![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / security / ipsec-tools
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.16 / (download) - annotate - [select for diffs], Sat Mar 6 09:07:15 2010 UTC (2 years, 2 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
HEAD
Changes since 1.15: +4 -4
lines
Diff to previous 1.15 (colored)
update to latest release DESTDIRify ok'd by manu@
Revision 1.14.12.1 / (download) - annotate - [select for diffs], Tue Aug 19 00:26:04 2008 UTC (3 years, 9 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored) next main 1.15 (colored)
pullup ticket #2489 - requested by manu
ipsec-tools: update package for cve
revisions pulled up:
pkgsrc/security/ipsec-tools/Makefile 1.28
pkgsrc/security/ipsec-tools/distinfo 1.15
Module Name: pkgsrc
Committed By: manu
Date: Sat Aug 16 06:55:18 UTC 2008
Modified Files:
pkgsrc/doc: CHANGES-2008
pkgsrc/security/ipsec-tools: Makefile distinfo
Log Message:
Update to ipsec-tools 0.7.1, fixes CVE-2008-3652
Changes since the 0.6 branch:
0.7.1 - 23 July 2008
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
purge_ipsec_sp
i()
o Generates a log if cert validation has been disabled by
configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to works better with huge SPD/SAD
o Corrected modecfg option syntax
o Many other various fixes...
0.7 - 09 August 2007
o Xauth with pre-shared key PSK
o Xauth with certificates
o SHA2 support
o pkcs7 support
o system accounting (utmp)
o Darwin support
o configuration can be reloaded
o Support for UNIQUE generated policies
o Support for semi anonymous sainfos
o Support for ph1id to remoteid matching
o Plain RSA authentication
o Native LDAP support for Xauth and modecfg
o Group membership checks for Xauth and sainfo selection
o Camellia cipher support
o IKE Fragment force option
o Modecfg SplitNet attribute support
o Modecfg SplitDNS attribute support ( server side )
o Modecfg Default Domain attribute support
o Modecfg DNS/WINS server multiple attribute support
Revision 1.15 / (download) - annotate - [select for diffs], Sat Aug 16 06:55:18 2008 UTC (3 years, 9 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored)
Update to ipsec-tools 0.7.1, fixes CVE-2008-3652
Changes since the 0.6 branch:
0.7.1 - 23 July 2008
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_sp
i()
o Generates a log if cert validation has been disabled by configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to works better with huge SPD/SAD
o Corrected modecfg option syntax
o Many other various fixes...
0.7 - 09 August 2007
o Xauth with pre-shared key PSK
o Xauth with certificates
o SHA2 support
o pkcs7 support
o system accounting (utmp)
o Darwin support
o configuration can be reloaded
o Support for UNIQUE generated policies
o Support for semi anonymous sainfos
o Support for ph1id to remoteid matching
o Plain RSA authentication
o Native LDAP support for Xauth and modecfg
o Group membership checks for Xauth and sainfo selection
o Camellia cipher support
o IKE Fragment force option
o Modecfg SplitNet attribute support
o Modecfg SplitDNS attribute support ( server side )
o Modecfg Default Domain attribute support
o Modecfg DNS/WINS server multiple attribute support
Revision 1.13.4.1 / (download) - annotate - [select for diffs], Sun May 20 22:41:48 2007 UTC (5 years ago) by salo
Branch: pkgsrc-2007Q1
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored) next main 1.14 (colored)
Pullup ticket 2093 - requested by ghen security update for ipsec-tools Revisions pulled up: - pkgsrc/security/ipsec-tools/Makefile 1.26 - pkgsrc/security/ipsec-tools/distinfo 1.14 Module Name: pkgsrc Committed By: ghen Date: Wed Apr 11 06:51:19 UTC 2007 Modified Files: pkgsrc/security/ipsec-tools: Makefile distinfo Log Message: Update to ipsec-tools 0.6.7. o Fixed SHA256 detection on some systems o Fixed a DoS in Informationnal messages processing (CVE-2007-1841).
Revision 1.14 / (download) - annotate - [select for diffs], Wed Apr 11 06:51:19 2007 UTC (5 years, 1 month ago) by ghen
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored)
Update to ipsec-tools 0.6.7. o Fixed SHA256 detection on some systems o Fixed a DoS in Informationnal messages processing (CVE-2007-1841).
Revision 1.13 / (download) - annotate - [select for diffs], Wed Oct 25 17:12:18 2006 UTC (5 years, 7 months ago) by bad
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Branch point for: pkgsrc-2007Q1
Changes since 1.12: +4 -4
lines
Diff to previous 1.12 (colored)
Update ipsec-tools to 0.6.6.
Changes since 0.6.3:
0.6.6
* src/racoon/isakmp_xauth.c: Build fix
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendgetspi().
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendupdate().
* src/racoon/isakmp_xauth.c: fix memory leak
* src/racoon/{cfparse.y|handler.h}: typos
0.6.5
* src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send()
fails in isakmp_ph1resend()
* src/racoon/{cfparse.y|ipsec_doi.c}: Temporary fix for /32
subnets parsing.
* src/racoon/isakmp_cfg.c: make software behave as the documentation
advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
avoid breaking backward compatibility.
* src/racoon/session.c: Fixed / cleaned up signal handling.
0.6.4
* configure.ac src/racoon/plog.c: backported Fred's workaround for
%zu problems on (at least) FreeBSD4.
* src/racoon/session.c: backport: fix possible race conditions in
signal handlers (see session.c 1.17).
* src/libipsec/pfkey_dump.c: fixed compilation when NAT_T
disabled (Fred has still some CVS problems).
* src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports
function to display SAD entries with their associated ports.
* src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag
in conjunction with -D to show SADs with the port, allow both get and
delete commands to use bracketed ports if needed.
* src/racoon/racoon.conf.5: Style changes
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Tue Nov 22 17:25:59 2005 UTC (6 years, 6 months ago) by salo
Branch: pkgsrc-2005Q3
Changes since 1.11: +4 -4
lines
Diff to previous 1.11 (colored) next main 1.12 (colored)
Pullup ticket 920 - requested by Matthias Scheler security update for ipsec-tools Revisions pulled up: - pkgsrc/security/ipsec-tools/Makefile 1.21 - pkgsrc/security/ipsec-tools/distinfo 1.12 Module Name: pkgsrc Committed By: tron Date: Tue Nov 22 16:22:47 UTC 2005 Modified Files: pkgsrc/security/ipsec-tools: Makefile distinfo Log Message: Update "ipsec-tools" package to version 0.6.3. Changes since 0.6.1: - Various bug fixes - ISAKMP mode config works without Xauth This update fixes the security vulnerability reported in SA17668.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Nov 22 16:22:47 2005 UTC (6 years, 6 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2,
pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.11: +4 -4
lines
Diff to previous 1.11 (colored)
Update "ipsec-tools" package to version 0.6.3. Changes since 0.6.1: - Various bug fixes - ISAKMP mode config works without Xauth This update fixes the security vulnerability reported in SA17668.
