ChangeLog.old revision 1.2.50.2
1 1.1 tteras Migration to cvs.netbsd.org 2 1.1 tteras 3 1.1 tteras 2006-08-22 Emmanuel Dreyfus <manu (a] netbsd.org> 4 1.1 tteras 5 1.1 tteras From Matthew Grooms: 6 1.1 tteras * src/racoon{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} 7 1.1 tteras src/racoon{isdakmp_quick.c|isakmp_xauth.c|isakmp_xauth.h} 8 1.1 tteras src/racoon/racoon.conf.5: Add a group check option 9 1.1 tteras 10 1.1 tteras 2006-08-17 Yvan Vanhullebus <vanhu (a] netasq.com> 11 1.1 tteras 12 1.1 tteras Patch from Matthew Grooms: 13 1.1 tteras * src/racoon/ipsec_doi.c: fixed an ASN1 size in 14 1.1 tteras ipsecdoi_checkid1() 15 1.1 tteras 16 1.1 tteras 2006-08-11 Yvan Vanhullebus <vanhu (a] netasq.com> 17 1.1 tteras 18 1.1 tteras Patch from Matthew Grooms: 19 1.1 tteras * src/racoon/ipsec_doi.[ch]: fixed and public ipsecdoi_id2str() 20 1.1 tteras * src/racoon/isakmp_quick.c: text fix 21 1.1 tteras * src/racoon/pfkey.c: sainfo debug 22 1.1 tteras * src/racoon/sainfo.c: sainfo debug 23 1.1 tteras 24 1.1 tteras 2006-07-17 Yvan Vanhullebus <vanhu (a] netasq.com> 25 1.1 tteras 26 1.1 tteras Reported by Matthew Grooms: 27 1.1 tteras * src/racoon/isakmp_quick.c: Fixed iph2->id / id_p checks in 28 1.1 tteras get_sainfo_r(). 29 1.1 tteras * src/racoon/racoon.conf.5: updated man page for sainfo logic. 30 1.1 tteras 31 1.1 tteras 2006-07-31 Emmanuel Dreyfus <manu (a] netbsd.org> 32 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 33 1.1 tteras * src/racoon/{cfparse.y|isakmp_cfg.c|isakmp_cfg.h} 34 1.1 tteras src/racoon/{isakmp_unity.c|isakmp_unity.h}: splinet support 35 1.1 tteras becomes dynamic, bugfixes 36 1.1 tteras 37 1.1 tteras 2006-07-19 Emmanuel Dreyfus <manu (a] netbsd.org> 38 1.1 tteras From Peter Eisch <peter (a] boku.net> 39 1.1 tteras * src/racoon/samples/roadwarrior/client/phase1-up.sh: add missing 40 1.1 tteras netmask in network interface configuration 41 1.1 tteras 42 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 43 1.1 tteras * configure.ac src/racoon/isakmp_xauth.c: update the LDAP API usage 44 1.1 tteras 45 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 46 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} 47 1.1 tteras src/racoon/{isakmp_cfg.c|isakmp_unity.c|racoon.conf.5}: Split DNS 48 1.1 tteras support (server side) 49 1.1 tteras 50 1.1 tteras 2006-07-17 Yvan Vanhullebus <vanhu (a] netasq.com> 51 1.1 tteras 52 1.1 tteras * src/libipsec/pfkey.c: Fixed SADB_X_EXT_SEC_CTX support in pfkey_align(). 53 1.1 tteras Break reported by Matthew Grooms. 54 1.1 tteras 55 1.1 tteras 2006-07-13 Frederic Senault <fred (a] lacave.net> 56 1.1 tteras 57 1.1 tteras * src/racoon/isakmp_cfg.c: fix a typo that rendered DNS4 / WINS4 58 1.1 tteras unoperable on 64bit architectures ; add a packetdump of MODE_CFG 59 1.1 tteras exchange in debug mode. 60 1.1 tteras 61 1.1 tteras 2006-07-09 Emmanuel Dreyfus <manu (a] netbsd.org> 62 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 63 1.1 tteras * src/racoon{cfparse.y|cftoken.l|isakmp_quick.c|isakmp_xauth.c} 64 1.1 tteras src/racoon{isakmp_xauth.h|racoon.conf.5|sainfo.c|sainfo.h}: 65 1.1 tteras Group authentication for Xauth. Supports system groups and LDAP. 66 1.1 tteras 67 1.1 tteras 2006-07-04 Yvan Vanhullebus <vanhu (a] netasq.com> 68 1.1 tteras 69 1.1 tteras * src/racoon/nattraversal.c: fixed a malloc check in 70 1.1 tteras natt_keepalive_add(). Patch from Bruno Wagenseil. 71 1.1 tteras 72 1.1 tteras 2006-06-30 Emmanuel Dreyfus <manu (a] netbsd.org> 73 1.1 tteras 74 1.1 tteras * src/racoon/{cfparse.l|cftoken.l}: meaningful error message when 75 1.1 tteras we cannot find the configuration file. 76 1.1 tteras 77 1.1 tteras 2006-06-24 Emmanuel Dreyfus <manu (a] netbsd.org> 78 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 79 1.1 tteras * src/racoon{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} 80 1.1 tteras src/racoon/{isakmp_xauth.c|isakmp_xauth.h|racoon.conf.5}: network 81 1.1 tteras configuration obtained from LDAP directory 82 1.1 tteras 83 1.1 tteras 2006-06-23 Emmanuel Dreyfus <manu (a] netbsd.org> 84 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 85 1.1 tteras * configure.ac: build fixes 86 1.1 tteras 87 1.1 tteras 2006-06-22 Emmanuel Dreyfus <manu (a] netbsd.org> 88 1.1 tteras * src/racoon/evt.c: build fix 89 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 90 1.1 tteras * configure.ac: build fixes around libldap and libiconv search 91 1.1 tteras 92 1.1 tteras 2006-06-21 Emmanuel Dreyfus <manu (a] netbsd.org> 93 1.1 tteras * src/racoon/evt.c: Do not record events if admin socket is 94 1.1 tteras disabled. 95 1.1 tteras 96 1.1 tteras 2006-06-20 Emmanuel Dreyfus <manu (a] netbsd.org> 97 1.1 tteras 98 1.1 tteras * configure.ac: Check for conflicts between system libiconv 99 1.1 tteras and newer libiconv header 100 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 101 1.1 tteras * configure.ac src/racoon/{cfparse.y|cftoken.l} 102 1.1 tteras src/racoon/{isakmp_cfg.h|isakmp_xauth.c|isakmp_xauth.h} 103 1.1 tteras src/racoon/{main.c|racoon.conf.5}: Use LDAP for Xauth 104 1.1 tteras 105 1.1 tteras 2006-06-20 Yvan Vanhullebus <vanhu (a] netasq.com> 106 1.1 tteras 107 1.1 tteras * configure.ac: fixed SHA256 detection on some systems. Patch by 108 1.1 tteras Dmitry Andrianov. 109 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|plog.[ch]|racoon.conf.5}: 110 1.1 tteras changed logging levels. Patch by Michal Ruzicka. 111 1.1 tteras 112 1.1 tteras 2006-06-15 Emmanuel Dreyfus <manu (a] netbsd.org> 113 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 114 1.1 tteras * src/racoon/main.c: make sure RADIUS is correctly initialized 115 1.1 tteras 116 1.1 tteras 2006-06-14 Yvan Vanhullebus <vanhu (a] netasq.com> 117 1.1 tteras 118 1.1 tteras * Makefile.am, src/Makefile.am: fixed make dist on *BSD 119 1.1 tteras 120 1.1 tteras 2006-06-07 Emmanuel Dreyfus <manu (a] netbsd.org> 121 1.1 tteras * src/racoon/isakmp_cfg.c: Fix build. 122 1.1 tteras 123 1.1 tteras 2006-05-26 Emmanuel Dreyfus <manu (a] netbsd.org> 124 1.1 tteras From Pawel Jakub Dawidek <pjd (a] FreeBSD.org> 125 1.1 tteras * src/racoon/handler.c: Fix a crash caused by a NULL pointer 126 1.1 tteras * src/racoon/oakley.c: Typos 127 1.1 tteras * src/racoon/isakmp_base.c: Fix uninitialized buffer 128 1.1 tteras * src/racoon/isakmp_base.c: Do send DPD VID in resp case (base mode) 129 1.1 tteras 130 1.1 tteras 2006-05-23 Emmanuel Dreyfus <manu (a] netbsd.org> 131 1.1 tteras * src/racoon/isakmp_cfg.c: Mode cfg can be used without Xauth, so 132 1.1 tteras do not assume Xauth when preparing a hook script environement. 133 1.1 tteras From chunkeey (a] web.de 134 1.1 tteras * src/racoon/{algorithm.c|oakley.c|gssapi.c|ipsec_doi.c}: Fix amd64 135 1.1 tteras build warnings 136 1.1 tteras * src/racoon/ipsec_doi.c: Don't free a referenced buffer 137 1.1 tteras From Matthew Grooms <mgrooms (a] shrew.net> 138 1.1 tteras * src/racoon/isakmp_cfg.c: Fix for unity local_lan support 139 1.1 tteras 140 1.1 tteras 2006-05-07 Emmanuel Dreyfus <manu (a] netbsd.org> 141 1.1 tteras * src/racoon/{isakmp.c|session.c|sockmisc.c|racoon.conf.5}: Do 142 1.1 tteras not reconfigure interface sockets when running in privilege 143 1.1 tteras separation as it will not work. Add debug for setsockopt(). 144 1.1 tteras * src/racoon/racoonctl.8: Do not tell config reload is completely 145 1.1 tteras broken (it's only somewhat broken). 146 1.1 tteras 147 1.1 tteras 2006-05-06 Emmanuel Dreyfus <manu (a] netbsd.org> 148 1.1 tteras 149 1.1 tteras * src/racoon/{remoteconf.c|remoteconf.h|isakmp.c|cfparse.y}: Fix 150 1.1 tteras memory leak (Coverity) 151 1.1 tteras * src/racoon/pfkey.c: Fix memory leak (Coverity) 152 1.1 tteras * src/racoon/ipsec_doi.c: Fix memory leak (Coverity) 153 1.1 tteras * src/racoon/isakmp.c: Fix memory leak (Coverity) 154 1.1 tteras * src/racoon/dnssec.c: Fix memory leak (Coverity) 155 1.1 tteras * src/racoon/backupsa.c: Fix memory leak (Coverity) 156 1.1 tteras * src/racoon/{nattraversal.c|isakmp.c|cfparse.y}: Check for non NULL 157 1.1 tteras allocation (Coverity) 158 1.1 tteras * src/racoon/isakmp_quick.c: Remove dead code (Coverity) 159 1.1 tteras * src/racoon/oakley.c: Remove dead code (Coverity) 160 1.1 tteras * src/racoon/crypto_openssl.c: Remove dead code (Coverity) 161 1.1 tteras 162 1.1 tteras 2006-05-05 Yvan Vanhullebus <vanhu (a] netasq.com> 163 1.1 tteras 164 1.1 tteras * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT 165 1.1 tteras encapsulation in pk_sendgetspi(). 