Annotation of embedaddon/ipsec-tools/NEWS, revision 1.1.1.2
1.1 misho 1: Version history:
2: ----------------
1.1.1.2 ! misho 3: 0.8.1 - 08 January 2013
! 4: o Improved X.509 subject name comparation (Götz Babin-Ebell)
! 5: o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
! 6: o Allow simplified syntax for inherited remote blocks (Roman Antink)
! 7: o Never shring pfkey socket buffer (Marcelo Leitner)
! 8: o Privilege separation child process exit fix
! 9: o Multiple memory allocation and use-after-free fixes
! 10:
1.1 misho 11: 0.8 - 18 March 2011
12: o Fix authentication method ambiguity with kerberos and xauth
13: o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
14: o Local address code rewrite to speed things up
15: o Improved MIPv6 support (Arnaud Ebalard)
16: o ISAKMP SA (phase1) rekeying
17: o Improved scheduler (faster algorithm, support monotonic clock)
18: o Handle RESPONDER-LIFETIME in quick mode
19: o Handle INITIAL-CONTACT in from main mode too
20: o Rewritten event handling framework for admin port
21: o Ability to initiate IPsec SA through admin port
22: o NAT-T Original Address handling (transport mode NAT-T support)
23: o clean NAT-T - PFkey support
24: o support for multiple anonymous remoteconfs
25: o Remove various obsolete configuration options
26: o A lot of other bug fixes, performance improvements and clean ups
27:
28: 0.7.1 - 23 July 2008
29: o Fixes a memory leak when invalid proposal received
30: o Some fixes in DPD
31: o do not set default gss id if xauth is used
32: o fixed hybrid enabled builds
33: o fixed compilation on FreeBSD8
34: o cleanup in network port value manipulation
35: o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
36: purge_ipsec_spi()
37: o Generates a log if cert validation has been disabled by
38: configuration
39: o better handling for pfkey socket read errors
40: o Fixes in yacc / bison stuff
41: o new plog() macro (reduced CPU usage when logging is disabled)
42: o Try to work better with huge SPD/SAD
43: o Corrected modecfg option syntax
44:
45: 0.7 - 09 August 2007
46: o Xauth with pre-shared key PSK
47: o Xauth with certificates
48: o SHA2 support
49: o pkcs7 support
50: o system accounting (utmp)
51: o Darwin support
52: o configuration can be reloaded
53: o Support for UNIQUE generated policies
54: o Support for semi anonymous sainfos
55: o Support for ph1id to remoteid matching
56: o Plain RSA authentication
57: o Native LDAP support for Xauth and modecfg
58: o Group membership checks for Xauth and sainfo selection
59: o Camellia cipher support
60: o IKE Fragment force option
61: o Modecfg SplitNet attribute support
62: o Modecfg SplitDNS attribute support ( server side )
63: o Modecfg Default Domain attribute support
64: o Modecfg DNS/WINS server multiple attribute support
65:
66: 0.6 - 27 June 2005
67: o Generated policies are now correctly flushed
68: o NAT-T works with multiple peers behind the NAT (need kernel support)
69: o Xauth can use shadow passwords
70: o TCP-MD5 support
71: o PAM support for Xauth
72: o Privilege separation
73: o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
74: o racoon admin interface is exported (header and library) to
75: help building control programs for racoon (think GUI)
76: o Fixed single DES support; single DES users MUST UPGRADE.
77:
78: 0.5 - 10 April 2005
79: o Rewritten buildsystem. Now completely autoconfed, automaked,
80: libtoolized.
81: o IPsec-tools now compiles on NetBSD and FreeBSD again.
82: o Support for server-side hybrid authentication, with full
83: RADIUS supoort. This is interoperable with the Cisco VPN client.
84: o Support for client-side hybrid authentication (Tested only with
85: a racoon server)
86: o ISAKMP mode config support
87: o IKE fragmentation support
88: o Fixed FWD policy support.
89: o Fixed IPv6 compilation.
90: o Readline is optional, fixed setkey when compiled without readline.
91: o Configurable Root-CA certificate.
92: o Dead Peer Detection (DPD) support.
93:
94: 0.4rc1 - 09 August 2004
95: o Merged support for PlainRSA keys from the 'plainrsa' branch.
96: o Inheritance of 'remote{}' sections.
97: o Support for SPD policy priorities in setkey.
98: o Ciphers are now used through the 'EVP' interface which allows
99: using hardware crypto accelerators.
100: o Setkey has new option -n (no action).
101: o All source files now have 3-clause BSD license.
102:
103: 0.3 - 14 April 2004
104: o Fixed setkey to handle multiline commands again.
105: o Added command 'exit' to setkey.
106: o Fixed racoon to only Warn if no CRL was found.
107: o Improved testsuite.
108:
109: 0.3rc5 - 05 April 2004
110: o Security bugfix WRT handling X.509 signatures.
111: o Stability fix WRT unknown PF_KEY messages.
112: o Fixed NAT-T with more proposals (e.g. more crypto algos).
113: o Setkey parses lines one by one => doesn't exit on errors.
114: o Setkey supports readline => more user friendly.
115:
116: 0.3rc4 - 25 March 2004
117: o Fixed adding "null" encryption via 'setkey'.
118: o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
119: o Fixed NAT-T in aggresive mode.
120: o Fixed testsuite and added testsuite run into make check.
121:
122: 0.3rc3 - 19 March 2004
123: o Fixed compilation error with --enble-yydebug
124: o Better diagnostic when proposals don't match.
125: o Changed/added options to setkey.
126:
127: 0.3rc2 - 11 March 2004
128: o Added documentation for NAT-T
129: o Better NAT-T diagnostic.
130: o Test and workaround for missing va_copy()
131:
132: 0.3rc1 - 04 March 2004
133: o Support for NAT Traversal (NAT-T)
134:
135: 0.2.4 - 29 January 2004
136: o Sync with KAME as of 2004-01-07
137: o Fixed unauthorized deletion of SA in racoon (again).
138:
139: 0.2.3 - 15 January 2004
140: o Support for SA lifetime specified in bytes
141: (see setkey -bs/-bh options)
142: o Enhance support for OpenSSL 0.9.7
143: o Let racoon be more verbose
144: o Fixed some simple bugs (see ChangeLog for details)
145: o Fixed unauthorized deletion of SA in racoon
146: o Fixed problems on AMD64
147: o Ignore multicast addresses for IKE
148:
149: 0.2.2 - 13 March 2003
150: o Fix racoon to build on some systems that require linking against -lfl
151: o add an RPM spec to the distribution
152:
153: 0.2.1 - 07 March 2003
154: o Fix some more gcc-3.2.2 compiler warnings
155: o Fix racoon to actually configure with ssl in a non-standard location
156: o Fix racoon to not complain if krb5-config is not installed
157:
158: 0.2 - 06 March 2003
159: o Glibc-2.3 support
160: o OpenSSL-0.9.7 support
161: o Fixed duplicate-macro problems
162: o Fix racoon lex/yacc support
163: o Install psk.txt mode 600, racoon.conf mode 644
164: o Fix racoon to look in the correct directory for config files
165:
166: 0.1 - 03 March 2003
167: o Initial release of IPsec-Tools
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools