1 | Migration to cvs.netbsd.org |
---|
2 | |
---|
3 | 2006-08-22 Emmanuel Dreyfus <manu@netbsd.org> |
---|
4 | |
---|
5 | From Matthew Grooms: |
---|
6 | * src/racoon{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} |
---|
7 | src/racoon{isdakmp_quick.c|isakmp_xauth.c|isakmp_xauth.h} |
---|
8 | src/racoon/racoon.conf.5: Add a group check option |
---|
9 | |
---|
10 | 2006-08-17 Yvan Vanhullebus <vanhu@netasq.com> |
---|
11 | |
---|
12 | Patch from Matthew Grooms: |
---|
13 | * src/racoon/ipsec_doi.c: fixed an ASN1 size in |
---|
14 | ipsecdoi_checkid1() |
---|
15 | |
---|
16 | 2006-08-11 Yvan Vanhullebus <vanhu@netasq.com> |
---|
17 | |
---|
18 | Patch from Matthew Grooms: |
---|
19 | * src/racoon/ipsec_doi.[ch]: fixed and public ipsecdoi_id2str() |
---|
20 | * src/racoon/isakmp_quick.c: text fix |
---|
21 | * src/racoon/pfkey.c: sainfo debug |
---|
22 | * src/racoon/sainfo.c: sainfo debug |
---|
23 | |
---|
24 | 2006-07-17 Yvan Vanhullebus <vanhu@netasq.com> |
---|
25 | |
---|
26 | Reported by Matthew Grooms: |
---|
27 | * src/racoon/isakmp_quick.c: Fixed iph2->id / id_p checks in |
---|
28 | get_sainfo_r(). |
---|
29 | * src/racoon/racoon.conf.5: updated man page for sainfo logic. |
---|
30 | |
---|
31 | 2006-07-31 Emmanuel Dreyfus <manu@netbsd.org> |
---|
32 | From Matthew Grooms <mgrooms@shrew.net> |
---|
33 | * src/racoon/{cfparse.y|isakmp_cfg.c|isakmp_cfg.h} |
---|
34 | src/racoon/{isakmp_unity.c|isakmp_unity.h}: splinet support |
---|
35 | becomes dynamic, bugfixes |
---|
36 | |
---|
37 | 2006-07-19 Emmanuel Dreyfus <manu@netbsd.org> |
---|
38 | From Peter Eisch <peter@boku.net> |
---|
39 | * src/racoon/samples/roadwarrior/client/phase1-up.sh: add missing |
---|
40 | netmask in network interface configuration |
---|
41 | |
---|
42 | From Matthew Grooms <mgrooms@shrew.net> |
---|
43 | * configure.ac src/racoon/isakmp_xauth.c: update the LDAP API usage |
---|
44 | |
---|
45 | From Matthew Grooms <mgrooms@shrew.net> |
---|
46 | * src/racoon/{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} |
---|
47 | src/racoon/{isakmp_cfg.c|isakmp_unity.c|racoon.conf.5}: Split DNS |
---|
48 | support (server side) |
---|
49 | |
---|
50 | 2006-07-17 Yvan Vanhullebus <vanhu@netasq.com> |
---|
51 | |
---|
52 | * src/libipsec/pfkey.c: Fixed SADB_X_EXT_SEC_CTX support in pfkey_align(). |
---|
53 | Break reported by Matthew Grooms. |
---|
54 | |
---|
55 | 2006-07-13 Frederic Senault <fred@lacave.net> |
---|
56 | |
---|
57 | * src/racoon/isakmp_cfg.c: fix a typo that rendered DNS4 / WINS4 |
---|
58 | unoperable on 64bit architectures ; add a packetdump of MODE_CFG |
---|
59 | exchange in debug mode. |
---|
60 | |
---|
61 | 2006-07-09 Emmanuel Dreyfus <manu@netbsd.org> |
---|
62 | From Matthew Grooms <mgrooms@shrew.net> |
---|
63 | * src/racoon{cfparse.y|cftoken.l|isakmp_quick.c|isakmp_xauth.c} |
---|
64 | src/racoon{isakmp_xauth.h|racoon.conf.5|sainfo.c|sainfo.h}: |
---|
65 | Group authentication for Xauth. Supports system groups and LDAP. |
---|
66 | |
---|
67 | 2006-07-04 Yvan Vanhullebus <vanhu@netasq.com> |
---|
68 | |
---|
69 | * src/racoon/nattraversal.c: fixed a malloc check in |
---|
70 | natt_keepalive_add(). Patch from Bruno Wagenseil. |
---|
71 | |
---|
72 | 2006-06-30 Emmanuel Dreyfus <manu@netbsd.org> |
---|
73 | |
---|
74 | * src/racoon/{cfparse.l|cftoken.l}: meaningful error message when |
---|
75 | we cannot find the configuration file. |
---|
76 | |
---|
77 | 2006-06-24 Emmanuel Dreyfus <manu@netbsd.org> |
---|
78 | From Matthew Grooms <mgrooms@shrew.net> |
---|
79 | * src/racoon{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} |
---|
80 | src/racoon/{isakmp_xauth.c|isakmp_xauth.h|racoon.conf.5}: network |
---|
81 | configuration obtained from LDAP directory |
---|
82 | |
---|
83 | 2006-06-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
84 | From Matthew Grooms <mgrooms@shrew.net> |
---|
85 | * configure.ac: build fixes |
---|
86 | |
---|
87 | 2006-06-22 Emmanuel Dreyfus <manu@netbsd.org> |
---|
88 | * src/racoon/evt.c: build fix |
---|
89 | From Matthew Grooms <mgrooms@shrew.net> |
---|
90 | * configure.ac: build fixes around libldap and libiconv search |
---|
91 | |
---|
92 | 2006-06-21 Emmanuel Dreyfus <manu@netbsd.org> |
---|
93 | * src/racoon/evt.c: Do not record events if admin socket is |
---|
94 | disabled. |
---|
95 | |
---|
96 | 2006-06-20 Emmanuel Dreyfus <manu@netbsd.org> |
---|
97 | |
---|
98 | * configure.ac: Check for conflicts between system libiconv |
---|
99 | and newer libiconv header |
---|
100 | From Matthew Grooms <mgrooms@shrew.net> |
---|
101 | * configure.ac src/racoon/{cfparse.y|cftoken.l} |
---|
102 | src/racoon/{isakmp_cfg.h|isakmp_xauth.c|isakmp_xauth.h} |
---|
103 | src/racoon/{main.c|racoon.conf.5}: Use LDAP for Xauth |
---|
104 | |
---|
105 | 2006-06-20 Yvan Vanhullebus <vanhu@netasq.com> |
---|
106 | |
---|
107 | * configure.ac: fixed SHA256 detection on some systems. Patch by |
---|
108 | Dmitry Andrianov. |
---|
109 | * src/racoon/{cfparse.y|cftoken.l|plog.[ch]|racoon.conf.5}: |
---|
110 | changed logging levels. Patch by Michal Ruzicka. |
---|
111 | |
---|
112 | 2006-06-15 Emmanuel Dreyfus <manu@netbsd.org> |
---|
113 | From Matthew Grooms <mgrooms@shrew.net> |
---|
114 | * src/racoon/main.c: make sure RADIUS is correctly initialized |
---|
115 | |
---|
116 | 2006-06-14 Yvan Vanhullebus <vanhu@netasq.com> |
---|
117 | |
---|
118 | * Makefile.am, src/Makefile.am: fixed make dist on *BSD |
---|
119 | |
---|
120 | 2006-06-07 Emmanuel Dreyfus <manu@netbsd.org> |
---|
121 | * src/racoon/isakmp_cfg.c: Fix build. |
---|
122 | |
---|
123 | 2006-05-26 Emmanuel Dreyfus <manu@netbsd.org> |
---|
124 | From Pawel Jakub Dawidek <pjd@FreeBSD.org> |
---|
125 | * src/racoon/handler.c: Fix a crash caused by a NULL pointer |
---|
126 | * src/racoon/oakley.c: Typos |
---|
127 | * src/racoon/isakmp_base.c: Fix uninitialized buffer |
---|
128 | * src/racoon/isakmp_base.c: Do send DPD VID in resp case (base mode) |
---|
129 | |
---|
130 | 2006-05-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
131 | * src/racoon/isakmp_cfg.c: Mode cfg can be used without Xauth, so |
---|
132 | do not assume Xauth when preparing a hook script environement. |
---|
133 | From chunkeey@web.de |
---|
134 | * src/racoon/{algorithm.c|oakley.c|gssapi.c|ipsec_doi.c}: Fix amd64 |
---|
135 | build warnings |
---|
136 | * src/racoon/ipsec_doi.c: Don't free a referenced buffer |
---|
137 | From Matthew Grooms <mgrooms@shrew.net> |
---|
138 | * src/racoon/isakmp_cfg.c: Fix for unity local_lan support |
---|
139 | |
---|
140 | 2006-05-07 Emmanuel Dreyfus <manu@netbsd.org> |
---|
141 | * src/racoon/{isakmp.c|session.c|sockmisc.c|racoon.conf.5}: Do |
---|
142 | not reconfigure interface sockets when running in privilege |
---|
143 | separation as it will not work. Add debug for setsockopt(). |
---|
144 | * src/racoon/racoonctl.8: Do not tell config reload is completely |
---|
145 | broken (it's only somewhat broken). |
---|
146 | |
---|
147 | 2006-05-06 Emmanuel Dreyfus <manu@netbsd.org> |
---|
148 | |
---|
149 | * src/racoon/{remoteconf.c|remoteconf.h|isakmp.c|cfparse.y}: Fix |
---|
150 | memory leak (Coverity) |
---|
151 | * src/racoon/pfkey.c: Fix memory leak (Coverity) |
---|
152 | * src/racoon/ipsec_doi.c: Fix memory leak (Coverity) |
---|
153 | * src/racoon/isakmp.c: Fix memory leak (Coverity) |
---|
154 | * src/racoon/dnssec.c: Fix memory leak (Coverity) |
---|
155 | * src/racoon/backupsa.c: Fix memory leak (Coverity) |
---|
156 | * src/racoon/{nattraversal.c|isakmp.c|cfparse.y}: Check for non NULL |
---|
157 | allocation (Coverity) |
---|
158 | * src/racoon/isakmp_quick.c: Remove dead code (Coverity) |
---|
159 | * src/racoon/oakley.c: Remove dead code (Coverity) |
---|
160 | * src/racoon/crypto_openssl.c: Remove dead code (Coverity) |
---|
161 | |
---|
162 | 2006-05-05 Yvan Vanhullebus <vanhu@netasq.com> |
---|
163 | |
---|
164 | * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT |
---|
165 | encapsulation in pk_sendgetspi(). |
---|
166 | |
---|
167 | 2006-05-04 Yvan Vanhullebus <vanhu@netasq.com> |
---|
168 | From Preggna S (spreggna@novell.com) |
---|
169 | * src/racoon/schedule.h: fixed gnuc.h include. |
---|
170 | * src/racoon/{cfparse.y|cftoken.l}: Address range sainfos support. |
---|
171 | * src/racoon/ipsec_doi.[ch]: ipsecdoi_sockrange2id() function. |
---|
172 | |
---|
173 | 2006-05-03 Yvan Vanhullebus <vanhu@netasq.com> |
---|
174 | From Joy Latten <latten@austin.ibm.com> |
---|
175 | * configure.ac: security context support check |
---|
176 | * src/libipsec/{pfkey.c|pfkey_dump.c}: |
---|
177 | SADB_X_EXT_PACKET / SADB_X_EXT_SEC_CTX support |
---|
178 | * src/setkey/{parse.ytoken.l}: parses optionnal security context |
---|
179 | * src/setkey/setkey.8: security context syntax |
---|
180 | |
---|
181 | 2006-04-27 Emmanuel Dreyfus <manu@netbsd.org> |
---|
182 | |
---|
183 | * src/racoon/{remoteconf.c|proposal.c}: fix memory leak (Coverity) |
---|
184 | |
---|
185 | 2006-04-24 Yvan Vanhullebus <vanhu@netasq.com> |
---|
186 | |
---|
187 | * src/racoon/isakmp.c: style cleanup in delete_spd() |
---|
188 | |
---|
189 | 2006-04-13 Yvan Vanhullebus <vanhu@netasq.com> |
---|
190 | |
---|
191 | * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT |
---|
192 | encapsulation in pk_sendupdate(). |
---|
193 | |
---|
194 | 2006-04-12 Emmanuel Dreyfus <manu@netbsd.org> |
---|
195 | |
---|
196 | * src/racoon/ipsec_doi.c: fix memory leaks (Coverity) |
---|
197 | |
---|
198 | 2006-04-06 Emmanuel Dreyfus <manu@netbsd.org> |
---|
199 | |
---|
200 | * src/racoon/{admin.c|cfparse.y|cftoken.l|debugrm.c|debugrm.h} |
---|
201 | src/racoon/{gcmalloc.h|isakmp.c|isakmp_inf.c|isakmp_xauth.c} |
---|
202 | src/racoon/{logger.c|misc.h|plog.c|racoonctl.c|sockmisc.c}: Add |
---|
203 | strdup in the malloc debugging framework, check for strdup failures |
---|
204 | (found by Coverity) |
---|
205 | * src/racoon/admin.c: Do not use an unallocated pointer (Coverity) |
---|
206 | * src/racoon/schedule.c: Check for NULL pointer |
---|
207 | * src/racoon/{grabmyaddr.c|handler.c|isakmp.c|isakmp_cfg.c} |
---|
208 | src/racoon/{isakmp_inf.c|isakmp_quick.c|nattraversal.c}: Check |
---|
209 | that dupsaddr returns non NULL pointers (Coverity) |
---|
210 | * src/racoon/isakmp_quick.c: Ignore multiple notifications in the |
---|
211 | same message, and do not leak memory (Coverity) |
---|
212 | * src/racoon/{isakmp_agg.c|isakmp_ident.c}: Fix memory leak in |
---|
213 | GSSAPI code (Coverity) |
---|
214 | * src/racoon/racoonctl.c: fix minor memory leak (Coverity) |
---|
215 | * src/racoon/isakmp.c: fix memory leak (Coverity) |
---|
216 | * src/racoon{isakmp.c|isakmp_inf.c}: fix phase 1 handler leak (Coverity) |
---|
217 | |
---|
218 | 2006-04-05 Emmanuel Dreyfus <manu@netbsd.org> |
---|
219 | |
---|
220 | * src/racoon/isakmp_xauth.c: fix unitialized variable, found by |
---|
221 | Coverity |
---|
222 | * src/racoon/{isakmp_cfg.c|isakmp_xauth.h|isakmp_xauth.c}: Do not |
---|
223 | use deleted phase 1 handler after errors, found by coverity |
---|
224 | * src/racoon/main.c: tell which config file we use |
---|
225 | * src/racoon/isakmp_cfg.c: Do not use deleted phase 1 handler, found |
---|
226 | by Coverity |
---|
227 | * src/racoon/{isakmp_agg.c|isakmp_ident.c}: Do not use deleted phase 1 |
---|
228 | handler, found by Coverity |
---|
229 | * src/racoon/dnssec.c: do not return a free'ed certificate, found by |
---|
230 | Coverity |
---|
231 | * src/racoon/oakley.c: fix stale pointer alias, found by Coverity |
---|
232 | * src/racoon/throttle.c: do not free current item while walking a |
---|
233 | chained list, found by Coverity |
---|
234 | * src/racoon/vmbuf.c: handle NULL argument for vdup, found by Coverity |
---|
235 | |
---|
236 | 2006-03-18 Emmanuel Dreyfus <manu@netbsd.org> |
---|
237 | |
---|
238 | From John Nemeth <jnemeth@victoria.tc.ca> and a Coverity scan |
---|
239 | * src/racoon/isakmp_xauth.c: fix memory leak |
---|
240 | |
---|
241 | 2006-02-25 Emmanuel Dreyfus <manu@netbsd.org> |
---|
242 | |
---|
243 | From Thomas Klausner <wiz@NetBSD.org> |
---|
244 | * src/racoon/{cfparse.y|handler.h}: typos |
---|
245 | |
---|
246 | 2006-02-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
247 | |
---|
248 | * src/racoon/main.c: do not reset isakmp_cfg structure after |
---|
249 | config reload. |
---|
250 | |
---|
251 | 2006-02-22 Yvan Vanhullebus <vanhu@netasq.com> |
---|
252 | |
---|
253 | * src/racoon/vendorid.c: Fixed Vendor IDs order (well, should not |
---|
254 | be really necessary) and DPD VId hash generation |
---|
255 | |
---|
256 | 2006-02-17 Yvan Vanhullebus <vanhu@netasq.com> |
---|
257 | |
---|
258 | * src/racoon/{cfparse.y|sainfo.c}: Support for "semi anonymous" |
---|
259 | sainfos. |
---|
260 | * src/racoon/racoon.conf.5: updated sainfos syntax |
---|
261 | * src/racoon/vendorid.[ch]: IPSec-Tools Vendor ID |
---|
262 | |
---|
263 | 2006-02-15 Yvan Vanhullebus <vanhu@netasq.com> |
---|
264 | |
---|
265 | * src/racoon/{cfparse.y|cftoken.l}: Parse new generate_policy |
---|
266 | levels |
---|
267 | * src/racoon/remoteconf.h: defines for REQUIRE/UNIQUE/NONE |
---|
268 | generate policy levels |
---|
269 | * src/racoon/proposal.c: Sets optionnal reqid for generated |
---|
270 | policies |
---|
271 | * src/racoon/pfkey.c: sends UNIQUE policies to kernel if reqid |
---|
272 | specified |
---|
273 | * src/racoon/racoon.conf.5: updated generate_policy syntax |
---|
274 | |
---|
275 | 2006-02-02 Yvan Vanhullebus <vanhu@netasq.com> |
---|
276 | |
---|
277 | * src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send() |
---|
278 | fails in isakmp_ph1resend() |
---|
279 | |
---|
280 | 2006-01-17 Frederic Senault <fred@lacave.net> |
---|
281 | |
---|
282 | * src/racoon/cfparse.y: Add the keyid [ (tag|file) ] semantics to the |
---|
283 | peers_identifier keyword. |
---|
284 | |
---|
285 | * src/racoon/{evt.h|isakmp.c|racoonctl.c}: Send a message to the |
---|
286 | adminsock to allow for racoonctl to stop looping when the |
---|
287 | vpn-connect command is used and there is no mode config exchange. |
---|
288 | |
---|
289 | 2006-01-08 Emmanuel Dreyfus <manu@netbsd.org> |
---|
290 | |
---|
291 | * src/racoon/isakmp_cfg.c: make software behave as the documentation |
---|
292 | advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to |
---|
293 | avoid breaking backward compatibility. |
---|
294 | |
---|
295 | 2005-12-19 Yvan Vanhullebus <vanhu@netasq.com> |
---|
296 | |
---|
297 | * src/racoon/session.c: Fixed / cleaned up signal handling. |
---|
298 | |
---|
299 | 2005-12-13 Yvan Vanhullebus <vanhu@netasq.com> |
---|
300 | |
---|
301 | * src/libipsec/samples/*: replaced "obey" mode by "strict" mode. |
---|
302 | |
---|
303 | 2005-12-07 Yvan Vanhullebus <vanhu@netasq.com> |
---|
304 | |
---|
305 | * src/libipsec/pfkey_dump.c: fixed compilation when NAT_T |
---|
306 | disabled (Fred has still some CVS problems). |
---|
307 | * src/racoon/session.c: Calls isakmp_cfg_init() only if |
---|
308 | ENABLE_HYBRID in reload_conf(). |
---|
309 | |
---|
310 | 2005-12-04 Frederic Senault <fred@lacave.net> |
---|
311 | |
---|
312 | * src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports |
---|
313 | function to display SAD entries with their associated ports. |
---|
314 | * src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag |
---|
315 | in conjunction with -D to show SADs with the port, allow both get and |
---|
316 | delete commands to use bracketed ports if needed. |
---|
317 | |
---|
318 | 2005-11-26 Emmanuel Dreyfus <manu@netbsd.org> |
---|
319 | |
---|
320 | * src/racoon/session.c: fix possible race conditions in signal handlers |
---|
321 | * src/racoon/{isakmp_cfg.c|isakmp_cfg.h|main.c|session.c}: when |
---|
322 | reloading configuration, do not new add mode_cfg config to the |
---|
323 | existign one, overwrite it instead. |
---|
324 | |
---|
325 | 2005-11-25 Emmanuel Dreyfus <manu@netbsd.org> |
---|
326 | |
---|
327 | From Thomas Klausner <wiz@netbsd.org> |
---|
328 | * src/racoon/racoon.conf.5: Style changes |
---|
329 | |
---|
330 | 2005-11-21 Yvan Vanhullebus <vanhu@netasq.com> |
---|
331 | |
---|
332 | * src/racoon/isakmp_[ident|agg].c: Check if natt is available when |
---|
333 | receiving a NAT_D payload from initiator. It saves a crash, |
---|
334 | reported by Dave Huang to NetBSD. |
---|
335 | |
---|
336 | 2005-11-20 Yvan Vanhullebus <vanhu@netasq.com> |
---|
337 | |
---|
338 | * src/racoon/isakmp_agg.c: Check that we got some needed payloads |
