Annotation of embedaddon/ipsec-tools/NEWS, revision 1.1.1.1

1.1       misho       1: Version history:
                      2: ----------------
                      3: 0.8    - 18 March 2011
                      4:        o Fix authentication method ambiguity with kerberos and xauth
                      5:        o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
                      6:        o Local address code rewrite to speed things up
                      7:        o Improved MIPv6 support (Arnaud Ebalard)
                      8:        o ISAKMP SA (phase1) rekeying
                      9:        o Improved scheduler (faster algorithm, support monotonic clock)
                     10:        o Handle RESPONDER-LIFETIME in quick mode
                     11:        o Handle INITIAL-CONTACT in from main mode too
                     12:        o Rewritten event handling framework for admin port
                     13:        o Ability to initiate IPsec SA through admin port
                     14:        o NAT-T Original Address handling (transport mode NAT-T support)
                     15:        o clean NAT-T - PFkey support
                     16:        o support for multiple anonymous remoteconfs
                     17:        o Remove various obsolete configuration options
                     18:        o A lot of other bug fixes, performance improvements and clean ups
                     19: 
                     20: 0.7.1  - 23 July 2008
                     21:        o Fixes a memory leak when invalid proposal received
                     22:        o Some fixes in DPD
                     23:        o do not set default gss id if xauth is used
                     24:        o fixed hybrid enabled builds
                     25:        o fixed compilation on FreeBSD8
                     26:        o cleanup in network port value manipulation
                     27:        o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
                     28:          purge_ipsec_spi()
                     29:        o Generates a log if cert validation has been disabled by
                     30:          configuration
                     31:        o better handling for pfkey socket read errors
                     32:        o Fixes in yacc / bison stuff
                     33:        o new plog() macro (reduced CPU usage when logging is disabled)
                     34:        o Try to work better with huge SPD/SAD
                     35:        o Corrected modecfg option syntax
                     36: 
                     37: 0.7    - 09 August 2007
                     38:        o Xauth with pre-shared key PSK
                     39:        o Xauth with certificates
                     40:        o SHA2 support
                     41:        o pkcs7 support
                     42:        o system accounting (utmp)
                     43:        o Darwin support
                     44:        o configuration can be reloaded
                     45:        o Support for UNIQUE generated policies
                     46:        o Support for semi anonymous sainfos
                     47:        o Support for ph1id to remoteid matching
                     48:        o Plain RSA authentication
                     49:        o Native LDAP support for Xauth and modecfg
                     50:        o Group membership checks for Xauth and sainfo selection
                     51:        o Camellia cipher support
                     52:        o IKE Fragment force option
                     53:        o Modecfg SplitNet attribute support
                     54:        o Modecfg SplitDNS attribute support ( server side )
                     55:        o Modecfg Default Domain attribute support
                     56:        o Modecfg DNS/WINS server multiple attribute support
                     57: 
                     58: 0.6    - 27 June 2005
                     59:        o Generated policies are now correctly flushed
                     60:        o NAT-T works with multiple peers behind the NAT (need kernel support)
                     61:        o Xauth can use shadow passwords
                     62:        o TCP-MD5 support
                     63:        o PAM support for Xauth
                     64:        o Privilege separation
                     65:        o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
                     66:        o racoon admin interface is exported (header and library) to 
                     67:          help building control programs for racoon (think GUI)
                     68:        o Fixed single DES support; single DES users MUST UPGRADE.
                     69: 
                     70: 0.5    - 10 April 2005
                     71:        o Rewritten buildsystem. Now completely autoconfed, automaked,
                     72:          libtoolized.
                     73:        o IPsec-tools now compiles on NetBSD and FreeBSD again.
                     74:        o Support for server-side hybrid authentication, with full 
                     75:          RADIUS supoort. This is interoperable with the Cisco VPN client.
                     76:        o Support for client-side hybrid authentication (Tested only with
                     77:          a racoon server)
                     78:        o ISAKMP mode config support
                     79:        o IKE fragmentation support
                     80:        o Fixed FWD policy support.
