[Openswan Users] Openswan 2.6.46 released

Samir Hussain shussain at xelerance.com
Fri Jan 22 14:45:27 EST 2016

Xelerance has released Openswan 2.6.46


v2.6.46 (January 22, 2016)

* Properly add IKESA_DEL state: added to state_names,
and create new event to delete the state after a timeout
with no reply [MCR]
* When finding ID match with wildcard, bind tighter to exact matches [MCR]
* Split up same_id into same_id(wildcards) and same_exact_id(no
wildcards) [MCR]
* When checking orientation, log result, and also reconnect to
IDhostpair [MCR]
* Fix IP/ID free functions to clear a connection from the pairs
and then properly free the HP structure themselves [MCR]
* Log IDhost pair header values, not ones from the first connection [MCR]
* Some formatting tweaks to hostpair_list to make it easier to
understand [MCR]
* Added listhostpairs option, fixed listevents description [MCR]
* The clear_IDhost_pair routine was complaining in list_rm()
as a result of an instance being created/copied from the parent,
without clearing the IDhost_pair link [MCR]
* Use SHA1_DIGEST_SIZE rather than incorrect sizeof() [MCR]
* Protected ietf_constants.h against multiple inclusion [MCR]
* Some code was duplicated due to refactoring that was backported:
list_rm moved to hostpair.h [MCR]
* TIME_UTC is also defined in /usr/include/time.h, so pick a better
name [MCR]
* GCC 5.0 complains about use of !same_chunk() because expansion of
macro leaves it confused. Add () [MCR]
* Protect list_rm against ehead being null [MCR]
* Remove cleanup of IDhostpair links to hostpair.c,
and protect against the connection having never been on an ID
hostpair [MCR]
* Fixed problem in check_connection_end where wrong end was tested for [MCR]
* As SPD Route may be manipulated before being erouted, the resulting
eroute_owner setting is no longer propogated back into the connection
this patch sets all SPD routes which do not have other owners to
this eroute [MCR]
* Log eroute operations more concisely, do it after they succeed/fail [MCR]
* Better logging of eroute_owner [MCR]
* Refactor show_connection_status so that it can use loglog or
whacklog for output moved log.h to pluto/log.h as unit test cases
will need it [MCR]
* Log current date when processing events [MCR]
* Looks like a copy and paste error has lingered in the sourceip
processing, causing the parser to whomp on the nexthop if the
sourceip is set [MCR]
* Log address inconsistencies with names rather than numbers [MCR]
* The address family determined by the outer addresses (right/left
/nexthop) should not override address family for inner items
(rightsubnet/sourceip) [MCR]
* Fixed find_host_pair so that it finds right=%any matches correctly [MCR]
* Change listing to give IP/ID type on every bucket [MCR]
* Added option to readwriteconf to load all conns marked add/route/up [MCR]
* Document --listhostpairs debug option [MCR]
* Possible fix for IKEv2 issues when built with libnss [MCR]
* Return proper IKEv2 Notify when authentication fails due to wrong ID [MCR]
* Make sure that host_type is initialized [MCR]
* Take care of deleting IDhostpair when connection is deleted [MCR]
* Use IDhost_pair list to find appropriate conn by ID [MCR]
* Added IDhostpair support [MCR]
* Initial work on creating a hostpair list by ID [MCR]
* Added listing of hostpairs to available whack debugs [MCR]
* INVALID_MSGID becomes -1 on 32-bit, but not on 64, so translate it
better [MCR]
* Rename host_pair to IPhost_pair in preperation to adding IDhost_pair [MCR]
* Remove file that was accidentally committed [Simon Deziel]
* Debian: update patch list file [Simon Deziel]
* Debian: bump standards version to 3.9.6 (no change required) [Simon
* Debian: drop dpatch (obsolete) [Simon Deziel]
* Split up IKEv2 RSA verification into nss and non-nss versions [MCR]
* Move try_RSA_signature_v1 to seperate file [MCR]
* When loading conn, process alsoflip= as well [MCR]
* Refactor also processing so it can be applied to alsoflip [MCR]
* Fixing minor typo and spelling mistakes. [Samir Hussain]
* Refactor whack_listen processing to seperate function for unit
testing Added called to check_orientations() after discovery of new
interfaces [MCR]
* Log the connection name for each IPhostpair that is being compared
to [MCR]
* lp24-certreply dave discovered that find_host_pair was still wrong.
Rewrote find_host_pair again to with bestpair mechanism to get it
right [MCR]
* Updating man page in order to remove manual option from auto keyword
(it is no longer supported) [Samir Hussain]

More information about the Users mailing list