Import ipsec-tools 0.8.2.

Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.

1 files changed, 173 insertions, 0 deletions

diff --git a/ipsec-tools/NEWS b/ipsec-tools/NEWS
new file mode 100644
index 00000000..1efdfd50
--- /dev/null
+++ b/ipsec-tools/NEWS
@@ -0,0 +1,173 @@
+Version history:
+----------------
+0.8.2	- 27 February 2014
+	o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev)
+	o Fix source port selection regression from version 0.8.1
+	o Various logging improvements
+	o Additional compliance and build fixes
+
+0.8.1	- 08 January 2013
+	o Improved X.509 subject name comparation (Götz Babin-Ebell)
+	o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
+	o Allow simplified syntax for inherited remote blocks (Roman Antink)
+	o Never shring pfkey socket buffer (Marcelo Leitner)
+	o Privilege separation child process exit fix
+	o Multiple memory allocation and use-after-free fixes
+
+0.8	- 18 March 2011
+	o Fix authentication method ambiguity with kerberos and xauth
+	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
+	o Local address code rewrite to speed things up
+	o Improved MIPv6 support (Arnaud Ebalard)
+	o ISAKMP SA (phase1) rekeying
+	o Improved scheduler (faster algorithm, support monotonic clock)
+	o Handle RESPONDER-LIFETIME in quick mode
+	o Handle INITIAL-CONTACT in from main mode too
+	o Rewritten event handling framework for admin port
+	o Ability to initiate IPsec SA through admin port
+	o NAT-T Original Address handling (transport mode NAT-T support)
+	o clean NAT-T - PFkey support
+	o support for multiple anonymous remoteconfs
+	o Remove various obsolete configuration options
+	o A lot of other bug fixes, performance improvements and clean ups
+
+0.7.1	- 23 July 2008
+	o Fixes a memory leak when invalid proposal received
+	o Some fixes in DPD
+	o do not set default gss id if xauth is used
+	o fixed hybrid enabled builds
+	o fixed compilation on FreeBSD8
+	o cleanup in network port value manipulation
+	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
+	  purge_ipsec_spi()
+	o Generates a log if cert validation has been disabled by
+	  configuration
+	o better handling for pfkey socket read errors
+	o Fixes in yacc / bison stuff
+	o new plog() macro (reduced CPU usage when logging is disabled)
+	o Try to work better with huge SPD/SAD
+	o Corrected modecfg option syntax
+
+0.7	- 09 August 2007
+	o Xauth with pre-shared key PSK
+	o Xauth with certificates
+	o SHA2 support
+	o pkcs7 support
+	o system accounting (utmp)
+	o Darwin support
+	o configuration can be reloaded
+	o Support for UNIQUE generated policies
+	o Support for semi anonymous sainfos
+	o Support for ph1id to remoteid matching
+	o Plain RSA authentication
+	o Native LDAP support for Xauth and modecfg
+	o Group membership checks for Xauth and sainfo selection
+	o Camellia cipher support
+	o IKE Fragment force option
+	o Modecfg SplitNet attribute support
+	o Modecfg SplitDNS attribute support ( server side )
+	o Modecfg Default Domain attribute support
+	o Modecfg DNS/WINS server multiple attribute support
+
+0.6	- 27 June 2005
+	o Generated policies are now correctly flushed
+	o NAT-T works with multiple peers behind the NAT (need kernel support)
+	o Xauth can use shadow passwords
+	o TCP-MD5 support
+	o PAM support for Xauth
+	o Privilege separation
+	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
+	o racoon admin interface is exported (header and library) to 
+	  help building control programs for racoon (think GUI)
+	o Fixed single DES support; single DES users MUST UPGRADE.
+
+0.5	- 10 April 2005
+	o Rewritten buildsystem. Now completely autoconfed, automaked,
+	  libtoolized.
+	o IPsec-tools now compiles on NetBSD and FreeBSD again.
+	o Support for server-side hybrid authentication, with full 
+	  RADIUS supoort. This is interoperable with the Cisco VPN client.
+	o Support for client-side hybrid authentication (Tested only with
+	  a racoon server)
+	o ISAKMP mode config support
+	o IKE fragmentation support
+	o Fixed FWD policy support.
+	o Fixed IPv6 compilation.
+	o Readline is optional, fixed setkey when compiled without readline.
+	o Configurable Root-CA certificate.
+	o Dead Peer Detection (DPD) support.
+
+0.4rc1	- 09 August 2004
+	o Merged support for PlainRSA keys from the 'plainrsa' branch.
+	o Inheritance of 'remote{}' sections.
+	o Support for SPD policy priorities in setkey.
+	o Ciphers are now used through the 'EVP' interface which allows
+	  using hardware crypto accelerators.
+	o Setkey has new option -n (no action).
+	o All source files now have 3-clause BSD license.
+
+0.3	- 14 April 2004
+	o Fixed setkey to handle multiline commands again.
+	o Added command 'exit' to setkey.
+	o Fixed racoon to only Warn if no CRL was found.
+	o Improved testsuite.
+
+0.3rc5	- 05 April 2004
+	o Security bugfix WRT handling X.509 signatures.
+	o Stability fix WRT unknown PF_KEY messages.
+	o Fixed NAT-T with more proposals (e.g. more crypto algos).
+	o Setkey parses lines one by one => doesn't exit on errors.
+	o Setkey supports readline => more user friendly.
+
+0.3rc4	- 25 March 2004
+	o Fixed adding "null" encryption via 'setkey'.
+	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
+	o Fixed NAT-T in aggresive mode.
+	o Fixed testsuite and added testsuite run into make check.
+
+0.3rc3	- 19 March 2004
+	o Fixed compilation error with --enble-yydebug
+	o Better diagnostic when proposals don't match.
+	o Changed/added options to setkey.
+
+0.3rc2	- 11 March 2004
+	o Added documentation for NAT-T
+	o Better NAT-T diagnostic.
+	o Test and workaround for missing va_copy()
+
+0.3rc1	- 04 March 2004
+	o Support for NAT Traversal (NAT-T)
+
+0.2.4	- 29 January 2004
+	o Sync with KAME as of 2004-01-07
+	o Fixed unauthorized deletion of SA in racoon (again).
+
+0.2.3	- 15 January 2004
+	o Support for SA lifetime specified in bytes
+	  (see setkey -bs/-bh options)
+	o Enhance support for OpenSSL 0.9.7
+	o Let racoon be more verbose
+	o Fixed some simple bugs (see ChangeLog for details)
+	o Fixed unauthorized deletion of SA in racoon
+	o Fixed problems on AMD64
+	o Ignore multicast addresses for IKE
+
+0.2.2	- 13 March 2003
+	o Fix racoon to build on some systems that require linking against -lfl
+	o add an RPM spec to the distribution
+
+0.2.1	- 07 March 2003
+	o Fix some more gcc-3.2.2 compiler warnings
+	o Fix racoon to actually configure with ssl in a non-standard location
+	o Fix racoon to not complain if krb5-config is not installed
+
+0.2	- 06 March 2003
+	o Glibc-2.3 support
+	o OpenSSL-0.9.7 support
+	o Fixed duplicate-macro problems
+	o Fix racoon lex/yacc support
+	o Install psk.txt mode 600, racoon.conf mode 644
+	o Fix racoon to look in the correct directory for config files
+
+0.1	- 03 March 2003
+	o Initial release of IPsec-Tools