Annotation of embedaddon/ipsec-tools/NEWS, revision 1.1.1.3
1.1 misho 1: Version history:
2: ----------------
1.1.1.3 ! misho 3: 0.8.2 - 27 February 2014
! 4: o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev)
! 5: o Fix source port selection regression from version 0.8.1
! 6: o Various logging improvements
! 7: o Additional compliance and build fixes
! 8:
1.1.1.2 misho 9: 0.8.1 - 08 January 2013
10: o Improved X.509 subject name comparation (Götz Babin-Ebell)
11: o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
12: o Allow simplified syntax for inherited remote blocks (Roman Antink)
13: o Never shring pfkey socket buffer (Marcelo Leitner)
14: o Privilege separation child process exit fix
15: o Multiple memory allocation and use-after-free fixes
16:
1.1 misho 17: 0.8 - 18 March 2011
18: o Fix authentication method ambiguity with kerberos and xauth
19: o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
20: o Local address code rewrite to speed things up
21: o Improved MIPv6 support (Arnaud Ebalard)
22: o ISAKMP SA (phase1) rekeying
23: o Improved scheduler (faster algorithm, support monotonic clock)
24: o Handle RESPONDER-LIFETIME in quick mode
25: o Handle INITIAL-CONTACT in from main mode too
26: o Rewritten event handling framework for admin port
27: o Ability to initiate IPsec SA through admin port
28: o NAT-T Original Address handling (transport mode NAT-T support)
29: o clean NAT-T - PFkey support
30: o support for multiple anonymous remoteconfs
31: o Remove various obsolete configuration options
32: o A lot of other bug fixes, performance improvements and clean ups
33:
34: 0.7.1 - 23 July 2008
35: o Fixes a memory leak when invalid proposal received
36: o Some fixes in DPD
37: o do not set default gss id if xauth is used
38: o fixed hybrid enabled builds
39: o fixed compilation on FreeBSD8
40: o cleanup in network port value manipulation
41: o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
42: purge_ipsec_spi()
43: o Generates a log if cert validation has been disabled by
44: configuration
45: o better handling for pfkey socket read errors
46: o Fixes in yacc / bison stuff
47: o new plog() macro (reduced CPU usage when logging is disabled)
48: o Try to work better with huge SPD/SAD
49: o Corrected modecfg option syntax
50:
51: 0.7 - 09 August 2007
52: o Xauth with pre-shared key PSK
53: o Xauth with certificates
54: o SHA2 support
55: o pkcs7 support
56: o system accounting (utmp)
57: o Darwin support
58: o configuration can be reloaded
59: o Support for UNIQUE generated policies
60: o Support for semi anonymous sainfos
61: o Support for ph1id to remoteid matching
62: o Plain RSA authentication
63: o Native LDAP support for Xauth and modecfg
64: o Group membership checks for Xauth and sainfo selection
65: o Camellia cipher support
66: o IKE Fragment force option
67: o Modecfg SplitNet attribute support
68: o Modecfg SplitDNS attribute support ( server side )
69: o Modecfg Default Domain attribute support
70: o Modecfg DNS/WINS server multiple attribute support
71:
72: 0.6 - 27 June 2005
73: o Generated policies are now correctly flushed
74: o NAT-T works with multiple peers behind the NAT (need kernel support)
75: o Xauth can use shadow passwords
76: o TCP-MD5 support
77: o PAM support for Xauth
78: o Privilege separation
79: o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
80: o racoon admin interface is exported (header and library) to
81: help building control programs for racoon (think GUI)
82: o Fixed single DES support; single DES users MUST UPGRADE.
83:
84: 0.5 - 10 April 2005
85: o Rewritten buildsystem. Now completely autoconfed, automaked,
86: libtoolized.
87: o IPsec-tools now compiles on NetBSD and FreeBSD again.
88: o Support for server-side hybrid authentication, with full
89: RADIUS supoort. This is interoperable with the Cisco VPN client.
90: o Support for client-side hybrid authentication (Tested only with
91: a racoon server)
92: o ISAKMP mode config support
93: o IKE fragmentation support
94: o Fixed FWD policy support.
95: o Fixed IPv6 compilation.
96: o Readline is optional, fixed setkey when compiled without readline.
97: o Configurable Root-CA certificate.
98: o Dead Peer Detection (DPD) support.
99:
100: 0.4rc1 - 09 August 2004
101: o Merged support for PlainRSA keys from the 'plainrsa' branch.
102: o Inheritance of 'remote{}' sections.
103: o Support for SPD policy priorities in setkey.
104: o Ciphers are now used through the 'EVP' interface which allows
105: using hardware crypto accelerators.
106: o Setkey has new option -n (no action).
107: o All source files now have 3-clause BSD license.
108:
109: 0.3 - 14 April 2004
110: o Fixed setkey to handle multiline commands again.
111: o Added command 'exit' to setkey.
112: o Fixed racoon to only Warn if no CRL was found.
113: o Improved testsuite.
114:
115: 0.3rc5 - 05 April 2004
116: o Security bugfix WRT handling X.509 signatures.
117: o Stability fix WRT unknown PF_KEY messages.
118: o Fixed NAT-T with more proposals (e.g. more crypto algos).
119: o Setkey parses lines one by one => doesn't exit on errors.
120: o Setkey supports readline => more user friendly.
121:
122: 0.3rc4 - 25 March 2004
123: o Fixed adding "null" encryption via 'setkey'.
124: o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
125: o Fixed NAT-T in aggresive mode.
126: o Fixed testsuite and added testsuite run into make check.
127:
128: 0.3rc3 - 19 March 2004
129: o Fixed compilation error with --enble-yydebug
130: o Better diagnostic when proposals don't match.
131: o Changed/added options to setkey.
132:
133: 0.3rc2 - 11 March 2004
134: o Added documentation for NAT-T
135: o Better NAT-T diagnostic.
136: o Test and workaround for missing va_copy()
137:
138: 0.3rc1 - 04 March 2004
139: o Support for NAT Traversal (NAT-T)
140:
141: 0.2.4 - 29 January 2004
142: o Sync with KAME as of 2004-01-07
143: o Fixed unauthorized deletion of SA in racoon (again).
144:
145: 0.2.3 - 15 January 2004
146: o Support for SA lifetime specified in bytes
147: (see setkey -bs/-bh options)
148: o Enhance support for OpenSSL 0.9.7
149: o Let racoon be more verbose
150: o Fixed some simple bugs (see ChangeLog for details)
151: o Fixed unauthorized deletion of SA in racoon
152: o Fixed problems on AMD64
153: o Ignore multicast addresses for IKE
154:
155: 0.2.2 - 13 March 2003
156: o Fix racoon to build on some systems that require linking against -lfl
157: o add an RPM spec to the distribution
158:
159: 0.2.1 - 07 March 2003
160: o Fix some more gcc-3.2.2 compiler warnings
161: o Fix racoon to actually configure with ssl in a non-standard location
162: o Fix racoon to not complain if krb5-config is not installed
163:
164: 0.2 - 06 March 2003
165: o Glibc-2.3 support
166: o OpenSSL-0.9.7 support
167: o Fixed duplicate-macro problems
168: o Fix racoon lex/yacc support
169: o Install psk.txt mode 600, racoon.conf mode 644
170: o Fix racoon to look in the correct directory for config files
171:
172: 0.1 - 03 March 2003
173: o Initial release of IPsec-Tools
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>