166 1.1 tteras 167 1.1 tteras 2006-05-04 Yvan Vanhullebus <vanhu (a] netasq.com> 168 1.1 tteras From Preggna S (spreggna (a] novell.com) 169 1.1 tteras * src/racoon/schedule.h: fixed gnuc.h include. 170 1.1 tteras * src/racoon/{cfparse.y|cftoken.l}: Address range sainfos support. 171 1.1 tteras * src/racoon/ipsec_doi.[ch]: ipsecdoi_sockrange2id() function. 172 1.1 tteras 173 1.1 tteras 2006-05-03 Yvan Vanhullebus <vanhu (a] netasq.com> 174 1.1 tteras From Joy Latten <latten (a] austin.ibm.com> 175 1.1 tteras * configure.ac: security context support check 176 1.1 tteras * src/libipsec/{pfkey.c|pfkey_dump.c}: 177 1.1 tteras SADB_X_EXT_PACKET / SADB_X_EXT_SEC_CTX support 178 1.1 tteras * src/setkey/{parse.ytoken.l}: parses optionnal security context 179 1.1 tteras * src/setkey/setkey.8: security context syntax 180 1.1 tteras 181 1.1 tteras 2006-04-27 Emmanuel Dreyfus <manu (a] netbsd.org> 182 1.1 tteras 183 1.1 tteras * src/racoon/{remoteconf.c|proposal.c}: fix memory leak (Coverity) 184 1.1 tteras 185 1.1 tteras 2006-04-24 Yvan Vanhullebus <vanhu (a] netasq.com> 186 1.1 tteras 187 1.1 tteras * src/racoon/isakmp.c: style cleanup in delete_spd() 188 1.1 tteras 189 1.1 tteras 2006-04-13 Yvan Vanhullebus <vanhu (a] netasq.com> 190 1.1 tteras 191 1.1 tteras * src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT 192 1.1 tteras encapsulation in pk_sendupdate(). 193 1.1 tteras 194 1.1 tteras 2006-04-12 Emmanuel Dreyfus <manu (a] netbsd.org> 195 1.1 tteras 196 1.1 tteras * src/racoon/ipsec_doi.c: fix memory leaks (Coverity) 197 1.1 tteras 198 1.1 tteras 2006-04-06 Emmanuel Dreyfus <manu (a] netbsd.org> 199 1.1 tteras 200 1.1 tteras * src/racoon/{admin.c|cfparse.y|cftoken.l|debugrm.c|debugrm.h} 201 1.1 tteras src/racoon/{gcmalloc.h|isakmp.c|isakmp_inf.c|isakmp_xauth.c} 202 1.1 tteras src/racoon/{logger.c|misc.h|plog.c|racoonctl.c|sockmisc.c}: Add 203 1.1 tteras strdup in the malloc debugging framework, check for strdup failures 204 1.1 tteras (found by Coverity) 205 1.1 tteras * src/racoon/admin.c: Do not use an unallocated pointer (Coverity) 206 1.1 tteras * src/racoon/schedule.c: Check for NULL pointer 207 1.1 tteras * src/racoon/{grabmyaddr.c|handler.c|isakmp.c|isakmp_cfg.c} 208 1.1 tteras src/racoon/{isakmp_inf.c|isakmp_quick.c|nattraversal.c}: Check 209 1.1 tteras that dupsaddr returns non NULL pointers (Coverity) 210 1.1 tteras * src/racoon/isakmp_quick.c: Ignore multiple notifications in the 211 1.1 tteras same message, and do not leak memory (Coverity) 212 1.1 tteras * src/racoon/{isakmp_agg.c|isakmp_ident.c}: Fix memory leak in 213 1.1 tteras GSSAPI code (Coverity) 214 1.1 tteras * src/racoon/racoonctl.c: fix minor memory leak (Coverity) 215 1.1 tteras * src/racoon/isakmp.c: fix memory leak (Coverity) 216 1.1 tteras * src/racoon{isakmp.c|isakmp_inf.c}: fix phase 1 handler leak (Coverity) 217 1.1 tteras 218 1.1 tteras 2006-04-05 Emmanuel Dreyfus <manu (a] netbsd.org> 219 1.1 tteras 220 1.1 tteras * src/racoon/isakmp_xauth.c: fix unitialized variable, found by 221 1.1 tteras Coverity 222 1.1 tteras * src/racoon/{isakmp_cfg.c|isakmp_xauth.h|isakmp_xauth.c}: Do not 223 1.1 tteras use deleted phase 1 handler after errors, found by coverity 224 1.1 tteras * src/racoon/main.c: tell which config file we use 225 1.1 tteras * src/racoon/isakmp_cfg.c: Do not use deleted phase 1 handler, found 226 1.1 tteras by Coverity 227 1.1 tteras * src/racoon/{isakmp_agg.c|isakmp_ident.c}: Do not use deleted phase 1 228 1.1 tteras handler, found by Coverity 229 1.1 tteras * src/racoon/dnssec.c: do not return a free'ed certificate, found by 230 1.1 tteras Coverity 231 1.1 tteras * src/racoon/oakley.c: fix stale pointer alias, found by Coverity 232 1.1 tteras * src/racoon/throttle.c: do not free current item while walking a 233 1.1 tteras chained list, found by Coverity 234 1.1 tteras * src/racoon/vmbuf.c: handle NULL argument for vdup, found by Coverity 235 1.1 tteras 236 1.1 tteras 2006-03-18 Emmanuel Dreyfus <manu (a] netbsd.org> 237 1.1 tteras 238 1.1 tteras From John Nemeth <jnemeth (a] victoria.tc.ca> and a Coverity scan 239 1.1 tteras * src/racoon/isakmp_xauth.c: fix memory leak 240 1.1 tteras 241 1.1 tteras 2006-02-25 Emmanuel Dreyfus <manu (a] netbsd.org> 242 1.1 tteras 243 1.1 tteras From Thomas Klausner <wiz (a] NetBSD.org> 244 1.1 tteras * src/racoon/{cfparse.y|handler.h}: typos 245 1.1 tteras 246 1.1 tteras 2006-02-23 Emmanuel Dreyfus <manu (a] netbsd.org> 247 1.1 tteras 248 1.1 tteras * src/racoon/main.c: do not reset isakmp_cfg structure after 249 1.1 tteras config reload. 250 1.1 tteras 251 1.1 tteras 2006-02-22 Yvan Vanhullebus <vanhu (a] netasq.com> 252 1.1 tteras 253 1.1 tteras * src/racoon/vendorid.c: Fixed Vendor IDs order (well, should not 254 1.1 tteras be really necessary) and DPD VId hash generation 255 1.1 tteras 256 1.1 tteras 2006-02-17 Yvan Vanhullebus <vanhu (a] netasq.com> 257 1.1 tteras 258 1.1 tteras * src/racoon/{cfparse.y|sainfo.c}: Support for "semi anonymous" 259 1.1 tteras sainfos. 260 1.1 tteras * src/racoon/racoon.conf.5: updated sainfos syntax 261 1.1 tteras * src/racoon/vendorid.[ch]: IPSec-Tools Vendor ID 262 1.1 tteras 263 1.1 tteras 2006-02-15 Yvan Vanhullebus <vanhu (a] netasq.com> 264 1.1 tteras 265 1.1 tteras * src/racoon/{cfparse.y|cftoken.l}: Parse new generate_policy 266 1.1 tteras levels 267 1.1 tteras * src/racoon/remoteconf.h: defines for REQUIRE/UNIQUE/NONE 268 1.1 tteras generate policy levels 269 1.1 tteras * src/racoon/proposal.c: Sets optionnal reqid for generated 270 1.1 tteras policies 271 1.1 tteras * src/racoon/pfkey.c: sends UNIQUE policies to kernel if reqid 272 1.1 tteras specified 273 1.1 tteras * src/racoon/racoon.conf.5: updated generate_policy syntax 274 1.1 tteras 275 1.1 tteras 2006-02-02 Yvan Vanhullebus <vanhu (a] netasq.com> 276 1.1 tteras 277 1.1 tteras * src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send() 278 1.1 tteras fails in isakmp_ph1resend() 279 1.1 tteras 280 1.1 tteras 2006-01-17 Frederic Senault <fred (a] lacave.net> 281 1.1 tteras 282 1.1 tteras * src/racoon/cfparse.y: Add the keyid [ (tag|file) ] semantics to the 283 1.1 tteras peers_identifier keyword. 284 1.1 tteras 285 1.1 tteras * src/racoon/{evt.h|isakmp.c|racoonctl.c}: Send a message to the 286 1.1 tteras adminsock to allow for racoonctl to stop looping when the 287 1.1 tteras vpn-connect command is used and there is no mode config exchange. 288 1.1 tteras 289 1.1 tteras 2006-01-08 Emmanuel Dreyfus <manu (a] netbsd.org> 290 1.1 tteras 291 1.1 tteras * src/racoon/isakmp_cfg.c: make software behave as the documentation 292 1.1 tteras advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to 293 1.1 tteras avoid breaking backward compatibility. 294 1.1 tteras 295 1.1 tteras 2005-12-19 Yvan Vanhullebus <vanhu (a] netasq.com> 296 1.1 tteras 297 1.1 tteras * src/racoon/session.c: Fixed / cleaned up signal handling. 298 1.1 tteras 299 1.1 tteras 2005-12-13 Yvan Vanhullebus <vanhu (a] netasq.com> 300 1.1 tteras 301 1.1 tteras * src/libipsec/samples/*: replaced "obey" mode by "strict" mode. 302 1.1 tteras 303 1.1 tteras 2005-12-07 Yvan Vanhullebus <vanhu (a] netasq.com> 304 1.1 tteras 305 1.1 tteras * src/libipsec/pfkey_dump.c: fixed compilation when NAT_T 306 1.1 tteras disabled (Fred has still some CVS problems). 307 1.1 tteras * src/racoon/session.c: Calls isakmp_cfg_init() only if 308 1.1 tteras ENABLE_HYBRID in reload_conf(). 309 1.1 tteras 310 1.1 tteras 2005-12-04 Frederic Senault <fred (a] lacave.net> 311 1.1 tteras 312 1.1 tteras * src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports 313 1.1 tteras function to display SAD entries with their associated ports. 