fixes and enhances IKEv2
functionality. It works around the Linux kernel bug for
wrong SHA2 truncation that caused openswan to fail to interop
with other vendors such as Checkpoint. It has various NAT-T
fixes for better interop with Android and I-Phones. And it now
supports reconfiguring a locally running DNSSEC server with
nameservers obtained via XAUTH/ModeConfig.
A full list of changes follows below
Furthermore, the long expected move to make "bugs.openswan.org" the
new webste has finally been completed. This means that everyone can now
contribute and update content on the website via the wiki system.
Regards,
Tuomo Soini
v2.6.38 (March 24, 2012)
* DPD: seq_no logged after hton() call [Shinichi Furuso]
* DPD: With multiple phase 2 SAs, we sent too many [Shinichi Furuso]
R_U_THERE's
* barf: iptables-save on suse is in /usr/sbin, not /sbin [Paul/Shinichi]
* SUSE: Package compliant with Kernel Module Package Manual [Shinichi
Furuso]
* verify: fix false positive on IP forwarding (perl dependant) [Steve
Delaney]
* IKEv2: Introduced new keyword narrowing=yes|no [Paul]
* IKEv2: Send TS_UNACCEPTABLE when narrowing would violate local
policy [Paul]
* IKEv2: Fix for multiple SAs to the same peer with different ports
[Avesh]
* IKEv2: IKE-SA_INIT with INVALID_KE_PAYLOAD Notify Payload should
continue [Avesh]
* IKEv2: incorrecty sent PAYLOAD_MALFORMED on unknown minor version
[Avesh]
* IKEv2 should ignore unknown RESERVED bits in payload [Avesh]
* IKEv2: Implement sending higher IKEv2 major and minor versions [Paul]
* IKEv2: Delete SA states added to state machine [Avesh]
* IKEv2: Informational Exchange added [Avesh]
* hostpair: initial_connection_sent was never set to not FALSE [Avesh]
* Crypto: handle leading zeroes in DH keys [Avesh]
* Add PLUTO_IS_PEER_CISCO= to updown scripts [Avesh]
* XFRM: update userland copies of xfrm.h netlink.h rtnetlink.h
[Paul/Avesh]
* SHA2 fix when pluto is compiled without USE_EXTRACRYPTO [Paul/Tuomo]
* SHA2: Fix for Linux kernel using bad sha2_256 truncation (96 instead
of 128) (to get the old behaviour for interop, specify
sha2_truncbug=yes) [Paul]
* Fix two format string buglets [Moritz Muehlenhoff]
* XAUTH: Support unbound as local resolver in remote_peer_type=cisco
[Paul]
* NATT: Fix iphone/iOS by removing outdated OSX NAT-T workarounds [Paul]
* SAREF: kernel patches updated to linux 3.0.0 [Jonathon Padfield]
* SAREF: fix all patch versions to use new numbers for SAREF [Paul]
* Fix various compiler warnings in lib, pluto and ikeping [dhr]
* Various ESP_* and AH_* fixes/updates from IANA [Paul]
* Fix authalg in esp_info to be u_int16_t, not u_int8_t [Paul]
* Debian: Various debiacn packaging fixes [Simon]
* KLIPS: Fix crasher on returning -ENODEV from ppp devices [David]
* XAUTH: Support dynamic config update for unbound DNSSEC resolver
[Paul/Tuomo]
* Remove non-iproute2 version of _updown.klips and its USE_IPROUTE2
[Paul]
* Bugracker bugs fixed:
#1263 /usr/lib/ipsec/_startnetkey selects wrong default gateway if
there are multiple [Petr Tichy]
#1314 update the updateresolvconf routines to be able to reconfigure
locally running unbound [Paul]
#1322 get rid of unused bucketno argument in state_hash [Paul]
#1326 0001-SAREF patch not compiling on 3.0.0 [Jonathon Padfield]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQIcBAEBAgAGBQJPbQXOAAoJEMMAQCKFAdLsED0P/00NkWE0ZOFlcIDJ5Qi8wVi0
iF12aDNcIqnAhjx9nkWG/m29Ucq84WIeuFlGsbJUJ2L2EAgiidF8Ue/m630sAWpD
KkI+xDifyEZVuzhsO04CA+RZSKAwxW6NI6E267tdW9I0A/Em7gCVE+yC3qpYQYro
0x1o3VWF21BUs98FZKduBDDywFe6KH4lVo1w9CH1f5+W99AQfV/6JzOb47JRKNEg
z6HgcRMbJFSlemQqIibbboVGybq4YwmbRASOIRaLh57EODXRYNHrCblextg3XUbu
s3inN0EjjuLjB6QKQY8+Mc4rUq8gsKj9zp9Y9OAqWnRSVmAflQr6G8DXgwqHz/I7
kqFhOv84iUC5vVWnUglZtdG9j65MMF7eY5Uit7ommgY9OmamVAmJD1KrlbnxsjJI
nxvouA2cgQjIIsaXChpARb816wyJK7eynLNR7iGC+nNNYl+B09E0hwgRlc7K3SBN
P+PKRdIJac8iDW63wgRNOwdbv0U1XFWaeuXcLaBVfNPRtHuiYOu+g1YgrC0nIzO7
H+hO/yRGfFbD5GNjyShKBoQqOQcV0bNwKnqn7Ba+2K/GLC1vueo5SV+v5xH60A6G
ZT+EqTri54nYzl8HD7OcmjWkHZNJ2rTD3x2/3dMgCaMi/uM/t2JXGbpXfYpwdfaP
64dYxSx53yOqNlAwv/UP
=PMQp
-----END PGP SIGNATURE-----
More information about the Announce
mailing list