[BACK]Return to NEWS CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / crypto / dist / ipsec-tools

File: [cvs.NetBSD.org] / src / crypto / dist / ipsec-tools / NEWS (download)

Revision 1.4, Fri Jan 23 09:40:56 2009 UTC (8 years, 10 months ago) by tteras
Branch: MAIN
CVS Tags: yamt-pagecache-tag8, yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, yamt-pagecache, tls-maxphys-base, tls-maxphys, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-8-base, netbsd-8, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-premerge-20091211, matt-nb8-mediatek-base, matt-nb8-mediatek, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, matt-mips64-premerge-20101231, localcount-20160914, khorben-n900, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend, cherry-xenmp-base, cherry-xenmp, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, agc-symver-base, agc-symver, HEAD
Branch point for: ipsec-tools-0_8-branch
Changes since 1.3: +35 -4 lines

Update NEWS with major changes since 0.7 release.

Version history:
----------------
0.8 CVS (no official release yet)
	o Fix authentication method ambiguity with kerberos and xauth
	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
	o Local address code rewrite to speed things up
	o Improved MIPv6 support (Arnaud Ebalard)
	o ISAKMP SA (phase1) rekeying
	o Improved scheduler (faster algorithm, support monotonic clock)
	o Handle RESPONDER-LIFETIME in quick mode
	o Handle INITIAL-CONTACT in from main mode too
	o Rewritten event handling framework for admin port
	o Ability to initiate IPsec SA through admin port
	o NAT-T Original Address handling (transport mode NAT-T support)
	o Remove various obsolete configuration options
	o A lot of other bug fixes, performance improvements and clean ups

0.7.1	- 23 July 2008
	o Fixes a memory leak when invalid proposal received
	o Some fixes in DPD
	o do not set default gss id if xauth is used
	o fixed hybrid enabled builds
	o fixed compilation on FreeBSD8
	o cleanup in network port value manipulation
	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
	  purge_ipsec_spi()
	o Generates a log if cert validation has been disabled by
	  configuration
	o better handling for pfkey socket read errors
	o Fixes in yacc / bison stuff
	o new plog() macro (reduced CPU usage when logging is disabled)
	o Try to work better with huge SPD/SAD
	o Corrected modecfg option syntax

0.7	- 09 August 2007
	o Xauth with pre-shared key PSK
	o Xauth with certificates
	o SHA2 support
	o pkcs7 support
	o system accounting (utmp)
	o Darwin support
	o configuration can be reloaded
	o Support for UNIQUE generated policies
	o Support for semi anonymous sainfos
	o Support for ph1id to remoteid matching
	o Plain RSA authentication
	o Native LDAP support for Xauth and modecfg
	o Group membership checks for Xauth and sainfo selection
	o Camellia cipher support
	o IKE Fragment force option
	o Modecfg SplitNet attribute support
	o Modecfg SplitDNS attribute support ( server side )
	o Modecfg Default Domain attribute support
	o Modecfg DNS/WINS server multiple attribute support

0.6	- 27 June 2005
	o Generated policies are now correctly flushed
	o NAT-T works with multiple peers behind the NAT (need kernel support)
	o Xauth can use shadow passwords
	o TCP-MD5 support
	o PAM support for Xauth
	o Privilege separation
	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
	o racoon admin interface is exported (header and library) to 
	  help building control programs for racoon (think GUI)
	o Fixed single DES support; single DES users MUST UPGRADE.

0.5	- 10 April 2005
	o Rewritten buildsystem. Now completely autoconfed, automaked,
	  libtoolized.
	o IPsec-tools now compiles on NetBSD and FreeBSD again.
	o Support for server-side hybrid authentication, with full 
	  RADIUS supoort. This is interoperable with the Cisco VPN client.
	o Support for client-side hybrid authentication (Tested only with
	  a racoon server)
	o ISAKMP mode config support
	o IKE fragmentation support
	o Fixed FWD policy support.
	o Fixed IPv6 compilation.
	o Readline is optional, fixed setkey when compiled without readline.
	o Configurable Root-CA certificate.
	o Dead Peer Detection (DPD) support.

0.4rc1	- 09 August 2004
	o Merged support for PlainRSA keys from the 'plainrsa' branch.
	o Inheritance of 'remote{}' sections.
	o Support for SPD policy priorities in setkey.
	o Ciphers are now used through the 'EVP' interface which allows
	  using hardware crypto accelerators.
	o Setkey has new option -n (no action).
	o All source files now have 3-clause BSD license.

0.3	- 14 April 2004
	o Fixed setkey to handle multiline commands again.
	o Added command 'exit' to setkey.
	o Fixed racoon to only Warn if no CRL was found.
	o Improved testsuite.

0.3rc5	- 05 April 2004
	o Security bugfix WRT handling X.509 signatures.
	o Stability fix WRT unknown PF_KEY messages.
	o Fixed NAT-T with more proposals (e.g. more crypto algos).
	o Setkey parses lines one by one => doesn't exit on errors.
	o Setkey supports readline => more user friendly.

0.3rc4	- 25 March 2004
	o Fixed adding "null" encryption via 'setkey'.
	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
	o Fixed NAT-T in aggresive mode.
	o Fixed testsuite and added testsuite run into make check.

0.3rc3	- 19 March 2004
	o Fixed compilation error with --enble-yydebug
	o Better diagnostic when proposals don't match.
	o Changed/added options to setkey.

0.3rc2	- 11 March 2004
	o Added documentation for NAT-T
	o Better NAT-T diagnostic.
	o Test and workaround for missing va_copy()

0.3rc1	- 04 March 2004
	o Support for NAT Traversal (NAT-T)

0.2.4	- 29 January 2004
	o Sync with KAME as of 2004-01-07
	o Fixed unauthorized deletion of SA in racoon (again).

0.2.3	- 15 January 2004
	o Support for SA lifetime specified in bytes
	  (see setkey -bs/-bh options)
	o Enhance support for OpenSSL 0.9.7
	o Let racoon be more verbose
	o Fixed some simple bugs (see ChangeLog for details)
	o Fixed unauthorized deletion of SA in racoon
	o Fixed problems on AMD64
	o Ignore multicast addresses for IKE

0.2.2	- 13 March 2003
	o Fix racoon to build on some systems that require linking against -lfl
	o add an RPM spec to the distribution

0.2.1	- 07 March 2003
	o Fix some more gcc-3.2.2 compiler warnings
	o Fix racoon to actually configure with ssl in a non-standard location
	o Fix racoon to not complain if krb5-config is not installed

0.2	- 06 March 2003
	o Glibc-2.3 support
	o OpenSSL-0.9.7 support
	o Fixed duplicate-macro problems
	o Fix racoon lex/yacc support
	o Install psk.txt mode 600, racoon.conf mode 644
	o Fix racoon to look in the correct directory for config files

0.1	- 03 March 2003
	o Initial release of IPsec-Tools