Return to NEWS CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools

ipsec-tools 0.8.2

    1: Version history:
    2: ----------------
    3: 0.8.2	- 27 February 2014
    4: 	o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev)
    5: 	o Fix source port selection regression from version 0.8.1
    6: 	o Various logging improvements
    7: 	o Additional compliance and build fixes
    8: 
    9: 0.8.1	- 08 January 2013
   10: 	o Improved X.509 subject name comparation (Götz Babin-Ebell)
   11: 	o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
   12: 	o Allow simplified syntax for inherited remote blocks (Roman Antink)
   13: 	o Never shring pfkey socket buffer (Marcelo Leitner)
   14: 	o Privilege separation child process exit fix
   15: 	o Multiple memory allocation and use-after-free fixes
   16: 
   17: 0.8	- 18 March 2011
   18: 	o Fix authentication method ambiguity with kerberos and xauth
   19: 	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
   20: 	o Local address code rewrite to speed things up
   21: 	o Improved MIPv6 support (Arnaud Ebalard)
   22: 	o ISAKMP SA (phase1) rekeying
   23: 	o Improved scheduler (faster algorithm, support monotonic clock)
   24: 	o Handle RESPONDER-LIFETIME in quick mode
   25: 	o Handle INITIAL-CONTACT in from main mode too
   26: 	o Rewritten event handling framework for admin port
   27: 	o Ability to initiate IPsec SA through admin port
   28: 	o NAT-T Original Address handling (transport mode NAT-T support)
   29: 	o clean NAT-T - PFkey support
   30: 	o support for multiple anonymous remoteconfs
   31: 	o Remove various obsolete configuration options
   32: 	o A lot of other bug fixes, performance improvements and clean ups
   33: 
   34: 0.7.1	- 23 July 2008
   35: 	o Fixes a memory leak when invalid proposal received
   36: 	o Some fixes in DPD
   37: 	o do not set default gss id if xauth is used
   38: 	o fixed hybrid enabled builds
   39: 	o fixed compilation on FreeBSD8
   40: 	o cleanup in network port value manipulation
   41: 	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
   42: 	  purge_ipsec_spi()
   43: 	o Generates a log if cert validation has been disabled by
   44: 	  configuration
   45: 	o better handling for pfkey socket read errors
   46: 	o Fixes in yacc / bison stuff
   47: 	o new plog() macro (reduced CPU usage when logging is disabled)
   48: 	o Try to work better with huge SPD/SAD
   49: 	o Corrected modecfg option syntax
   50: 
   51: 0.7	- 09 August 2007
   52: 	o Xauth with pre-shared key PSK
   53: 	o Xauth with certificates
   54: 	o SHA2 support
   55: 	o pkcs7 support
   56: 	o system accounting (utmp)
   57: 	o Darwin support
   58: 	o configuration can be reloaded
   59: 	o Support for UNIQUE generated policies
   60: 	o Support for semi anonymous sainfos
   61: 	o Support for ph1id to remoteid matching
   62: 	o Plain RSA authentication
   63: 	o Native LDAP support for Xauth and modecfg
   64: 	o Group membership checks for Xauth and sainfo selection
   65: 	o Camellia cipher support
   66: 	o IKE Fragment force option
   67: 	o Modecfg SplitNet attribute support
   68: 	o Modecfg SplitDNS attribute support ( server side )
   69: 	o Modecfg Default Domain attribute support
   70: 	o Modecfg DNS/WINS server multiple attribute support
   71: 
   72: 0.6	- 27 June 2005
   73: 	o Generated policies are now correctly flushed
   74: 	o NAT-T works with multiple peers behind the NAT (need kernel support)
   75: 	o Xauth can use shadow passwords
   76: 	o TCP-MD5 support
   77: 	o PAM support for Xauth
   78: 	o Privilege separation
   79: 	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
   80: 	o racoon admin interface is exported (header and library) to 
   81: 	  help building control programs for racoon (think GUI)
   82: 	o Fixed single DES support; single DES users MUST UPGRADE.
   83: 
   84: 0.5	- 10 April 2005
   85: 	o Rewritten buildsystem. Now completely autoconfed, automaked,
   86: 	  libtoolized.
   87: 	o IPsec-tools now compiles on NetBSD and FreeBSD again.
