158 lines
5.5 KiB
Plaintext
158 lines
5.5 KiB
Plaintext
Version history:
|
|
----------------
|
|
|
|
0.7.3 - 23 August 2009
|
|
o Fix a remote crash and a memory leak
|
|
o Fixed a NAT-T flag check
|
|
o Some code cleanups/compilation fixes with recent gcc
|
|
|
|
0.7.2 - 22 April 2009
|
|
o Fix a remote crash in fragmentation code
|
|
o Phase2 message identities are phase1 specific (Vista compatibility=
|
|
o Autogenerate ChangeLog from cvs metadata
|
|
o Fix mode config pool resizing
|
|
o NAT-T fixes related to purging of IPsec SA:s and retransmission
|
|
o Remove phase1 handler immediately if first exchange is bad
|
|
o A bunch of memory leak and possible memory corruptions (triggerable
|
|
by bad configuration or startup parameters)
|
|
|
|
0.7.1 - 23 July 2008
|
|
o Fixes a memory leak when invalid proposal received
|
|
o Some fixes in DPD
|
|
o do not set default gss id if xauth is used
|
|
o fixed hybrid enabled builds
|
|
o fixed compilation on FreeBSD8
|
|
o cleanup in network port value manipulation
|
|
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
|
|
o Generates a log if cert validation has been disabled by configuration
|
|
o better handling for pfkey socket read errors
|
|
o Fixes in yacc / bison stuff
|
|
o new plog() macro (reduced CPU usage when logging is disabled)
|
|
o Try to works better with huge SPD/SAD
|
|
o Corrected modecfg option syntax
|
|
o Many other various fixes...
|
|
|
|
0.7 - 09 August 2007
|
|
o Xauth with pre-shared key PSK
|
|
o Xauth with certificates
|
|
o SHA2 support
|
|
o pkcs7 support
|
|
o system accounting (utmp)
|
|
o Darwin support
|
|
o configuration can be reloaded
|
|
o Support for UNIQUE generated policies
|
|
o Support for semi anonymous sainfos
|
|
o Support for ph1id to remoteid matching
|
|
o Plain RSA authentication
|
|
o Native LDAP support for Xauth and modecfg
|
|
o Group membership checks for Xauth and sainfo selection
|
|
o Camellia cipher support
|
|
o IKE Fragment force option
|
|
o Modecfg SplitNet attribute support
|
|
o Modecfg SplitDNS attribute support ( server side )
|
|
o Modecfg Default Domain attribute support
|
|
o Modecfg DNS/WINS server multiple attribute support
|
|
|
|
0.6 - 27 June 2005
|
|
o Generated policies are now correctly flushed
|
|
o NAT-T works with multiple peers behind the NAT (need kernel support)
|
|
o Xauth can use shadow passwords
|
|
o TCP-MD5 support
|
|
o PAM support for Xauth
|
|
o Privilege separation
|
|
o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
|
|
o racoon admin interface is exported (header and library) to
|
|
help building control programs for racoon (think GUI)
|
|
o Fixed single DES support; single DES users MUST UPGRADE.
|
|
|
|
0.5 - 10 April 2005
|
|
o Rewritten buildsystem. Now completely autoconfed, automaked,
|
|
libtoolized.
|
|
o IPsec-tools now compiles on NetBSD and FreeBSD again.
|
|
o Support for server-side hybrid authentication, with full
|
|
RADIUS supoort. This is interoperable with the Cisco VPN client.
|
|
o Support for client-side hybrid authentication (Tested only with
|
|
a racoon server)
|
|
o ISAKMP mode config support
|
|
o IKE fragmentation support
|
|
o Fixed FWD policy support.
|
|
o Fixed IPv6 compilation.
|
|
o Readline is optional, fixed setkey when compiled without readline.
|
|
o Configurable Root-CA certificate.
|
|
o Dead Peer Detection (DPD) support.
|
|
|
|
0.4rc1 - 09 August 2004
|
|
o Merged support for PlainRSA keys from the 'plainrsa' branch.
|
|
o Inheritance of 'remote{}' sections.
|
|
o Support for SPD policy priorities in setkey.
|
|
o Ciphers are now used through the 'EVP' interface which allows
|
|
using hardware crypto accelerators.
|
|
o Setkey has new option -n (no action).
|
|
o All source files now have 3-clause BSD license.
|
|
|
|
0.3 - 14 April 2004
|
|
o Fixed setkey to handle multiline commands again.
|
|
o Added command 'exit' to setkey.
|
|
o Fixed racoon to only Warn if no CRL was found.
|
|
o Improved testsuite.
|
|
|
|
0.3rc5 - 05 April 2004
|
|
o Security bugfix WRT handling X.509 signatures.
|
|
o Stability fix WRT unknown PF_KEY messages.
|
|
o Fixed NAT-T with more proposals (e.g. more crypto algos).
|
|
o Setkey parses lines one by one => doesn't exit on errors.
|
|
o Setkey supports readline => more user friendly.
|
|
|
|
0.3rc4 - 25 March 2004
|
|
o Fixed adding "null" encryption via 'setkey'.
|
|
o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
|
|
o Fixed NAT-T in aggresive mode.
|
|
o Fixed testsuite and added testsuite run into make check.
|
|
|
|
0.3rc3 - 19 March 2004
|
|
o Fixed compilation error with --enble-yydebug
|
|
o Better diagnostic when proposals don't match.
|
|
o Changed/added options to setkey.
|
|
|
|
0.3rc2 - 11 March 2004
|
|
o Added documentation for NAT-T
|
|
o Better NAT-T diagnostic.
|
|
o Test and workaround for missing va_copy()
|
|
|
|
0.3rc1 - 04 March 2004
|
|
o Support for NAT Traversal (NAT-T)
|
|
|
|
0.2.4 - 29 January 2004
|
|
o Sync with KAME as of 2004-01-07
|
|
o Fixed unauthorized deletion of SA in racoon (again).
|
|
|
|
0.2.3 - 15 January 2004
|
|
o Support for SA lifetime specified in bytes
|
|
(see setkey -bs/-bh options)
|
|
o Enhance support for OpenSSL 0.9.7
|
|
o Let racoon be more verbose
|
|
o Fixed some simple bugs (see ChangeLog for details)
|
|
o Fixed unauthorized deletion of SA in racoon
|
|
o Fixed problems on AMD64
|
|
o Ignore multicast addresses for IKE
|
|
|
|
0.2.2 - 13 March 2003
|
|
o Fix racoon to build on some systems that require linking against -lfl
|
|
o add an RPM spec to the distribution
|
|
|
|
0.2.1 - 07 March 2003
|
|
o Fix some more gcc-3.2.2 compiler warnings
|
|
o Fix racoon to actually configure with ssl in a non-standard location
|
|
o Fix racoon to not complain if krb5-config is not installed
|
|
|
|
0.2 - 06 March 2003
|
|
o Glibc-2.3 support
|
|
o OpenSSL-0.9.7 support
|
|
o Fixed duplicate-macro problems
|
|
o Fix racoon lex/yacc support
|
|
o Install psk.txt mode 600, racoon.conf mode 644
|
|
o Fix racoon to look in the correct directory for config files
|
|
|
|
0.1 - 03 March 2003
|
|
o Initial release of IPsec-Tools
|