Revision 1.11 / (download) - annotate - [select for diffs], Sun Aug 21 21:58:41 2005 UTC (6 years, 9 months ago) by tron
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Changes since 1.10: +4 -5
lines
Diff to previous 1.10 (colored)
Update "ipsec-tools" package to version 0.6.1. Changes since 0.6.1rc1:
- src/racoon/dnssec.c: fix bogus test on function result
- src/racoon/isakmp.c: Improved in/out SA addresses check in
purge_remote()
- src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings
- src/racoon/privsep.c: Fixed a %d -> %zu in port_check()
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 7 22:21:05 2005 UTC (6 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
Fix build problem under platforms were "size_t" is not an integer.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Aug 5 12:04:33 2005 UTC (6 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
Update "ipsec-tools" package to version 0.6.1rc1. Changes since version 0.6b2: - NAT-T fixes for situations where NAT-T is not used - OpenSSL 0.9.8 support - keys are not restricted to OpenSSL default size anymore - PKCS7 support - SHA2 support
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Wed May 11 14:18:27 2005 UTC (7 years ago) by salo
Branch: pkgsrc-2005Q1
Changes since 1.6: +4 -4
lines
Diff to previous 1.6 (colored) next main 1.7 (colored)
Pullup ticket 490 - requested by Takahiro Kambe security update for ipsec-tools Revisions pulled up: - pkgsrc/security/ipsec-tools/Makefile 1.13 - pkgsrc/security/ipsec-tools/distinfo 1.7 - pkgsrc/security/ipsec-tools/PLIST 1.3 Module Name: pkgsrc Committed By: manu Date: Wed Mar 23 16:49:39 UTC 2005 Modified Files: pkgsrc/security/ipsec-tools: Makefile distinfo Log Message: Upgrade to ipsec-tools 0.6b1. New features: - PAM support - privilege separation --- Module Name: pkgsrc Committed By: manu Date: Wed Mar 23 17:27:17 UTC 2005 Modified Files: pkgsrc/security/ipsec-tools: PLIST Log Message: Missing installed files inPLIST
Revision 1.8 / (download) - annotate - [select for diffs], Tue May 10 12:39:28 2005 UTC (7 years ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.7: +4 -4
lines
Diff to previous 1.7 (colored)
Updated ipsec-tools to 0.6b2. Multiple bug fixes, the most important being NAT-T now working with multiple endpoints behind the same NAT.
Revision 1.7 / (download) - annotate - [select for diffs], Wed Mar 23 16:49:39 2005 UTC (7 years, 2 months ago) by manu
Branch: MAIN
Changes since 1.6: +4 -4
lines
Diff to previous 1.6 (colored)
Upgrade to ipsec-tools 0.6b1. New features: - PAM support - privilege separation
Revision 1.6 / (download) - annotate - [select for diffs], Thu Feb 24 13:10:07 2005 UTC (7 years, 3 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base
Branch point for: pkgsrc-2005Q1
Changes since 1.5: +2 -1
lines
Diff to previous 1.5 (colored)
Add RMD160 digests.
Revision 1.5 / (download) - annotate - [select for diffs], Fri Feb 18 09:53:40 2005 UTC (7 years, 3 months ago) by manu
Branch: MAIN
Changes since 1.4: +3 -11
lines
Diff to previous 1.4 (colored)
Upgraded ipsec-tools to release version 0.5
Revision 1.4 / (download) - annotate - [select for diffs], Sun Dec 12 23:51:10 2004 UTC (7 years, 5 months ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Changes since 1.3: +6 -1
lines
Diff to previous 1.3 (colored)
Add (unsigned char) cast to ctype functions; taken from the NetBSD trunk.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Nov 11 11:50:20 2004 UTC (7 years, 6 months ago) by grant
Branch: MAIN
Changes since 1.2: +2 -1
lines
Diff to previous 1.2 (colored)
include some additional header files on FreeBSD >= 5.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Nov 10 17:26:04 2004 UTC (7 years, 6 months ago) by manu
Branch: MAIN
Changes since 1.1: +3 -1
lines
Diff to previous 1.1 (colored)
Add patches checksum
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Nov 9 22:42:20 2004 UTC (7 years, 6 months ago) by manu
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
racoon speaks IKE (ISAKMP/Oakley) key management protocol, to establish IPsec security association with other hosts. This is based on KAME racoon, with some enhancements such as NAT-Traversal (needs a kernel patch), hybrid authentication, ISAKMP mode config, RADIUS support, IKE fragmentation and others. Ipsec-tools' racoon is able to act as a VPN server for the Cisco VPN client using hybrid authentication.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Nov 9 22:42:20 2004 UTC (7 years, 6 months ago) by manu
Branch: MAIN
Initial revision