---|
339 | from peer (could cause a DoS). Crash reported by Adrian Portelli |
---|
340 | using IKE test suite from |
---|
341 | http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ |
---|
342 | |
---|
343 | 2005-11-10 Yvan Vanhullebus <vanhu@free.fr> |
---|
344 | |
---|
345 | Patches from Francis Dupont |
---|
346 | * src/libipsec/key_debug.c: SADB_X_EXT_PACKET support |
---|
347 | * src/libipsec/{libpfkey.h|pfkey.c}: pfkey_send_migrate() function |
---|
348 | * src/setkey/parse.y: IPPROTO_MH support |
---|
349 | * src/racoon/pfkey.c: fixed some logs |
---|
350 | * src/racoon/strnames.c: fixed a typo for SADB_X_PROMISC, |
---|
351 | appropriate define for SADB_X_NAT_T_NEW_MAPPING, added |
---|
352 | SADB_X_MIGRATE |
---|
353 | |
---|
354 | 2005-11-06 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
355 | |
---|
356 | * src/racoon/main.c, src/racoon/session.c: moved .pid file writing |
---|
357 | just before main loop. Thanks Stephen Thorne |
---|
358 | * src/racoon/localconf.h, src/racoon/cftoken.l: introduced |
---|
359 | path pidfile directive |
---|
360 | * src/racoon/racoon.conf.5: documented above |
---|
361 | * configure.ac: OpenSSL 0.9.8 compilation fix. Thank Ganesan |
---|
362 | Rajagopal |
---|
363 | * configure.ac: added check for strlcat function |
---|
364 | * src/racoon/misc.h: define strlcat function for systems without one |
---|
365 | * src/racoon/remoteconf.c: strncat -> strlcat |
---|
366 | |
---|
367 | 2005-11-01 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
368 | |
---|
369 | * src/racoon/isakmp_inf.c: repeated gcc-4.0 build fix. Thanks |
---|
370 | Andreas Tobler |
---|
371 | |
---|
372 | 2005-10-30 Yvan Vanhullebus <vanhu@netasq.com> |
---|
373 | |
---|
374 | Patches from Christoph Nadig for compilation on MacOS X |
---|
375 | * configure.ac: no lcrypt for darwin |
---|
376 | * src/libipsec/key_debug.c: include stdint.h if HAVE_STDINT_H |
---|
377 | * src/racoon/isakmp_cfg.c: some includes and some %zu |
---|
378 | * src/racoon/isakmp_unity.c: fixed a %zu |
---|
379 | * src/racoon/vmbuf.h: vfree already defined for Apple |
---|
380 | |
---|
381 | 2005-10-17 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
382 | |
---|
383 | Introduced subnet sainfo type. |
---|
384 | * src/racoon/cftoken.l: new token "subnet" |
---|
385 | * src/racoon/cfparse.y: added address/subnet diferentiation logic |
---|
386 | * src/racoon/ipsec-doi.h: new constant |
---|
387 | * src/racoon/ipsec-doi.c: adopted to above |
---|
388 | * src/racoon/racoon.conf.5: documented above |
---|
389 | |
---|
390 | 2005-09-14 Emmanuel Dreyfus <manu@netbsd.org> |
---|
391 | |
---|
392 | * src/libipsec/pfkey.c: One forgotten cast caddr_t -> void * |
---|
393 | |
---|
394 | 2005-10-14 Yvan Vanhullebus <vanhu@netasq.com> |
---|
395 | |
---|
396 | * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or |
---|
397 | USER_FQDNs (problem reported by Bernhard Suttner). |
---|
398 | |
---|
399 | 2005-09-10 Emmanuel Dreyfus <manu@netbsd.org> |
---|
400 | |
---|
401 | * src/racoon[isakmp.c|isakmp_cfg.c|isakmp_inf.c} |
---|
402 | src/racoon/doc/FAQ configure.ac: Add --enable-broken-natt for |
---|
403 | kernel implementing NAT-T but unable to cope with IKE ports in |
---|
404 | SAD and SPD. |
---|
405 | |
---|
406 | 2005-09-05 Emmanuel Dreyfus <manu@netbsd.org> |
---|
407 | |
---|
408 | From Wilfried Weissmann: |
---|
409 | * src/libipsec/policy_parse.y src/racoon/oakley.c |
---|
410 | src/racoon/{sockmisc.c|sockmisc.h}: build fixes |
---|
411 | |
---|
412 | |
---|
413 | 2005-09-03 Emmanuel Dreyfus <manu@netbsd.org> |
---|
414 | |
---|
415 | From Francis Dupont <Francis.Dupont@enst-bretagne.fr> |
---|
416 | * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions |
---|
417 | |
---|
418 | 2005-08-26 Emmanuel Dreyfus <manu@netbsd.org> |
---|
419 | |
---|
420 | * src/racoon/evt.c: Fix memory leak when event queue overflows |
---|
421 | |
---|
422 | 2005-08-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
423 | |
---|
424 | * src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly |
---|
425 | initialize NAT-T VID to avoid freeing unallocated stuff. |
---|
426 | |
---|
427 | 2005-08-21 Emmanuel Dreyfus <manu@netbsd.org> |
---|
428 | |
---|
429 | From Matthias Scheler <matthias.scheler@tadpole.com> |
---|
430 | * src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of |
---|
431 | ISAKMP mode config without Xauth. |
---|
432 | |
---|
433 | 2005-08-16 Emmanuel Dreyfus <manu@netbsd.org> |
---|
434 | |
---|
435 | From Thomas Klausner <wiz@netbsd.org> |
---|
436 | * src/setkey/setkey.8: remove trailing whitespaces |
---|
437 | |
---|
438 | 2005-09-09 Yvan Vanhullebus <vanhu@free.fr> |
---|
439 | |
---|
440 | * src/racoon/policy.c: Do not parse all sptree in inssp() if we |
---|
441 | don't use Policies priority. |
---|
442 | |
---|
443 | 2005-08-20 Yvan Vanhullebus <vanhu@free.fr> |
---|
444 | |
---|
445 | * src/racoon/handler.c: Fixed a possible crash in |
---|
446 | remove_ph2(). Reported by Dietmar Eggemann. |
---|
447 | |
---|
448 | 2005-08-14 Emmanuel Dreyfus <manu@netbsd.org> |
---|
449 | |
---|
450 | From Francis Dupont <Francis.Dupont@enst-bretagne.fr> |
---|
451 | * src/racoon/dnssec.c: fix bogus test on function result |
---|
452 | |
---|
453 | 2005-08-11 Yvan Vanhullebus <vanhu@free.fr> |
---|
454 | |
---|
455 | * src/racoon/isakmp.c: Improved in/out SA addresses check in |
---|
456 | purge_remote(). Reported by Patrick Ma. |
---|
457 | |
---|
458 | 2005-08-08 Emmanuel Dreyfus <manu@netbsd.org> |
---|
459 | |
---|
460 | * src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings |
---|
461 | |
---|
462 | 2005-08-08 Yvan Vanhullebus <vanhu@free.fr> |
---|
463 | |
---|
464 | * src/racoon/privsep.c: Fixed a %d -> %zu in |
---|
465 | port_check() (reported by Matthias Scheler). |
---|
466 | |
---|
467 | 2005-08-04 Emmanuel Dreyfus <manu@netbsd.org> |
---|
468 | |
---|
469 | * configure.ac: correctly quote RACOON_PATH_LIBS arguments |
---|
470 | |
---|
471 | 2005-08-02 Yvan Vanhullebus <vanhu@free.fr> |
---|
472 | |
---|
473 | * src/racoon/isakmp_inf.c: First fix to |
---|
474 | info_recv_initialcontact(): do a basic IP check when no NAT-T. |
---|
475 | |
---|
476 | 2005-07-26 Yvan Vanhullebus <vanhu@free.fr> |
---|
477 | |
---|
478 | * src/racoon/isakmp.c: Fixed purge_remote() |
---|
479 | |
---|
480 | 2005-07-25 Yvan Vanhullebus <vanhu@free.fr> |
---|
481 | |
---|
482 | * src/racoon/isakmp.c: Do not purge IPSec SAs in purge_remote() if |
---|
483 | a new ph1handle exists (patch by Krzysztof Oledzki) |
---|
484 | |
---|
485 | 2005-07-20 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
486 | |
---|
487 | * configure.ac: disabled --enable-samode-unspec under linux |
---|
488 | |
---|
489 | 2005-07-20 Yvan Vanhullebus <vanhu@free.fr> |
---|
490 | |
---|
491 | * src/racoon/isakmp_quick.c: Ignore NATOA payloads in |
---|
492 | quick_r1recv() as it is done in quick_i2recv(). |
---|
493 | * configure.ac: new --enable-fastquit option |
---|
494 | * src/racoon/session.c: new code optional code when flushing SAs, |
---|
495 | which is faster and should have no deadlocks. configure |
---|
496 | --enable-fastquit option to enable it. |
---|
497 | |
---|
498 | 2005-07-19 Yvan Vanhullebus <vanhu@free.fr> |
---|
499 | |
---|
500 | * src/racoon/isakmp.c: Checks in isakmp_ph1begin_r() if we got the |
---|
501 | packet from NAT-T port, and set up the NAT_PORTS_CHANGED in that |
---|
502 | case (RFC 3947, sect 4, we MUST allow new phase1 negociations on |
---|
503 | NAT-T floated port), to correctly generate the reply. |
---|
504 | |
---|
505 | 2005-07-16 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
506 | |
---|
507 | * src/racoon/grabmyaddr.c: fixed file descriptor leak. Thanks to |
---|
508 | Patrice Fournier |
---|
509 | * src/racoon/setkey.c: disabled readline's filename completion |
---|
510 | (bug 1179281 fix) |
---|
511 | * src/racoon/proposal.c: fixed mode selection for SAs with |
---|
512 | complex_bundle on behind NAT |
---|
513 | |
---|
514 | 2005-07-14 Yvan Vanhullebus <vanhu@free.fr> |
---|
515 | |
---|
516 | * src/racoon/handler.c: - Clears the DPD schedule in delph1() |
---|
517 | - Cleared up sanity checks in delph1() |
---|
518 | - Sets p->rmconf to NULL if no new |
---|
519 | remoteconf in revalidate_ph1tree_rmconf() |
---|
520 | * src/racoon/isakmp.c: Added sanity checks in script_hook() |
---|
521 | * src/racoon/oakley.c: Sanity check in save_certbuf() |
---|
522 | |
---|
523 | |
---|
524 | 2005-07-13 Emmanuel Dreyfus <manu@netbsd.org> |
---|
525 | |
---|
526 | * src/setkey/Makefile.am: missing file in distribution |
---|
527 | |
---|
528 | 2005-07-12 Yvan Vanhullebus <vanhu@free.fr> |
---|
529 | |
---|
530 | * src/racoon/isakmp.c: Fixed a mem leak in isakmp_send(). |
---|
531 | |
---|
532 | 2005-07-12 Emmanuel Dreyfus <manu@netbsd.org> |
---|
533 | |
---|
534 | * src/racoon/pfkey.c: Set IKE ports to 0 in the SA when NAT-T is not |
---|
535 | used. |
---|
536 | * src/racoon/{crypto_openssl.c|ipsec_doi.c|oakley.c} configure.ac |
---|
537 | src/racoon/missing/crypto/sha2/sha2.h: Support OpenSSL-0.9.8 |
---|
538 | * src/racoon/{admin.c|session.c}: Don't use the adminport if it is |
---|
539 | disabled |
---|
540 | * src/racoon/samples/roadwarrior/client/{pahse1-up.sh|phase1-down.sh}: |
---|
541 | Add comments for using the scripts without NAT-T |
---|
542 | |
---|
543 | 2005-07-11 Emmanuel Dreyfus <manu@netbsd.org> |
---|
544 | |
---|
545 | * src/racoon/ipsec_doi.c configure.ac: More build fixes on Linux. |
---|
546 | Accomodate various libiconv versions |
---|
547 | |
---|
548 | 2005-07-10 Emmanuel Dreyfus <manu@netbsd.org> |
---|
549 | |
---|
550 | * src/racoon/ipsec_doi.c configure.ac: build fixes on Linux. |
---|
551 | Accomodate various libiconv versions |
---|
552 | |
---|
553 | 2005-07-09 Yvan Vanhullebus <vanhu@free.fr> |
---|
554 | |
---|
555 | * src/racoon/crypto_openssl.c: Fixed evp_crypt when using crypto |
---|
556 | algorithms with variable key size but not OpenSSL default key |
---|
557 | size. |
---|
558 | |
---|
559 | 2005-07-07 Emmanuel Dreyfus <manu@netbsd.org> |
---|
560 | |
---|
561 | From Mathias Scheler <tron@netbsd.org> |
---|
562 | * src/racoon/raccon.conf.5: Document that aes can be used in |
---|
563 | racoon.conf |
---|
564 | |
---|
565 | 2005-07-06 Frederic Senault <fred@lacave.net> |
---|
566 | |
---|
567 | * src/setkey/setkey.c: fix compilation with readline. |
---|
568 | * src/racoon/oakley.c: move declarations to fix compilation issues |
---|
569 | with gcc 2.95.4/FreeBSD4, re-indentation and style cleanup of the |
---|
570 | pkcs7 patch. |
---|
571 | |
---|
572 | 2005-07-04 Emmanuel Dreyfus <manu@netbsd.org> |
---|
573 | |
---|
574 | * src/racoon/isakmp_inf.c: safety checks on informational messages |
---|
575 | * src/racoon/{pfkey.c|proposal.c}: IPcomp fixes |
---|
576 | |
---|
577 | 2005-07-01 Emmanuel Dreyfus <manu@netbsd.org> |
---|
578 | |
---|
579 | From Uri Blumenthal <urimobile@optonline.net>: |
---|
580 | * src/racoon/{ipsec_doi.c|Makefile.am}: Linux build fixes |
---|
581 | * src/racoon/oakley.c: pkcs7 support |
---|
582 | |
---|
583 | 2005-06-29 Emmanuel Dreyfus <manu@netbsd.org> |
---|
584 | |
---|
585 | From Christos Zoulas <christos@zoulas.com> |
---|
586 | * configure.ac src/setkey/{parse.y|setkey.c|token.l} |
---|
587 | src/libipsec/{ipsec_dump_policy.c|ipsec_get_policylen.c|key_debug.c} |
---|
588 | src/libipsec/{libpfkey.h|pfkey_dump.c|policy_parse.y}: de-lint, |
---|
589 | using void * instead of caddr_t and adding const where appropriate. |
---|
590 | * src/setkey/extern.h: new file |
---|
591 | * src/libipsec/{pfkey.c|pfkey_dump.c|policy_parse.y} |
---|
592 | src/racoon/{sockmisc.c|sockmisc.h}: de-lint signed/unsigned, |
---|
593 | size_t/int and lint constants |
---|
594 | |
---|
595 | 2005-06-24 Yvan Vanhullebus <vanhu@free.fr> |
---|
596 | |
---|
597 | * src/racoon/handler.c: Fixed phase2 enc algo check when reloading |
---|
598 | conf (could flush a phase2 handler when not needed). |
---|
599 | |
---|
600 | 2005-06-19 Emmanuel Dreyfus <manu@netbsd.org> |
---|
601 | |
---|
602 | * src/racoon/{admin.c|handler.c|handler.h|racoonctl.c|racoonctl.h} |
---|
603 | src/racoon/racoonctl.8: |
---|
604 | Add a logout-user command to racoonctl to kick out all SA for a |
---|
605 | given Xauth user |
---|
606 | |
---|
607 | From Ludo Stellingwerff <ludo@protactive.nl>: |
---|
608 | * src/racoon/isakmp.c: NAT-T fix: We treat null ports in SPD as |
---|
609 | wildcard so that IKE ports are used instead. This was done on |
---|
610 | phase 2 initiation from the kernel (acquire message), but not |
---|
611 | on phase 2 initiation retries when the phase 2 had been queued |
---|
612 | for a phase 1. |
---|
613 | |
---|
614 | From Uri Blumenthal <urimobile@optonline.net> |
---|
615 | and Larry Baird <lab@gta.com>: |
---|
616 | * src/libipsec/pfkey_dump.c src/setkey/test-pfkey.c |
---|
617 | src/racoon/{algorithm.c|cftoken.l|eaytest.c|ipsec_doi.c} |
---|
618 | src/racoon/{ipsec_doi.h|pfkey.c|strnames.c}: Add SHA2 support |
---|
619 | * src/setkey/setkey.8 src/racoon/racoon.conf.5: update doc for SHA2 |
---|
620 | * src/setkey/token.l: Add aliases shaxxx for sha2_xxx |
---|
621 | |
---|
622 | 2005-06-07 Emmanuel Dreyfus <manu@netbsd.org> |
---|
623 | |
---|
624 | From Larry Baird <lab@gta.com> |
---|
625 | * src/racoon/isakmp.c: consume NAT keepalive data already seen |
---|
626 | with MSG_PEEK |
---|
627 | |
---|
628 | 2005-06-07 Frederic Senault <fred@lacave.net> |
---|
629 | |
---|
630 | * configure.ac src/racoon/{cfparse.y|isakmp_cfg.h|isakmp_cfg.c} |
---|
631 | src/racoon/{handler.c|privsep.c|privsep.h|racoon.conf.5}: Add |
---|
632 | support for system accounting into the utmp files, with the |
---|
633 | "accounting system" directive. |
---|
634 | |
---|
635 | * src/privsep.c: Bug fixes in the xauth password handling code. |
---|
636 | |
---|
637 | 2005-06-06 Emmanuel Dreyfus <manu@netbsd.org> |
---|
638 | |
---|
639 | * src/racoon/isakmp_quick.c: endianness bug fix |
---|
640 | |
---|
641 | 2005-06-05 Emmanuel Dreyfus <manu@netbsd.org> |
---|
642 | |
---|
643 | From Thomas Klausner <wiz@netbsd.org> |
---|
644 | * src/setkey/setkey.8 src/racoon/racoon.conf.5: remove trailing |
---|
645 | spaces, grammar fix |
---|
646 | |
---|
647 | 2005-05-31 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
648 | |
---|
649 | * src/racoon/ipsec_doi.c: Inserted missing 0th element of |
---|
650 | rm_idtype2doi array. Bug #1199700 fix. |
---|
651 | |
---|
652 | 2005-05-30 Frederic Senault <fred@lacave.net> |
---|
653 | |
---|
654 | * src/racoon/oakley.h: Fix a typo in the RMAUTHMETHOD macro |
---|
655 | definition. |
---|
656 | |
---|
657 | * src/racoon/isakmp_cfg.c: Fix the switch so that the phase1 script |
---|
658 | is executed at the end of the mode cfg exchange ; add a debug |
---|
659 | message at the script startup. |
---|
660 | |
---|
661 | 2005-05-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
662 | |
---|
663 | * src/racoon/admin.c: build fix |
---|
664 | |
---|
665 | 2005-05-20 Emmanuel Dreyfus <manu@netbsd.org> |
---|
666 | |
---|
667 | From Mike Robinson <sundialservices@users.sourceforge.net> |
---|
668 | * src/racoon/isakmp_xauth.c: really delete phase 1 on Xauth failure |
---|
669 | |
---|
670 | * src/libipsec/pfkey.c src/racoon/ipsec_doi.c: Fix NAT-T + IPcomp |
---|
671 | |
---|
672 | From hgates <hgates.lists@gmail.com> |
---|
673 | * src/racoon/proposal.c: fix SPI size test for IPcomp |
---|
674 | |
---|
675 | From Larry Baird <lab@gta.com> |
---|
676 | * src/racoon/{handler.c|ipsec_doi.c}: When altering lifetime, |
---|
677 | duplicate the proposal instead of modifying the configured one. |
---|
678 | |
---|
679 | 2005-05-19 Frederic Senault <fred@lacave.net> |
---|
680 | |
---|
681 | * configure.ac src/racoon/plog.c: Fix the logging functions to work |
---|
682 | around the lack of support of printf %zu in FreeBSD 4 (at least). |
---|
683 | |
---|
684 | * src/racoon/{isakmp.c|pfkey.c}: Put sockets in non-blocking mode to |
---|
685 | fix a hangup with FreeBSD 4. |
---|
686 | |
---|
687 | * src/racoon/{isakmp_inf.c|isakmp_unity.h|strnames.c}: Recognize a |
---|
688 | unity-specific heartbeat message. |
---|
689 | * src/racoon/isakmp_inf.c: Reorganize switch statement in |
---|
690 | isakmp_check_notify. |
---|
691 | |
---|
692 | 2005-05-17 Yvan Vanhullebus <vanhu@free.fr> |
---|
693 | |
---|
694 | * src/racoon/handler.c: Fixed exchange type check in |
---|
695 | revalidate_ph1(). |
---|
696 | * src/racoon/pfkey.c: changed includes order to fix compilation. |
---|
697 | |
---|
698 | 2005-05-14 Emmanuel Dreyfus <manu@netbsd.org> |
---|
699 | |
---|
700 | * src/libipsec/policy_parse.y: Fix parse problem |
---|
701 | |
---|
702 | 2005-05-14 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
703 | |
---|
704 | * src/racoon/sockmisc.c: Debug message said it will send to |
---|
705 | source address insted of destination. |
---|
706 | |
---|
707 | 2005-05-13 Emmanuel Dreyfus <manu@netbsd.org> |
---|
708 | |
---|
709 | * src/racoon/isakmp_inf.c: fix build problem |
---|
710 | |
---|
711 | 2005-05-13 Yvan Vanhullebus <vanhu@free.fr> |
---|
712 | |
---|
713 | * src/racoon/isakmp.c: Fixed a double ph2handler free in |
---|
714 | isakmp_ph2begin_i(). |
---|
715 | |
---|
716 | 2005-05-12 Emmanuel Dreyfus <manu@netbsd.org> |
---|
717 | |
---|
718 | * src/racoon/isakmp_quick.c: fix build problem on some platforms |
---|
719 | |
---|
720 | * src/racoon/isakmp.c: For acquire messages, when NAT-T is in use, |
---|
721 | consider null port as a wildcard and use IKE ports. |
---|
722 | |
---|
723 | 2005-05-10 Emmanuel Dreyfus <manu@netbsd.org> |
---|
724 | |
---|
725 | * src/racoon/samples/roadwarrior/server/{racoon.conf|racoon.conf-radius} |
---|
726 | src/racoon/samples/roadwarrior/server/phase1-down.sh: removed file |
---|
727 | src/racoon/samples/roadwarrior/client/racoon.conf: update config |
---|
728 | files to higher security settings. Remove now useless phase 1 down |
---|
729 | script on server side. |
---|
730 | * Update README to reflect server/phase1-down.sh removal |
---|
731 | |
---|
732 | 2005-05-09 Emmanuel Dreyfus <manu@netbsd.org> |
---|
733 | |
---|
734 | * src/racoon/{cftoken.l|cfparse.y|isakmp_cfg.c|isakmp_cfg.h} |
---|
735 | src/racoon/{isakmp_unity.c|racoon.conf.5}: Add PFS group and |
---|
736 | save password extensions from Cisco in ISAKMP mode config. |
---|
737 | |
---|
738 | 2005-05-08 Emmanuel Dreyfus <manu@netbsd.org> |
---|
739 | |
---|
740 | * src/racoon/{handler.c|ipsec_doi.c|proposal.c}: check for lifebyte |
---|
741 | in proposals |
---|
742 | * src/racoon/ipsec_doi.c: fix a bug in proposal_check claim for phase 1 |
---|
743 | * src/racoon/handler.c: style |
---|
744 | |
---|
745 | * src/racoon/isakmp_xauth.c: fix build with shadow passwords |
---|
746 | |
---|
747 | 2005-05-07 Emmanuel Dreyfus <manu@netbsd.org> |
---|
748 | |
---|
749 | * configure.ac src/racoon/isakmp_xauth.c: support shadow passwords |
---|
750 | * src/racoon/{isakmp_inf.c|isakmp_inf.h}: missing prototype |
---|
751 | * src/racoon/{handler.h|isakmp_inf.c|isakmp_quick.c|isakmp_var.h} |
---|
752 | src/racoon/pfkey.c: Move purge_remote() and delete_spd() prototypes |
---|
753 | to the right header file |
---|
754 | |
---|
755 | 2005-05-06 Emmanuel Dreyfus <manu@netbsd.org> |
---|
756 | |
---|
757 | * src/racoon/{admin.c|isakmp.c|isakmp_inf.c}: factor various |
---|
758 | ISAKMP SA termination (for DPD timeouts and delete message) to |
---|
759 | use purge_remote() so that SA and generated SPD get correctly flushed |
---|
760 | * src/racoon/{handler.c|handler.h}: Introduce getph1byaddrwop() and |
---|
761 | getph2bysaddr() |
---|
762 | * src/racoon/{isakmp.c|isakmp_var.h|isakmp_inf.c|isakmp_inf.h}: make |
---|
763 | purge_remote(), setcopeid() and delete_spd() public |
---|
764 | * src/racoon/isakmp_quick.c: remove duplicated setscopeid() |
---|
765 | * src/racoon/{sockmisc.c|sockmisc.h} introduce a CMPSADDR() macro |
---|
766 | to compare with ports when ENABLE_NATT and without otherwise |
---|
767 | |
---|
768 | 2005-05-06 Frederic Senault <fred@lacave.net> |
---|
769 | |
---|
770 | * src/racoon/isakmp_inf.c: Only print the contents of an informative |
---|
771 | message if the payload indicates an error ; transmit the return |
---|
772 | values from the DPD functions. |
---|
773 | |
---|
774 | 2005-05-06 Emmanuel Dreyfus <manu@netbsd.org> |
---|
775 | |
---|
776 | * src/racoon/isakmp_inf.c: Fix a bug causing informational message |
---|
777 | payloads to be ignored |
---|
778 | |
---|
779 | 2005-05-05 Yvan Vanhullebus <vanhu@free.fr> |
---|
780 | |
---|
781 | * src/racoon/isakmp_inf.c: Fixed some potential crashes in |
---|
782 | purge_remote() and purge_ipsec_spi(). |
---|
783 | |
---|
784 | 2005-05-05 Emmanuel Dreyfus <manu@netbsd.org> |
---|
785 | |
---|
786 | * src/libipsec/{policy_parse.y|policy_token.l} |
---|
787 | src/setkey/{setkey.8|token.l}: Allow ports to be supplied in SP |
---|
788 | endpoints, for accurate ESP over UDP matching |
---|
789 | * src/racoon/{isakmp.c|racoon.conf.5}: Send IKE local and remote |
---|
790 | ports to the hook scripts |
---|
791 | * src/racoon/remoteconf.c: do not honour ports when looking up |
---|
792 | a remote config, as our remote config have no port information |
---|
793 | * src/racoon/samples/roadwarrior/client/{phase1-up.sh|phase1-down.sh}: |
---|
794 | use the IKE ports supplied by racoon to set up acurate endpoints |
---|
795 | ports in SP endpoints |
---|
796 | |
---|
797 | 2005-05-04 Yvan Vanhullebus <vanhu@free.fr> |
---|
798 | |
---|
799 | * src/racoon/isakmp_inf.c: code cleanup for SPD remove, generated |
---|
800 | policies are now also removed when DPD purge. |
---|
801 | |
---|
802 | 2005-05-04 Emmanuel Dreyfus <manu@netbsd.org> |
---|
803 | |
---|
804 | From Manisha Malla <mmanisha@novell.com> |
---|
805 | * src/racoon/isakmp_cfg.c: fix unsigned int checked for being negative |
---|
806 | |
---|
807 | From Ludo Stellingwerff <ludo@protactive.nl> |
---|
808 | * src/setkey/{parse.y|token.l}: build on system that do not have |
---|
809 | TCP-MD5 support |
---|
810 | |
---|
811 | 2005-05-04 Michal Ludvig <michal@logix.cz> |
---|
812 | |
---|
813 | * configure.ac: Revert GLIBC_BUGS change from 2005-04-15 |
---|
814 | |
---|
815 | 2005-05-03 Frederic Senault <fred@lacave.net> |
---|
816 | |
---|
817 | * src/racoon/{cfparse.y|cftoken.l|isakmp_inf.c|racoon.conf.5} |
---|
818 | src/racoon/{remoteconf.c|remoteconf.h}: Add a weak_phase1_check |
---|
819 | option to enable the handling of unencrypted delete payloads. |
---|
820 | |
---|
821 | * src/racoon/plog.c: Use of isgraph in binsanitize. |
---|
822 | |
---|
823 | * src/racoon/rfc/rfc3706.txt: new file: Dead Peer Detection RFC. |
---|
824 | |
---|
825 | * src/racoon/isakmp_inf.c: Unused code cleanup. |
---|
826 | |
---|
827 | 2005-04-26 Emmanuel Dreyfus <manu@netbsd.org> |
---|
828 | |
---|
829 | * bootstrap: Darwin support |
---|
830 | |
---|
831 | From Larry Baird <lab@gta.com> |
---|
832 | * src/racoon/nattraversal.c: Fix NAT-T for initiator |
---|
833 | |
---|
834 | From Andreas Tobler <toa@pop.agri.ch>: |
---|
835 | * src/racoon/{misc.h|throttle.c|remoteconf.c|sockmisc.c|privsep.c} |
---|
836 | src/racoon/{pfkey.c|isakmp.c|grabmyaddr.c|getcertsbyname.c} |
---|
837 | src/racoon/configure.ac src/libipsec/policy_token.l |
---|
838 | src/setkey/token.l: Build on Darwin |
---|
839 | |
---|
840 | 2005-04-25 Emmanuel Dreyfus <manu@netbsd.org> |
---|
841 | |
---|
842 | * src/racoon/handler.h: ifdef DPD and NAT-T data in data structures |
---|
843 | |
---|
844 | * src/libipsec/{ipsec_dump_policy.c|pfkey_dump.c|libpfkey.h} |
---|
845 | src/setkey/{setkey.8|setkey.c}: add a -p option to setkey to |
---|
846 | enable the display of ESP over UDP ports in policies. |
---|
847 | |
---|
848 | * src/racoon/ipsec_doi.c: fix LP64 bug |
---|
849 | |
---|
850 | From Ludo Stellingwerff <ludo@protactive.nl>: |
---|
851 | * src/racoon/isakmp.c: build without NAT-T |
---|
852 | |
---|
853 | From F. Senault <fred.letter@lacave.net> |
---|
854 | * src/racoon/{evt.h|isakmp.h|isakmp_inf.c|plog.c|plog.h|racoonctl.c} |
---|
855 | src/racoon/isakmp_xauth.c: Take into account payloads bundled after |
---|
856 | an ISAKMP informationnal message. |
---|
857 | |
---|
858 | From Patrick McHardy <kaber@trash.net> |
---|
859 | * src/racoon/{handler.c|handler.h|pfkey.c}: When handling acquire |
---|
860 | message, lookup phase 2 by (src, dst, id) instead of only id. |
---|
861 | |
---|
862 | 2005-04-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
863 | |
---|
864 | * src/libipsec/ipsec_dump_policy.c: display port numbers in policies |
---|
865 | * src/racoon/{isakmp.c|isakmp_cfg.c|isakmp_inf.c|pfkey.c}: don't |
---|
866 | forget port numbers so that mutiple clients behind the same NAT |
---|
867 | can work. |
---|
868 | |
---|
869 | From Larry Baird <lab@gta.com> |
---|
870 | * src/racoon/{isakmp.c|nattraversal.c|isakmp_quick.c|nattraversal.h}: |
---|
871 | NAT-T fixes for interoperability with greenbow VPN client. |
---|
872 | |
---|
873 | 2005-04-21 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
874 | |
---|
875 | * src/libipsec/policy.parse.y, src/racoon/cfparse.y, |
---|
876 | src/libipsec/policy_parse.y, src/racoon/cfparse.y, |
---|
877 | src/racoon/cftoken.l, src/racoon/crypto_openssl.c, |
---|
878 | src/racoon/getcertsbyname.c, src/racoon/grabmyaddr.c, |
---|
879 | src/racoon/ipsec_doi.c, src/racoon/isakmp.c, |
---|
880 | src/racoon/isakmp_inf.c, src/racoon/pfkey.c, |
---|
881 | src/racoon/plainrsa-gen.c, src/racoon/sockmisc.c, |
---|
882 | src/racoon/sockmisc.h, src/racoon/racoonctl.c: made compile |
---|
883 | with gcc-4.0 (20050410 prerelease) |
---|
884 | |
---|
885 | 2005-04-20 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
886 | |
---|
887 | From: Ganesan Rajagopal <rganesan@users.sourceforge.net> |
---|
888 | * configure.ac: fix --enable-ipv6 logic |
---|
889 | |
---|
890 | 2005-04-19 Yvan Vanhullebus <vanhu@free.fr> |
---|
891 | |
---|
892 | * src/racoon/remoteconf.c: fixed dupisakmpsa() and dhgroup. |
---|
893 | |
---|
894 | 2005-04-18 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
895 | |
---|
896 | * src/racoon/crypto_openssl.c: fixed single DES support; |
---|
897 | * NEWS: noted fix |
---|
898 | |
---|
899 | 2005-04-18 Emmanuel Dreyfus <manu@netbsd.org> |
---|
900 | |
---|
901 | * src/racoon/isakmp_base.c: DPD support, fix memory leak |
---|
902 | |
---|
903 | From Thomas Klausner <wiz@NetBSD.org> |
---|
904 | * src/libipsec/{ipsec_set_policy.3|ipsec_strerror.3} |
---|
905 | src/racoon/{admin.c|plainrsa-gen.8|racoon.8|racoon.conf.5|racoonctl.8} |
---|
906 | src/racoon/samples/{racoon.conf.in|racoon.conf.sample} |
---|
907 | src/racoon/samples/racoon.conf.sample-gssapi |
---|
908 | src/racoon/samples/racoon.conf.sample-inherit |
---|
909 | src/racoon/samples/racoon.conf.sample-natt |
---|
910 | src/racoon/samples/racoon.conf.sample-plainrsa |
---|
911 | src/racoon/samples/roadwarrior/README |
---|
912 | src/racoon/samples/roadwarrior/server/phase1-down.sh |
---|
913 | src/setkey/setkey.8: docmumentation fixes |
---|
914 | |
---|
915 | From KAME |
---|
916 | * src/racoon/ipsec_doi.c: wrong check on SA lifebyte |
---|
917 | |
---|
918 | From Fred Senault <fred.letter@lacave.net> |
---|
919 | * src/racoon/{cfparse.y|cftoken.l} drop split_net_type directive, |
---|
920 | which is now incoprated into split_net_tunnels |
---|
921 | * src/raccon/{isakmp.c|isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c} |
---|
922 | src/racoon/isakmp_xauth.h: support login and password sent |
---|
923 | in different packets during the Xauth exchange. This makes racoon |
---|
924 | interoperable with SecureComputing's sidewinder |
---|
925 | * src/racoon/{strnames.c|strnames.h}: more debug strings for Xauth |
---|
926 | |
---|
927 | 2005-04-17 Yvan Vanhullebus <vanhu@free.fr> |
---|
928 | |
---|
929 | * src/racoon/handler.c: Configuration reload validation code |
---|
930 | * src/racoon/handler.h:revalidate_ph12() function |
---|
931 | * src/racoon/ipsec_doi.c: duplicates iph1->approval in |
---|
932 | get_ph1approval(), some fields sets to NULL when needed |
---|
933 | * src/racoon/isakmp_inf.[ch]: purge_ipsec_spi() is now public |
---|
934 | * src/racoon/localconf.[ch]: save/restore_params() functions |
---|
935 | * src/racoon/main.c: moved restore_params functions to localconf |
---|
936 | * src/racoon/remoteconf.c: save_rmconf() functions, dupisakmpsa() |
---|
937 | function, some values set to NULL when needed |
---|
938 | * src/racoon/remoteconf.h: save_rmconf() functions, dupisakmpsa() |
---|
939 | function |
---|
940 | * src/racoon/sainfo.[ch]: save_sainfotree() functions |
---|
941 | * src/racoon/session.c: Reloads conf on a SIGHUP without loosing |
---|
942 | existing tunnels |
---|
943 | |
---|
944 | 2005-04-15 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
945 | |
---|
946 | From Zilvinas Valinskas <zilvinas@gemtek.lt>: |
---|
947 | * configure.ac: |
---|
948 | - cross-compile type fix (patch 1); |
---|
949 | - --enable-{frag|hybrid}=no fixes (patches 6,7); |
---|
950 | - support for --with-flex, --with-flexlib (patch 11); |
---|
951 | - GLIBC_BUGS assignment correction (patch 14 with mods). |
---|
952 | * src/racoon/isakmp.c: fix compilation when hybrid disabled. |
---|
953 | |
---|
954 | 2005-04-11 Emmanuel Dreyfus <manu@netbsd.org> |
---|
955 | |
---|
956 | * src/racoon/rfc/{rfc2407.txt|rfc2408.txt: new files |
---|
957 | RFC for IPsec DOI and ISAKMP |
---|
958 | |
---|
959 | 2005-04-10 Emmanuel Dreyfus <manu@netbsd.org> |
---|
960 | |
---|
961 | * src/racoon/isakmp_base.c: resurect RSASIG support |
---|
962 | * src/racoon/isakmp_ident.c: missing support for hybrid auth |
---|
963 | * src/racoon/{isakmp_base.c|oakley.c}: missing bits for hybrid/base mode |
---|
964 | |
---|
965 | 2005-04-09 Emmanuel Dreyfus <manu@netbsd.org> |
---|
966 | |
---|
967 | * src/racoon/{algorithm.c|algorithm.h|cftoken.l|ipsec_doi.c} |
---|
968 | src/racoon/{isakmp.c|isakmp_agg.c|isakmp_ident.c|isakmp_base.c} |
---|
969 | src/racoon/{isakmp_frag.h|isakmp_xauth.c|oakley.c|racoon.conf.5}: |
---|
970 | Add Xauth + RSASIG, for client and server. Add all Xauth and |
---|
971 | IKE fragmentation logic to base and ident mode. |
---|
972 | * src/libipsec/{pfkey.c|pfkey_dump.c} |
---|
973 | src/setkey/parse.y: more missing TCP_MD5 bits from KAME |
---|
974 | |
---|
975 | 2005-04-08 Emmanuel Dreyfus <manu@netbsd.org> |
---|
976 | |
---|
977 | * src/racoon/cfparse.y: a list of network can be specified for split |
---|
978 | tunnelling |
---|
979 | * src/racoon/{isakmp_cfg.c|racoon.conf.5}: add INTERNAL_CIDR4, the |
---|
980 | netmask in CIDR notation, to the hook script environement. |
---|
981 | * src/setkey/{token.l|parse.y|setkey.8}: KAME backport of missing |
---|
982 | bits for TCP_MD5 support. |
---|
983 | |
---|
984 | From Fred Senault <fred.letter@lacave.net> |
---|
985 | * src/racoon/{cfparse.y|cftoken.l|ipsec_doi.c|ipsec_doi.h} |
---|
986 | src/racoon/racoon.conf.5: KEYID identifier can be taken from |
---|
987 | a file or from a quoted string |
---|
988 | |
---|
989 | 2005-04-05 Emmanuel Dreyfus <manu@netbsd.org> |
---|
990 | |
---|
991 | From Fred Senault <fred.letter@lacave.net> |
---|
992 | * src/racoon/admin.c: fix the admin interface that was left behind |
---|
993 | after recent Xauth changes |
---|
994 | * src/racoon/{cfparse.y|isakmp_xauth.c|isakmp_xauth.h|oakley.c} |
---|
995 | src/racoon/{remoteconf.c|remoteconf.h}: factor Xauth info in |
---|
996 | remote conf within a single structure. |
---|
997 | * src/racoon/{isakmp.c|isakmp_cfg.c}: on client side, do not run |
---|
998 | phase1-up script before ISAKMP mode config is done |
---|
999 | * src/racoon/isakmp_inf.c: log a buggy condition |
---|
1000 | * src/racoon/{isakmp.c|isakmp_agg.c|isakmp_base.c|isakmp_ident.c} |
---|
1001 | src/racoon/{oakley.c|oakley.h}: Use the AUTHMETHOD macro to |
---|
1002 | distinguish between XAUTH PSK and Kerberos authentications |
---|
1003 | * src/racoon/{oakley.c|remoteconf.c}: set a default for certificate |
---|
1004 | requests |
---|
1005 | * src/racoon/isakmp_xauth.c: Fix serious security bug introduced |
---|
1006 | on 2005-03-09: Xauth validation was required for phase 2 on the |
---|
1007 | client (thus blocking phase 2), but not on the server (thus |
---|
1008 | making it open regardless of Xauth exchange). |
---|
1009 | * src/racoon/vendorid.c: dump unknown VIDs |
---|
1010 | |
---|
1011 | |
---|
1012 | 2005-04-06 Yvan Vanhullebus <vanhu@free.fr> |
---|
1013 | |
---|
1014 | * src/racoon/crypto_openssl.c: Disable OpenSSL padding in |
---|
1015 | evp_crypt(), because it may cause some interoperability problems. |
---|
1016 | Solution reported by Ganesan Rajagopal. |
---|
1017 | |
---|
1018 | 2005-04-05 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1019 | |
---|