                     81:        o Fixed IPv6 compilation.
                     82:        o Readline is optional, fixed setkey when compiled without readline.
                     83:        o Configurable Root-CA certificate.
                     84:        o Dead Peer Detection (DPD) support.
                     85: 
                     86: 0.4rc1 - 09 August 2004
                     87:        o Merged support for PlainRSA keys from the 'plainrsa' branch.
                     88:        o Inheritance of 'remote{}' sections.
                     89:        o Support for SPD policy priorities in setkey.
                     90:        o Ciphers are now used through the 'EVP' interface which allows
                     91:          using hardware crypto accelerators.
                     92:        o Setkey has new option -n (no action).
                     93:        o All source files now have 3-clause BSD license.
                     94: 
                     95: 0.3    - 14 April 2004
                     96:        o Fixed setkey to handle multiline commands again.
                     97:        o Added command 'exit' to setkey.
                     98:        o Fixed racoon to only Warn if no CRL was found.
                     99:        o Improved testsuite.
                    100: 
                    101: 0.3rc5 - 05 April 2004
                    102:        o Security bugfix WRT handling X.509 signatures.
                    103:        o Stability fix WRT unknown PF_KEY messages.
                    104:        o Fixed NAT-T with more proposals (e.g. more crypto algos).
                    105:        o Setkey parses lines one by one => doesn't exit on errors.
                    106:        o Setkey supports readline => more user friendly.
                    107: 
                    108: 0.3rc4 - 25 March 2004
                    109:        o Fixed adding "null" encryption via 'setkey'.
                    110:        o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
                    111:        o Fixed NAT-T in aggresive mode.
                    112:        o Fixed testsuite and added testsuite run into make check.
                    113: 
                    114: 0.3rc3 - 19 March 2004
                    115:        o Fixed compilation error with --enble-yydebug
                    116:        o Better diagnostic when proposals don't match.
                    117:        o Changed/added options to setkey.
                    118: 
                    119: 0.3rc2 - 11 March 2004
                    120:        o Added documentation for NAT-T
                    121:        o Better NAT-T diagnostic.
                    122:        o Test and workaround for missing va_copy()
                    123: 
                    124: 0.3rc1 - 04 March 2004
                    125:        o Support for NAT Traversal (NAT-T)
                    126: 
                    127: 0.2.4  - 29 January 2004
                    128:        o Sync with KAME as of 2004-01-07
                    129:        o Fixed unauthorized deletion of SA in racoon (again).
                    130: 
                    131: 0.2.3  - 15 January 2004
                    132:        o Support for SA lifetime specified in bytes
                    133:          (see setkey -bs/-bh options)
                    134:        o Enhance support for OpenSSL 0.9.7
                    135:        o Let racoon be more verbose
                    136:        o Fixed some simple bugs (see ChangeLog for details)
                    137:        o Fixed unauthorized deletion of SA in racoon
                    138:        o Fixed problems on AMD64
                    139:        o Ignore multicast addresses for IKE
                    140: 
                    141: 0.2.2  - 13 March 2003
                    142:        o Fix racoon to build on some systems that require linking against -lfl
                    143:        o add an RPM spec to the distribution
                    144: 
                    145: 0.2.1  - 07 March 2003
                    146:        o Fix some more gcc-3.2.2 compiler warnings
                    147:        o Fix racoon to actually configure with ssl in a non-standard location
                    148:        o Fix racoon to not complain if krb5-config is not installed
                    149: 
                    150: 0.2    - 06 March 2003
                    151:        o Glibc-2.3 support
                    152:        o OpenSSL-0.9.7 support
                    153:        o Fixed duplicate-macro problems
                    154:        o Fix racoon lex/yacc support
                    155:        o Install psk.txt mode 600, racoon.conf mode 644
                    156:        o Fix racoon to look in the correct directory for config files
                    157: 
                    158: 0.1    - 03 March 2003
                    159:        o Initial release of IPsec-Tools

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>