diff options
author | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2018-05-30 14:27:35 +0200 |
---|---|---|
committer | Christian Mauderer <christian.mauderer@embedded-brains.de> | 2018-08-01 09:55:27 +0200 |
commit | ff36f5e409707ada66506eefd4ac0a396cb28055 (patch) | |
tree | 9594b2a1aeb06b4ecaaae02644a65525adaf5bb5 /ipsec-tools/NEWS | |
parent | if_ipsec: Port and add to everything-buildset. (diff) | |
download | rtems-libbsd-ff36f5e409707ada66506eefd4ac0a396cb28055.tar.bz2 |
Import ipsec-tools 0.8.2.
Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.
Diffstat (limited to 'ipsec-tools/NEWS')
-rw-r--r-- | ipsec-tools/NEWS | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/ipsec-tools/NEWS b/ipsec-tools/NEWS new file mode 100644 index 00000000..1efdfd50 --- /dev/null +++ b/ipsec-tools/NEWS @@ -0,0 +1,173 @@ +Version history: +---------------- +0.8.2 - 27 February 2014 + o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev) + o Fix source port selection regression from version 0.8.1 + o Various logging improvements + o Additional compliance and build fixes + +0.8.1 - 08 January 2013 + o Improved X.509 subject name comparation (Götz Babin-Ebell) + o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink) + o Allow simplified syntax for inherited remote blocks (Roman Antink) + o Never shring pfkey socket buffer (Marcelo Leitner) + o Privilege separation child process exit fix + o Multiple memory allocation and use-after-free fixes + +0.8 - 18 March 2011 + o Fix authentication method ambiguity with kerberos and xauth + o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman) + o Local address code rewrite to speed things up + o Improved MIPv6 support (Arnaud Ebalard) + o ISAKMP SA (phase1) rekeying + o Improved scheduler (faster algorithm, support monotonic clock) + o Handle RESPONDER-LIFETIME in quick mode + o Handle INITIAL-CONTACT in from main mode too + o Rewritten event handling framework for admin port + o Ability to initiate IPsec SA through admin port + o NAT-T Original Address handling (transport mode NAT-T support) + o clean NAT-T - PFkey support + o support for multiple anonymous remoteconfs + o Remove various obsolete configuration options + o A lot of other bug fixes, performance improvements and clean ups + +0.7.1 - 23 July 2008 + o Fixes a memory leak when invalid proposal received + o Some fixes in DPD + o do not set default gss id if xauth is used + o fixed hybrid enabled builds + o fixed compilation on FreeBSD8 + o cleanup in network port value manipulation + o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in + purge_ipsec_spi() + o Generates a log if cert validation has been disabled by + configuration + o better handling for pfkey socket read errors + o Fixes in yacc / bison stuff + o new plog() macro (reduced CPU usage when logging is disabled) + o Try to work better with huge SPD/SAD + o Corrected modecfg option syntax + +0.7 - 09 August 2007 + o Xauth with pre-shared key PSK + o Xauth with certificates + o SHA2 support + o pkcs7 support + o system accounting (utmp) + o Darwin support + o configuration can be reloaded + o Support for UNIQUE generated policies + o Support for semi anonymous sainfos + o Support for ph1id to remoteid matching + o Plain RSA authentication + o Native LDAP support for Xauth and modecfg + o Group membership checks for Xauth and sainfo selection + o Camellia cipher support + o IKE Fragment force option + o Modecfg SplitNet attribute support + o Modecfg SplitDNS attribute support ( server side ) + o Modecfg Default Domain attribute support + o Modecfg DNS/WINS server multiple attribute support + +0.6 - 27 June 2005 + o Generated policies are now correctly flushed + o NAT-T works with multiple peers behind the NAT (need kernel support) + o Xauth can use shadow passwords + o TCP-MD5 support + o PAM support for Xauth + o Privilege separation + o ESP fragmentation in tunnel mode can be tunned (NetBSD only) + o racoon admin interface is exported (header and library) to + help building control programs for racoon (think GUI) + o Fixed single DES support; single DES users MUST UPGRADE. + +0.5 - 10 April 2005 + o Rewritten buildsystem. Now completely autoconfed, automaked, + libtoolized. + o IPsec-tools now compiles on NetBSD and FreeBSD again. + o Support for server-side hybrid authentication, with full + RADIUS supoort. This is interoperable with the Cisco VPN client. + o Support for client-side hybrid authentication (Tested only with + a racoon server) + o ISAKMP mode config support + o IKE fragmentation support + o Fixed FWD policy support. + o Fixed IPv6 compilation. + o Readline is optional, fixed setkey when compiled without readline. + o Configurable Root-CA certificate. + o Dead Peer Detection (DPD) support. + +0.4rc1 - 09 August 2004 + o Merged support for PlainRSA keys from the 'plainrsa' branch. + o Inheritance of 'remote{}' sections. + o Support for SPD policy priorities in setkey. + o Ciphers are now used through the 'EVP' interface which allows + using hardware crypto accelerators. + o Setkey has new option -n (no action). + o All source files now have 3-clause BSD license. + +0.3 - 14 April 2004 + o Fixed setkey to handle multiline commands again. + o Added command 'exit' to setkey. + o Fixed racoon to only Warn if no CRL was found. + o Improved testsuite. + +0.3rc5 - 05 April 2004 + o Security bugfix WRT handling X.509 signatures. + o Stability fix WRT unknown PF_KEY messages. + o Fixed NAT-T with more proposals (e.g. more crypto algos). + o Setkey parses lines one by one => doesn't exit on errors. + o Setkey supports readline => more user friendly. + +0.3rc4 - 25 March 2004 + o Fixed adding "null" encryption via 'setkey'. + o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 + o Fixed NAT-T in aggresive mode. + o Fixed testsuite and added testsuite run into make check. + +0.3rc3 - 19 March 2004 + o Fixed compilation error with --enble-yydebug + o Better diagnostic when proposals don't match. + o Changed/added options to setkey. + +0.3rc2 - 11 March 2004 + o Added documentation for NAT-T + o Better NAT-T diagnostic. + o Test and workaround for missing va_copy() + +0.3rc1 - 04 March 2004 + o Support for NAT Traversal (NAT-T) + +0.2.4 - 29 January 2004 + o Sync with KAME as of 2004-01-07 + o Fixed unauthorized deletion of SA in racoon (again). + +0.2.3 - 15 January 2004 + o Support for SA lifetime specified in bytes + (see setkey -bs/-bh options) + o Enhance support for OpenSSL 0.9.7 + o Let racoon be more verbose + o Fixed some simple bugs (see ChangeLog for details) + o Fixed unauthorized deletion of SA in racoon + o Fixed problems on AMD64 + o Ignore multicast addresses for IKE + +0.2.2 - 13 March 2003 + o Fix racoon to build on some systems that require linking against -lfl + o add an RPM spec to the distribution + +0.2.1 - 07 March 2003 + o Fix some more gcc-3.2.2 compiler warnings + o Fix racoon to actually configure with ssl in a non-standard location + o Fix racoon to not complain if krb5-config is not installed + +0.2 - 06 March 2003 + o Glibc-2.3 support + o OpenSSL-0.9.7 support + o Fixed duplicate-macro problems + o Fix racoon lex/yacc support + o Install psk.txt mode 600, racoon.conf mode 644 + o Fix racoon to look in the correct directory for config files + +0.1 - 03 March 2003 + o Initial release of IPsec-Tools |