1020 | * src/racoon/main.c: build with hybrid but without libradius |
---|
1021 | |
---|
1022 | 2005-04-05 Yvan Vanhullebus <vanhu@free.fr> |
---|
1023 | |
---|
1024 | * src/racoon/handler.h: added a flag to identify generated policies |
---|
1025 | * src/racoon/isakmp.c: changed logging in isakmp_ph1expire() |
---|
1026 | * src/racoon/isakmp_inf.c: use iph2->generated_spidx to check if |
---|
1027 | policy have been generated in purge_remote_spi() |
---|
1028 | * src/racoon/isakmp_quick.c: sets iph2->generated_spidx for |
---|
1029 | generated policies |
---|
1030 | * src/racoon/pfkey.c: reactivated the unbindph12() in pk_recvupdate() |
---|
1031 | |
---|
1032 | 2005-04-04 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1033 | |
---|
1034 | * src/racoon/isakmp_cfg.c: fix a buffer overrun in mode config SET |
---|
1035 | |
---|
1036 | 2005-03-30 Michal Ludvig <michal@logix.cz> |
---|
1037 | |
---|
1038 | * configure.ac: Don't compile with NAT-T by default (according to |
---|
1039 | documentation, finally :-) |
---|
1040 | |
---|
1041 | 2005-03-27 Michal Ludvig <michal@logix.cz> |
---|
1042 | |
---|
1043 | From Zilvinas Valinskas <zilvinas@gemtek.lt>: |
---|
1044 | * configure.ac: |
---|
1045 | - Use AC_CHECK_HEADER for kernel headers instead of AC_CHECK_FILE. |
---|
1046 | - Fix OpenSSL check for cross-compilation. |
---|
1047 | * acracoon.m4(RACOON_CHECK_VA_COPY): Allow cross-compilation. |
---|
1048 | (RACOON_CHECK_BUGGY_GETADDRINFO): Ditto. |
---|
1049 | |
---|
1050 | 2005-03-16 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1051 | |
---|
1052 | * src/racoon/privsep.c: check for NULL path in unsafe_path() |
---|
1053 | * src/racoon/privsep.c: missing space |
---|
1054 | |
---|
1055 | 2005-03-15 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1056 | |
---|
1057 | * src/racoon/{cfparse.y|cftoken.l|isakmp.c|isakmp_cfg.c|isakmp_cfg.h} |
---|
1058 | src/racoon/{isakmp_var.h|isakmp_xauth.c|localconf.h|privsep.c} |
---|
1059 | src/racoon/{privsep.h|racoon.conf.5|remoteconf.c|remoteconf.h} |
---|
1060 | src/racoon/main.c: Remove most of config dependency from |
---|
1061 | privilegied instance for upcoming config reload patch. |
---|
1062 | * src/racoon/isakmp_cfg.h: fix the application version for Xauth |
---|
1063 | * src/racoon/isakmp_cfg.c: only call cleanup_pam when PAM is used |
---|
1064 | |
---|
1065 | 2005-03-14 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1066 | |
---|
1067 | * configure.ac: handle correctly dynamic libradius |
---|
1068 | * src/racoon/cfparse.y: correctly initialize address pool |
---|
1069 | |
---|
1070 | 2005-03-13 Yvan Vanhullebus <vanhu@free.fr> |
---|
1071 | |
---|
1072 | * src/racoon/isakmp.c: Fixed a buffer underrun (CAN-2005-0398) |
---|
1073 | |
---|
1074 | 2005-03-09 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1075 | |
---|
1076 | From Fred Senault <fred.letter@lacave.net> |
---|
1077 | * src/racoon/cfparse.y: endainness bugfix |
---|
1078 | * src/racoon/isakmp_xauth.c: off by one bugs in strings |
---|
1079 | * src/racoon/oakley.h: missing parenthesis causing bugs |
---|
1080 | |
---|
1081 | 2005-03-09 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1082 | |
---|
1083 | * src/racoon/isakmp_xauth.c: fix a crash when using RADIUS auth |
---|
1084 | |
---|
1085 | 2005-03-07 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1086 | |
---|
1087 | From Fred Senault <fred.letter@lacave.net> |
---|
1088 | * src/racoon/{algorithm.c|algorithm.h|cfparse.y|cftoken.l} |
---|
1089 | src/racoon/{handler.c|ipsec_doi.c|ipsec_doi.h|isakmp.c} |
---|
1090 | src/racoon/{isakmp_agg.c|isakmp_base.c|isakmp_cfg.c|isakmp_cfg.h} |
---|
1091 | src/racoon/{isakmp_ident.c|isakmp_inf.c|isakmp_quick.c} |
---|
1092 | src/racoon/{isakmp_unity.c|isakmp_xauth.c|kmpstat.c|oakley.c} |
---|
1093 | src/racoon/{oakley.h|plainrsa-gen.8|privsep.c|racoon.conf.5} |
---|
1094 | src/racoon/{racoonctl.c|remoteconf.c|remoteconf.h|strnames.c} |
---|
1095 | src/racoon/{strnames.h|throttle.c}: Support plain Xauth, split |
---|
1096 | tunnelling, multiple DNS & WINS in ISAKMP mode config. |
---|
1097 | |
---|
1098 | 2005-03-02 Yvan Vanhullebus <vanhu@free.fr> |
---|
1099 | |
---|
1100 | * src/racoon/isakmp_quick.c: tunnel_mode_prop() is now public |
---|
1101 | * src/racoon/isakmp_inf.c: fixed compilation if HAVE_POLICY_FWD. |
---|
1102 | |
---|
1103 | 2005-03-01 Yvan Vanhullebus <vanhu@free.fr> |
---|
1104 | |
---|
1105 | * src/racoon/oakley.c: fixed oakley_newiv2() when errors |
---|
1106 | |
---|
1107 | 2005-02-24 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1108 | |
---|
1109 | * src/racoon/privsep.c: safety check port numbers given by the |
---|
1110 | unprivilegied instance. |
---|
1111 | * src/racoon/racoonctl.8: display fixes in racoonctl(8) |
---|
1112 | |
---|
1113 | 2005-02-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1114 | |
---|
1115 | * configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal |
---|
1116 | support for patented algorithms: IDEA and RC5. |
---|
1117 | * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it |
---|
1118 | is not required in the configuration |
---|
1119 | * src/racoon/isakmp.c: do not reject addresses for which kernel |
---|
1120 | refused UDP encapsulation, they can still be used for non NAT-T |
---|
1121 | traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel) |
---|
1122 | * src/libipsec/libpfkey.h: prefer __inline to inline |
---|
1123 | * src/racoon/{cfparse.y|cftoken.l|localconf.c|localconf.h|privsep.c} |
---|
1124 | src/racoon/racoon.conf.5: Add chroot capability |
---|
1125 | |
---|
1126 | 2005-02-18 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1127 | |
---|
1128 | * src/racoon/{main.c|eaytest.c|plairsa-gen.c} |
---|
1129 | src/setkey/setkey.c: don't use fuzzy paths for package_version.h |
---|
1130 | |
---|
1131 | 2005-02-18 Michal Ludvig <michal@logix.cz> |
---|
1132 | |
---|
1133 | * configure.ac, rpm/suse/ipsec-tools.spec.in, |
---|
1134 | rpm/suse/Makefile.am: Distribute .spec file with |
---|
1135 | resolved version string. |
---|
1136 | * src/racoon/Makefile.am: Allow parallel cluster build. |
---|
1137 | |
---|
1138 | 2005-02-17 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1139 | |
---|
1140 | From Fred Senault <fred.letter@lacave.net> |
---|
1141 | * src/racoon/remoteconf.c: Fix a bug in script init |
---|
1142 | |
---|
1143 | 2005-02-17 Yvan Vanhullebus <vanhu@free.fr> |
---|
1144 | |
---|
1145 | * src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks |
---|
1146 | |
---|
1147 | 2005-02-16 Yvan Vanhullebus <vanhu@free.fr> |
---|
1148 | |
---|
1149 | * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a |
---|
1150 | related DELETE_SA |
---|
1151 | * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire |
---|
1152 | |
---|
1153 | 2005-02-15 Michal Ludvig <michal@logix.cz> |
---|
1154 | |
---|
1155 | * configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN |
---|
1156 | |
---|
1157 | --------------------------------------------- |
---|
1158 | |
---|
1159 | Branch for 0.6 created (ipsec-tools-0_6-branch) |
---|
1160 | |
---|
1161 | 2005-02-11 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1162 | |
---|
1163 | From Jason Thorpe <thorpej@netbsd.org> |
---|
1164 | * src/raccon/samples/racoon.conf.sample-gssapi |
---|
1165 | src/racoon/{cfparse.y|cftoken.l|gssapi.c|gssapi.h|ipsec_doi.c} |
---|
1166 | src/racoon/{localconf.c|localconf.h|racoon.conf.5} |
---|
1167 | configure.ac: Multiple GSSAPI fixes to get interoperability |
---|
1168 | with Microsoft IKE. |
---|
1169 | |
---|
1170 | 2005-02-09 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1171 | |
---|
1172 | * src/racoon/{cfparse.y|isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c} |
---|
1173 | src/racoon/{isakmp_xauth.h|main.c|privsep.c|privsep.h} |
---|
1174 | src/racoon/racoon.conf.5: Make PAM work with privilege separation |
---|
1175 | |
---|
1176 | 2005-02-07 Michal Ludvig <michal@logix.cz> |
---|
1177 | |
---|
1178 | From Krisztian Kovacs: |
---|
1179 | * src/racoon/cfparse.y: Allocate correct space for "struct sockaddr". |
---|
1180 | |
---|
1181 | 2005-01-30 Yvan Vanhullebus <vanhu@free.fr> |
---|
1182 | |
---|
1183 | * src/racoon/vmbuf.c: bugfix in vrealloc() |
---|
1184 | * src/racoon/oakley.c: mem leak fix in INITDHVAL() |
---|
1185 | * src/racoon/session.c: mem leak fix in check_flushsa() |
---|
1186 | |
---|
1187 | 2005-01-29 Yvan Vanhullebus <vanhu@free.fr> |
---|
1188 | |
---|
1189 | * src/racoon/isakmp_{ident|agg}.c: NAT-T cleanup |
---|
1190 | * src/racoon/pfkey.c: Uses NATT encaps_type in pk_sendupdate() |
---|
1191 | * src/racoon/vendorid.[ch]: NAT-T cleanup, NATT_01 VID |
---|
1192 | * src/racoon/nattraversal.[ch]: NATT cleanup, support for all |
---|
1193 | drafts (disabled by default) / RFC. |
---|
1194 | * src/racoon/isakmp.h: NATT cleanup for NATT RFC support |
---|
1195 | * src/racoon/ipsec_doi.h: updated comments about NATT |
---|
1196 | * configure.ac: enable-natt_XX options |
---|
1197 | * src/racoon/isakmp.c: set UDP_ENCAPS_ESPINUDP_NON_IKE option when needed |
---|
1198 | |
---|
1199 | |
---|
1200 | 2005-01-29 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1201 | |
---|
1202 | From Fred Senault <fred@lacave.net> |
---|
1203 | * src/racoon/pfkey.c: Update SAD even if NAT-T is disabled, so that |
---|
1204 | phase2 can start. |
---|
1205 | |
---|
1206 | 2005-01-23 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1207 | |
---|
1208 | * src/setkey/{sekkey.8|setkey.c|token.l|parse.y}: implement NetBSD's |
---|
1209 | SADB_X_AALG_TCP_MD5. Resurrect setkey -h meaning on NetBSD. |
---|
1210 | |
---|
1211 | 2005-01-22 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1212 | |
---|
1213 | From Fred Senault <fred@lacave.net> |
---|
1214 | * src/racoon/{cftoken.l|cfparse.y|raccon.conf.5} |
---|
1215 | src/racoon/samples/roadwarrior/README: change "my_identifier login" |
---|
1216 | into "xauth_login" in the config file so that we can introduce Xauth |
---|
1217 | with a pre-shared key later. |
---|
1218 | |
---|
1219 | 2005-01-21 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1220 | |
---|
1221 | * src/racoon/samples/roadwarrior/client/{phase1-up.sh|phase1-down.sh}: |
---|
1222 | workaround Linux problems. This needs a better fix. |
---|
1223 | |
---|
1224 | 2005-01-18 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1225 | |
---|
1226 | * src/racoon/privsep.c: build without ENABLE_HYBRID |
---|
1227 | |
---|
1228 | 2005-01-14 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1229 | |
---|
1230 | * src/raccon/rfc/{rfc3947.txt|rfc3948.txt}: new files (NAT-T) |
---|
1231 | |
---|
1232 | 2005-01-13 Yvan Vanhullebus <vanhu@free.fr> |
---|
1233 | |
---|
1234 | * src/racoon/ipsec_doi.c: Uses proposal_check value to check phase |
---|
1235 | 1 lifetime. |
---|
1236 | * src/racoon/racoon.conf.5: Updated racoon man page for phase 1 |
---|
1237 | lifetime check / proposal_check. |
---|
1238 | |
---|
1239 | 2005-01-11 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1240 | |
---|
1241 | * src/racoon/isakjmp_quick.c: endianness bugfix from KAME |
---|
1242 | |
---|
1243 | 2005-01-07 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1244 | |
---|
1245 | * src/racoon/{cfparse.y|cftoken.l|nattraversal.h|pfkey.c} |
---|
1246 | src/racoon/{racoon.conf.5|remoteconf.c|remoteconf.h} |
---|
1247 | src/libipsec/{libpfkey.h|pfkey.c}: ESP fragmentation size is |
---|
1248 | now configurable (supported only on NetBSD so far). |
---|
1249 | |
---|
1250 | 2005-01-05 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1251 | |
---|
1252 | * src/racoon/privsep.c: Build again on Linux with privsep |
---|
1253 | |
---|
1254 | 2005-01-03 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1255 | |
---|
1256 | * src/racoon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c|isakmp_xauth.h} |
---|
1257 | src/racoon/{cfparse.y|cftoken.l|racoon.conf.5} |
---|
1258 | src/racoon/doc/FAQ |
---|
1259 | configure.ac: PAM support for authentication and accounting in |
---|
1260 | hybrid auth |
---|
1261 | |
---|
1262 | 2005-01-02 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1263 | |
---|
1264 | * src/racoon/admin.c: never fork, it buys nothing an break on some |
---|
1265 | operations |
---|
1266 | |
---|
1267 | 2004-12-30 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1268 | |
---|
1269 | * src/racoon/{Makefile.am|admin.h|cfparse.y|cftoken.l|isakmp.c} |
---|
1270 | src/racoon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_var.h| isakmp_xauth.c} |
---|
1271 | src/racoon/{localconf.c|localconf.h|main.c|oakley.c|pfkey.c} |
---|
1272 | src/racoon/{racoon.conf.5|remoteconf.c|remoteconf.h|session.c} |
---|
1273 | src/racoon/{privsep.c|privsep.h}: new files |
---|
1274 | Privilege separation |
---|
1275 | |
---|
1276 | * src/racoon/{Makefile.am|admin.h|admin_var.h|kmpstat.c} |
---|
1277 | src/racoon/{racoonctl.c|racoonctl.h}: new files |
---|
1278 | configure.ac: publically export the adminport interface so that |
---|
1279 | external program can control racoon |
---|
1280 | |
---|
1281 | * src/racoon/{racoonctl.c|racoonctl.h|kmpstat.c}: Add interface |
---|
1282 | versionning |
---|
1283 | |
---|
1284 | * src/racoon/admin.h: make sure no / will be missing in adminsock path |
---|
1285 | |
---|
1286 | --------------------------------------------- |
---|
1287 | |
---|
1288 | Branch for 0.5 created (ipsec-tools-0_5-branch) |
---|
1289 | |
---|
1290 | 2004-12-23 Yvan Vanhullebus <vanhu@free.fr> |
---|
1291 | |
---|
1292 | * src/racoon/crypto_openssl.c: Indentation |
---|
1293 | |
---|
1294 | 2004-12-28 Yvan Vanhullebus <vanhu@free.fr> |
---|
1295 | |
---|
1296 | * src/racoon/crypto_openssl.c: Fixed eay_get_x509subjectaltname() |
---|
1297 | when getting an IP (Bug # 1092095) |
---|
1298 | |
---|
1299 | |
---|
1300 | 2004-12-26 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1301 | |
---|
1302 | * src/racoon/session.c: remove outdated comment |
---|
1303 | |
---|
1304 | --------------------------------------------- |
---|
1305 | |
---|
1306 | 0.5.beta2 released |
---|
1307 | |
---|
1308 | 2004-12-21 Michal Ludvig <michal@logix.cz> |
---|
1309 | |
---|
1310 | * src/racoon/pfkey.c: Fix AES vs Rijndael defines. |
---|
1311 | |
---|
1312 | 2004-12-20 Yvan Vanhullebus <vanhu@free.fr> |
---|
1313 | |
---|
1314 | * configure.ac, src/racoon/isakmp.c, src/racoon/pfkey.c: |
---|
1315 | Some FreeBSD / NATT support. |
---|
1316 | |
---|
1317 | 2004-12-17 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1318 | |
---|
1319 | * src/racoon/isakmp.c: only IPv4 NAT-T is supported, so skip IPv6 here. |
---|
1320 | * src/racoon/pfkey.c: Restore AES support on NetBSD. |
---|
1321 | |
---|
1322 | 2004-12-17 Yvan Vanhullebus <vanhu@free.fr> |
---|
1323 | |
---|
1324 | * src/racoon/crypto_openssl.c: Uses sprintf() instead of |
---|
1325 | asprintf() in eay_get_x509subjectaltname(), because of some |
---|
1326 | compilation problems reported with asprintf() on some platforms. |
---|
1327 | * src/racoon/oakley.c: just take the first cert in |
---|
1328 | oakley_savecert() if cert ID check is disabled. |
---|
1329 | |
---|
1330 | 2004-12-16 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1331 | |
---|
1332 | * src/racoon/crypto_openssl.c: Build again on NetBSD |
---|
1333 | * src/racoon/samples/roadwarrior/server/racoon |
---|
1334 | src/racoon/samples/roadwarrior/server/racoon.conf-radius |
---|
1335 | src/racoon/samples/roadwarrior/README: Use DPD in sample files. |
---|
1336 | |
---|
1337 | 2004-12-16 Yvan Vanhullebus <vanhu@free.fr> |
---|
1338 | |
---|
1339 | * src/racoon/crypto_openssl.c: Fixed eay_get_x509subjectaltname() |
---|
1340 | when SubjectAltName contains an IP. OpenSSL code from Ludovic |
---|
1341 | Flament (ludovic.flament@free.fr). |
---|
1342 | |
---|
1343 | --------------------------------------------- |
---|
1344 | |
---|
1345 | 0.5.beta1 released |
---|
1346 | |
---|
1347 | 2004-12-13 Michal Ludvig <mludvig@suse.cz> |
---|
1348 | |
---|
1349 | From Ganesan R <rganesan@users.sourceforge.net>: |
---|
1350 | * src/racoon/Makefile.am, src/setkey/Makefile.am: Fix compilation |
---|
1351 | with shared libraries. |
---|
1352 | |
---|
1353 | 2004-12-10 Yvan Vanhullebus <vanhu@free.fr> |
---|
1354 | |
---|
1355 | * src/racoon/oakley.c: takes the first certificate which matches |
---|
1356 | the Identity, instead of just taking the first certificate. |
---|
1357 | |
---|
1358 | 2004-12-07 Yvan Vanhullebus <vanhu@free.fr> |
