Tags give the ability to mark specific points in history as being important
-
v2.6.28
7b39a2ac · ·v2.6.28 (July 29, 2010) * MAST: Fix SAref vmalloc() call that could cause a kernel panic [Bart] * SAREF: rework exported interface to avoid might_sleep() during rcu lock [Bart] * SAREF: Use the correct mask when updating nfmark in rcv path [Bart] * MAST: Cleanup updown.mast iptables rule management [Bart] * MAST: Rework mast init scripts to use conntrack [Bart] * MAST: Remove iptables rules after SA is deleted [Bart] * SAREF: Fix bug in stream-socket saref mode [Bart] * SAREF: Ported to apply on Linux 2.6.34 [Harald] * MAST: Fix for NAT-T mode (set ixs->outgoing_said in mast mode) [Bart] * MAST: Fix module unload with mast [Bart] * Allow rightsubnet=vnet:%priv rightprotoport=17/%any w/o right=%any [Paul] * SAREF: Log SAref and SAbind capabilities on pluto startup [Paul] * Log tunnel down with HAVE_STATSD as "down", not "unknown" [Paul] * Changes to _realsetup.in for making the init script LSB compliant [Avesh] rhbz #594767 * _startnetkey update for DNS and NetworkManager [Avesh] * SAREF: fix bug in stream-socket saref mode [Bart] * Added TCP header flags to ipsec_print_ip() output [Bart] * KLIPS: Don't fail non-existant header_ops (breaks ppp) [David] * KLIPS: ip_select_ident hashing fix in AH xmit path [Kirill Berezin] * HAVE_STATSD: Fix phase1/phase2 logging through HAVE_STATSD interface [David] * HAVE_STATSD: log output fix when two connections share a phase1 [David] * HAVE_STATSD: Slightly clarified and changed log messages [Paul] * SAREF: Clarified defines and fixed nfmark printing in HAVE_STATSD [dhr/Paul] * MAST: Temp workaround in _updown.mast for martians problem [Bart/Paul] * Cleanup source code to use C-style comments [Tuomo] * Bugtracker bugs fixed: # 1120: [PATCH] netlink receive buffer size too small for linux 2.6.32 [Roman Hoog Antink] -
v2.6.28rc1
Redone 2.6.28rc tag
-
v2.6.28dr7
12cc0451 · ·SAREF: rework exported interface to avoid might_sleep() calls during rcu lock
-
v2.6.28dr4
673f971d · ·* MAST: Fix for NAT-T mode (set ixs->outgoing_said in mast mode) [Bart] * MAST: Fix module unload with mast [Bart] * Fix phase1/phase2 logging through HAVE_STATSD interface [David]
-
v2.6.28dr1
* MAST: cleanup updown.mast iptables rule management [Bart] * MAST: rework mast init scripts to use conntrack [Bart] * MAST: remove iptables rules after SA is deleted [Bart]
-
v2.6.27
bc5b46f6 · ·v2.6.27 (June 21, 2010) * Fixes to the SAREF / MAST code to avoid recursion loops [Bart] * KLIPS compile fixes for 2.4 kernels [David] * Memory leak fix unshare_connection_strings [Shinichi Furuso] * define ALLOW_MICROSOFT_BAD_PROPOSAL to allow connecting to behind NAT [Paul] * Missing load_oswcrypto() call 'ipsec showhostkey' [Kevin Locke] (this is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575757?) * Log the netfilter mark (him/me) with HAVE_STATSD=true [Paul] * saref-bind kernel patch that allows setsockopt() to an saref [Bart] * Rename /bin/statsd to /bin/openswan-statsd with HAVE_STATSD=true [Paul] * contrib/sarefnc is netcat (nc) with saref settable option [Bart] * Allow multiple proposals in Aggressive Mode, as long as the DH group is the same for all of them [Michael H. Warfield] * alg_info_addref() needed #ifdef KERNEL_ALG like alg_info_delref() [Shinichi] * Remove the obsolete _confread script. [Simon] * Correct the creation of the directory /var/lock/subsys. [Simon] * Set a default value for IPSECsyslog in setup to avoid logger errors. [Simon] * Cleanup source code to use C-style comments [Tuomo] * Enable addconn to read config from stdin when called with --config - [Simon] * Fix for broken enum_names regarding ENCAPSULATION_MODE_TUNNEL* [Paul] * Fix for a few gcc warnings in dnskey.c and xauth.c [Paul/Simon] * Fix for kernel_pfkey.c bad_case(esatype) introduced in 2.6.25 [Bart] * Bugtracker bugs fixed: # 76: ipsec verify warns about no RSA key when using X509 pem files [Paul] #1074: virtual_private broken on U2.6.19/K2.6.27.25-78.2.56.fc9.i686? Fix virtual_private checks to give correct warnings [Tuomo] #1101: protoport code and nat-t code are switching ports with netkey [Mika Ilmaranta/Tuomo] #1106: Incorrect xfrm policy with both-NAT client connection [Paul] -