314 1.1 tteras * src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag 315 1.1 tteras in conjunction with -D to show SADs with the port, allow both get and 316 1.1 tteras delete commands to use bracketed ports if needed. 317 1.1 tteras 318 1.1 tteras 2005-11-26 Emmanuel Dreyfus <manu (a] netbsd.org> 319 1.1 tteras 320 1.1 tteras * src/racoon/session.c: fix possible race conditions in signal handlers 321 1.1 tteras * src/racoon/{isakmp_cfg.c|isakmp_cfg.h|main.c|session.c}: when 322 1.1 tteras reloading configuration, do not new add mode_cfg config to the 323 1.1 tteras existign one, overwrite it instead. 324 1.1 tteras 325 1.1 tteras 2005-11-25 Emmanuel Dreyfus <manu (a] netbsd.org> 326 1.1 tteras 327 1.1 tteras From Thomas Klausner <wiz (a] netbsd.org> 328 1.1 tteras * src/racoon/racoon.conf.5: Style changes 329 1.1 tteras 330 1.1 tteras 2005-11-21 Yvan Vanhullebus <vanhu (a] netasq.com> 331 1.1 tteras 332 1.1 tteras * src/racoon/isakmp_[ident|agg].c: Check if natt is available when 333 1.1 tteras receiving a NAT_D payload from initiator. It saves a crash, 334 1.1 tteras reported by Dave Huang to NetBSD. 335 1.1 tteras 336 1.1 tteras 2005-11-20 Yvan Vanhullebus <vanhu (a] netasq.com> 337 1.1 tteras 338 1.1 tteras * src/racoon/isakmp_agg.c: Check that we got some needed payloads 339 1.1 tteras from peer (could cause a DoS). Crash reported by Adrian Portelli 340 1.1 tteras using IKE test suite from 341 1.1 tteras http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ 342 1.1 tteras 343 1.1 tteras 2005-11-10 Yvan Vanhullebus <vanhu (a] free.fr> 344 1.1 tteras 345 1.1 tteras Patches from Francis Dupont 346 1.1 tteras * src/libipsec/key_debug.c: SADB_X_EXT_PACKET support 347 1.1 tteras * src/libipsec/{libpfkey.h|pfkey.c}: pfkey_send_migrate() function 348 1.1 tteras * src/setkey/parse.y: IPPROTO_MH support 349 1.1 tteras * src/racoon/pfkey.c: fixed some logs 350 1.1 tteras * src/racoon/strnames.c: fixed a typo for SADB_X_PROMISC, 351 1.1 tteras appropriate define for SADB_X_NAT_T_NEW_MAPPING, added 352 1.1 tteras SADB_X_MIGRATE 353 1.1 tteras 354 1.1 tteras 2005-11-06 Aidas Kasparas <a.kasparas (a] gmc.lt> 355 1.1 tteras 356 1.1 tteras * src/racoon/main.c, src/racoon/session.c: moved .pid file writing 357 1.1 tteras just before main loop. Thanks Stephen Thorne 358 1.1 tteras * src/racoon/localconf.h, src/racoon/cftoken.l: introduced 359 1.1 tteras path pidfile directive 360 1.1 tteras * src/racoon/racoon.conf.5: documented above 361 1.1 tteras * configure.ac: OpenSSL 0.9.8 compilation fix. Thank Ganesan 362 1.1 tteras Rajagopal 363 1.1 tteras * configure.ac: added check for strlcat function 364 1.1 tteras * src/racoon/misc.h: define strlcat function for systems without one 365 1.1 tteras * src/racoon/remoteconf.c: strncat -> strlcat 366 1.1 tteras 367 1.1 tteras 2005-11-01 Aidas Kasparas <a.kasparas (a] gmc.lt> 368 1.1 tteras 369 1.1 tteras * src/racoon/isakmp_inf.c: repeated gcc-4.0 build fix. Thanks 370 1.1 tteras Andreas Tobler 371 1.1 tteras 372 1.1 tteras 2005-10-30 Yvan Vanhullebus <vanhu (a] netasq.com> 373 1.1 tteras 374 1.1 tteras Patches from Christoph Nadig for compilation on MacOS X 375 1.1 tteras * configure.ac: no lcrypt for darwin 376 1.1 tteras * src/libipsec/key_debug.c: include stdint.h if HAVE_STDINT_H 377 1.1 tteras * src/racoon/isakmp_cfg.c: some includes and some %zu 378 1.1 tteras * src/racoon/isakmp_unity.c: fixed a %zu 379 1.1 tteras * src/racoon/vmbuf.h: vfree already defined for Apple 380 1.1 tteras 381 1.1 tteras 2005-10-17 Aidas Kasparas <a.kasparas (a] gmc.lt> 382 1.1 tteras 383 1.1 tteras Introduced subnet sainfo type. 384 1.1 tteras * src/racoon/cftoken.l: new token "subnet" 385 1.1 tteras * src/racoon/cfparse.y: added address/subnet diferentiation logic 386 1.1 tteras * src/racoon/ipsec-doi.h: new constant 387 1.1 tteras * src/racoon/ipsec-doi.c: adopted to above 388 1.1 tteras * src/racoon/racoon.conf.5: documented above 389 1.1 tteras 390 1.1 tteras 2005-09-14 Emmanuel Dreyfus <manu (a] netbsd.org> 391 1.1 tteras 392 1.1 tteras * src/libipsec/pfkey.c: One forgotten cast caddr_t -> void * 393 1.1 tteras 394 1.1 tteras 2005-10-14 Yvan Vanhullebus <vanhu (a] netasq.com> 395 1.1 tteras 396 1.1 tteras * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or 397 1.1 tteras USER_FQDNs (problem reported by Bernhard Suttner). 398 1.1 tteras 399 1.1 tteras 2005-09-10 Emmanuel Dreyfus <manu (a] netbsd.org> 400 1.1 tteras 401 1.1 tteras * src/racoon[isakmp.c|isakmp_cfg.c|isakmp_inf.c} 402 1.1 tteras src/racoon/doc/FAQ configure.ac: Add --enable-broken-natt for 403 1.1 tteras kernel implementing NAT-T but unable to cope with IKE ports in 404 1.1 tteras SAD and SPD. 405 1.1 tteras 406 1.1 tteras 2005-09-05 Emmanuel Dreyfus <manu (a] netbsd.org> 407 1.1 tteras 408 1.1 tteras From Wilfried Weissmann: 409 1.1 tteras * src/libipsec/policy_parse.y src/racoon/oakley.c 410 1.1 tteras src/racoon/{sockmisc.c|sockmisc.h}: build fixes 411 1.1 tteras 412 1.1 tteras 413 1.1 tteras 2005-09-03 Emmanuel Dreyfus <manu (a] netbsd.org> 414 1.1 tteras 415 1.1 tteras From Francis Dupont <Francis.Dupont (a] enst-bretagne.fr> 416 1.1 tteras * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions 417 1.1 tteras 418 1.1 tteras 2005-08-26 Emmanuel Dreyfus <manu (a] netbsd.org> 419 1.1 tteras 420 1.1 tteras * src/racoon/evt.c: Fix memory leak when event queue overflows 421 1.1 tteras 422 1.1 tteras 2005-08-23 Emmanuel Dreyfus <manu (a] netbsd.org> 423 1.1 tteras 424 1.1 tteras * src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly 425 1.1 tteras initialize NAT-T VID to avoid freeing unallocated stuff. 426 1.1 tteras 427 1.1 tteras 2005-08-21 Emmanuel Dreyfus <manu (a] netbsd.org> 428 1.1 tteras 429 1.1 tteras From Matthias Scheler <matthias.scheler (a] tadpole.com> 430 1.1 tteras * src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of 431 1.1 tteras ISAKMP mode config without Xauth. 432 1.1 tteras 433 1.1 tteras 2005-08-16 Emmanuel Dreyfus <manu (a] netbsd.org> 434 1.1 tteras 435 1.1 tteras From Thomas Klausner <wiz (a] netbsd.org> 436 1.1 tteras * src/setkey/setkey.8: remove trailing whitespaces 437 1.1 tteras 438 1.1 tteras 2005-09-09 Yvan Vanhullebus <vanhu (a] free.fr> 439 1.1 tteras 440 1.1 tteras * src/racoon/policy.c: Do not parse all sptree in inssp() if we 441 1.1 tteras don't use Policies priority. 442 1.1 tteras 443 1.1 tteras 2005-08-20 Yvan Vanhullebus <vanhu (a] free.fr> 444 1.1 tteras 445 1.1 tteras * src/racoon/handler.c: Fixed a possible crash in 446 1.1 tteras remove_ph2(). Reported by Dietmar Eggemann. 447 1.1 tteras 448 1.1 tteras 2005-08-14 Emmanuel Dreyfus <manu (a] netbsd.org> 449 1.1 tteras 450 1.1 tteras From Francis Dupont <Francis.Dupont (a] enst-bretagne.fr> 451 1.1 tteras * src/racoon/dnssec.c: fix bogus test on function result 452 1.1 tteras 453 1.1 tteras 2005-08-11 Yvan Vanhullebus <vanhu (a] free.fr> 454 1.1 tteras 455 1.1 tteras * src/racoon/isakmp.c: Improved in/out SA addresses check in 456 1.1 tteras purge_remote(). Reported by Patrick Ma. 457 1.1 tteras 458 1.1 tteras 2005-08-08 Emmanuel Dreyfus <manu (a] netbsd.org> 459 1.1 tteras 460 1.1 tteras * src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings 461 1.1 tteras 462 1.1 tteras 2005-08-08 Yvan Vanhullebus <vanhu (a] free.fr> 463 1.1 tteras 464 1.1 tteras * src/racoon/privsep.c: Fixed a %d -> %zu in 465 1.1 tteras port_check() (reported by Matthias Scheler). 