---|
1359 | |
---|
1360 | * src/racoon/isakmp_inf.c: Set spi_size for R-U-THERE/R-U-THERE-ACK. |
---|
1361 | |
---|
1362 | 2004-12-04 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1363 | |
---|
1364 | * src/libipsec/pfkey_dump.c: distinguish per-socket policies from |
---|
1365 | general ones (Linux case); |
---|
1366 | * src/racoon/pfkey.c: dito, do not negotiate policies if racoon |
---|
1367 | do not listen on out tunnel's source address. |
---|
1368 | |
---|
1369 | 2004-12-01 Yvan Vanhullebus <vanhu@free.fr> |
---|
1370 | |
---|
1371 | * src/racoon/isakmp_agg.c: code cleanup in NATT / DPD VIDs |
---|
1372 | generation in r1send() |
---|
1373 | |
---|
1374 | 2004-12-01 Yvan Vanhullebus <vanhu@free.fr> |
---|
1375 | |
---|
1376 | * src/racoon/remoteconf.{c|h}: DPD support option (enabled by default) |
---|
1377 | * src/racoon/{cfparse.y|cftoken.l}: DPD token, yyerror if DPD |
---|
1378 | parameters but compiled without ENABLE_DPD |
---|
1379 | * src/racoon/isakmp_{agg|ident}.c: Send DPD VID only if DPD |
---|
1380 | support activated in configuration |
---|
1381 | |
---|
1382 | 2004-11-30 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1383 | |
---|
1384 | * src/racoon{evt.c|evt.h|admin.c}: init event queue at compile time, |
---|
1385 | to avoid garbage pointer if admin port is disabled. |
---|
1386 | * src/racoon/{throttle.c|throttle.h}: new files |
---|
1387 | src/racoon/{Makefile.am|isakmp_cfg.c|isakmp_xauth.c|racoon.conf.5} |
---|
1388 | configure.ac: Add a per-host throttling count. When throttling, |
---|
1389 | don't sleep, schedule the answer for later instead. |
---|
1390 | * src/racoon/kmpstat.c: default with no hexdump of the packet |
---|
1391 | * src/racoon/admin.c: don't remove admin socket after first request, |
---|
1392 | on the other hand remove on startup stale sockets left by |
---|
1393 | crashed racoon. |
---|
1394 | * src/racoon/samples/roadwarrior/README |
---|
1395 | src/racoon/kmpstat.c: fix option parsing problem on Linux |
---|
1396 | |
---|
1397 | 2004-11-29 Yvan Vanhullebus <vanhu@free.fr> |
---|
1398 | |
---|
1399 | * src/racoon/session.c: Only listen on pfkey socket when received |
---|
1400 | shutdown signal |
---|
1401 | |
---|
1402 | 2004-11-28 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1403 | |
---|
1404 | * src/racoon/{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} |
---|
1405 | src/racoon/{isakmp_xauth.c|racoon.conf.5}: Add a one second throttle |
---|
1406 | on each Xauth authentication to avoid brute force attacks |
---|
1407 | |
---|
1408 | 2004-11-24 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1409 | |
---|
1410 | * src/racoon/samples/roadwarrior/README |
---|
1411 | src/racoon/samples/roadwarrior/client{phase1-up.sh|phase1-down.sh} |
---|
1412 | src/racoon/samples/roadwarrior/client/{racoon.conf|racoon.conf-radius} |
---|
1413 | src/racoon/samples/roadwarrior/server/{racoon.conf|phase1-down.sh}: |
---|
1414 | Fill Linux gaps for hybrid auth client, Replace public IP by |
---|
1415 | private and example IP in the sample config files. |
---|
1416 | |
---|
1417 | 2004-11-24 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1418 | |
---|
1419 | DPD patch from Yvan Vanhullebus <vanhu@free.fr> |
---|
1420 | * src/racoon/cfparse.y: missing bits for DPD support |
---|
1421 | |
---|
1422 | 2004-11-23 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1423 | |
---|
1424 | * src/setkey/parse.y: generate require fwd policies for unique in |
---|
1425 | policies. |
---|
1426 | * src/setkey/setkey.c: made -r/-k options awailable only when |
---|
1427 | system has FWD policies. |
---|
1428 | * src/setkey/setkey.8: updated docs about change above. |
---|
1429 | |
---|
1430 | 2004-11-22 Michal Ludvig <mludvig@suse.cz> |
---|
1431 | |
---|
1432 | * src/racoon/{admin.c,pfkey.c}: Wrap adminport-parts to |
---|
1433 | #ifdef ENABLE_ADMINPORT/#endif. |
---|
1434 | |
---|
1435 | 2004-11-22 Michal Ludvig <mludvig@suse.cz> |
---|
1436 | |
---|
1437 | Revert these changes (ludvigm, 2004-11-18): |
---|
1438 | * src/racoon/Makefile.am: install sample racoon.conf and psk.txt. |
---|
1439 | * src/setkey/Makefile.am: Install setkey.conf. |
---|
1440 | |
---|
1441 | 2004-11-22 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1442 | |
---|
1443 | * src/raccon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c}: defer phase 1 |
---|
1444 | removal so that it's not used after been deleted. |
---|
1445 | * src/racoon/{evt.h|isakmp.c|isakmp_agg.c|isakmp_base.c|session.c} |
---|
1446 | src/racoon/{isakmp_ident.c|isakmp_inf.c|kmpstat.c}: report more |
---|
1447 | errors to racoonctl |
---|
1448 | |
---|
1449 | 2004-11-21 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1450 | |
---|
1451 | * src/racoon/doc/FAQ: NAT-T kernel patch for NetBSD is now on |
---|
1452 | the ipsec-tools web site |
---|
1453 | * src/racoon/{kmpstat.c|racoonctl.8}: New racoonctl command to |
---|
1454 | display all events reported by racoon: show-event |
---|
1455 | * src/racoon/isakmp_cfg.c: don't send ISAKMP mode config message |
---|
1456 | with immature or dying phase 1 |
---|
1457 | * src/racoon/kmpstat.c: racoonctl vd awaits phase 1 to get down |
---|
1458 | |
---|
1459 | 2004-11-20 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1460 | |
---|
1461 | * src/racoon/isakmp_agg.c: for hybrid auth client, advertise ourself |
---|
1462 | as Unity compliant. |
---|
1463 | * src/racoon/{evt.c|evt.h}: new files |
---|
1464 | src/racoon/{Makefile.am|admin.c|admin.h|isakmp.c|isakmp_cfg.c} |
---|
1465 | src/racoon/{isakmp_xauth.c|kmpstat.c|pfkey.c}: framework for |
---|
1466 | event reporting from racoon to racoonctl |
---|
1467 | |
---|
1468 | 2004-11-20 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1469 | |
---|
1470 | * src/racoon/grabmyaddr.c: Prevent doubling addresses and error messages |
---|
1471 | when racoon is compiled with INET6 support and kernel is not. |
---|
1472 | Fixed with help of Zilvinas Valinskas. |
---|
1473 | * src/racoon/{var.h|sockmisc.c}: Fixed compilation with gcc-3.4.2+ |
---|
1474 | problem. |
---|
1475 | |
---|
1476 | 2004-11-19 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1477 | |
---|
1478 | * src/racoon/doc/FAQ: more options and warn about software patents. |
---|
1479 | |
---|
1480 | 2004-11-18 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1481 | |
---|
1482 | * src/racoon/vmbuf.c: don't allocate zero-length buffer |
---|
1483 | * src/racoon/samples/roadwarrior/client/phase1-down.sh |
---|
1484 | src/racoon/samples/roadwarrior/server/phase1-down.sh: Also |
---|
1485 | flush SAD when disconnecting. |
---|
1486 | * src/racoon/admin.c: Send a notification when deleting ISAKMP SA |
---|
1487 | * src/racoon/samples/roadwarrior/README: accomodate the recent |
---|
1488 | sysconfdir change |
---|
1489 | |
---|
1490 | 2004-11-18 Michal Ludvig <mludvig@suse.cz> |
---|
1491 | |
---|
1492 | * src/racoon/Makefile.am: Fix adminsocket dir, install sample |
---|
1493 | racoon.conf and psk.txt. |
---|
1494 | * src/racoon/localconf.h: Look for racoon.conf in $(SYSCONFDIR), |
---|
1495 | not $(SYSCONFDIR)/racoon. |
---|
1496 | * src/racoon/algorithm.h, src/racoon/eaytest.c, |
---|
1497 | src/racoon/schedule.h, src/racoon/gnuc.h: Build fixes for really |
---|
1498 | strict environments. |
---|
1499 | * src/setkey/setkey.conf: Yet another sample config file. |
---|
1500 | * src/setkey/Makefile.am: Install setkey.conf. |
---|
1501 | * rpm/suse/{ipsec-tools.spec.in,sysconfig.racoon,racoon.init}: New |
---|
1502 | files. |
---|
1503 | * rpm/suse/{Makefile.am,.cvsignore}: New files. |
---|
1504 | * configure.ac, rpm/Makefile.am: Build in rpm/suse. |
---|
1505 | |
---|
1506 | 2004-11-17 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1507 | |
---|
1508 | * configure.ac: paste bugfix by Zilvinas Valinskas |
---|
1509 | * src/racon/{isakmp_quick.c|policy.c|strnames.c}: fwd policy support |
---|
1510 | for generated policies. Path by Patrick McHardy. |
---|
1511 | |
---|
1512 | 2004-11-16 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1513 | |
---|
1514 | * src/racoon/racoonctl.8: racoonctl man page (new file) |
---|
1515 | |
---|
1516 | 2004-11-16 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1517 | |
---|
1518 | From Ganesan <rganesan@users.sourceforge.net> |
---|
1519 | * src/racoon/ipsec_doi.c: fix free'd memory access |
---|
1520 | |
---|
1521 | 2004-11-16 Michal Ludvig <mludvig@suse.cz> |
---|
1522 | |
---|
1523 | DPD patch from Yvan Vanhullebus <vanhu@free.fr> |
---|
1524 | * configure.ac, src/racoon/cfparse.y, src/racoon/cftoken.l, |
---|
1525 | src/racoon/handler.c, src/racoon/handler.h, |
---|
1526 | src/racoon/isakmp.c, src/racoon/isakmp.h, |
---|
1527 | src/racoon/isakmp_agg.c, src/racoon/isakmp_ident.c, |
---|
1528 | src/racoon/isakmp_inf.c, src/racoon/isakmp_inf.h, |
---|
1529 | src/racoon/racoon.conf.5 src/racoon/remoteconf.c, |
---|
1530 | src/racoon/remoteconf.h, src/racoon/vendorid.c, |
---|
1531 | src/racoon/vendorid.h: Dead Peer Detection (DPD) support. |
---|
1532 | |
---|
1533 | 2004-11-16 Michal Ludvig <mludvig@suse.cz> |
---|
1534 | |
---|
1535 | * configure.ac: Remove a bash-specific construction, take II. |
---|
1536 | * src/racoon/grabmyaddr.c: FreeBSD fix for headers. |
---|
1537 | |
---|
1538 | 2004-11-15 Michal Ludvig <mludvig@suse.cz> |
---|
1539 | |
---|
1540 | * configure.ac: Use correct include paths during ./configure run. |
---|
1541 | * src/racoon/Makefile.am: Compile cftoken.l from $(srcdir), |
---|
1542 | remove samples/racoon.conf.sample-cvpn, added samples/roadwarrior |
---|
1543 | (hint, hint, manu :-)) |
---|
1544 | |
---|
1545 | 2004-11-15 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1546 | |
---|
1547 | * README: update the docs |
---|
1548 | * src/racoon/doc/FAQ: update the docs |
---|
1549 | * configure.ac: Remove a bash-specific construction |
---|
1550 | |
---|
1551 | 2004-11-14 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1552 | |
---|
1553 | * src/racoon/cfparse.y: ensure that returns from rules are |
---|
1554 | initialized even on erroneous config file. |
---|
1555 | * src/racoon/admin_var.h: changed management socket location |
---|
1556 | * src/racoon/Makefile.am: ditto, added rule to install directory |
---|
1557 | for management socket. |
---|
1558 | * src/setkey/{setkey.c|parse.y}: introduced rfc/kernel modes, |
---|
1559 | added generation of fwd policies for every in policy spdadd'ed. |
---|
1560 | * src/setkey/setkey.8,src/libipsec/ipsec_set_policy.3: updated docs |
---|
1561 | * src/setkey/policy_token.l: return something reasonable when |
---|
1562 | fwd direction is parsed on systems with no forward policy |
---|
1563 | support. |
---|
1564 | |
---|
1565 | 2004-11-14 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1566 | |
---|
1567 | * src/racoon/isakmp.c: avoid a double free when using IKE fragmentation |
---|
1568 | * src/racoon/{backupsa.c|ipsec_doi.c|localconf.c|str2val.c} |
---|
1569 | src/{libipsec/key_debug.c|setkey/parse.y}: fix build warnings |
---|
1570 | * configure.ac src/racoon/{admin.c|admin_var.h} |
---|
1571 | src/racoon/racoon.conf.5 src/racoon/samples/roadwarrior/README |
---|
1572 | src/racoon/samples/roadwarrior/client/racoon.conf: make the default |
---|
1573 | mode for the admin socket more secure. |
---|
1574 | |
---|
1575 | 2004-11-13 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1576 | |
---|
1577 | * src/racoon/{cfparse.y|remoteconf.c|crypto_openssl.c|crypto_openssl.h} |
---|
1578 | src/racoon/{eaytest.c|oakley.c|racoon.conf.5|cftoken.l|remoteconf.h} |
---|
1579 | src/racoon/samples/roadwarrior/README |
---|
1580 | src/racoon/samples/roadwarrior/client/racoon.conf: Make the root |
---|
1581 | certificate authority location per-peer and configurable. |
---|
1582 | * src/racoon/isakmp_frag.c: fix unallocated memory access |
---|
1583 | * src/racoon/isakmp_agg.c: fix incorrect queue deallocation |
---|
1584 | * src/racoon/remoteconf.c: fix uninitialized data |
---|
1585 | * src/racoon/{admin.c|isakmp_xauth.c}: fix free'ed memory access |
---|
1586 | |
---|
1587 | 2004-11-12 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1588 | |
---|
1589 | * src/racoon/{Makefile.am|kmpstat.c}: Make racoonctl vc and vd |
---|
1590 | commands IPv6 friendly. |
---|
1591 | * src/racoon/{admin.c|admin.h|handler.c|handler.h|kmpstat.c}: |
---|
1592 | Add an admin message to flush all the SA for a given peer. |
---|
1593 | Convert racoonctl vd to use it. |
---|
1594 | * src/racoon/{admin.c|kmpstat.c|cftoken.l|cfparse.y} |
---|
1595 | src/racoon/{admin_var.h|admin.h|raccon.conf.5}: Enable the |
---|
1596 | administrator to choose the admin socket path, ownership and mode. |
---|
1597 | * src/racoon/sample/roadwarrior: complete config files for |
---|
1598 | road warriors using hybrid authentication. |
---|
1599 | |
---|
1600 | 2004-11-12 Michal Ludvig <mludvig@suse.cz> |
---|
1601 | |
---|
1602 | * configure.ac: Config option --enable-natt=kernel |
---|
1603 | * src/racoon/Makefile.am: Distribute only yacc/lex source files, |
---|
1604 | not the preprocessed .c files. |
---|
1605 | |
---|
1606 | 2004-11-11 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1607 | |
---|
1608 | * src/racoon/samples/racoon.conf.sample-cvpn: more complete setup |
---|
1609 | and comments in the VPN concentrator setup for the Cisco VPN client |
---|
1610 | * src/racoon/racoon.conf.5: fix documentation |
---|
1611 | * src/racoon/isakmp_cfg.c: get the internal IPv4 address in script |
---|
1612 | hooks event if we are a server. |
---|
1613 | |
---|
1614 | 2004-11-10 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1615 | |
---|
1616 | * src/racoon/{ipsec_doi.c|remoteconf.c}: fix LP64 problems |
---|
1617 | |
---|
1618 | 2004-11-09 Michal Ludvig <mludvig@suse.cz> |
---|
1619 | |
---|
1620 | * Makefile.am: Remove aclocal-related lines. |
---|
1621 | * src/racoon/Makefile.am: Add isakmp_frag.h into noints_HEADERS |
---|
1622 | * configure.ac: Cleanup, define INET6 if IPv6 shoud be supported, |
---|
1623 | better handling of KRB5 and NAT-T. |
---|
1624 | * src/racoon/{isakmp_cfg.c,isakmp_frag.c,isakmp_unity.c}: Make |
---|
1625 | FreeBSD happy with includes (Arrgh...&^#$^@!!!) |
---|
1626 | |
---|
1627 | 2004-11-08 Michal Ludvig <mludvig@suse.cz> |
---|
1628 | |
---|
1629 | * src/libipsec/policy_parse.y: Define INT32_MAX/INT32_MIN. |
---|
1630 | * src/libipsec/policy_token.l, src/racoon/kmpstat.c, |
---|
1631 | src/racoon/{pfkey.c,prsa_par.y,rsalist.c,token.l}: Small |
---|
1632 | fixes to support FreeBSD (tested with 4.10). |
---|
1633 | |
---|
1634 | 2004-11-05 Michal Ludvig <mludvig@suse.cz> |
---|
1635 | |
---|
1636 | * configure.ac: Add --with-readline switch. |
---|
1637 | * src/setkey/setkey.c(stdin_loop): Fix newlines and comments |
---|
1638 | when compiled without readline. |
---|
1639 | |
---|
1640 | 2004-11-01 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1641 | |
---|
1642 | * src/racoon/isakmp_quick.c: generated policy refresh patch |
---|
1643 | by Yvan Vanhullebus |
---|
1644 | |
---|
1645 | 2004-10-29 Michal Ludvig <mludvig@suse.cz> |
---|
1646 | |
---|
1647 | * configure.ac: Check for IPSEC_DIR_FWD and eventually define |
---|
1648 | HAVE_POLICY_FWD. |
---|
1649 | * src/libipsec/{ipsec_dump_policy.c,policy_token.l}: Use |
---|
1650 | HAVE_POLICY_FWD in ifdefs. |
---|
1651 | * NEWS: Mention the fix. |
---|
1652 | * src/racoon/kmpstat.c: Fix compilation on Linux. |
---|
1653 | * src/racoon/ipsec_doi.h: Ditto. |
---|
1654 | * src/racoon/Makefile.am, src/setkey/Makefile.am: Update |
---|
1655 | explicit dependencies. |
---|
1656 | |
---|
1657 | 2004-10-29 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1658 | |
---|
1659 | * src/racoon/{isakmp_cfg.h,grabmyaddr.c,handler.c,handler.h}: |
---|
1660 | do not reconfigure internal addresses obtained through ISAKMP |
---|
1661 | mode config. |
---|
1662 | * src/racoon/{isakmp.c,isakmp_cfg.c,isakmp_xauth.c}: On authentication |
---|
1663 | failure, kill the phase 1 and log the failure. Do not run the sa_up |
---|
1664 | script in this case. |
---|
1665 | * src/racoon/{admin.c,admin.h,isakmp_xauth.c,kmpstat.c,remoteconf.h}: |
---|
1666 | Add -u user to racoonctl establish-sa, prompt for the PSK from |
---|
1667 | the terminal, and add a vpn-connect target with simplified syntax |
---|
1668 | for establishing a SA in the road warrior case. |
---|
1669 | * src/racoon/{admin.c,kmpstat.c}: implement delete-sa and |
