[Openswan dev] openswan 2.6.18rc1 available

Paul Wouters paul at xelerance.com
Wed Oct 1 18:57:57 EDT 2008

A release candidate was just made. The one important bugfix we want to put
in before a final release is the KLIPS error (Unknown socket write error 96).

But for NETKEY there should not be a difference between this prerelease
and the final openswan 2.6.18 release, unless one of you finds a regression
compared to openswan 2.6.16.

Changes follow below,

(ps. note that there is no openswan 2.6.17 release)

* Fix for compiling KLIPS on RHEL/Centos 2.6.18-92.1.10.el5 [dhr/paul]
* Fix in deleting connections that might have caused some of our Delete
   Notifies to have gotten lost. Introduced in openswan 2.5.01 [paul]
* Rekey= inverted yes/no, causing rekey=no to be rekey=yes [Shingo Yamawaki]
* Some memory leaks / refcount fixes [Shingo Yamawaki]
* Removed most of #ifdef CONFIG_KLIPS_DEBUG conditionals. We now always
   compile in DEBUG support. [paul]
* No longer use the assembly version of des_encrypt (dx86unix.S). It
   is i386-i686 specific, requires framepointers and does not work with
   CONFIG_REGPARM=y, which is the unconditional default for 2.6.17+ [paul]
* Fix memory leak when we run out of descriptors [David McCullough]
* Various memory leak fixes for pluto (from #macosx) [Ilia Sotnikov]
* LEAK_DETECTIVE should report better now [Ilia Sotnikov]
* Add support for USE_DMALLOC [Ilia Sotnikov]
* Update stats to show dropped packets [David McCullough]
* Allow session migration of OCF devices [Brad Vrabete]
* DNS/WINS ModeConfig fixes [David McCullough]
* refineconnection bug fix. This might cover various problems where
   the right conn was not picked (eg rightca="%any" workaround, but
   perhaps also some rekey issues) [paul]
* unregister_netdevice: waiting for ppp2 to become free. Usage
   count = -1 on kernels < 2.6.24 [Martin Schiller]

* Bugtracker bugs fixed:
   #989: Patch for fixing type-punned compiler warnings [Alin Nastac]
   #979: Two errors in debian/ packaging files (fix included) [ruben]
   #978: ipsec.conf man page has typo in virtual_private sample line [tuomo]
   #231: In Aggressive Mode with NAT-T,initiator should switch port [hiren joshi]
   #228: Problems with %any matching in ipsec.secrets? [David McCullough]
   #984: OpenSwan 2.4.13: Wrong ipsec_dev_get(x) function for Kernels < 2.6.24

v2.6.17 [will be skipped due to bad tag]

More information about the Dev mailing list