466 1.1 tteras 467 1.1 tteras 2005-08-04 Emmanuel Dreyfus <manu (a] netbsd.org> 468 1.1 tteras 469 1.1 tteras * configure.ac: correctly quote RACOON_PATH_LIBS arguments 470 1.1 tteras 471 1.1 tteras 2005-08-02 Yvan Vanhullebus <vanhu (a] free.fr> 472 1.1 tteras 473 1.1 tteras * src/racoon/isakmp_inf.c: First fix to 474 1.1 tteras info_recv_initialcontact(): do a basic IP check when no NAT-T. 475 1.1 tteras 476 1.1 tteras 2005-07-26 Yvan Vanhullebus <vanhu (a] free.fr> 477 1.1 tteras 478 1.1 tteras * src/racoon/isakmp.c: Fixed purge_remote() 479 1.1 tteras 480 1.1 tteras 2005-07-25 Yvan Vanhullebus <vanhu (a] free.fr> 481 1.1 tteras 482 1.1 tteras * src/racoon/isakmp.c: Do not purge IPSec SAs in purge_remote() if 483 1.1 tteras a new ph1handle exists (patch by Krzysztof Oledzki) 484 1.1 tteras 485 1.1 tteras 2005-07-20 Aidas Kasparas <a.kasparas (a] gmc.lt> 486 1.1 tteras 487 1.1 tteras * configure.ac: disabled --enable-samode-unspec under linux 488 1.1 tteras 489 1.1 tteras 2005-07-20 Yvan Vanhullebus <vanhu (a] free.fr> 490 1.1 tteras 491 1.1 tteras * src/racoon/isakmp_quick.c: Ignore NATOA payloads in 492 1.1 tteras quick_r1recv() as it is done in quick_i2recv(). 493 1.1 tteras * configure.ac: new --enable-fastquit option 494 1.1 tteras * src/racoon/session.c: new code optional code when flushing SAs, 495 1.1 tteras which is faster and should have no deadlocks. configure 496 1.1 tteras --enable-fastquit option to enable it. 497 1.1 tteras 498 1.1 tteras 2005-07-19 Yvan Vanhullebus <vanhu (a] free.fr> 499 1.1 tteras 500 1.1 tteras * src/racoon/isakmp.c: Checks in isakmp_ph1begin_r() if we got the 501 1.1 tteras packet from NAT-T port, and set up the NAT_PORTS_CHANGED in that 502 1.1 tteras case (RFC 3947, sect 4, we MUST allow new phase1 negociations on 503 1.1 tteras NAT-T floated port), to correctly generate the reply. 504 1.1 tteras 505 1.1 tteras 2005-07-16 Aidas Kasparas <a.kasparas (a] gmc.lt> 506 1.1 tteras 507 1.1 tteras * src/racoon/grabmyaddr.c: fixed file descriptor leak. Thanks to 508 1.1 tteras Patrice Fournier 509 1.1 tteras * src/racoon/setkey.c: disabled readline's filename completion 510 1.1 tteras (bug 1179281 fix) 511 1.1 tteras * src/racoon/proposal.c: fixed mode selection for SAs with 512 1.1 tteras complex_bundle on behind NAT 513 1.1 tteras 514 1.1 tteras 2005-07-14 Yvan Vanhullebus <vanhu (a] free.fr> 515 1.1 tteras 516 1.1 tteras * src/racoon/handler.c: - Clears the DPD schedule in delph1() 517 1.1 tteras - Cleared up sanity checks in delph1() 518 1.1 tteras - Sets p->rmconf to NULL if no new 519 1.1 tteras remoteconf in revalidate_ph1tree_rmconf() 520 1.1 tteras * src/racoon/isakmp.c: Added sanity checks in script_hook() 521 1.1 tteras * src/racoon/oakley.c: Sanity check in save_certbuf() 522 1.1 tteras 523 1.1 tteras 524 1.1 tteras 2005-07-13 Emmanuel Dreyfus <manu (a] netbsd.org> 525 1.1 tteras 526 1.1 tteras * src/setkey/Makefile.am: missing file in distribution 527 1.1 tteras 528 1.1 tteras 2005-07-12 Yvan Vanhullebus <vanhu (a] free.fr> 529 1.1 tteras 530 1.1 tteras * src/racoon/isakmp.c: Fixed a mem leak in isakmp_send(). 531 1.1 tteras 532 1.1 tteras 2005-07-12 Emmanuel Dreyfus <manu (a] netbsd.org> 533 1.1 tteras 534 1.1 tteras * src/racoon/pfkey.c: Set IKE ports to 0 in the SA when NAT-T is not 535 1.1 tteras used. 536 1.1 tteras * src/racoon/{crypto_openssl.c|ipsec_doi.c|oakley.c} configure.ac 537 1.1 tteras src/racoon/missing/crypto/sha2/sha2.h: Support OpenSSL-0.9.8 538 1.1 tteras * src/racoon/{admin.c|session.c}: Don't use the adminport if it is 539 1.1 tteras disabled 540 1.1 tteras * src/racoon/samples/roadwarrior/client/{pahse1-up.sh|phase1-down.sh}: 541 1.1 tteras Add comments for using the scripts without NAT-T 542 1.1 tteras 543 1.1 tteras 2005-07-11 Emmanuel Dreyfus <manu (a] netbsd.org> 544 1.1 tteras 545 1.1 tteras * src/racoon/ipsec_doi.c configure.ac: More build fixes on Linux. 546 1.1 tteras Accomodate various libiconv versions 547 1.1 tteras 548 1.1 tteras 2005-07-10 Emmanuel Dreyfus <manu (a] netbsd.org> 549 1.1 tteras 550 1.1 tteras * src/racoon/ipsec_doi.c configure.ac: build fixes on Linux. 551 1.1 tteras Accomodate various libiconv versions 552 1.1 tteras 553 1.1 tteras 2005-07-09 Yvan Vanhullebus <vanhu (a] free.fr> 554 1.1 tteras 555 1.1 tteras * src/racoon/crypto_openssl.c: Fixed evp_crypt when using crypto 556 1.1 tteras algorithms with variable key size but not OpenSSL default key 557 1.1 tteras size. 558 1.1 tteras 559 1.1 tteras 2005-07-07 Emmanuel Dreyfus <manu (a] netbsd.org> 560 1.1 tteras 561 1.1 tteras From Mathias Scheler <tron (a] netbsd.org> 562 1.1 tteras * src/racoon/raccon.conf.5: Document that aes can be used in 563 1.1 tteras racoon.conf 564 1.1 tteras 565 1.1 tteras 2005-07-06 Frederic Senault <fred (a] lacave.net> 566 1.1 tteras 567 1.1 tteras * src/setkey/setkey.c: fix compilation with readline. 568 1.1 tteras * src/racoon/oakley.c: move declarations to fix compilation issues 569 1.1 tteras with gcc 2.95.4/FreeBSD4, re-indentation and style cleanup of the 570 1.1 tteras pkcs7 patch. 571 1.1 tteras 572 1.1 tteras 2005-07-04 Emmanuel Dreyfus <manu (a] netbsd.org> 573 1.1 tteras 574 1.1 tteras * src/racoon/isakmp_inf.c: safety checks on informational messages 575 1.1 tteras * src/racoon/{pfkey.c|proposal.c}: IPcomp fixes 576 1.1 tteras 577 1.1 tteras 2005-07-01 Emmanuel Dreyfus <manu (a] netbsd.org> 578 1.1 tteras 579 1.1 tteras From Uri Blumenthal <urimobile (a] optonline.net>: 580 1.1 tteras * src/racoon/{ipsec_doi.c|Makefile.am}: Linux build fixes 581 1.1 tteras * src/racoon/oakley.c: pkcs7 support 582 1.1 tteras 583 1.1 tteras 2005-06-29 Emmanuel Dreyfus <manu (a] netbsd.org> 584 1.1 tteras 585 1.1 tteras From Christos Zoulas <christos (a] zoulas.com> 586 1.1 tteras * configure.ac src/setkey/{parse.y|setkey.c|token.l} 587 1.1 tteras src/libipsec/{ipsec_dump_policy.c|ipsec_get_policylen.c|key_debug.c} 588 1.1 tteras src/libipsec/{libpfkey.h|pfkey_dump.c|policy_parse.y}: de-lint, 589 1.1 tteras using void * instead of caddr_t and adding const where appropriate. 590 1.1 tteras * src/setkey/extern.h: new file 591 1.1 tteras * src/libipsec/{pfkey.c|pfkey_dump.c|policy_parse.y} 592 1.1 tteras src/racoon/{sockmisc.c|sockmisc.h}: de-lint signed/unsigned, 593 1.1 tteras size_t/int and lint constants 594 1.1 tteras 595 1.1 tteras 2005-06-24 Yvan Vanhullebus <vanhu (a] free.fr> 596 1.1 tteras 597 1.1 tteras * src/racoon/handler.c: Fixed phase2 enc algo check when reloading 598 1.1 tteras conf (could flush a phase2 handler when not needed). 599 1.1 tteras 600 1.1 tteras 2005-06-19 Emmanuel Dreyfus <manu (a] netbsd.org> 601 1.1 tteras 602 1.1 tteras * src/racoon/{admin.c|handler.c|handler.h|racoonctl.c|racoonctl.h} 603 1.1 tteras src/racoon/racoonctl.8: 604 1.1 tteras Add a logout-user command to racoonctl to kick out all SA for a 605 1.1 tteras given Xauth user 606 1.1 tteras 607 1.1 tteras From Ludo Stellingwerff <ludo (a] protactive.nl>: 608 1.1 tteras * src/racoon/isakmp.c: NAT-T fix: We treat null ports in SPD as 609 1.1 tteras wildcard so that IKE ports are used instead. This was done on 610 1.1 tteras phase 2 initiation from the kernel (acquire message), but not 611 1.1 tteras on phase 2 initiation retries when the phase 2 had been queued 612 1.1 tteras for a phase 1. 613 1.1 tteras 614 1.1 tteras From Uri Blumenthal <urimobile (a] optonline.net> 615 1.1 tteras and Larry Baird <lab (a] gta.com>: 616 1.1 tteras * src/libipsec/pfkey_dump.c src/setkey/test-pfkey.c 617 1.1 tteras src/racoon/{algorithm.c|cftoken.l|eaytest.c|ipsec_doi.c} 618 1.1 tteras src/racoon/{ipsec_doi.h|pfkey.c|strnames.c}: Add SHA2 support 619 1.1 tteras * src/setkey/setkey.8 src/racoon/racoon.conf.5: update doc for SHA2 620 1.1 tteras * src/setkey/token.l: Add aliases shaxxx for sha2_xxx 621 1.1 tteras 622 1.1 tteras 2005-06-07 Emmanuel Dreyfus <manu (a] netbsd.org> 623 1.1 tteras 624 1.1 tteras From Larry Baird <lab (a] gta.com> 625 1.1 tteras * src/racoon/isakmp.c: consume NAT keepalive data already seen 626 1.1 tteras with MSG_PEEK 627 1.1 tteras 628 1.1 tteras 2005-06-07 Frederic Senault <fred (a] lacave.net> 629 1.1 tteras 630 1.1 tteras * configure.ac src/racoon/{cfparse.y|isakmp_cfg.h|isakmp_cfg.c} 631 1.1 tteras src/racoon/{handler.c|privsep.c|privsep.h|racoon.conf.5}: Add 632 1.1 tteras support for system accounting into the utmp files, with the 633 1.1 tteras "accounting system" directive. 