   88: 	o Support for server-side hybrid authentication, with full 
   89: 	  RADIUS supoort. This is interoperable with the Cisco VPN client.
   90: 	o Support for client-side hybrid authentication (Tested only with
   91: 	  a racoon server)
   92: 	o ISAKMP mode config support
   93: 	o IKE fragmentation support
   94: 	o Fixed FWD policy support.
   95: 	o Fixed IPv6 compilation.
   96: 	o Readline is optional, fixed setkey when compiled without readline.
   97: 	o Configurable Root-CA certificate.
   98: 	o Dead Peer Detection (DPD) support.
   99: 
  100: 0.4rc1	- 09 August 2004
  101: 	o Merged support for PlainRSA keys from the 'plainrsa' branch.
  102: 	o Inheritance of 'remote{}' sections.
  103: 	o Support for SPD policy priorities in setkey.
  104: 	o Ciphers are now used through the 'EVP' interface which allows
  105: 	  using hardware crypto accelerators.
  106: 	o Setkey has new option -n (no action).
  107: 	o All source files now have 3-clause BSD license.
  108: 
  109: 0.3	- 14 April 2004
  110: 	o Fixed setkey to handle multiline commands again.
  111: 	o Added command 'exit' to setkey.
  112: 	o Fixed racoon to only Warn if no CRL was found.
  113: 	o Improved testsuite.
  114: 
  115: 0.3rc5	- 05 April 2004
  116: 	o Security bugfix WRT handling X.509 signatures.
  117: 	o Stability fix WRT unknown PF_KEY messages.
  118: 	o Fixed NAT-T with more proposals (e.g. more crypto algos).
  119: 	o Setkey parses lines one by one => doesn't exit on errors.
  120: 	o Setkey supports readline => more user friendly.
  121: 
  122: 0.3rc4	- 25 March 2004
  123: 	o Fixed adding "null" encryption via 'setkey'.
  124: 	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
  125: 	o Fixed NAT-T in aggresive mode.
  126: 	o Fixed testsuite and added testsuite run into make check.
  127: 
  128: 0.3rc3	- 19 March 2004
  129: 	o Fixed compilation error with --enble-yydebug
  130: 	o Better diagnostic when proposals don't match.
  131: 	o Changed/added options to setkey.
  132: 
  133: 0.3rc2	- 11 March 2004
  134: 	o Added documentation for NAT-T
  135: 	o Better NAT-T diagnostic.
  136: 	o Test and workaround for missing va_copy()
  137: 
  138: 0.3rc1	- 04 March 2004
  139: 	o Support for NAT Traversal (NAT-T)
  140: 
  141: 0.2.4	- 29 January 2004
  142: 	o Sync with KAME as of 2004-01-07
  143: 	o Fixed unauthorized deletion of SA in racoon (again).
  144: 
  145: 0.2.3	- 15 January 2004
  146: 	o Support for SA lifetime specified in bytes
  147: 	  (see setkey -bs/-bh options)
  148: 	o Enhance support for OpenSSL 0.9.7
  149: 	o Let racoon be more verbose
  150: 	o Fixed some simple bugs (see ChangeLog for details)
  151: 	o Fixed unauthorized deletion of SA in racoon
  152: 	o Fixed problems on AMD64
  153: 	o Ignore multicast addresses for IKE
  154: 
  155: 0.2.2	- 13 March 2003
  156: 	o Fix racoon to build on some systems that require linking against -lfl
  157: 	o add an RPM spec to the distribution
  158: 
  159: 0.2.1	- 07 March 2003
  160: 	o Fix some more gcc-3.2.2 compiler warnings
  161: 	o Fix racoon to actually configure with ssl in a non-standard location
  162: 	o Fix racoon to not complain if krb5-config is not installed
  163: 
  164: 0.2	- 06 March 2003
  165: 	o Glibc-2.3 support
  166: 	o OpenSSL-0.9.7 support
  167: 	o Fixed duplicate-macro problems
  168: 	o Fix racoon lex/yacc support
  169: 	o Install psk.txt mode 600, racoon.conf mode 644
  170: 	o Fix racoon to look in the correct directory for config files
  171: 
  172: 0.1	- 03 March 2003
  173: 	o Initial release of IPsec-Tools