Release Notes: X.509 0.9.41 was merged, including another security fix which fixes CAN-2004-0590; see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0590 and http://www.openswan.org/support/vuln/can-2004-0590. Loading of 2.6 modules was fixed. A fix was made for snprintfs() in /proc. The checks for some log files/dirs were fixed for the case when they are sockets or pipes. A fix was made for a crash in crl.pem. Corruption of some /proc files was fixed. The leftsendcert= flag was fixed.
Release Notes: Warnings from KLIPS ipsec_* files due to bad "/proc/*ipsec*" comments were fixed. X.509 0.9.41 was merged, including another security fix. This fixes CAN-2004-0590; see http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0590 and http://www.openswan.org/support/vuln/can-2004-0590. X.509 0.9.40 was merged, and includes a fix for a vulnerability in the X.509 code. A fix was made for 64-bit 3DES errors. A fix was made for NAT-T without port-floating (draft-00/01). snprintf and /proc changes were made.
Release Notes: A fix was made for sprintfs to ipsec_snprintfs since 2.4.25+ is stricter with it. (This solves the "illegal use of sprintf" fatal error.) A bug with odd or broken certs and SHA2-512 was fixed with passert in crypto.h. A minor fix was made for comment characters in dhclient.conf and showhostkey.
Release Notes: CRL fetching was fixed. A call to init_crl_fetch() was missed. X.509 0.9.38 was merged. Both RSASig and PSK Roadwarriors are supported at the same time. A vulnerability in ASN.1, which could cause pluto to crash, was fixed.
Release Notes: NAT traversal support for the 2.6 kernel was added. Virtual IPs (eg. leftsourceip=192.168.0.10), XAUTH server (works with SafeNet, SSH Sent, and Openswan), and XAUTH clients are now also supported.
Release Notes: The 1.x tree is based on the last version of Super FreeS/WAN (18.104.22.168) with few additional features, only bugfixes applied. It works for Linux kernels 2.0.x, 2.2.x, and 2.4.x. It does not support the 2.6.x kernels. Dynamic CRL fetching from the 2.x series has been backported as well.