[Swan-dev] break down of 5.0's potential blockers
Andrew Cagney
andrew.cagney at gmail.com
Sun Dec 17 18:02:35 EET 2023
First the easy ones, I think these patches should go in:
#1482 building openbsd: don't try to use SADB_X_SPDFLUSH
#1483 building: fix typo in ok[] initializer
#1464 The XFRM address scope must be global
The next group fix packaging. They are low-risk in that they don't
touch the code base so I think these should go in:
#1465 Fix make git-rpm linux packaging
The next group fix the testsuite. They are low-risk in that they
don't touch the code base. If not in 5.0, I think they should go into
a 5.0-branch so that dealing with stuff like CVEs is easier:
#1486 testing kvm: sprinkle sync;sync;sync over code base
#1487 testing kvm: increase shutdown timeout from 20s to 30s
#1488 testing alpine: use sed -i to enable community repo containing NSS
#1490 testing freebsd: upgrade to 14.0
#1489 testing debian: point 12.2.0 URL at archive
The next one backports a fix to re-orient() when the host IP addresses
get messed up. The way to trigger this is non-trivial (without other
changes the problems aren't triggered). I'm not sure:
#1467 terminate: terminate_and_down_connections() fixes
This will happen when as part of the 5.0 release process:
#1354 update https://libreswan.org/man/ documentation
Basic offload is known to work:
#1364 verify hw offload and review bugs with offload label
These are nice to have:
#1434 A GUI that wraps around whack may look for the 041 (username) or
040 (password) prompts, and display them to the user whack
#1461 update spec files to include openpgp verification
#1469 document how IKEv1 is dying in libreswan.7
More information about the Swan-dev
mailing list