v2.6.27 (June 21, 2010)
* Fixes to the SAREF / MAST code to avoid recursion loops [Bart]
* KLIPS compile fixes for 2.4 kernels [David]
* Memory leak fix unshare_connection_strings [Shinichi Furuso]
* define ALLOW_MICROSOFT_BAD_PROPOSAL to allow connecting to behind NAT [Paul]
* Missing load_oswcrypto() call 'ipsec showhostkey' [Kevin Locke]
(this is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575757?)
* Log the netfilter mark (him/me) with HAVE_STATSD=true [Paul]
* saref-bind kernel patch that allows setsockopt() to an saref [Bart]
* Rename /bin/statsd to /bin/openswan-statsd with HAVE_STATSD=true [Paul]
* contrib/sarefnc is netcat (nc) with saref settable option [Bart]
* Allow multiple proposals in Aggressive Mode, as long as the DH group is
the same for all of them [Michael H. Warfield]
* alg_info_addref() needed #ifdef KERNEL_ALG like alg_info_delref() [Shinichi]
* Remove the obsolete _confread script. [Simon]
* Correct the creation of the directory /var/lock/subsys. [Simon]
* Set a default value for IPSECsyslog in setup to avoid logger errors. [Simon]
* Cleanup source code to use C-style comments [Tuomo]
* Enable addconn to read config from stdin when called with --config - [Simon]
* Fix for broken enum_names regarding ENCAPSULATION_MODE_TUNNEL* [Paul]
* Fix for a few gcc warnings in dnskey.c and xauth.c [Paul/Simon]
* Fix for kernel_pfkey.c bad_case(esatype) introduced in 2.6.25 [Bart]
* Bugtracker bugs fixed:
# 76: ipsec verify warns about no RSA key when using X509 pem files [Paul]
#1074: virtual_private broken on U2.6.19/K2.6.27.25-78.2.56.fc9.i686?
Fix virtual_private checks to give correct warnings [Tuomo]
#1101: protoport code and nat-t code are switching ports with netkey
[Mika Ilmaranta/Tuomo]
#1106: Incorrect xfrm policy with both-NAT client connection [Paul]