Skip to content
v2.6.29
default avatar
paul@xelerance.com
a8db8204 · updated CHANGES with references to 2 CVE's ·
Unverified 
! This release is made for CVE-2010-3302 and CVE-2010-3308
* XAUTH: Avoid buffer overflow in CISCO DNS info [dhr/paul]
         Avoid shell problems with single quotes CISCO DNS paramters [dhr/paul]
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3302
* XAUTH: Avoid buffer overflow in CISCO BANNER [dhr/paul]
         Avoid shell problems with single quotes in CISCO paramters [dhr/paul]
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3308
* NETKEY: Fix for spurious %hold netlink-acquires [Paul/dhr]
* KLIPS: Fix compiling on 2.6.18 based RHEL5 kernels [Paul]
* Various fixes based on automated source code review [dhr]
* SAREF: Updated for 2.6.35 kernel [Harald]
* KLIPS: Updated for 2.6.35 kernel [Harald]
* PACKAGING Use Epoch 1: for Debian/Ubuntu [Simon]
* MAST: fix iptables rule "leak" on rekey [Bart]
* MAST: use only the most recent iptables rule [Bart]
* pluto: restrict rekeymargin to be smaller than salifetime [Bart]
* MAST: ensure we don't end up with mtu=0 on mast0 [Bart/Paul]
* MAST: enforce outgoing tunnel policy [Bart]
* MAST: use addflow pfkey command to set policy on tunnel SAs [Bart]
* Added a new pfkey flag, POLICYONLY, to the ADDFLOW command [Bart]
* MAST: allow for setting of policy for inbound SAs [Bart]
* MAST: favour deleting an SA even if the pfkey op failed [Bart]
* HAVESTATSD: Log new phase2 messages as a result of a rekey [Paul]
* MAST: use iptables --comment to show the conn name [Bart]
* VNET: differentiate instantiation of road warriors and vnet [Paul]
* Log LEAK_DETECTIVE and HAVE_LIBNSS support on startup [Paul]
* [IKEv2] connections were broken since 2.6.25 [Avesh]
* MAST: new "ipsec policy" command replaces "ipsec eroute" [Bart]
* Fix SElinux warning in realsetup (bz628879) [Avesh]
* Support for SHA2_256 in IKEv2 (bz621790) [Avesh]
* IKEv2: Fix for using MD5 and PRF conversion function [Avesh]
* SAREF: Improved workaround for rp_filter [Bart]
* NSS: Increase minimum nss for rhbz#453577 [Paul]
  (this allows us to revert workaround in git 6c8ff2791d1)
* SAREF: Added /proc/net/ipsec/saref that shows kernel patch state [Bart]