634 1.1 tteras 635 1.1 tteras * src/privsep.c: Bug fixes in the xauth password handling code. 636 1.1 tteras 637 1.1 tteras 2005-06-06 Emmanuel Dreyfus <manu (a] netbsd.org> 638 1.1 tteras 639 1.1 tteras * src/racoon/isakmp_quick.c: endianness bug fix 640 1.1 tteras 641 1.1 tteras 2005-06-05 Emmanuel Dreyfus <manu (a] netbsd.org> 642 1.1 tteras 643 1.1 tteras From Thomas Klausner <wiz (a] netbsd.org> 644 1.1 tteras * src/setkey/setkey.8 src/racoon/racoon.conf.5: remove trailing 645 1.1 tteras spaces, grammar fix 646 1.1 tteras 647 1.1 tteras 2005-05-31 Aidas Kasparas <a.kasparas (a] gmc.lt> 648 1.1 tteras 649 1.1 tteras * src/racoon/ipsec_doi.c: Inserted missing 0th element of 650 1.1 tteras rm_idtype2doi array. Bug #1199700 fix. 651 1.1 tteras 652 1.1 tteras 2005-05-30 Frederic Senault <fred (a] lacave.net> 653 1.1 tteras 654 1.1 tteras * src/racoon/oakley.h: Fix a typo in the RMAUTHMETHOD macro 655 1.1 tteras definition. 656 1.1 tteras 657 1.1 tteras * src/racoon/isakmp_cfg.c: Fix the switch so that the phase1 script 658 1.1 tteras is executed at the end of the mode cfg exchange ; add a debug 659 1.1 tteras message at the script startup. 660 1.1 tteras 661 1.1 tteras 2005-05-23 Emmanuel Dreyfus <manu (a] netbsd.org> 662 1.1 tteras 663 1.1 tteras * src/racoon/admin.c: build fix 664 1.1 tteras 665 1.1 tteras 2005-05-20 Emmanuel Dreyfus <manu (a] netbsd.org> 666 1.1 tteras 667 1.1 tteras From Mike Robinson <sundialservices (a] users.sourceforge.net> 668 1.1 tteras * src/racoon/isakmp_xauth.c: really delete phase 1 on Xauth failure 669 1.1 tteras 670 1.1 tteras * src/libipsec/pfkey.c src/racoon/ipsec_doi.c: Fix NAT-T + IPcomp 671 1.1 tteras 672 1.1 tteras From hgates <hgates.lists (a] gmail.com> 673 1.1 tteras * src/racoon/proposal.c: fix SPI size test for IPcomp 674 1.1 tteras 675 1.1 tteras From Larry Baird <lab (a] gta.com> 676 1.1 tteras * src/racoon/{handler.c|ipsec_doi.c}: When altering lifetime, 677 1.1 tteras duplicate the proposal instead of modifying the configured one. 678 1.1 tteras 679 1.1 tteras 2005-05-19 Frederic Senault <fred (a] lacave.net> 680 1.1 tteras 681 1.1 tteras * configure.ac src/racoon/plog.c: Fix the logging functions to work 682 1.1 tteras around the lack of support of printf %zu in FreeBSD 4 (at least). 683 1.1 tteras 684 1.1 tteras * src/racoon/{isakmp.c|pfkey.c}: Put sockets in non-blocking mode to 685 1.1 tteras fix a hangup with FreeBSD 4. 686 1.1 tteras 687 1.1 tteras * src/racoon/{isakmp_inf.c|isakmp_unity.h|strnames.c}: Recognize a 688 1.1 tteras unity-specific heartbeat message. 689 1.1 tteras * src/racoon/isakmp_inf.c: Reorganize switch statement in 690 1.1 tteras isakmp_check_notify. 691 1.1 tteras 692 1.1 tteras 2005-05-17 Yvan Vanhullebus <vanhu (a] free.fr> 693 1.1 tteras 694 1.1 tteras * src/racoon/handler.c: Fixed exchange type check in 695 1.1 tteras revalidate_ph1(). 696 1.1 tteras * src/racoon/pfkey.c: changed includes order to fix compilation. 697 1.1 tteras 698 1.1 tteras 2005-05-14 Emmanuel Dreyfus <manu (a] netbsd.org> 699 1.1 tteras 700 1.1 tteras * src/libipsec/policy_parse.y: Fix parse problem 701 1.1 tteras 702 1.1 tteras 2005-05-14 Aidas Kasparas <a.kasparas (a] gmc.lt> 703 1.1 tteras 704 1.1 tteras * src/racoon/sockmisc.c: Debug message said it will send to 705 1.1 tteras source address insted of destination. 706 1.1 tteras 707 1.1 tteras 2005-05-13 Emmanuel Dreyfus <manu (a] netbsd.org> 708 1.1 tteras 709 1.1 tteras * src/racoon/isakmp_inf.c: fix build problem 710 1.1 tteras 711 1.1 tteras 2005-05-13 Yvan Vanhullebus <vanhu (a] free.fr> 712 1.1 tteras 713 1.1 tteras * src/racoon/isakmp.c: Fixed a double ph2handler free in 714 1.1 tteras isakmp_ph2begin_i(). 715 1.1 tteras 716 1.1 tteras 2005-05-12 Emmanuel Dreyfus <manu (a] netbsd.org> 717 1.1 tteras 718 1.1 tteras * src/racoon/isakmp_quick.c: fix build problem on some platforms 719 1.1 tteras 720 1.1 tteras * src/racoon/isakmp.c: For acquire messages, when NAT-T is in use, 721 1.1 tteras consider null port as a wildcard and use IKE ports. 722 1.1 tteras 723 1.1 tteras 2005-05-10 Emmanuel Dreyfus <manu (a] netbsd.org> 724 1.1 tteras 725 1.1 tteras * src/racoon/samples/roadwarrior/server/{racoon.conf|racoon.conf-radius} 726 1.1 tteras src/racoon/samples/roadwarrior/server/phase1-down.sh: removed file 727 1.1 tteras src/racoon/samples/roadwarrior/client/racoon.conf: update config 728 1.1 tteras files to higher security settings. Remove now useless phase 1 down 729 1.1 tteras script on server side. 730 1.1 tteras * Update README to reflect server/phase1-down.sh removal 731 1.1 tteras 732 1.1 tteras 2005-05-09 Emmanuel Dreyfus <manu (a] netbsd.org> 733 1.1 tteras 734 1.1 tteras * src/racoon/{cftoken.l|cfparse.y|isakmp_cfg.c|isakmp_cfg.h} 735 1.1 tteras src/racoon/{isakmp_unity.c|racoon.conf.5}: Add PFS group and 736 1.1 tteras save password extensions from Cisco in ISAKMP mode config. 737 1.1 tteras 738 1.1 tteras 2005-05-08 Emmanuel Dreyfus <manu (a] netbsd.org> 739 1.1 tteras 740 1.1 tteras * src/racoon/{handler.c|ipsec_doi.c|proposal.c}: check for lifebyte 741 1.1 tteras in proposals 742 1.1 tteras * src/racoon/ipsec_doi.c: fix a bug in proposal_check claim for phase 1 743 1.1 tteras * src/racoon/handler.c: style 744 1.1 tteras 745 1.1 tteras * src/racoon/isakmp_xauth.c: fix build with shadow passwords 746 1.1 tteras 747 1.1 tteras 2005-05-07 Emmanuel Dreyfus <manu (a] netbsd.org> 748 1.1 tteras 749 1.1 tteras * configure.ac src/racoon/isakmp_xauth.c: support shadow passwords 750 1.1 tteras * src/racoon/{isakmp_inf.c|isakmp_inf.h}: missing prototype 751 1.1 tteras * src/racoon/{handler.h|isakmp_inf.c|isakmp_quick.c|isakmp_var.h} 752 1.1 tteras src/racoon/pfkey.c: Move purge_remote() and delete_spd() prototypes 753 1.1 tteras to the right header file 754 1.1 tteras 755 1.1 tteras 2005-05-06 Emmanuel Dreyfus <manu (a] netbsd.org> 756 1.1 tteras 757 1.1 tteras * src/racoon/{admin.c|isakmp.c|isakmp_inf.c}: factor various 758 1.1 tteras ISAKMP SA termination (for DPD timeouts and delete message) to 759 1.1 tteras use purge_remote() so that SA and generated SPD get correctly flushed 760 1.1 tteras * src/racoon/{handler.c|handler.h}: Introduce getph1byaddrwop() and 761 1.1 tteras getph2bysaddr() 762 1.1 tteras * src/racoon/{isakmp.c|isakmp_var.h|isakmp_inf.c|isakmp_inf.h}: make 763 1.1 tteras purge_remote(), setcopeid() and delete_spd() public 764 1.1 tteras * src/racoon/isakmp_quick.c: remove duplicated setscopeid() 765 1.1 tteras * src/racoon/{sockmisc.c|sockmisc.h} introduce a CMPSADDR() macro 766 1.1 tteras to compare with ports when ENABLE_NATT and without otherwise 767 1.1 tteras 768 1.1 tteras 2005-05-06 Frederic Senault <fred (a] lacave.net> 769 1.1 tteras 770 1.1 tteras * src/racoon/isakmp_inf.c: Only print the contents of an informative 771 1.1 tteras message if the payload indicates an error ; transmit the return 772 1.1 tteras values from the DPD functions. 773 1.1 tteras 774 1.1 tteras 2005-05-06 Emmanuel Dreyfus <manu (a] netbsd.org> 775 1.1 tteras 776 1.1 tteras * src/racoon/isakmp_inf.c: Fix a bug causing informational message 777 1.1 tteras payloads to be ignored 778 1.1 tteras 779 1.1 tteras 2005-05-05 Yvan Vanhullebus <vanhu (a] free.fr> 780 1.1 tteras 781 1.1 tteras * src/racoon/isakmp_inf.c: Fixed some potential crashes in 782 1.1 tteras purge_remote() and purge_ipsec_spi(). 783 1.1 tteras 784 1.1 tteras 2005-05-05 Emmanuel Dreyfus <manu (a] netbsd.org> 785 1.1 tteras 786 1.1 tteras * src/libipsec/{policy_parse.y|policy_token.l} 787 1.1 tteras src/setkey/{setkey.8|token.l}: Allow ports to be supplied in SP 788 1.1 tteras endpoints, for accurate ESP over UDP matching 789 1.1 tteras * src/racoon/{isakmp.c|racoon.conf.5}: Send IKE local and remote 790 1.1 tteras ports to the hook scripts 791 1.1 tteras * src/racoon/remoteconf.c: do not honour ports when looking up 792 1.1 tteras a remote config, as our remote config have no port information 793 1.1 tteras * src/racoon/samples/roadwarrior/client/{phase1-up.sh|phase1-down.sh}: 794 1.1 tteras use the IKE ports supplied by racoon to set up acurate endpoints 795 1.1 tteras ports in SP endpoints 796 1.1 tteras 797 1.1 tteras 2005-05-04 Yvan Vanhullebus <vanhu (a] free.fr> 798 1.1 tteras 799 1.1 tteras * src/racoon/isakmp_inf.c: code cleanup for SPD remove, generated 800 1.1 tteras policies are now also removed when DPD purge. 