Skip to content
v2.6.38
default avatar
tis@foobar.fi
1639ae50 · update CHANGES ·
Unverified 
* DPD: seq_no logged after hton() call [Shinichi Furuso]
* DPD: With multiple phase 2 SAs, we sent too many [Shinichi Furuso]
  R_U_THERE's
* barf: iptables-save on suse is in /usr/sbin, not /sbin [Paul/Shinichi]
* SUSE: Package compliant with Kernel Module Package Manual [Shinichi Furuso]
* verify: fix false positive on IP forwarding (perl dependant) [Steve Delaney]
* IKEv2: Introduced new keyword narrowing=yes|no [Paul]
* IKEv2: Send TS_UNACCEPTABLE when narrowing would violate local policy [Paul]
* IKEv2: Fix for multiple SAs to the same peer with different ports [Avesh]
* IKEv2: IKE-SA_INIT with INVALID_KE_PAYLOAD Notify Payload should
         continue [Avesh]
* IKEv2: incorrecty sent PAYLOAD_MALFORMED on unknown minor version [Avesh]
* IKEv2 should ignore unknown RESERVED bits in payload [Avesh]
* IKEv2: Implement sending higher IKEv2 major and minor versions [Paul]
* IKEv2: Delete SA states added to state machine [Avesh]
* IKEv2: Informational Exchange added [Avesh]
* hostpair: initial_connection_sent was never set to not FALSE [Avesh]
* Crypto: handle leading zeroes in DH keys [Avesh]
* Add PLUTO_IS_PEER_CISCO= to updown scripts [Avesh]
* XFRM: update userland copies of xfrm.h netlink.h rtnetlink.h [Paul/Avesh]
* SHA2 fix when pluto is compiled without USE_EXTRACRYPTO [Paul/Tuomo]
* SHA2: Fix for Linux kernel using bad sha2_256 truncation (96 instead of 128)
  (to get the old behaviour for interop, specify sha2_truncbug=yes) [Paul]
* Fix two format string buglets [Moritz Muehlenhoff]
* XAUTH: Support unbound as local resolver in remote_peer_type=cisco [Paul]
* NATT: Fix iphone/iOS by removing outdated OSX NAT-T workarounds [Paul]
* SAREF: kernel patches updated to linux 3.0.0 [Jonathon Padfield]
* SAREF: fix all patch versions to use new numbers for SAREF [Paul]
* Fix various compiler warnings in lib, pluto and ikeping [dhr]
* Various ESP_* and AH_* fixes/updates from IANA [Paul]
* Fix authalg in esp_info to be u_int16_t, not u_int8_t [Paul]
* Debian: Various debiacn packaging fixes [Simon]
* KLIPS: Fix crasher on returning -ENODEV from ppp devices [David]
* XAUTH: Support dynamic config update for unbound DNSSEC resolver [Paul/Tuomo]
* Remove non-iproute2 version of _updown.klips and its USE_IPROUTE2 [Paul]
* Bugracker bugs fixed:
   #1263 /usr/lib/ipsec/_startnetkey selects wrong default gateway if there
         are multiple [Petr Tichy]
   #1314 update the updateresolvconf routines to be able to reconfigure
         locally running unbound [Paul]
   #1322 get rid of unused bucketno argument in state_hash [Paul]
   #1326 0001-SAREF patch not compiling on 3.0.0 [Jonathon Padfield]