v2.6.27rc1
48e6bd3e · ·* Fixes to the SAREF / MAST code to avoid recursion loops [Bart] * KLIPS compile fixes for 2.4 kernels [David] * Memory leak fix unshare_connection_strings [Shinichi Furuso] * define ALLOW_MICROSOFT_BAD_PROPOSAL to allow connecting to behind NAT [Paul] * Missing load_oswcrypto() call 'ipsec showhostkey' [Kevin Locke] (this is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575757?) * Log the netfilter mark (him/me) with HAVE_STATSD=true [Paul] * saref-bind kernel patch that allows setsockopt() to an saref [Bart] * Rename /bin/statsd to /bin/openswan-statsd with HAVE_STATSD=true [Paul] * contrib/sarefnc is netcat (nc) with saref settable option [Bart] * Allow multiple proposals in Aggressive Mode, as long as the DH group is the same for all of them [Michael H. Warfield] * alg_info_addref() needed #ifdef KERNEL_ALG like alg_info_delref() [Shinichi] * Remove the obsolete _confread script. [Simon] * Correct the creation of the directory /var/lock/subsys. [Simon] * Set a default value for IPSECsyslog in setup to avoid logger errors. [Simon] * Cleanup source code to use C-style comments [Tuomo] * Enable addconn to read config from stdin when called with --config - [Simon] * Fix for broken enum_names regarding ENCAPSULATION_MODE_TUNNEL* [Paul] * Fix for a few gcc warnings in dnskey.c and xauth.c [Paul/Simon] * Bugtracker bugs fixed: # 76: ipsec verify warns about no RSA key when using X509 pem files [Paul] #1074: virtual_private broken on U2.6.19/K2.6.27.25-78.2.56.fc9.i686? Fix virtual_private checks to give correct warnings [Tuomo] #1101: protoport code and nat-t code are switching ports with netkey [Mika Ilmaranta/Tuomo] #1106: Incorrect xfrm policy with both-NAT client connection [Paul] -
v2.6.27dr2
8bfa4297 · ·* define ALLOW_MICROSOFT_BAD_PROPOSAL to allow connecting to behind NAT [Paul] * Bugtracker bugs fixed: #1106: Incorrect xfrm policy with both-NAT client connection
-
v2.6.27dr1
054b506e · ·* Fixes to the SAREF / MAST code to avoid recursion loops [Bart] * Missing load_oswcrypto() call 'ipsec showhostkey' [Kevin Locke] (this is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575757?) * Log the netfilter mark (him/me) with HAVE_STATSD=true [Paul] * saref-bind kernel patch that allows setsockopt() to an saref [Bart] * Rename /bin/statsd to /bin/openswan-statsd with HAVE_STATSD=true [Paul] * contrib/sarefnc is netcat (nc) with saref settable option [Bart] * Allow multiple proposals in Aggressive Mode, as long as the DH group is the same for all of them [Michael H. Warfield] * KLIPS compile fixes for 2.4 kernels [David] * Bugtracker bugs fixed: # 76: ipsec verify warns about no RSA key when using X509 pem files [Paul] #1074: virtual_private broken on U2.6.19/K2.6.27.25-78.2.56.fc9.i686? Fix virtual_private checks to give correct warnings [Tuomo] #1101: protoport code and nat-t code are switching ports with netkey [Mika Ilmaranta/Tuomo] -
v2.6.26
a18db05a · ·v2.6.26 * KLIPS fixes for 2.6.33 kernel [Greg Ungerger/David] * RFC-5114 Diffie-Hellman group 22, 23 and 24 support [Avesh] * Revert broken work-around for nspr4 warning [Tuomo] * Copy David's klips fixes to netlink where they are needed too [Tuomo] * Fix bogus initiations of existing tunnels on netkey introduced in 2.6.25 [Tuomo] * Compile fixes for compiling without NAT_TRAVERSAL [Paul] * Fix pfkey error on tunnel deletion [David] * Fix up eroute_connection for klips [David] * When we ASSERT, show where we asserted [Bart] * Merge in #osx branch [Paul] * Fix eroute_type to satype conversion for pfkey [Bart] * Fix confusion about transport_proto and proto in comments and bsdkame [Tuomo] * Updated SecureClient patch for hybrid mode in contrib [Yair Elharrar] * remote_peer_type= support for whack [Avesh Agarwal] * Cisco banner support in _updown via PLUTO_PEER_BANNER [Avesh Agarwal] * New option nm_configured=yes will skip reconfiguring resolv.conf, so that NetworkManager can handle this. Can be directory whack'ed using the --nm_controlled option. [Avesh Agarwal] * Clean up DPD logging. [Tuomo] * SAref updated to 2.6.32 kernel [Bart/Paul] * Bugtracker