801 1.1 tteras 802 1.1 tteras 2005-05-04 Emmanuel Dreyfus <manu (a] netbsd.org> 803 1.1 tteras 804 1.1 tteras From Manisha Malla <mmanisha (a] novell.com> 805 1.1 tteras * src/racoon/isakmp_cfg.c: fix unsigned int checked for being negative 806 1.1 tteras 807 1.1 tteras From Ludo Stellingwerff <ludo (a] protactive.nl> 808 1.1 tteras * src/setkey/{parse.y|token.l}: build on system that do not have 809 1.1 tteras TCP-MD5 support 810 1.1 tteras 811 1.1 tteras 2005-05-04 Michal Ludvig <michal (a] logix.cz> 812 1.1 tteras 813 1.1 tteras * configure.ac: Revert GLIBC_BUGS change from 2005-04-15 814 1.1 tteras 815 1.1 tteras 2005-05-03 Frederic Senault <fred (a] lacave.net> 816 1.1 tteras 817 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|isakmp_inf.c|racoon.conf.5} 818 1.1 tteras src/racoon/{remoteconf.c|remoteconf.h}: Add a weak_phase1_check 819 1.1 tteras option to enable the handling of unencrypted delete payloads. 820 1.1 tteras 821 1.1 tteras * src/racoon/plog.c: Use of isgraph in binsanitize. 822 1.1 tteras 823 1.1 tteras * src/racoon/rfc/rfc3706.txt: new file: Dead Peer Detection RFC. 824 1.1 tteras 825 1.1 tteras * src/racoon/isakmp_inf.c: Unused code cleanup. 826 1.1 tteras 827 1.1 tteras 2005-04-26 Emmanuel Dreyfus <manu (a] netbsd.org> 828 1.1 tteras 829 1.1 tteras * bootstrap: Darwin support 830 1.1 tteras 831 1.1 tteras From Larry Baird <lab (a] gta.com> 832 1.1 tteras * src/racoon/nattraversal.c: Fix NAT-T for initiator 833 1.1 tteras 834 1.1 tteras From Andreas Tobler <toa (a] pop.agri.ch>: 835 1.1 tteras * src/racoon/{misc.h|throttle.c|remoteconf.c|sockmisc.c|privsep.c} 836 1.1 tteras src/racoon/{pfkey.c|isakmp.c|grabmyaddr.c|getcertsbyname.c} 837 1.1 tteras src/racoon/configure.ac src/libipsec/policy_token.l 838 1.1 tteras src/setkey/token.l: Build on Darwin 839 1.1 tteras 840 1.1 tteras 2005-04-25 Emmanuel Dreyfus <manu (a] netbsd.org> 841 1.1 tteras 842 1.1 tteras * src/racoon/handler.h: ifdef DPD and NAT-T data in data structures 843 1.1 tteras 844 1.1 tteras * src/libipsec/{ipsec_dump_policy.c|pfkey_dump.c|libpfkey.h} 845 1.1 tteras src/setkey/{setkey.8|setkey.c}: add a -p option to setkey to 846 1.1 tteras enable the display of ESP over UDP ports in policies. 847 1.1 tteras 848 1.1 tteras * src/racoon/ipsec_doi.c: fix LP64 bug 849 1.1 tteras 850 1.1 tteras From Ludo Stellingwerff <ludo (a] protactive.nl>: 851 1.1 tteras * src/racoon/isakmp.c: build without NAT-T 852 1.1 tteras 853 1.1 tteras From F. Senault <fred.letter (a] lacave.net> 854 1.1 tteras * src/racoon/{evt.h|isakmp.h|isakmp_inf.c|plog.c|plog.h|racoonctl.c} 855 1.1 tteras src/racoon/isakmp_xauth.c: Take into account payloads bundled after 856 1.1 tteras an ISAKMP informationnal message. 857 1.1 tteras 858 1.1 tteras From Patrick McHardy <kaber (a] trash.net> 859 1.1 tteras * src/racoon/{handler.c|handler.h|pfkey.c}: When handling acquire 860 1.1 tteras message, lookup phase 2 by (src, dst, id) instead of only id. 861 1.1 tteras 862 1.1 tteras 2005-04-23 Emmanuel Dreyfus <manu (a] netbsd.org> 863 1.1 tteras 864 1.1 tteras * src/libipsec/ipsec_dump_policy.c: display port numbers in policies 865 1.1 tteras * src/racoon/{isakmp.c|isakmp_cfg.c|isakmp_inf.c|pfkey.c}: don't 866 1.1 tteras forget port numbers so that mutiple clients behind the same NAT 867 1.1 tteras can work. 868 1.1 tteras 869 1.1 tteras From Larry Baird <lab (a] gta.com> 870 1.1 tteras * src/racoon/{isakmp.c|nattraversal.c|isakmp_quick.c|nattraversal.h}: 871 1.1 tteras NAT-T fixes for interoperability with greenbow VPN client. 872 1.1 tteras 873 1.1 tteras 2005-04-21 Aidas Kasparas <a.kasparas (a] gmc.lt> 874 1.1 tteras 875 1.1 tteras * src/libipsec/policy.parse.y, src/racoon/cfparse.y, 876 1.1 tteras src/libipsec/policy_parse.y, src/racoon/cfparse.y, 877 1.1 tteras src/racoon/cftoken.l, src/racoon/crypto_openssl.c, 878 1.1 tteras src/racoon/getcertsbyname.c, src/racoon/grabmyaddr.c, 879 1.1 tteras src/racoon/ipsec_doi.c, src/racoon/isakmp.c, 880 1.1 tteras src/racoon/isakmp_inf.c, src/racoon/pfkey.c, 881 1.1 tteras src/racoon/plainrsa-gen.c, src/racoon/sockmisc.c, 882 1.1 tteras src/racoon/sockmisc.h, src/racoon/racoonctl.c: made compile 883 1.1 tteras with gcc-4.0 (20050410 prerelease) 884 1.1 tteras 885 1.1 tteras 2005-04-20 Aidas Kasparas <a.kasparas (a] gmc.lt> 886 1.1 tteras 887 1.1 tteras From: Ganesan Rajagopal <rganesan (a] users.sourceforge.net> 888 1.1 tteras * configure.ac: fix --enable-ipv6 logic 889 1.1 tteras 890 1.1 tteras 2005-04-19 Yvan Vanhullebus <vanhu (a] free.fr> 891 1.1 tteras 892 1.1 tteras * src/racoon/remoteconf.c: fixed dupisakmpsa() and dhgroup. 893 1.1 tteras 894 1.1 tteras 2005-04-18 Aidas Kasparas <a.kasparas (a] gmc.lt> 895 1.1 tteras 896 1.1 tteras * src/racoon/crypto_openssl.c: fixed single DES support; 897 1.1 tteras * NEWS: noted fix 898 1.1 tteras 899 1.1 tteras 2005-04-18 Emmanuel Dreyfus <manu (a] netbsd.org> 900 1.1 tteras 901 1.1 tteras * src/racoon/isakmp_base.c: DPD support, fix memory leak 902 1.1 tteras 903 1.1 tteras From Thomas Klausner <wiz (a] NetBSD.org> 904 1.1 tteras * src/libipsec/{ipsec_set_policy.3|ipsec_strerror.3} 905 1.1 tteras src/racoon/{admin.c|plainrsa-gen.8|racoon.8|racoon.conf.5|racoonctl.8} 906 1.1 tteras src/racoon/samples/{racoon.conf.in|racoon.conf.sample} 907 1.1 tteras src/racoon/samples/racoon.conf.sample-gssapi 908 1.1 tteras src/racoon/samples/racoon.conf.sample-inherit 909 1.1 tteras src/racoon/samples/racoon.conf.sample-natt 910 1.1 tteras src/racoon/samples/racoon.conf.sample-plainrsa 911 1.1 tteras src/racoon/samples/roadwarrior/README 912 1.1 tteras src/racoon/samples/roadwarrior/server/phase1-down.sh 913 1.1 tteras src/setkey/setkey.8: docmumentation fixes 914 1.1 tteras 915 1.1 tteras From KAME 916 1.1 tteras * src/racoon/ipsec_doi.c: wrong check on SA lifebyte 917 1.1 tteras 918 1.1 tteras From Fred Senault <fred.letter (a] lacave.net> 919 1.1 tteras * src/racoon/{cfparse.y|cftoken.l} drop split_net_type directive, 920 1.1 tteras which is now incoprated into split_net_tunnels 921 1.1 tteras * src/raccon/{isakmp.c|isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c} 922 1.1 tteras src/racoon/isakmp_xauth.h: support login and password sent 923 1.1 tteras in different packets during the Xauth exchange. This makes racoon 924 1.1 tteras interoperable with SecureComputing's sidewinder 925 1.1 tteras * src/racoon/{strnames.c|strnames.h}: more debug strings for Xauth 926 1.1 tteras 927 1.1 tteras 2005-04-17 Yvan Vanhullebus <vanhu (a] free.fr> 928 1.1 tteras 929 1.1 tteras * src/racoon/handler.c: Configuration reload validation code 930 1.1 tteras * src/racoon/handler.h:revalidate_ph12() function 931 1.1 tteras * src/racoon/ipsec_doi.c: duplicates iph1->approval in 932 1.1 tteras get_ph1approval(), some fields sets to NULL when needed 933 1.1 tteras * src/racoon/isakmp_inf.[ch]: purge_ipsec_spi() is now public 934 1.1 tteras * src/racoon/localconf.[ch]: save/restore_params() functions 935 1.1 tteras * src/racoon/main.c: moved restore_params functions to localconf 936 1.1 tteras * src/racoon/remoteconf.c: save_rmconf() functions, dupisakmpsa() 937 1.1 tteras function, some values set to NULL when needed 938 1.1 tteras * src/racoon/remoteconf.h: save_rmconf() functions, dupisakmpsa() 939 1.1 tteras function 940 1.1 tteras * src/racoon/sainfo.[ch]: save_sainfotree() functions 941 1.1 tteras * src/racoon/session.c: Reloads conf on a SIGHUP without loosing 942 1.1 tteras existing tunnels 943 1.1 tteras 944 1.1 tteras 2005-04-15 Aidas Kasparas <a.kasparas (a] gmc.lt> 945 1.1 tteras 946 1.1 tteras From Zilvinas Valinskas <zilvinas (a] gemtek.lt>: 947 1.1 tteras * configure.ac: 948 1.1 tteras - cross-compile type fix (patch 1); 949 1.1 tteras - --enable-{frag|hybrid}=no fixes (patches 6,7); 950 1.1 tteras - support for --with-flex, --with-flexlib (patch 11); 951 1.1 tteras - GLIBC_BUGS assignment correction (patch 14 with mods). 