source: rtems-libbsd/ipsec-tools/NEWS @ 8645c9d7

55-freebsd-126-freebsd-12
Last change on this file since 8645c9d7 was ff36f5e, checked in by Christian Mauderer <christian.mauderer@…>, on 05/30/18 at 12:27:35

Import ipsec-tools 0.8.2.

Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.

  • Property mode set to 100644
File size: 6.2 KB
Line 
1Version history:
2----------------
30.8.2   - 27 February 2014
4        o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev)
5        o Fix source port selection regression from version 0.8.1
6        o Various logging improvements
7        o Additional compliance and build fixes
8
90.8.1   - 08 January 2013
10        o Improved X.509 subject name comparation (Götz Babin-Ebell)
11        o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
12        o Allow simplified syntax for inherited remote blocks (Roman Antink)
13        o Never shring pfkey socket buffer (Marcelo Leitner)
14        o Privilege separation child process exit fix
15        o Multiple memory allocation and use-after-free fixes
16
170.8     - 18 March 2011
18        o Fix authentication method ambiguity with kerberos and xauth
19        o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
20        o Local address code rewrite to speed things up
21        o Improved MIPv6 support (Arnaud Ebalard)
22        o ISAKMP SA (phase1) rekeying
23        o Improved scheduler (faster algorithm, support monotonic clock)
24        o Handle RESPONDER-LIFETIME in quick mode
25        o Handle INITIAL-CONTACT in from main mode too
26        o Rewritten event handling framework for admin port
27        o Ability to initiate IPsec SA through admin port
28        o NAT-T Original Address handling (transport mode NAT-T support)
29        o clean NAT-T - PFkey support
30        o support for multiple anonymous remoteconfs
31        o Remove various obsolete configuration options
32        o A lot of other bug fixes, performance improvements and clean ups
33
340.7.1   - 23 July 2008
35        o Fixes a memory leak when invalid proposal received
36        o Some fixes in DPD
37        o do not set default gss id if xauth is used
38        o fixed hybrid enabled builds
39        o fixed compilation on FreeBSD8
40        o cleanup in network port value manipulation
41        o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
42          purge_ipsec_spi()
43        o Generates a log if cert validation has been disabled by
44          configuration
45        o better handling for pfkey socket read errors
46        o Fixes in yacc / bison stuff
47        o new plog() macro (reduced CPU usage when logging is disabled)
48        o Try to work better with huge SPD/SAD
49        o Corrected modecfg option syntax
50
510.7     - 09 August 2007
52        o Xauth with pre-shared key PSK
53        o Xauth with certificates
54        o SHA2 support
55        o pkcs7 support
56        o system accounting (utmp)
57        o Darwin support
58        o configuration can be reloaded
59        o Support for UNIQUE generated policies
60        o Support for semi anonymous sainfos
61        o Support for ph1id to remoteid matching
62        o Plain RSA authentication
63        o Native LDAP support for Xauth and modecfg
64        o Group membership checks for Xauth and sainfo selection
65        o Camellia cipher support
66        o IKE Fragment force option
67        o Modecfg SplitNet attribute support
68        o Modecfg SplitDNS attribute support ( server side )
69        o Modecfg Default Domain attribute support
70        o Modecfg DNS/WINS server multiple attribute support
71
720.6     - 27 June 2005
73        o Generated policies are now correctly flushed
74        o NAT-T works with multiple peers behind the NAT (need kernel support)
75        o Xauth can use shadow passwords
76        o TCP-MD5 support
77        o PAM support for Xauth
78        o Privilege separation
79        o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
80        o racoon admin interface is exported (header and library) to
81          help building control programs for racoon (think GUI)
82        o Fixed single DES support; single DES users MUST UPGRADE.
83
840.5     - 10 April 2005
85        o Rewritten buildsystem. Now completely autoconfed, automaked,
86          libtoolized.
87        o IPsec-tools now compiles on NetBSD and FreeBSD again.
88        o Support for server-side hybrid authentication, with full
89          RADIUS supoort. This is interoperable with the Cisco VPN client.
90        o Support for client-side hybrid authentication (Tested only with
91          a racoon server)
92        o ISAKMP mode config support
93        o IKE fragmentation support
94        o Fixed FWD policy support.
95        o Fixed IPv6 compilation.
96        o Readline is optional, fixed setkey when compiled without readline.
97        o Configurable Root-CA certificate.
98        o Dead Peer Detection (DPD) support.
99
1000.4rc1  - 09 August 2004
101        o Merged support for PlainRSA keys from the 'plainrsa' branch.
102        o Inheritance of 'remote{}' sections.
103        o Support for SPD policy priorities in setkey.
104        o Ciphers are now used through the 'EVP' interface which allows
105          using hardware crypto accelerators.
106        o Setkey has new option -n (no action).
107        o All source files now have 3-clause BSD license.
108
1090.3     - 14 April 2004
110        o Fixed setkey to handle multiline commands again.
111        o Added command 'exit' to setkey.
112        o Fixed racoon to only Warn if no CRL was found.
113        o Improved testsuite.
114
1150.3rc5  - 05 April 2004
116        o Security bugfix WRT handling X.509 signatures.
117        o Stability fix WRT unknown PF_KEY messages.
118        o Fixed NAT-T with more proposals (e.g. more crypto algos).
119        o Setkey parses lines one by one => doesn't exit on errors.
120        o Setkey supports readline => more user friendly.
121
1220.3rc4  - 25 March 2004
123        o Fixed adding "null" encryption via 'setkey'.
124        o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
125        o Fixed NAT-T in aggresive mode.
126        o Fixed testsuite and added testsuite run into make check.
127
1280.3rc3  - 19 March 2004
129        o Fixed compilation error with --enble-yydebug
130        o Better diagnostic when proposals don't match.
131        o Changed/added options to setkey.
132
1330.3rc2  - 11 March 2004
134        o Added documentation for NAT-T
135        o Better NAT-T diagnostic.
136        o Test and workaround for missing va_copy()
137
1380.3rc1  - 04 March 2004
139        o Support for NAT Traversal (NAT-T)
140
1410.2.4   - 29 January 2004
142        o Sync with KAME as of 2004-01-07
143        o Fixed unauthorized deletion of SA in racoon (again).
144
1450.2.3   - 15 January 2004
146        o Support for SA lifetime specified in bytes
147          (see setkey -bs/-bh options)
148        o Enhance support for OpenSSL 0.9.7
149        o Let racoon be more verbose
150        o Fixed some simple bugs (see ChangeLog for details)
151        o Fixed unauthorized deletion of SA in racoon
152        o Fixed problems on AMD64
153        o Ignore multicast addresses for IKE
154
1550.2.2   - 13 March 2003
156        o Fix racoon to build on some systems that require linking against -lfl
157        o add an RPM spec to the distribution
158
1590.2.1   - 07 March 2003
160        o Fix some more gcc-3.2.2 compiler warnings
161        o Fix racoon to actually configure with ssl in a non-standard location
162        o Fix racoon to not complain if krb5-config is not installed
163
1640.2     - 06 March 2003
165        o Glibc-2.3 support
166        o OpenSSL-0.9.7 support
167        o Fixed duplicate-macro problems
168        o Fix racoon lex/yacc support
169        o Install psk.txt mode 600, racoon.conf mode 644
170        o Fix racoon to look in the correct directory for config files
171
1720.1     - 03 March 2003
173        o Initial release of IPsec-Tools
Note: See TracBrowser for help on using the repository browser.