---|
1670 | vpn-disconnect commands of racoonctl |
---|
1671 | * src/racoon/{cfparse.y,cftoken.l,handler.c,isakmp.c,isakmp_cfg.c} |
---|
1672 | src/racoon/{isakmp_var.h,racoon.conf.5,remoteconf.c,remoteconf.h}: |
---|
1673 | Remove sa_up and sa_down and replace them by a more general |
---|
1674 | script hook framework. |
---|
1675 | |
---|
1676 | 2004-10-27 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1677 | |
---|
1678 | * src/racoon/nattraversal.c: Use macros instead of magic numbers |
---|
1679 | * src/racoon/kmpstat.c: pull up fixes from KAME so that racoonctl |
---|
1680 | can actually establish a SA |
---|
1681 | * src/racoon/{cfparse.y,cftoken.l,handler.c,isakmp.c,isakmp_cfg.c} |
---|
1682 | src/racoon/{isakmp_var.h,racoon.conf.5,remoteconf.c,remoteconf.h}: |
---|
1683 | Shell script hooks for ISAKMP SA creation and removal |
---|
1684 | |
---|
1685 | 2004-10-26 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1686 | |
---|
1687 | * src/racoon/rfc/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt: removed |
---|
1688 | src/racoon/rfc/draft-ietf-ipsec-isakmp-mode-cfg-04.txt: removed |
---|
1689 | src/racoon/rfc/draft-beaulieu-ike-xauth-02.txt: new file |
---|
1690 | src/racoon/rfc/draft-dukes-ike-mode-cfg-02.txt: new file |
---|
1691 | Update to the latest drafts |
---|
1692 | |
---|
1693 | 2004-10-25 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1694 | |
---|
1695 | * src/racoon/rfc/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt: new file |
---|
1696 | src/racoon/rfc/draft-ietf-ipsec-isakmp-mode-cfg-04.txt: new file |
---|
1697 | src/racoon/rfc/draft-ietf-ipsec-isakmp-xauth-07.txt: new file |
---|
1698 | drafts documenting ISAKMP mode config, Xauth and hybrid auth |
---|
1699 | * src/racoon/cftoken.l: fix build problem, add an error message |
---|
1700 | when using hybrid auth options while hybrid auth is not built |
---|
1701 | * src/racoon/isakmp_cfg.c: build without RADIUS support too |
---|
1702 | |
---|
1703 | 2004-10-24 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1704 | |
---|
1705 | * src/racoon/{algorithm.c,algorithm.h,cfparse.y,cftoken.l} |
---|
1706 | src/racoon/{ipsec_doi.c,ipsec_doi.h,isakmp.c,isakmp_agg.c} |
---|
1707 | src/racoon/{isakmp_cfg.c,isakmp_cfg.h,isakmp_xauth.c,isakmp_xauth.h} |
---|
1708 | src/racoon/{oakley.c,oakley.h,racoon.conf.5} |
---|
1709 | src/racoon/{remoteconf.c,remoteconf.h,strnames.c}: Client side |
---|
1710 | of hybrid auth and ISAKMP mode config |
---|
1711 | |
---|
1712 | 2004-10-24 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1713 | |
---|
1714 | * src/racoon/{cfparse.y,cftoken.l,handler.h,isakmp.c} |
---|
1715 | src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_frag.c,isakmp_frag.h} |
---|
1716 | src/racoon/{isakmp_inf.c,racoon.conf.5,remoteconf.c,remoteconf.h}: |
---|
1717 | Receiver-side of IKE fragmentation |
---|
1718 | |
---|
1719 | 2004-10-24 Emmanuel Dreyfus <manu@netbsd.org> |
---|
1720 | |
---|
1721 | * src/racoon/isakmp_cfg.c: Fix read buffer overflow |
---|
1722 | * src/racoon/isakmp_xauth.c: Fix weak authentication |
---|
1723 | * src/racoon/{oakley.c,oakley.h}: Fix weak authentication |
---|
1724 | |
---|
1725 | 2004-10-21 Michal Ludvig <mludvig@suse.cz> |
---|
1726 | |
---|
1727 | From Emmanuel Dreyfus: |
---|
1728 | * src/racoon/{isakmp_frag.c,isakmp_frag.h}: New files. |
---|
1729 | * src/racoon/isakmp_cfg.c: Fix endianness. |
---|
1730 | |
---|
1731 | 2004-10-20 Michal Ludvig <mludvig@suse.cz> |
---|
1732 | |
---|
1733 | From Emmanuel Dreyfus: |
---|
1734 | * src/racoon/{cfparse.y,cftoken.l,handler.c}, |
---|
1735 | src/racoon/{isakmp_cfg.c,isakmp_cfg.h,isakmp_xauth.c}, |
---|
1736 | src/racoon/racoon.conf.5: RADIUS IP addresses allocation |
---|
1737 | and RADIUS accounting. |
---|
1738 | * configure.ac, |
---|
1739 | src/racoon/{Makefile.am,handler.h,isakmp.c,isakmp.h}, |
---|
1740 | src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_inf.c}, |
---|
1741 | src/racoon/{vendorid.c,vendorid.h}: IKE Fragmentation patch. |
---|
1742 | |
---|
1743 | 2004-10-08 Michal Ludvig <mludvig@suse.cz> |
---|
1744 | |
---|
1745 | * src/racoon/isakmp_cfg.c: Fixes from Emmanuel Dreyfus. |
---|
1746 | |
---|
1747 | 2004-10-06 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1748 | |
---|
1749 | * src/racoon/remoteconf.c: dupidvl(), dupetypes() - new functions |
---|
1750 | to duplicate dynamically allocatd structures; duprmconf() - call |
---|
1751 | these functions to produce private copy of inherited id and etype |
---|
1752 | structures. |
---|
1753 | * src/racoon/remoteconf.c: declaration for dupetypes(). |
---|
1754 | |
---|
1755 | 2004-10-04 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1756 | |
---|
1757 | * src/racoon/cfparse.y: check inherited_from dereferencing |
---|
1758 | * src/racoon/crypto_openssl.c: prevent crash on incorect DNs |
---|
1759 | |
---|
1760 | 2004-09-27 Michal Ludvig <mludvig@suse.cz> |
---|
1761 | |
---|
1762 | From KOVACS Krisztian <hidden@balabit.hu>: |
---|
1763 | * src/racoon/sockmisc.c(sendfromto): Set src address. |
---|
1764 | |
---|
1765 | 2004-09-24 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1766 | |
---|
1767 | * configure.ac: added check for linux-gnu, as my box reports |
---|
1768 | * src/racoon/grabmyaddr.c: added missing <linux/types.h> include |
---|
1769 | |
---|
1770 | 2004-09-21 Michal Ludvig <mludvig@suse.cz> |
---|
1771 | |
---|
1772 | Merged 'autoconf' branch to mainline: |
---|
1773 | * .cvsignore, ChangeLog, Makefile.am, bootstrap, configure.ac, |
---|
1774 | src/racoon/.cvsignore, src/racoon/cfparse.y, |
---|
1775 | src/racoon/crypto_openssl.c, src/racoon/crypto_openssl.h, |
---|
1776 | src/racoon/ipsec_doi.c, src/racoon/isakmp.c, |
---|
1777 | src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, |
---|
1778 | src/racoon/isakmp_cfg.c, src/racoon/isakmp_ident.c, |
---|
1779 | src/racoon/isakmp_unity.c, src/racoon/main.c, |
---|
1780 | src/racoon/nattraversal.c, src/racoon/oakley.c, |
---|
1781 | src/racoon/oakley.h, src/racoon/sockmisc.c, |
---|
1782 | src/racoon/missing/crypto/sha2/sha2.c: Modified (see ChangeLog |
---|
1783 | in 'autoconf' branch for details). |
---|
1784 | * acracoon.m4, src/racoon/Makefile.am: New files. |
---|
1785 | * src/racoon/Makefile.in, src/racoon/aclocal.m4, |
---|
1786 | src/racoon/client-puzzle.c, src/racoon/config.guess, |
---|
1787 | src/racoon/config.sub, src/racoon/configure.in, |
---|
1788 | src/racoon/install-sh, src/racoon/doc/SantaBarbara-result.jp, |
---|
1789 | src/racoon/doc/helsinki-result.jp, src/racoon/doc/ibm-result.jp, |
---|
1790 | src/racoon/doc/pattern, src/racoon/doc/question, |
---|
1791 | src/racoon/doc/racoonquestion.sh, src/racoon/doc/redmond.txt, |
---|
1792 | src/racoon/doc/rules.jp, src/racoon/doc/sandiego-result.en, |
---|
1793 | src/racoon/doc/sandiego-result.jp, |
---|
1794 | src/racoon/doc/sandiego0009-result.en, |
---|
1795 | src/racoon/missing/addrinfo.h, src/racoon/missing/getaddrinfo.c, |
---|
1796 | src/racoon/missing/getnameinfo.c, src/racoon/samples/Makefile, |
---|
1797 | src/racoon/samples/sandiego.pl: Removed. |
---|
1798 | |
---|
1799 | 2004-09-17 Michal Ludvig <mludvig@suse.cz> |
---|
1800 | |
---|
1801 | * src/racoon/vendorid.[ch]: Rewrote the VendorID handling. |
---|
1802 | We don't use the array with fixed offsets anymore, instead |
---|
1803 | a generally unordered structure with ID, string and |
---|
1804 | precomputed MD5 hashes. |
---|
1805 | * src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_ident.c}, |
---|
1806 | src/racoon/nattraversal.c: Updated to the new VID model. |
---|
1807 | * src/racoon/main.c(main): Precompute VendorIDs. |
---|
1808 | * src/racoon/arc4random.h, src/racoon/missing/arc4random.c: |
---|
1809 | Files removed. Function arc4random() renamed to eay_random() |
---|
1810 | and moved to crypto_openssl.c. |
---|
1811 | * src/racoon/pfkey.c, src/racoon/oakley.c, src/racoon/main.c, |
---|
1812 | src/racoon/isakmp.c: Updated to the above change. |
---|
1813 | * src/racoon/Makefile.in, src/racoon/configure.in: Remove |
---|
1814 | arc4random() from building. |
---|
1815 | * src/racoon/crypto_openssl.[ch](eay_random): New function. |
---|
1816 | * src/racoon/isakmp_cfg.c, src/racoon/isakmp_unity.c, |
---|
1817 | src/racoon/isakmp_xauth.c: Cleaned up headers. |
---|
1818 | |
---|
1819 | 2004-09-16 Michal Ludvig <mludvig@suse.cz> |
---|
1820 | |
---|
1821 | * src/racoon/crypto_openssl.c (base64_encode): Terminate |
---|
1822 | the result with '\0'. |
---|
1823 | |
---|
1824 | 2004-09-15 Michal Ludvig <mludvig@suse.cz> |
---|
1825 | |
---|
1826 | * configure.ac: How about calling the next version 0.5? |
---|
1827 | * src/include-glibc/glibc-bugs.h: Define _XOPEN_SOURCE |
---|
1828 | _BSD_SOURCE and don't require <linux/types.h> |
---|
1829 | * src/racoon/isakmp_cfg.c, src/racoon/isakmp_unity.c, |
---|
1830 | src/racoon/isakmp_xauth.c: Don't include <netkey/key_var.h> |
---|
1831 | * src/racoon/Makefile.in: Add new files to distribution. |
---|
1832 | * src/racoon/configure.in: Fix linux kernel NATT detection. |
---|
1833 | * src/setkey/parse.y: Fix types. |
---|
1834 | * src/racoon/backupsa.c, src/racoon/ipsec_doi.c, |
---|
1835 | src/racoon/isakmp_inf.c, src/racoon/isakmp_quick.c, |
---|
1836 | src/racoon/pfkey.c, src/racoon/remoteconf.c, |
---|
1837 | src/racoon/session.c, src/racoon/sockmisc.c: Fix headers |
---|
1838 | ordering, use HAVE_NETINET6_IPSEC. |
---|
1839 | * src/racoon/isakmp_cfg.c: Use %z for size_t. |
---|
1840 | * src/racoon/configure.in: Clean up IPv6 stack check. |
---|
1841 | |
---|
1842 | 2004-09-15 Michal Ludvig <mludvig@suse.cz> |
---|
1843 | |
---|
1844 | Merged "Hybrid XAUTH" support from Emmanuel Dreyfus: |
---|
1845 | * src/racoon/isakmp_cfg.h, src/racoon/isakmp_cfg.c, |
---|
1846 | src/racoon/isakmp_unity.c, src/racoon/isakmp_unity.h, |
---|
1847 | src/racoon/isakmp_xauth.c, src/racoon/isakmp_xauth.h, |
---|
1848 | src/racoon/samples/racoon.conf.sample-cvpn: New files. |
---|
1849 | * src/racoon/algorithm.c, src/racoon/algorithm.h, |
---|
1850 | src/racoon/cfparse.y, src/racoon/cftoken.l, |
---|
1851 | src/racoon/handler.c, src/racoon/handler.h, |
---|
1852 | src/racoon/ipsec_doi.c, src/racoon/isakmp.c, |
---|
1853 | src/racoon/isakmp.h, src/racoon/isakmp_agg.c, |
---|
1854 | src/racoon/isakmp_inf.c, src/racoon/oakley.c, |
---|
1855 | src/racoon/oakley.h, src/racoon/strnames.c, |
---|
1856 | src/racoon/vendorid.c, src/racoon/vendorid.h: Added |
---|
1857 | code for XAUTH support. |
---|
1858 | * src/racoon/racoon.conf.5: Documentation for XAUTH. |
---|
1859 | * src/racoon/isakmp_base.c, src/racoon/isakmp_ident.c, |
---|
1860 | src/racoon/nattraversal.c: Added NATT VID "02\n" |
---|
1861 | * src/racoon/configure.in: New config option --enable-hybrid |
---|
1862 | |
---|
1863 | 2004-09-14 Michal Ludvig <mludvig@suse.cz> |
---|
1864 | |
---|
1865 | * configure.ac: Preset CFLAGS |
---|
1866 | * src/racoon/configure.in: Preset LDFLAGS instead of CFLAGS on NetBSD, |
---|
1867 | Check if printf() accepts "%z" modifiers. |
---|
1868 | * src/racoon/isakmp_agg.c(agg_i1send): Place #endif correctly. |
---|
1869 | * src/setkey/parse.y(fix_portstr): Init 'p2'. |
---|
1870 | * src/setkey/setkey.c: Add required prototypes. |
---|
1871 | |
---|
1872 | 2004-09-14 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1873 | |
---|
1874 | * src/racoon/gssapi.c: sa_len -> sysdep_sa_len. Patch by Andreas. |
---|
1875 | |
---|
1876 | 2004-09-14 Michal Ludvig <mludvig@suse.cz> |
---|
1877 | |
---|
1878 | * src/racoon/configure.in: Check for NetBSD NAT-T kernel support. |
---|
1879 | |
---|
1880 | 2004-09-13 Michal Ludvig <mludvig@suse.cz> |
---|
1881 | |
---|
1882 | * src/racoon/configure.in: Check for <openssl/engine.h> |
---|
1883 | * src/racoon/crypto_openssl.c: Only use OpenSSL engines if available. |
---|
1884 | * src/racoon/plainrsa-gen.c: Ditto. |
---|
1885 | |
---|
1886 | 2004-09-13 Michal Ludvig <mludvig@suse.cz> |
---|
1887 | |
---|
1888 | NetBSD fixes from Emmanuel Dreyfus <manu@netbsd.org>: |
---|
1889 | * Makefile.am: build in rpm/ only on Linux |
---|
1890 | * configure.ac: Check for netinet6/ipsec.h instead of netinet/ipsec.h |
---|
1891 | * src/Makefile.am: Build include-glibc only on Linux |
---|
1892 | * src/libipsec/{ipsec_dump_policy.c,ipsec_get_policylen.c, |
---|
1893 | ipsec_strerror.c,key_debug.c,pfkey.c,pfkey_dump.c, |
---|
1894 | policy_parse.y,policy_token.l,test-policy-priority.c}, |
---|
1895 | src/racoon/{cfparse.y,cftoken.l,grabmyaddr.c,isakmp.c, |
---|
1896 | nattraversal.c,pfkey.c,plainrsa-gen.c,policy.c, |
---|
1897 | proposal.c,sainfo.c,schedule.c,strnames.c}, |
---|
1898 | src/setkey/{parse.y,setkey.c,token.l}: Fix headers and some |
---|
1899 | ifdefs. |
---|
1900 | * src/racoon/sockmisc.c(sendfromto): Wrap for Linux only. |
---|
1901 | * src/racoon/configure.in: Check for kernel NAT-T support, |
---|
1902 | fix libipsec.a linkage path. |
---|
1903 | * src/racoon/eaytest.c(certtest): Use %z for size_t. |
---|
1904 | |
---|
1905 | 2004-09-12 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1906 | |
---|
1907 | * src/racoon/grabmyaddr.c: improoved socket selection algorithm for |
---|
1908 | case when link-local addresses comes w/o sin6_scope_id set. |
---|
1909 | |
---|
1910 | 2004-09-07 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1911 | |
---|
1912 | * src/racoon/session.c: fix for SIGHUP handler for case when config |
---|
1913 | file contains listen directives. |
---|
1914 | |
---|
1915 | 2004-09-01 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1916 | |
---|
1917 | * src/racoon/grabmyaddr.c: added scope id handling for link-local |
---|
1918 | IPv6 addresses. Now racoon will not err on such addresses. |
---|
1919 | |
---|
1920 | 2004-08-19 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1921 | |
---|
1922 | * src/racoon/crypto_openssl.c: hmac memory leak fix by R. Ganesan |
---|
1923 | * src/racoon/eaytest.c: eay_init_error() -> eay_init() due to |
---|
1924 | 2004-06-01 changes in src/racoon/crypto_openssl.c |
---|
1925 | |
---|
1926 | 2004-08-15 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1927 | |
---|
1928 | * src/racoon/cfparse.y src/racoon/crypto_openssl.c |
---|
1929 | src/racoon/eaytest.c src/racoon/genlist.h src/racoon/ipsec_doi.c |
---|
1930 | src/racoon/racoon.conf.5 src/racoon/remoteconf.c |
---|
1931 | src/racoon/remoteconf.h: peers_identifier wildcard and |
---|
1932 | list patch by James Matheson |
---|
1933 | |
---|
1934 | --------------------------------------------- |
---|
1935 | |
---|
1936 | 0.4rc1 released |
---|
1937 | |
---|
1938 | 2004-08-09 Michal Ludvig <mludvig@suse.cz> |
---|
1939 | |
---|
1940 | * NEWS: Notes for release 0.4rc1 |
---|
1941 | * configure.ac: Bump up version to 0.4rc1 |
---|
1942 | |
---|
1943 | 2004-07-12 Michal Ludvig <mludvig@suse.cz> |
---|
1944 | |
---|
1945 | PlainRSA support. |
---|
1946 | See ChangeLog.prsa from the 'plainrsa' branch for details. |
---|
1947 | * src/racoon/stringlist.c src/racoon/stringlist.h: Removed. |
---|
1948 | * src/racoon/genlist.c src/racoon/genlist.h |
---|
1949 | src/racoon/plainrsa-gen.8 src/racoon/plainrsa-gen.c |
---|
1950 | src/racoon/prsa_par.y src/racoon/prsa_tok.l |
---|
1951 | src/racoon/rsalist.c src/racoon/rsalist.h |
---|
1952 | src/racoon/samples/racoon.conf.sample-plainrsa: New files. |
---|
1953 | * src/racoon/Makefile.in src/racoon/configure.in |
---|
1954 | src/racoon/cfparse.y src/racoon/cftoken.l |
---|
1955 | src/racoon/crypto_openssl.c src/racoon/crypto_openssl.h |
---|
1956 | src/racoon/handler.h src/racoon/ipsec_doi.c |
---|
1957 | src/racoon/ipsec_doi.h src/racoon/isakmp.h src/racoon/main.c |
---|
1958 | src/racoon/oakley.c src/racoon/plog.c src/racoon/remoteconf.c |
---|
1959 | src/racoon/remoteconf.h src/racoon/sockmisc.c |
---|
1960 | src/racoon/sockmisc.h src/racoon/eaytest.c: Updated. |
---|
1961 | |
---|
1962 | 2004-07-12 Michal Ludvig <mludvig@suse.cz> |
---|
1963 | |
---|
1964 | * src/racoon/main.c, src/racoon/eaytest.c, src/racoon/plog.c: Move |
---|
1965 | f_foreground to plog.c. |
---|
1966 | * src/racoon/proposal.c (cmpsaprop_alloc): Fix printing of encmode |
---|
1967 | adjusting. |
---|
1968 | * src/racoon/ipsec_doi.c, src/racoon/isakmp.c, src/racoon/isakmp_quick.c, |
---|
1969 | src/racoon/oakley.c: Fix typos, newlines and printf() format strings. |
---|
1970 | |
---|
1971 | 2004-06-16 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1972 | |
---|