bugs fixed: # 414: Y2K38 bug in X.509 Digital Certificate handling [Andreas Steffen] (happened only on 32bit machines for certs expiring after 2038) # 428: Fix for representation of [...] used algorithms in ipsec auto --status [Martin Schiller] #1032: ipsec_xmit_send ignored mark of skb. causing ignoring of ip rules and only main routing table was used. [Wolfgang Nothdurft] #1035: Allow specifying interface name, eg left=%ppp0 [Martin Schiller] #1080: duplicate of #414 #1087: acquires cause invalid policies being inserted into xfrm policy introduced in 2.6.25 [Tuomo] #1093: enc alg=0 not found in constants.c:oakley_enc_names [Henry N.] #1094: IPSEC_RCV_DECAPFAIL with auth=ah [Wolfgang Nothdurft] #1104: Compile for NETKEY without KLIPS fails with missing symbols [Henry N.] #1107: buildfix for showpolicy.c when using gcc 4.5 by Paweł Zuzelski #1108: gcc-4.5.0 enum warning fix [Paweł Zuzelski] #1004: Better fix for bug #1004 [Mika Ilmaranta/Tuomo] #1085: Random disconnects of (ipsec+l2tpd) tunnels [Mika Ilmaranta/Tuomo] * Fix for protostack=auto when KLIPS or NETKEY is not compiled in [Paul] * Fix for compiling without XAUTH (introduced with remote_peer=cisco support) [Thomas Geulig] * Fix %prompt for encrypted X.509 private keys [Harald] * Fix plutodebug=natt being accepted just like whack --debug-natt [Tuomo] -
v2.6.25
05270fa8 · ·v2.6.25 * Google Summer of Code 2009 project for osxApp merged in [Paul] code contributed by student Jose Quaresma and mentor Stefan Arentz * Google Summer of Code 2009 project for livetest merged in [Paul] code contributed by student Daniel Snider and mentor Paul Wouters * Added exceptsocket NULL kernel_ops for non-bsd stacks [Paul] * Remove hardcoded sql: from nss db path (showhostkey, rsasigkey) [Tuomo] * Remove version from README.nss [Tuomo] * Fixed obvious errors on fedora and centos5 rpm specs [Tuomo] * Remove --key option from showhostkey [Paul] * Fix for NAT-T vendorid payload on some ARM processors [dhr] * Fix reference to unused file in README.nss [Tuomo] * Fix 'ip' failure when built against libcap-ng [Kyle McMartin] * Split networking support for remote_peer_type=cisco [Avesh] * Fixup for compiling with broken version of nspr [Avesh] * Update ipsec.conf man page [Tuomo] * In rare circumstances, DPD could kill an active tunnel [Shinichi Furuso] * Compile fixes for NETKEY without KLIPS [Ajay.V.Sarraju] * Fix tcpdump operation on KLIPS/ipsecX interfaces [David] * Report NETDEV_TX_BUSY when klips is overloaded with requests [David] * Fix usage of KLIPS_IP_SELECT_IDENT to prevent kernel trace/warnings [David] * Auth corruption due to unprotected data in sha1 (work_space) [Shinichi Furuso] * Correct locking for SA tables in pfkey interface [Shinichi Furuso/David] * Add locking to PRNG to prevent possible corruption [Shinichi Furuso/David] * Fix oops on held packets [David] * Implement remove_orphaned_holds for NETKEY [Tuomo] * Fix _plutorun to use standard restart option for ipsec setup [Tuomo] * Disable auto skb_dst_release so that icmp_send works [Ronen Shitrit/David] * Fix for unloading KLIPS module on latish kernels [Ronen Shitrit] * Fix init script default not to start up on boot by default [Tuomo] * Do not store XAUTH password in a variable if read from the prompt [Avesh] * spi/spigrp/tncfg blindly assumed KLIPS. Give nicer error output [Avesh] * Fix for _updown.netkey not being able to delete route [Tuomo] * Fix bad bare_shunt entry that break tunnel routing [David] * Fix oops when network driver doesn't support all header_ops [David] * Fix for hardcoded hmac 96 bits length [Avesh] * Check for clrngd as well as rngd in ipsec verify [Paul] * Fix default value for ikev2 in ipsec.conf man page [Tuomo] * Support for USE_TRANSPORT_MODE in IKEv2 [Avesh] * Fix fox implicit DSO linking with NSS [Avesh] - redhat bz#565140 * Fix various spelling errors [Harald] * Fix for leftid=@[foo] notation [Michael H. Warfield] * Interop issue with Cisco where with XAUTH and ModeConfig we expected ISAKMP_CFG_REPLY but we got ISAKMP_CFG_ACK [Paul] * Support for receiving Cisco dns and domain settings and updating /etc/resolv.conf. Requires remote_peer_type=cisco [Avesh]