* Fix for: ASSERTION FAILED at connections.c:1579: c->kind == CK_TEMPLATE [Paul]
* Add --listen/listen= option to limit listening to a single IP [Paul]
* sa_policy_bit_names was missing ModeConfig DNS and WINS bit names [Paul]
* SAREF: Add sareftrack=<no|yes|conntrack> connection option [Paul]
* Fix for "handling event EVENT_RETRANSMIT for <invalid>" [Paul]
* Fix for specifying protport=47 (GRE has no ports) [Paul]
* Don't fill traffic selector struct in IKEv2 child SA when not recv'd [Paul]
* Add geode-aes to the list of crypto modules to load [Paul]
* Don't install ipsec init script as /etc/init.d/setup [David]
* Bugtracker bugs fixed:
# 252/619 more than 20 payloads in message; ignored [paul]
# 690 ipsec lwdnsq --help not implemented
# 860 Port --random for newhostkey [Paul]
#1005 Incorrect message "R_U_THERE_ACK has unexpected sequence number" [Mike]
#1040: Fix to compile without DEBUG [Paul]
#1054: Startup warning: "ignored obsolete keyword (null)" [Michael Smith]
#1112: Prototypes only, if function enabled in c-source with KLIPS or
PFKEY [Henry N.]
#1115: Fix various warnings u_char * vs. char * for sscanf,... [Henry N.]
#1149: pluto uses empty NAT_OA as IDci, Server behind NAT and non natted
Windows XP [Wolfgang Nothdurft]
#1151: The ipsec module is not removed by 'ipsec setup stop' [Paul]