1973 | * src/racoon/crypto_openssl.c (eay_get_x509cert): small memory |
---|
1974 | leak fix. Noticed B.Buesker, patch L.Stellingwerff |
---|
1975 | * src/racoon/crypto_openssl.c (eay_aes_{en|de}crypt, evp_crypt): |
---|
1976 | small memory leaks fixed. |
---|
1977 | |
---|
1978 | 2004-06-15 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
1979 | |
---|
1980 | SECURITY |
---|
1981 | * src/racoon/crypto_openssl.[ch] (cb_check_cert_local, |
---|
1982 | cb_check_cert_remote): split cb_check_cert() due to stricter |
---|
1983 | requirements for certificates received from network. |
---|
1984 | * src/racoon/crypto_openssl.[ch] (eay_check_x509cert): new parameter |
---|
1985 | local to specify how strict cert check should be |
---|
1986 | * src/racoon/oakley.c, src/racoon/eaytest.c: adjust to use above |
---|
1987 | |
---|
1988 | 2004-06-11 Michal Ludvig <mludvig@suse.cz> |
---|
1989 | |
---|
1990 | * src/racoon/nattraversal.c (natt_vendorid, natt_fill_options): Support |
---|
1991 | for all known NAT-T versions. |
---|
1992 | * vendorid.h: Ditto. |
---|
1993 | |
---|
1994 | 2004-06-08 Michal Ludvig <mludvig@suse.cz> |
---|
1995 | |
---|
1996 | * src/racoon/stringlist.c, src/racoon/stringlist.h: New files. |
---|
1997 | * src/racoon/Makefile.in: Compile stringlist.o. |
---|
1998 | |
---|
1999 | 2004-06-07 Michal Ludvig <mludvig@suse.cz> |
---|
2000 | |
---|
2001 | * configure.ac: Set version to 'cvs'. |
---|
2002 | * src/{racoon,setkey,libipsec}/*.h: Wrap headers between |
---|
2003 | #ifndef/#define/#endif to allow multiple inclusions of the |
---|
2004 | same file. |
---|
2005 | * plog.h (plog): Attribute __printf__ for automatic checking |
---|
2006 | of the parameters' validity. |
---|
2007 | * cftoken.l, crypto_openssl.c, grabmyaddr.c, ipsec_doi.c, |
---|
2008 | isakmp.c, isakmp_quick.c, oakley.c, pfkey.c, proposal.c, |
---|
2009 | sockmisc.c: Fix warnings/errors in the plog() parameters with |
---|
2010 | the above change. |
---|
2011 | |
---|
2012 | 2004-06-05 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2013 | |
---|
2014 | * src/setkey/setkey.c: -n (no action) support. |
---|
2015 | Thanks Thomas Habets. |
---|
2016 | * src/setkey/setkey.8: Documentation for above. |
---|
2017 | * src/racoon/doc/README.certificate: updated link to more recent |
---|
2018 | version of document. Debian bug #252513 by Jose Luis Domingo Lopez |
---|
2019 | |
---|
2020 | 2004-06-01 Michal Ludvig <mludvig@suse.cz> |
---|
2021 | |
---|
2022 | * src/racoon/algorithm.c: Enable compilation without SHA2 support. |
---|
2023 | * src/racoon/crypto_openssl.c: Ditto. |
---|
2024 | |
---|
2025 | 2004-06-01 Michal Ludvig <mludvig@suse.cz> |
---|
2026 | |
---|
2027 | * src/racoon/crypto_openssl.c: Remove unneeded workarounds for older |
---|
2028 | OpenSSLs. |
---|
2029 | (eay_init): New function. |
---|
2030 | (eay_init_error, eay_check_pkcs7sign): Removed. |
---|
2031 | * src/racoon/crypto_openssl.h: Reflect the above changes. |
---|
2032 | * src/racoon/main.c: Call eay_init() instead of eay_init_error(). |
---|
2033 | |
---|
2034 | 2004-05-27 Michal Ludvig <mludvig@suse.cz> |
---|
2035 | |
---|
2036 | Support for inheritance of 'remote' statements: |
---|
2037 | * src/racoon/cftoken.l: New keyword 'inherit'. |
---|
2038 | * src/racoon/cfparse.y: Support for 'inherit', remove |
---|
2039 | global 'prhead', use cur_rmconf->prhead instead. |
---|
2040 | * src/racoon/remoteconf.c (rmtree): Changed from |
---|
2041 | LIST queue to TAILQ queue. |
---|
2042 | (getrmconf): Renamed to getrmconf_strict(). |
---|
2043 | (copyrmconf, duprmconf) |
---|
2044 | (dump_rmconf_single, dumprmconf): New functions. |
---|
2045 | (rm2str): Deleted. |
---|
2046 | * src/racoon/remoteconf.h: Prototypes for the above. |
---|
2047 | (struct remoteconf): New fields 'inherited_from' and 'prhead'. |
---|
2048 | * src/racoon/sockmisc.c (saddr2str): Can print anonymous entries. |
---|
2049 | * src/racoon/algorithm.c (alg_oakley_encdef_name) |
---|
2050 | (alg_oakley_hashdef_name, alg_oakley_dhdef_name) |
---|
2051 | (alg_oakley_authdef_name): New functions. |
---|
2052 | * src/racoon/algorithm.h: Prototpes for the above. |
---|
2053 | * src/racoon/strnames.c (num2str): Make extern. |
---|
2054 | (s_doi, s_etype, s_idtype, s_switch): New functions. |
---|
2055 | * src/racoon/strnames.h: Prototpes for the above. |
---|
2056 | * src/racoon/main.c: New parameter -C for dumping the parsed config. |
---|
2057 | * src/racoon/racoon.conf.5: Document inheritance. |
---|
2058 | * src/racoon/samples/racoon.conf.sample-inherit: Sample config file. |
---|
2059 | * src/racoon/Makefile.in: Distribute racoon.conf.sample-inherit |
---|
2060 | |
---|
2061 | 2004-05-24 Michal Ludvig <mludvig@suse.cz> |
---|
2062 | |
---|
2063 | * configure.in, backupsa.c, ipsec_doi.c, isakmp_inf.c, |
---|
2064 | isakmp_quick.c, pfkey.c, remoteconf.c, session.c, |
---|
2065 | sockmisc.c: Allow compilation with --disable-ipv6 |
---|
2066 | |
---|
2067 | 2004-05-21 Michal Ludvig <mludvig@suse.cz> |
---|
2068 | |
---|
2069 | * src/racoon/crypto_openssl.[ch]: Use EVP_*() instead of |
---|
2070 | algorithm specific functions. |
---|
2071 | |
---|
2072 | 2004-05-20 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2073 | |
---|
2074 | Manual page updates. Thanks Brian |
---|
2075 | * src/libipsec/ipsec_set_policy.3 |
---|
2076 | * src/setkey/setkey.8 |
---|
2077 | * src/libipsec/test-policy-priority.c: new file from policy |
---|
2078 | priority patch, which I forgot to add |
---|
2079 | |
---|
2080 | 2004-05-18 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2081 | |
---|
2082 | Policy priority integer handling fixes by Brian Buesker. |
---|
2083 | * src/libipsec/ipsec_strerror.c |
---|
2084 | * src/libipsec/ipsec_strerror.h |
---|
2085 | * src/libipsec/libpfkey.h |
---|
2086 | * src/libipsec/policy_parse.y |
---|
2087 | * src/libipsec/test-policy-priority.c |
---|
2088 | Manual page corrections by me |
---|
2089 | * src/libipsec/ipsec_set_policy.3 |
---|
2090 | * src/setkey/setkey.8 |
---|
2091 | |
---|
2092 | 2004-05-15 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2093 | |
---|
2094 | Policy priority support patch from Brian Buesker. Applied as is |
---|
2095 | except src/libipsec/Makefile.am is modified instead of |
---|
2096 | src/libipsec/Makefile.in as found in the patch. |
---|
2097 | |
---|
2098 | 2004-05-10 Michal Ludvig <mludvig@suse.cz> |
---|
2099 | |
---|
2100 | From Heiko Hund, approved by the copyright holder: |
---|
2101 | * src/racoon/gssapi.[ch]: Update to 3-clause BSD license. |
---|
2102 | |
---|
2103 | 2004-04-27 Michal Ludvig <mludvig@suse.cz> |
---|
2104 | |
---|
2105 | From Heiko Hund: |
---|
2106 | * src/include-glibc/sys/queue.h: Update to 3-clause BSD license. |
---|
2107 | |
---|
2108 | 2004-04-26 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2109 | |
---|
2110 | * src/racoon/grabmyaddr.c (update_myaddrs): Only trust kernel to |
---|
2111 | send notifications about changed interfaces. |
---|
2112 | |
---|
2113 | 2004-04-24 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2114 | |
---|
2115 | * src/racoon/grabmyaddr.c (recvaddrs): Only trust kernel to send |
---|
2116 | information about interfaces. Thanks Steve Grubb and Bill |
---|
2117 | Nottingham. Affects users with glibc w/o getifaddrs(). Users |
---|
2118 | with glibc earlier than 2003-11-14 should upgrade their glibc. |
---|
2119 | |
---|
2120 | 2004-04-19 Michal Ludvig <mludvig@suse.cz> |
---|
2121 | |
---|
2122 | * src/racoon/isakmp.c (isakmp_handler): Reject too big |
---|
2123 | packets (CAN-2004-0403). |
---|
2124 | |
---|
2125 | --------------------------------------------- |
---|
2126 | |
---|
2127 | 0.3 released |
---|
2128 | |
---|
2129 | 2004-04-14 Michal Ludvig <mludvig@suse.cz> |
---|
2130 | |
---|
2131 | * NEWS: Notes for release 0.3 |
---|
2132 | * configure.ac: Bump up version to 0.3 |
---|
2133 | * src/racoon/Makefile.in: Use install-sh instead of mkinstalldirs. |
---|
2134 | * src/racoon/remoteconf.c (foreachrmconf): Avoid warning about |
---|
2135 | uninitialised variable. |
---|
2136 | * src/racoon/samples/racoon.conf.in: Cleaned up to work with Linux |
---|
2137 | and FreeSWAN. |
---|
2138 | |
---|
2139 | 2004-04-13 Michal Ludvig <mludvig@suse.cz> |
---|
2140 | |
---|
2141 | * src/racoon/grabmyaddr.c (suitable_ifaddr6): Anycast addresses are |
---|
2142 | not suitable. |
---|
2143 | |
---|
2144 | 2004-04-09 Michal Ludvig <mludvig@suse.cz> |
---|
2145 | |
---|
2146 | * src/racoon/crypto_openssl.c (cb_check_cert): Warn if no CRL is found. |
---|
2147 | * src/racoon/isakmp_ident.c (ident_r2recv): Removed debug plog(). |
---|
2148 | * src/racoon/proposal.c (cmpsatrns): Downgrade severity of trns_id |
---|
2149 | mismatch to LLV_WARNING. |
---|
2150 | * src/libipsec/pfkey_dump.c, src/racoon/algorithm.c |
---|
2151 | src/racoon/algorithm.h src/racoon/cftoken.l |
---|
2152 | src/racoon/ipsec_doi.c src/racoon/ipsec_doi.h |
---|
2153 | src/racoon/oakley.h src/racoon/pfkey.c src/racoon/strnames.c |
---|
2154 | src/setkey/token.l: Renamed Rijndael to AES. |
---|
2155 | * src/setkey/token.l: Recognize exit/quit/bye tokens. |
---|
2156 | * src/setkey/parse.y (exit_command): New. |
---|
2157 | * src/setkey/setkey.c (stdin_loop): Exit when exit_now is set |
---|
2158 | in exit_command. |
---|
2159 | |
---|
2160 | 2004-04-08 Michal Ludvig <mludvig@suse.cz> |
---|
2161 | |
---|
2162 | * src/setkey/setkey.c (main): Call get_supported() in interactive mode. |
---|
2163 | (stdin_loop): Concat multiline input into a single line before parsing. |
---|
2164 | |
---|
2165 | 2004-04-07 Michal Ludvig <mludvig@suse.cz> |
---|
2166 | |
---|
2167 | * src/racoon/nattraversal.c (natt_keepalive_send): Log sending KA |
---|
2168 | with level DEBUG. Having it with level INFO only pollutes logfiles. |
---|
2169 | |
---|
2170 | 2004-04-06 Michal Ludvig <mludvig@suse.cz> |
---|
2171 | |
---|
2172 | * src/racoon/Makefile.in: eaytest now links plog.o |
---|
2173 | * src/racoon/crypto_openssl.c: Remove all #ifdef EAYDEBUG/#endif |
---|
2174 | surrounding plog(). |
---|
2175 | * src/racoon/eaytest.c (rsatest): Enabled RSA tests again, now |
---|
2176 | verifying both good and bad signatures. |
---|
2177 | |
---|
2178 | --------------------------------------------- |
---|
2179 | |
---|
2180 | 0.3rc5 released |
---|
2181 | |
---|
2182 | 2004-04-05 Michal Ludvig <mludvig@suse.cz> |
---|
2183 | |
---|
2184 | * NEWS: Notes for release 0.3rc5 |
---|
2185 | * configure.ac: Bump up version to 0.3rc5 |
---|
2186 | |
---|
2187 | 2004-04-05 Michal Ludvig <mludvig@suse.cz> |
---|
2188 | |
---|
2189 | Fix for a security bug found by Ralf Spenneberg: |
---|
2190 | * src/racoon/crypto_openssl.c (eay_check_x509sign): Directly generate |
---|
2191 | 'evp' instead of 'pubkey'. |
---|
2192 | (eay_rsa_sign): Use the above. |
---|
2193 | * src/racoon/crypto_openssl.h: Update prototypes for the above. |
---|
2194 | * src/racoon/eaytest.c: Disabled RSA tests because of the API change. |
---|
2195 | |
---|
2196 | 2004-04-05 Michal Ludvig <mludvig@suse.cz> |
---|
2197 | |
---|
2198 | * src/racoon/pfkey.c (pfkey_handler): Safety check before accessing |
---|
2199 | the array (thx to Ren.J.Y for report). |
---|
2200 | (pkrecvf): Added entry for SADB_X_NAT_T_NEW_MAPPING (NULL for now). |
---|
2201 | * src/racoon/strnames.c (name_pfkey_type): Ditto. |
---|
2202 | |
---|
2203 | 2004-04-02 Michal Ludvig <mludvig@suse.cz> |
---|
2204 | |
---|
2205 | * src/racoon/eaytest.c (ciphertest_1): Correct padlen. |
---|
2206 | |
---|
2207 | 2004-04-01 Michal Ludvig <mludvig@suse.cz> |
---|
2208 | |
---|
2209 | * src/racoon/ipsec_doi.c (setph2proposal0): Move proposal encmode |
---|
2210 | update from here ... |
---|
2211 | (ipsecdoi_setph2proposal): ... to here. Hopefully this is a |
---|
2212 | better place to do the update. |
---|
2213 | |
---|
2214 | 2004-03-30 Michal Ludvig <mludvig@suse.cz> |
---|
2215 | |
---|
2216 | * src/racoon/crypto_openssl.c (eay_3des_expand_key): New function. |
---|
2217 | (eay_3des_encrypt, eay_3des_decrypt): Expand key if necessary. |
---|
2218 | * src/racoon/eaytest.c (ciphertest_1): New function. |
---|
2219 | (ciphertest): Simplified to simple calls of ciphertest_1(). |
---|
2220 | |
---|
2221 | 2004-03-29 Michal Ludvig <mludvig@suse.cz> |
---|
2222 | |
---|
2223 | * README: Rewritten. Mentioned where to report bugs. |
---|
2224 | |
---|
2225 | 2004-03-26 Michal Ludvig <mludvig@suse.cz> |
---|
2226 | |
---|
2227 | * configure.ac: Check for readline.h and libreadline. |
---|
2228 | * src/setkey/setkey.c: Call stdin_loop() when '-c' was given. |
---|
2229 | (stdin_loop): Read user input and parse it line-by-line. |
---|
2230 | * src/setkey/token.l (parse_string): New function. |
---|
2231 | |
---|
2232 | --------------------------------------------- |
---|
2233 | |
---|
2234 | 0.3rc4 released |
---|
2235 | |
---|
2236 | 2004-03-25 Michal Ludvig <mludvig@suse.cz> |
---|
2237 | |
---|
2238 | * configure.ac: Bump up version to 0.3rc4 |
---|
2239 | * NEWS: Notes for release 0.3rc4 |
---|
2240 | * src/racoon/cfparse.y (algorithm): Hint about missing module. |
---|
2241 | * src/racoon/crypto_openssl.c (eay_3des_*): Check for strict key |
---|
2242 | length only with old API. |
---|
2243 | (eay_des_encrypt): Ditto. |
---|
2244 | * src/racoon/eaytest.c: Make the testsuite useful, i.e. exit with |
---|
2245 | non-zero error code if any of the tests fail. |
---|
2246 | (main): Print banner with version. |
---|
2247 | * src/racoon/Makefile.in: Run eaytest in 'make check'. |
---|
2248 | |
---|
2249 | 2004-03-23 Michal Ludvig <mludvig@suse.cz> |
---|
2250 | |
---|
2251 | * src/racoon/isakmp_agg.c (agg_i2recv): Copy remote cookie before |
---|
2252 | comparing NAT-D payloads. (thx to Gaurav Kansal for report). |
---|
2253 | * src/racoon/crypto_openssl.c: Avoid type-punned warnings. |
---|
2254 | * src/racoon/eaytest.c: Disable 'cert' tests. |
---|
2255 | * src/racoon/crypto_openssl.c (eay_des_encrypt): No need to check |
---|
2256 | for strict length. |
---|
2257 | (eay_aes_encrypt): Keylength is in bits, not bytes. |
---|
2258 | |
---|
2259 | 2004-03-22 Michal Ludvig <mludvig@suse.cz> |
---|
2260 | |
---|
2261 | * src/setkey/parse.y (ALG_ENC_NOKEY, ALG_ENC_OLD): Use "" for key |
---|
2262 | instead of NULL and check for availability. |
---|
2263 | |
---|
2264 | --------------------------------------------- |
---|
2265 | |
---|
2266 | 0.3rc3 released |
---|
2267 | |
---|
2268 | 2004-03-19 Michal Ludvig <mludvig@suse.cz> |
---|
2269 | |
---|
2270 | * configure.ac: Bump up version to 0.3rc3 |
---|
2271 | * NEWS: Notes for release 0.3rc3 |
---|
2272 | * src/racoon/cftoken.l: Add 'null' as an alias for 'null_enc'. |
---|
2273 | * src/racoon/proposal.c (cmpsatrns): New parameter proto_id, |
---|
2274 | better diagnostic output when trns_id don't match. |
---|
2275 | * src/racoon/proposal.h (cmpsatrns): Update prototype. |
---|
2276 | * src/setkey/setkey.c: Change option -h to -H (for hexdump), new |
---|
2277 | options -h (help) and -V (version). |
---|
2278 | * src/setkey/setkey.8: Document the above changes. |
---|
2279 | * src/racoon/rfc/*: Many standards related to IPsec/IKE/NAT-T/... |
---|
2280 | |
---|
2281 | 2004-03-15 Michal Ludvig <mludvig@suse.cz> |
---|
2282 | |
---|
2283 | * src/racoon/configure.in: Prevent compilation error with |
---|
2284 | --enable-yydebug. |
---|
2285 | |
---|
2286 | --------------------------------------------- |
---|
2287 | |
---|
2288 | 0.3rc2 released |
---|
2289 | |
---|
2290 | 2004-03-11 Michal Ludvig <mludvig@suse.cz> |
---|
2291 | |
---|
2292 | * configure.ac: Bump up version to 0.3rc2 |
---|
2293 | * NEWS: Notes for release 0.3rc2 |
---|
2294 | * src/racoon/aclocal.m4 (RACOON_CHECK_VA_COPY): New test. |
---|
2295 | * src/racoon/configure.in: Call RACOON_CHECK_VA_COPY |
---|
2296 | * src/racoon/plog.c (plogv): Replace va_copy() with VA_COPY. |
---|
2297 | * src/racoon/racoon.conf.5: Note that NAT-T support is a compile |
---|
2298 | time option. |
---|
2299 | |
---|
2300 | 2004-03-10 Michal Ludvig <mludvig@suse.cz> |
---|
2301 | |
---|
2302 | * src/racoon/racoon.conf.5: Document nat_traversal option. |
---|
2303 | * src/racoon/racoon.8: DOcument new options (-L and -P). |
---|
2304 | |
---|
2305 | 2004-03-09 Michal Ludvig <mludvig@suse.cz> |
---|
2306 | |
---|
2307 | * src/racoon/grabmyaddr.c (autoconf_myaddrsport): Prepare addrs for |
---|
2308 | UDP-Encap ports if NAT-T is enabled. |
---|
2309 | (dupmyaddr): New function. |