952 1.1 tteras * src/racoon/isakmp.c: fix compilation when hybrid disabled. 953 1.1 tteras 954 1.1 tteras 2005-04-11 Emmanuel Dreyfus <manu (a] netbsd.org> 955 1.1 tteras 956 1.1 tteras * src/racoon/rfc/{rfc2407.txt|rfc2408.txt: new files 957 1.1 tteras RFC for IPsec DOI and ISAKMP 958 1.1 tteras 959 1.1 tteras 2005-04-10 Emmanuel Dreyfus <manu (a] netbsd.org> 960 1.1 tteras 961 1.1 tteras * src/racoon/isakmp_base.c: resurect RSASIG support 962 1.1 tteras * src/racoon/isakmp_ident.c: missing support for hybrid auth 963 1.1 tteras * src/racoon/{isakmp_base.c|oakley.c}: missing bits for hybrid/base mode 964 1.1 tteras 965 1.1 tteras 2005-04-09 Emmanuel Dreyfus <manu (a] netbsd.org> 966 1.1 tteras 967 1.1 tteras * src/racoon/{algorithm.c|algorithm.h|cftoken.l|ipsec_doi.c} 968 1.1 tteras src/racoon/{isakmp.c|isakmp_agg.c|isakmp_ident.c|isakmp_base.c} 969 1.1 tteras src/racoon/{isakmp_frag.h|isakmp_xauth.c|oakley.c|racoon.conf.5}: 970 1.1 tteras Add Xauth + RSASIG, for client and server. Add all Xauth and 971 1.1 tteras IKE fragmentation logic to base and ident mode. 972 1.1 tteras * src/libipsec/{pfkey.c|pfkey_dump.c} 973 1.1 tteras src/setkey/parse.y: more missing TCP_MD5 bits from KAME 974 1.1 tteras 975 1.1 tteras 2005-04-08 Emmanuel Dreyfus <manu (a] netbsd.org> 976 1.1 tteras 977 1.1 tteras * src/racoon/cfparse.y: a list of network can be specified for split 978 1.1 tteras tunnelling 979 1.1 tteras * src/racoon/{isakmp_cfg.c|racoon.conf.5}: add INTERNAL_CIDR4, the 980 1.1 tteras netmask in CIDR notation, to the hook script environement. 981 1.1 tteras * src/setkey/{token.l|parse.y|setkey.8}: KAME backport of missing 982 1.1 tteras bits for TCP_MD5 support. 983 1.1 tteras 984 1.1 tteras From Fred Senault <fred.letter (a] lacave.net> 985 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|ipsec_doi.c|ipsec_doi.h} 986 1.1 tteras src/racoon/racoon.conf.5: KEYID identifier can be taken from 987 1.1 tteras a file or from a quoted string 988 1.1 tteras 989 1.1 tteras 2005-04-05 Emmanuel Dreyfus <manu (a] netbsd.org> 990 1.1 tteras 991 1.1 tteras From Fred Senault <fred.letter (a] lacave.net> 992 1.1 tteras * src/racoon/admin.c: fix the admin interface that was left behind 993 1.1 tteras after recent Xauth changes 994 1.1 tteras * src/racoon/{cfparse.y|isakmp_xauth.c|isakmp_xauth.h|oakley.c} 995 1.1 tteras src/racoon/{remoteconf.c|remoteconf.h}: factor Xauth info in 996 1.1 tteras remote conf within a single structure. 997 1.1 tteras * src/racoon/{isakmp.c|isakmp_cfg.c}: on client side, do not run 998 1.1 tteras phase1-up script before ISAKMP mode config is done 999 1.1 tteras * src/racoon/isakmp_inf.c: log a buggy condition 1000 1.1 tteras * src/racoon/{isakmp.c|isakmp_agg.c|isakmp_base.c|isakmp_ident.c} 1001 1.1 tteras src/racoon/{oakley.c|oakley.h}: Use the AUTHMETHOD macro to 1002 1.1 tteras distinguish between XAUTH PSK and Kerberos authentications 1003 1.1 tteras * src/racoon/{oakley.c|remoteconf.c}: set a default for certificate 1004 1.1 tteras requests 1005 1.1 tteras * src/racoon/isakmp_xauth.c: Fix serious security bug introduced 1006 1.1 tteras on 2005-03-09: Xauth validation was required for phase 2 on the 1007 1.1 tteras client (thus blocking phase 2), but not on the server (thus 1008 1.1 tteras making it open regardless of Xauth exchange). 1009 1.1 tteras * src/racoon/vendorid.c: dump unknown VIDs 1010 1.1 tteras 1011 1.1 tteras 1012 1.1 tteras 2005-04-06 Yvan Vanhullebus <vanhu (a] free.fr> 1013 1.1 tteras 1014 1.1 tteras * src/racoon/crypto_openssl.c: Disable OpenSSL padding in 1015 1.1 tteras evp_crypt(), because it may cause some interoperability problems. 1016 1.1 tteras Solution reported by Ganesan Rajagopal. 1017 1.1 tteras 1018 1.1 tteras 2005-04-05 Emmanuel Dreyfus <manu (a] netbsd.org> 1019 1.1 tteras 1020 1.1 tteras * src/racoon/main.c: build with hybrid but without libradius 1021 1.1 tteras 1022 1.1 tteras 2005-04-05 Yvan Vanhullebus <vanhu (a] free.fr> 1023 1.1 tteras 1024 1.1 tteras * src/racoon/handler.h: added a flag to identify generated policies 1025 1.1 tteras * src/racoon/isakmp.c: changed logging in isakmp_ph1expire() 1026 1.1 tteras * src/racoon/isakmp_inf.c: use iph2->generated_spidx to check if 1027 1.1 tteras policy have been generated in purge_remote_spi() 1028 1.1 tteras * src/racoon/isakmp_quick.c: sets iph2->generated_spidx for 1029 1.1 tteras generated policies 1030 1.1 tteras * src/racoon/pfkey.c: reactivated the unbindph12() in pk_recvupdate() 1031 1.1 tteras 1032 1.1 tteras 2005-04-04 Emmanuel Dreyfus <manu (a] netbsd.org> 1033 1.1 tteras 1034 1.1 tteras * src/racoon/isakmp_cfg.c: fix a buffer overrun in mode config SET 1035 1.1 tteras 1036 1.1 tteras 2005-03-30 Michal Ludvig <michal (a] logix.cz> 1037 1.1 tteras 1038 1.1 tteras * configure.ac: Don't compile with NAT-T by default (according to 1039 1.1 tteras documentation, finally :-) 1040 1.1 tteras 1041 1.1 tteras 2005-03-27 Michal Ludvig <michal (a] logix.cz> 1042 1.1 tteras 1043 1.1 tteras From Zilvinas Valinskas <zilvinas (a] gemtek.lt>: 1044 1.1 tteras * configure.ac: 1045 1.1 tteras - Use AC_CHECK_HEADER for kernel headers instead of AC_CHECK_FILE. 1046 1.1 tteras - Fix OpenSSL check for cross-compilation. 1047 1.1 tteras * acracoon.m4(RACOON_CHECK_VA_COPY): Allow cross-compilation. 1048 1.1 tteras (RACOON_CHECK_BUGGY_GETADDRINFO): Ditto. 1049 1.1 tteras 1050 1.1 tteras 2005-03-16 Emmanuel Dreyfus <manu (a] netbsd.org> 1051 1.1 tteras 1052 1.1 tteras * src/racoon/privsep.c: check for NULL path in unsafe_path() 1053 1.1 tteras * src/racoon/privsep.c: missing space 1054 1.1 tteras 1055 1.1 tteras 2005-03-15 Emmanuel Dreyfus <manu (a] netbsd.org> 1056 1.1 tteras 1057 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|isakmp.c|isakmp_cfg.c|isakmp_cfg.h} 1058 1.1 tteras src/racoon/{isakmp_var.h|isakmp_xauth.c|localconf.h|privsep.c} 1059 1.1 tteras src/racoon/{privsep.h|racoon.conf.5|remoteconf.c|remoteconf.h} 1060 1.1 tteras src/racoon/main.c: Remove most of config dependency from 1061 1.1 tteras privilegied instance for upcoming config reload patch. 1062 1.1 tteras * src/racoon/isakmp_cfg.h: fix the application version for Xauth 1063 1.1 tteras * src/racoon/isakmp_cfg.c: only call cleanup_pam when PAM is used 1064 1.1 tteras 1065 1.1 tteras 2005-03-14 Emmanuel Dreyfus <manu (a] netbsd.org> 1066 1.1 tteras 1067 1.1 tteras * configure.ac: handle correctly dynamic libradius 1068 1.1 tteras * src/racoon/cfparse.y: correctly initialize address pool 1069 1.1 tteras 1070 1.1 tteras 2005-03-13 Yvan Vanhullebus <vanhu (a] free.fr> 1071 1.1 tteras 1072 1.1 tteras * src/racoon/isakmp.c: Fixed a buffer underrun (CAN-2005-0398) 1073 1.1 tteras 1074 1.1 tteras 2005-03-09 Emmanuel Dreyfus <manu (a] netbsd.org> 1075 1.1 tteras 1076 1.1 tteras From Fred Senault <fred.letter (a] lacave.net> 1077 1.1 tteras * src/racoon/cfparse.y: endainness bugfix 1078 1.1 tteras * src/racoon/isakmp_xauth.c: off by one bugs in strings 1079 1.1 tteras * src/racoon/oakley.h: missing parenthesis causing bugs 1080 1.1 tteras 1081 1.1 tteras 2005-03-09 Emmanuel Dreyfus <manu (a] netbsd.org> 1082 1.1 tteras 1083 1.1 tteras * src/racoon/isakmp_xauth.c: fix a crash when using RADIUS auth 1084 1.1 tteras 1085 1.1 tteras 2005-03-07 Emmanuel Dreyfus <manu (a] netbsd.org> 1086 1.1 tteras 1087 1.1 tteras From Fred Senault <fred.letter (a] lacave.net> 1088 1.1 tteras * src/racoon/{algorithm.c|algorithm.h|cfparse.y|cftoken.l} 1089 1.1 tteras src/racoon/{handler.c|ipsec_doi.c|ipsec_doi.h|isakmp.c} 1090 1.1 tteras src/racoon/{isakmp_agg.c|isakmp_base.c|isakmp_cfg.c|isakmp_cfg.h} 1091 1.1 tteras src/racoon/{isakmp_ident.c|isakmp_inf.c|isakmp_quick.c} 1092 1.1 tteras src/racoon/{isakmp_unity.c|isakmp_xauth.c|kmpstat.c|oakley.c} 1093 1.1 tteras src/racoon/{oakley.h|plainrsa-gen.8|privsep.c|racoon.conf.5} 1094 1.1 tteras src/racoon/{racoonctl.c|remoteconf.c|remoteconf.h|strnames.c} 1095 1.1 tteras src/racoon/{strnames.h|throttle.c}: Support plain Xauth, split 1096 1.1 tteras tunnelling, multiple DNS & WINS in ISAKMP mode config. 