---|
2310 | * src/racoon/grabmyaddr.h: Prototype for dupmyaddr(). |
---|
2311 | * src/racoon/isakmp.c (isakmp_open): Complain if NAT-T is enabled, but |
---|
2312 | no port for UDP-Encap was open. |
---|
2313 | * src/racoon/isakmp_var.h (PORT_ISAKMP_NATT): New define. |
---|
2314 | * src/racoon/localconf.c, src/racoon/localconf.h: Define and setup |
---|
2315 | lcconf->port_isakmp_natt. |
---|
2316 | * src/racoon/main.c (main): Print nicer banner, |
---|
2317 | (usage): Document new options (-L and -P). |
---|
2318 | (parse): Recognise the above. |
---|
2319 | * src/racoon/nattraversal.c (natt_fill_options): Don't use hardcoded |
---|
2320 | constants for float_port. |
---|
2321 | (natt_enabled_in_rmconf, natt_enabled_in_rmconf_stub): New functions. |
---|
2322 | * src/racoon/nattraversal.h: Prototype for natt_enabled_in_rmconf(). |
---|
2323 | * src/racoon/plog.c: Don't print source:line:function by default. |
---|
2324 | * src/racoon/remoteconf.c (foreachrmconf): New helper function. |
---|
2325 | * src/racoon/remoteconf.h: Prototype for the above. |
---|
2326 | * package_version.h: Define strings for use in banners. |
---|
2327 | * configure.ac: Fill up the above header. |
---|
2328 | |
---|
2329 | 2004-03-09 Michal Ludvig <mludvig@suse.cz> |
---|
2330 | |
---|
2331 | * src/racoon/configure.in: Don't put -O into OPTFLAGS, |
---|
2332 | add new option --disable-natt. |
---|
2333 | * src/racoon/cfparse.y, src/racoon/handler.c, |
---|
2334 | src/racoon/ipsec_doi.c, src/racoon/isakmp.c, |
---|
2335 | src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, |
---|
2336 | src/racoon/isakmp_ident.c, src/racoon/pfkey.c, |
---|
2337 | src/racoon/proposal.c, src/racoon/session.c: Replace WITH_NATT |
---|
2338 | with ENABLE_NATT. |
---|
2339 | * src/racoon/crypto_openssl.c: Replace %d with %zd for size_t arguments. |
---|
2340 | |
---|
2341 | 2004-03-06 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2342 | |
---|
2343 | * configure.ac: Refuse to continue if lexer library (yywrap() |
---|
2344 | function) is missing. Should prevent bugs like #892067, #908758 |
---|
2345 | * src/racoon/configure.in: renamed --with-ssleay to --with-openssl. |
---|
2346 | Users should not be given false idea that they require both OpenSSL |
---|
2347 | and SSLeay to compile racoon. (See bug #902197) |
---|
2348 | |
---|
2349 | --------------------------------------------- |
---|
2350 | |
---|
2351 | 0.3rc1 released |
---|
2352 | |
---|
2353 | 2004-03-04 Michal Ludvig <mludvig@suse.cz> |
---|
2354 | |
---|
2355 | * configure.ac: Bump up version to 0.3rc1 |
---|
2356 | * NEWS: Mention release 0.3rc1 (and copy 0.2.3 and 0.2.4 notes |
---|
2357 | from 0.2 branch). |
---|
2358 | * src/racoon/samples/racoon.conf.sample-natt: New sample config file. |
---|
2359 | * src/racoon/Makefile.in: Tweak file lists to make 'distcheck' happy, |
---|
2360 | enabled NATT by default (will become a config option later). |
---|
2361 | |
---|
2362 | 2004-03-04 Michal Ludvig <mludvig@suse.cz> |
---|
2363 | |
---|
2364 | Merge with 'nat-t_branch' to bring NAT-T (NAT traversal) support |
---|
2365 | to racoon. |
---|
2366 | * src/racoon/Makefile.in, src/racoon/cfparse.y, |
---|
2367 | src/racoon/cftoken.l, src/racoon/grabmyaddr.c, |
---|
2368 | src/racoon/grabmyaddr.h, src/racoon/handler.c, |
---|
2369 | src/racoon/handler.h, src/racoon/ipsec_doi.c, |
---|
2370 | src/racoon/ipsec_doi.h, src/racoon/isakmp.c, src/racoon/isakmp.h, |
---|
2371 | src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, |
---|
2372 | src/racoon/isakmp_ident.c, src/racoon/isakmp_quick.c, |
---|
2373 | src/racoon/localconf.c, src/racoon/localconf.h, |
---|
2374 | src/racoon/pfkey.c, src/racoon/proposal.c, src/racoon/proposal.h, |
---|
2375 | src/racoon/racoon.conf.5, src/racoon/remoteconf.c, |
---|
2376 | src/racoon/remoteconf.h, src/racoon/session.c, |
---|
2377 | src/racoon/strnames.c, src/racoon/vendorid.h |
---|
2378 | src/libipsec/pfkey.c, |
---|
2379 | src/racoon/nattraversal.c, src/racoon/nattraversal.h, |
---|
2380 | src/racoon/sockmisc.c: Affected files. |
---|
2381 | |
---|
2382 | 2004-02-27 Michal Ludvig <mludvig@suse.cz> |
---|
2383 | |
---|
2384 | * src/racoon/isakmp.c (set_isakmp_header1): Renamed from |
---|
2385 | set_isakmp_header(). |
---|
2386 | (set_isakmp_header): New function common for set_isakmp_header1() |
---|
2387 | and set_isakmp_header2(). |
---|
2388 | (copy_ph1addresses): Obey original port. |
---|
2389 | (isakmp_plist_append, isakmp_plist_set_all): New helper functions. |
---|
2390 | * src/racoon/isakmp_var.h: Prototypes for the above. |
---|
2391 | * src/racoon/isakmp.h (struct payload_list): New structure. |
---|
2392 | * src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, |
---|
2393 | src/racoon/isakmp_ident.c: Use isakmp_plist_* functions. |
---|
2394 | |
---|
2395 | 2004-02-03 Michal Ludvig <mludvig@suse.cz> |
---|
2396 | |
---|
2397 | * src/racoon/Makefile.in: Fix install to $(sbindir) |
---|
2398 | * src/setkey/parse.y: Avoid GCC 3.3 warning (type-punned pointer). |
---|
2399 | |
---|
2400 | 2004-01-19 Michal Ludvig <mludvig@suse.cz> |
---|
2401 | |
---|
2402 | * rpm/ipsec-tools.FC1: Startup script for Fedora Core 1 |
---|
2403 | (thanks to Kimmo Koivisto <kimmo.koivisto@surfeu.fi>) |
---|
2404 | |
---|
2405 | 2004-01-17 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2406 | |
---|
2407 | * src/racoon/isakmp_inf.c: endian mismatch fix. From iij seil team |
---|
2408 | |
---|
2409 | 2004-01-15 Michal Ludvig <mludvig@suse.cz> |
---|
2410 | |
---|
2411 | * src/racoon/isakmp_inf.c: Prevent unauthorized deletion of SA |
---|
2412 | (reported on bugtraq, fixed by iij seil team). |
---|
2413 | * src/racoon/isakmp.c: Don't try to bind to IPv6 multicast addresses. |
---|
2414 | |
---|
2415 | 2004-01-14 Michal Ludvig <mludvig@suse.cz> |
---|
2416 | |
---|
2417 | * src/racoon/plog.c: Fix segfault on AMD64 (va_list can be used |
---|
2418 | only once). |
---|
2419 | * configure.ac: Don't build shared libipsec by default (can be |
---|
2420 | enabled by --enable-shared). |
---|
2421 | * bootstrap: Don't run automake for racoon. |
---|
2422 | |
---|
2423 | 2004-01-12 Michal Ludvig <mludvig@suse.cz> |
---|
2424 | |
---|
2425 | * src/racoon/configure.in: Fix AC_DEFINEs to make autoheader happy, |
---|
2426 | use config.h for defines instead of -DHAVE_* gcc options, |
---|
2427 | fix CRYPTOBJS to include missing rijndael libraries only once, |
---|
2428 | checking for AES support in OpenSSL now (hopefully) finally |
---|
2429 | works on both OpenSSL 0.9.6 and 0.9.7. |
---|
2430 | * src/racoon/*.[cyl]: Include autogenerated "config.h" |
---|
2431 | * src/racoon/missing/crypto/*/*.c: Ditto. |
---|
2432 | * src/racoon/.cvsignore: Add config.h, config.h.in |
---|
2433 | |
---|
2434 | 2004-01-09 Michal Ludvig <mludvig@suse.cz> |
---|
2435 | |
---|
2436 | * src/racoon/.cvsignore: Add "autom4te.cache" and "configure". |
---|
2437 | |
---|
2438 | 2004-01-09 Aidas Kasparas <a.kasparas@gmc.lt> |
---|
2439 | |
---|
2440 | Sync with KAME 2004-01-07 |
---|
2441 | * src/libipsec/pfkey.c: memory leak fix; comment typo fixes |
---|
2442 | * src/libipsec/{pfkey.c,pfkey_dump.c}: allow compilation even |
---|
2443 | no SADB_X_EXT_TAG defined |
---|
2444 | * src/libipsec/pfkey_dump.c: information about algorithms |
---|
2445 | ripemd160, aes-xcbc, aes-ctr; bigger buffers; <tag> support |
---|
2446 | * src/libipsec/policy_parse.y: memory leak |
---|
2447 | * src/libipsec/policy_token.l: memory leak |
---|
2448 | * src/libipsec/test-policy.c: unneeded \n removed |
---|
2449 | * src/racoon/Makefile.in: $(sbindir) support |
---|
2450 | * src/racoon/admin.c: interface changes due to proxy support |
---|
2451 | * src/racoon/algorithm.c: SHA2 #ifdefs |
---|
2452 | * src/racoon/{cfparse.y,cftoken.l}: license text added |
---|
2453 | * src/racoon/cfparse.y: mip6 obsoleted by proxy support |
---|
2454 | * src/racoon/cfparse.y: from directive support; new algorithms |
---|
2455 | * src/racoon/cftoken.l: support for globbing of include files |
---|
2456 | * src/racoon/configure.in: more verbose information about problems |
---|
2457 | with SHA2 |
---|
2458 | * src/racoon/crypto_openssl.c: use new DES API if supported; algorithm |
---|
2459 | key size fixes |
---|
2460 | * src/racoon/eaytest.c: SHA2 #ifdefs; keysize len check |
---|
2461 | * src/racoon/ipsec_doi.c: use VPTRINIT; ESP parameter validity checks; |
---|
2462 | style change |
---|
2463 | * src/racoon/isakmp.c: use VPTRINIT; interface changes due to |
---|
2464 | mip6->proxy; typo |
---|
2465 | * src/racoon/isakmp_inf.c: use VPTRINIT |
---|
2466 | * src/racoon/isakmp_quick.c: mip6->proxy |
---|
2467 | * src/racoon/kmpstat.c: not used variables removed |
---|
2468 | * src/racoon/pfkey.c: mip6->proxy; schedule leak |
---|
2469 | * src/racoon/proposal.c: style |
---|
2470 | * src/racoon/remoteconf.c: mip6->proxy |
---|
2471 | * src/racoon/sainfo.c: from directive support |
---|
2472 | * src/racoon/sockmisc.c: side correction; addrinfo leak |
---|
2473 | * src/racoon/strnames.c: typo in descriptions; wrong upper bound check |
---|
2474 | * src/racoon/missing/crypto/sha2/sha2.c: wrong size |
---|
2475 | * src/setkey/parse.y: extra algorithms; tagged; not needed periods |
---|
2476 | removed; memory shortage checks |
---|
2477 | * src/setkey/setkey.8: typos; tagged; new algorithms |
---|
2478 | * src/setkey/setkey.c: standard argument names for main(); hexdump |
---|
2479 | support; info in file support |
---|
2480 | * src/setkey/token.l: new algorithms; memory shortage checks |
---|
2481 | Parts not taken from KAME: |
---|
2482 | * kernelfs stuff; |
---|
2483 | * sysctl stuff |
---|
2484 | |
---|
2485 | 2004-01-08 Michal Ludvig <mludvig@suse.cz> |
---|
2486 | |
---|
2487 | * src/racoon/config.{sub,guess}: Update from automake 1.7. |
---|
2488 | |
---|
2489 | 2004-01-08 Michal Ludvig <mludvig@suse.cz> |
---|
2490 | |
---|
2491 | Patch from Kostadin Karaivanov <larry@minfin.bg>: |
---|
2492 | * src/racoon/configure.in: Check for openssl/aes.h. |
---|
2493 | * src/racoon/crypto_openssl.c: Use OpenSSL AES functions if available. |
---|
2494 | |
---|
2495 | 2004-01-08 Michal Ludvig <mludvig@suse.cz> |
---|
2496 | |
---|
2497 | * src/racoon/configure: Remove, should be regenerated by bootstrap. |
---|
2498 | |
---|
2499 | 2004-01-02 Michal Ludvig <michal@logix.cz> |
---|
2500 | |
---|
2501 | * src/racoon/crypto_openssl.c: Update to work with OpenSSL 0.9.7 |
---|
2502 | (by Brian Buesker <bbuesker@qualcomm.com> |
---|
2503 | and Christophe Saout <christophe@saout.de>) |
---|
2504 | * src/racoon/proposal.c: Be more verbose. (Michal Ludvig) |
---|
2505 | * src/libipsec/ipsec_dump_policy.c: Dump FWD policies correctly |
---|
2506 | (by Michal Ludvig). |
---|
2507 | * src/setkey/token.l, src/setkey/parse.y: Add support for lifetime |
---|
2508 | specified in bytes (by Michal Ludvig). |
---|
2509 | * src/setkey/setkey.8: Document -bh/-bs options for the above feature. |
---|
2510 | * src/libipsec/pfkey.c: Don't include 'sadb_key' in SADB_UPDATE |
---|
2511 | message for IPcomp SA. (by Brian Buesker <bbuesker@qualcomm.com>) |
---|
2512 | * src/racoon/cfparse.y: Flush SA on SIGHUP |
---|
2513 | (by Brian Buesker <bbuesker@qualcomm.com>) |
---|
2514 | * src/racoon/pfkey.c: IPcomp fixes |
---|
2515 | (by Brian Buesker <bbuesker@qualcomm.com>) |
---|
2516 | * src/racoon/proposal.c: Fix typo lifebyte -> lifetime. |
---|
2517 | * src/racoon/grabmyaddr.c: Prevent segfault if getifaddrs() returns |
---|
2518 | an entry with NULL ifa_addr (Michal Ludvig). |
---|
2519 | * configure.ac: Change path to kernel headers |
---|
2520 | from /usr/src/devel-2.5/devel to /usr/src/linux |
---|
2521 | * bootstrap: Use default tools, reconfigure src/racoon |
---|
2522 | * src/racoon/configure.in: Change LIBOBJS -> AC_LIBOBJ, |
---|
2523 | changed comments from 'dnl' to '#'. |
---|
2524 | |
---|
2525 | 2003-06-20 Derek Atkins <derek@ihtfp.com> |
---|
2526 | |
---|
2527 | * src/racoon/aclocal.m4: |
---|
2528 | * src/racoon/configure: |
---|
2529 | Don't execute "for i in $3" if "$3" doesn't exist. |
---|
2530 | Fixes bug #721296. |
---|
2531 | |
---|
2532 | 2003-03-31 Derek Atkins <derek@ihtfp.com> |
---|
2533 | |
---|
2534 | * src/setkey/parse.y: change the NAT-T Type to use UDP_ENCAP_ESPINUDP |
---|
2535 | (which is value '2') |
---|
2536 | |
---|
2537 | 2003-03-27 Derek Atkins <derek@ihtfp.com> |
---|
2538 | |
---|
2539 | * src/libipsec/key_debug.c: use ntohs() before printing port |
---|
2540 | * src/libipsec/pfkey.c: convert port# to network byte order |
---|
2541 | * src/libipsec/pfkey_dump.c: use ntohs() before printing ports |
---|
2542 | * src/setkey/parse.y: convert port#'s to network byte order |
---|
2543 | |
---|
2544 | 2003-03-24 Derek Atkins <derek@ihtfp.com> |
---|
2545 | |
---|
2546 | * src/libipsec/pfkey.c: Don't switch off NAT-T extensions |
---|
2547 | if they don't exist in the kernel. |
---|
2548 | |
---|
2549 | * src/racoon/sockmisc.c: use '34' for IPV6_IPSEC_POLICY, |
---|
2550 | as per Tom Lendacky <toml@us.ibm.com>. Also move the |
---|
2551 | setting of IPV6_IPSEC_POLICY to the top of the file. |
---|
2552 | |
---|
2553 | 2003-03-13 Derek Atkins <derek@ihtfp.com> |
---|
2554 | |
---|
2555 | Add initial support for NAT-T PFKey Extensions: |
---|
2556 | * src/libipsec/key_debug.c: add support to print information |
---|
2557 | about NAT-T extension packets. |
---|
2558 | * src/libipsec/libpfkey.h: add two new APIs to support NAT-T |
---|
2559 | for add and update as part of the SADB. |
---|
2560 | * src/libipsec/pfkey.c: |
---|
2561 | - Implement extended APIs to support NAT-T for add and update |
---|
2562 | of the SADB. |
---|
2563 | - Add APIs to fill a buffer with NAT-T packet types |
---|
2564 | * src/libipsec/pfkey_dump.c: Extend the SADB output to include |
---|
2565 | PFKey packets. Put port numbers with the source and dest |
---|
2566 | addresses, add an 'esp-udp' SA-type, and add a printout for |
---|
2567 | the NAT-OA. |
---|
2568 | * src/setkey/parse.y: |
---|
2569 | - Extend setkey to create an ESP-UDP SA. |
---|
2570 | - default UDP port is 4500 |
---|
2571 | - extend 'add' to allow <ip-addr>[<portnum>] for source and dest |
---|
2572 | (the portnum specification requires the [] characters) |
---|
2573 | - add an ESPUDP "protocol" from the lexer. This will use |
---|
2574 | ESP and allow an optional Original Address setting. |
---|
2575 | - add a function to get a udp port from a struct sockaddr * |
---|
2576 | - pass the NAT-T extentions into PFKey |
---|
2577 | * src/setkey/token.l: add "esp-udp" token |
---|
2578 | |
---|
2579 | * rpm/ipsec-tools.spec.in: Bill Nottingham's SPEC-file patch: |
---|
2580 | This switches it to use %{_lib} (for /lib64 systems such as |
---|
2581 | x86-64 and s390x, and has it own the /etc/racoon directory in |
---|
2582 | the package as well. |
---|
2583 | |
---|
2584 | --------------------------------------------- |
---|
2585 | |
---|
2586 | 0.2.2 released |
---|
2587 | |
---|
2588 | 2003-03-13 Derek Atkins <derek@ihtfp.com> |
---|
2589 | |
---|
2590 | * configure.am, NEWS: |
---|
2591 | Update for 0.2.2 release |
---|
2592 | |
---|
2593 | * Makefile.am: distribute depcomp |
---|
2594 | |
---|
2595 | 2003-03-10 Derek Atkins <derek@ihtfp.com> |
---|
2596 | |
---|
2597 | * src/racoon/Makefile.in: add @LEXLIB@ to the LIBS line to make |
---|
2598 | sure we link against the lexer library when necessary. |
---|
2599 | |
---|
2600 | 2003-03-07 Derek Atkins <derek@ihtfp.com> |
---|
2601 | |
---|
2602 | * configure.am: |
---|
2603 | * Makefile.am: |
---|
2604 | * rpm/Makefile.am: |
---|
2605 | * rpm/ipsec-tools.spec.in: |
---|
2606 | Added RPM SPEC to CVS |
---|
2607 | |
---|
2608 | --------------------------------------------- |
---|
2609 | |
---|
2610 | 0.2.1 released |
---|
2611 | |
---|
2612 | 2003-03-07 Derek Atkins <derek@ihtfp.com> |
---|
2613 | |
---|
2614 | * src/racoon/configure.in: change "CFLAGS" to "CPPFLAGS" for |
---|
2615 | ssl include directory, to make sure the other tests work properly. |
---|
2616 | |
---|
2617 | 2003-03-06 Derek Atkins <derek@ihtfp.com> |
---|
2618 | |
---|
2619 | * src/racoon/kmpstat.c: fix gcc-3.2.2 compiler warning |
---|
2620 | |
---|
2621 | * src/racoon/configure.in: look for krb5-config and don't |
---|
2622 | use it if it's not found. Fixes a configure-time warning. |
---|
2623 | |
---|
2624 | -------------------------------------------- |
---|
2625 | |
---|
2626 | 0.2 Released |
---|