1097 1.1 tteras 1098 1.1 tteras 2005-03-02 Yvan Vanhullebus <vanhu (a] free.fr> 1099 1.1 tteras 1100 1.1 tteras * src/racoon/isakmp_quick.c: tunnel_mode_prop() is now public 1101 1.1 tteras * src/racoon/isakmp_inf.c: fixed compilation if HAVE_POLICY_FWD. 1102 1.1 tteras 1103 1.1 tteras 2005-03-01 Yvan Vanhullebus <vanhu (a] free.fr> 1104 1.1 tteras 1105 1.1 tteras * src/racoon/oakley.c: fixed oakley_newiv2() when errors 1106 1.1 tteras 1107 1.1 tteras 2005-02-24 Emmanuel Dreyfus <manu (a] netbsd.org> 1108 1.1 tteras 1109 1.1 tteras * src/racoon/privsep.c: safety check port numbers given by the 1110 1.1 tteras unprivilegied instance. 1111 1.1 tteras * src/racoon/racoonctl.8: display fixes in racoonctl(8) 1112 1.1 tteras 1113 1.1 tteras 2005-02-23 Emmanuel Dreyfus <manu (a] netbsd.org> 1114 1.1 tteras 1115 1.1 tteras * configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal 1116 1.1 tteras support for patented algorithms: IDEA and RC5. 1117 1.1 tteras * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it 1118 1.1 tteras is not required in the configuration 1119 1.1 tteras * src/racoon/isakmp.c: do not reject addresses for which kernel 1120 1.1 tteras refused UDP encapsulation, they can still be used for non NAT-T 1121 1.1 tteras traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel) 1122 1.1 tteras * src/libipsec/libpfkey.h: prefer __inline to inline 1123 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|localconf.c|localconf.h|privsep.c} 1124 1.1 tteras src/racoon/racoon.conf.5: Add chroot capability 1125 1.1 tteras 1126 1.1 tteras 2005-02-18 Emmanuel Dreyfus <manu (a] netbsd.org> 1127 1.1 tteras 1128 1.1 tteras * src/racoon/{main.c|eaytest.c|plairsa-gen.c} 1129 1.1 tteras src/setkey/setkey.c: don't use fuzzy paths for package_version.h 1130 1.1 tteras 1131 1.1 tteras 2005-02-18 Michal Ludvig <michal (a] logix.cz> 1132 1.1 tteras 1133 1.1 tteras * configure.ac, rpm/suse/ipsec-tools.spec.in, 1134 1.1 tteras rpm/suse/Makefile.am: Distribute .spec file with 1135 1.1 tteras resolved version string. 1136 1.1 tteras * src/racoon/Makefile.am: Allow parallel cluster build. 1137 1.1 tteras 1138 1.1 tteras 2005-02-17 Emmanuel Dreyfus <manu (a] netbsd.org> 1139 1.1 tteras 1140 1.1 tteras From Fred Senault <fred.letter (a] lacave.net> 1141 1.1 tteras * src/racoon/remoteconf.c: Fix a bug in script init 1142 1.1 tteras 1143 1.1 tteras 2005-02-17 Yvan Vanhullebus <vanhu (a] free.fr> 1144 1.1 tteras 1145 1.1 tteras * src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks 1146 1.1 tteras 1147 1.1 tteras 2005-02-16 Yvan Vanhullebus <vanhu (a] free.fr> 1148 1.1 tteras 1149 1.1 tteras * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a 1150 1.1 tteras related DELETE_SA 1151 1.1 tteras * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire 1152 1.1 tteras 1153 1.1 tteras 2005-02-15 Michal Ludvig <michal (a] logix.cz> 1154 1.1 tteras 1155 1.1 tteras * configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN 1156 1.1 tteras 1157 1.1 tteras --------------------------------------------- 1158 1.1 tteras 1159 1.1 tteras Branch for 0.6 created (ipsec-tools-0_6-branch) 1160 1.1 tteras 1161 1.1 tteras 2005-02-11 Emmanuel Dreyfus <manu (a] netbsd.org> 1162 1.1 tteras 1163 1.1 tteras From Jason Thorpe <thorpej (a] netbsd.org> 1164 1.1 tteras * src/raccon/samples/racoon.conf.sample-gssapi 1165 1.1 tteras src/racoon/{cfparse.y|cftoken.l|gssapi.c|gssapi.h|ipsec_doi.c} 1166 1.1 tteras src/racoon/{localconf.c|localconf.h|racoon.conf.5} 1167 1.1 tteras configure.ac: Multiple GSSAPI fixes to get interoperability 1168 1.1 tteras with Microsoft IKE. 1169 1.1 tteras 1170 1.1 tteras 2005-02-09 Emmanuel Dreyfus <manu (a] netbsd.org> 1171 1.1 tteras 1172 1.1 tteras * src/racoon/{cfparse.y|isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c} 1173 1.1 tteras src/racoon/{isakmp_xauth.h|main.c|privsep.c|privsep.h} 1174 1.1 tteras src/racoon/racoon.conf.5: Make PAM work with privilege separation 1175 1.1 tteras 1176 1.1 tteras 2005-02-07 Michal Ludvig <michal (a] logix.cz> 1177 1.1 tteras 1178 1.1 tteras From Krisztian Kovacs: 1179 1.1 tteras * src/racoon/cfparse.y: Allocate correct space for "struct sockaddr". 1180 1.1 tteras 1181 1.1 tteras 2005-01-30 Yvan Vanhullebus <vanhu (a] free.fr> 1182 1.1 tteras 1183 1.1 tteras * src/racoon/vmbuf.c: bugfix in vrealloc() 1184 1.1 tteras * src/racoon/oakley.c: mem leak fix in INITDHVAL() 1185 1.1 tteras * src/racoon/session.c: mem leak fix in check_flushsa() 1186 1.1 tteras 1187 1.1 tteras 2005-01-29 Yvan Vanhullebus <vanhu (a] free.fr> 1188 1.1 tteras 1189 1.1 tteras * src/racoon/isakmp_{ident|agg}.c: NAT-T cleanup 1190 1.1 tteras * src/racoon/pfkey.c: Uses NATT encaps_type in pk_sendupdate() 1191 1.1 tteras * src/racoon/vendorid.[ch]: NAT-T cleanup, NATT_01 VID 1192 1.1 tteras * src/racoon/nattraversal.[ch]: NATT cleanup, support for all 1193 1.1 tteras drafts (disabled by default) / RFC. 1194 1.1 tteras * src/racoon/isakmp.h: NATT cleanup for NATT RFC support 1195 1.1 tteras * src/racoon/ipsec_doi.h: updated comments about NATT 1196 1.1 tteras * configure.ac: enable-natt_XX options 1197 1.1 tteras * src/racoon/isakmp.c: set UDP_ENCAPS_ESPINUDP_NON_IKE option when needed 1198 1.1 tteras 1199 1.1 tteras 1200 1.1 tteras 2005-01-29 Emmanuel Dreyfus <manu (a] netbsd.org> 1201 1.1 tteras 1202 1.1 tteras From Fred Senault <fred (a] lacave.net> 1203 1.1 tteras * src/racoon/pfkey.c: Update SAD even if NAT-T is disabled, so that 1204 1.1 tteras phase2 can start. 1205 1.1 tteras 1206 1.1 tteras 2005-01-23 Emmanuel Dreyfus <manu (a] netbsd.org> 1207 1.1 tteras 1208 1.1 tteras * src/setkey/{sekkey.8|setkey.c|token.l|parse.y}: implement NetBSD's 1209 1.1 tteras SADB_X_AALG_TCP_MD5. Resurrect setkey -h meaning on NetBSD. 1210 1.1 tteras 1211 1.1 tteras 2005-01-22 Emmanuel Dreyfus <manu (a] netbsd.org> 1212 1.1 tteras 1213 1.1 tteras From Fred Senault <fred (a] lacave.net> 1214 1.1 tteras * src/racoon/{cftoken.l|cfparse.y|raccon.conf.5} 1215 1.1 tteras src/racoon/samples/roadwarrior/README: change "my_identifier login" 1216 1.1 tteras into "xauth_login" in the config file so that we can introduce Xauth 1217 1.1 tteras with a pre-shared key later. 1218 1.1 tteras 1219 1.1 tteras 2005-01-21 Emmanuel Dreyfus <manu (a] netbsd.org> 1220 1.1 tteras 1221 1.1 tteras * src/racoon/samples/roadwarrior/client/{phase1-up.sh|phase1-down.sh}: 1222 1.1 tteras workaround Linux problems. This needs a better fix. 1223 1.1 tteras 1224 1.1 tteras 2005-01-18 Emmanuel Dreyfus <manu (a] netbsd.org> 1225 1.1 tteras 1226 1.1 tteras * src/racoon/privsep.c: build without ENABLE_HYBRID 1227 1.1 tteras 1228 1.1 tteras 2005-01-14 Emmanuel Dreyfus <manu (a] netbsd.org> 1229 1.1 tteras 1230 1.1 tteras * src/raccon/rfc/{rfc3947.txt|rfc3948.txt}: new files (NAT-T) 1231 1.1 tteras 1232 1.1 tteras 2005-01-13 Yvan Vanhullebus <vanhu (a] free.fr> 1233 1.1 tteras 1234 1.1 tteras * src/racoon/ipsec_doi.c: Uses proposal_check value to check phase 1235 1.1 tteras 1 lifetime. 1236 1.1 tteras * src/racoon/racoon.conf.5: Updated racoon man page for phase 1 1237 1.1 tteras lifetime check / proposal_check. 1238 1.1 tteras 1239 1.1 tteras 2005-01-11 Emmanuel Dreyfus <manu (a] netbsd.org> 1240 1.1 tteras 1241 1.1 tteras * src/racoon/isakjmp_quick.c: endianness bugfix from KAME 1242 1.1 tteras 1243 1.1 tteras 2005-01-07 Emmanuel Dreyfus <manu (a] netbsd.org> 1244 1.1 tteras 1245 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|nattraversal.h|pfkey.c} 1246 1.1 tteras src/racoon/{racoon.conf.5|remoteconf.c|remoteconf.h} 1247 1.1 tteras src/libipsec/{libpfkey.h|pfkey.c}: ESP fragmentation size is 1248 1.1 tteras now configurable (supported only on NetBSD so far). 1249 1.1 tteras 1250 1.1 tteras 2005-01-05 Emmanuel Dreyfus <manu (a] netbsd.org> 1251 1.1 tteras 1252 1.1 tteras * src/racoon/privsep.c: Build again on Linux with privsep 1253 1.1 tteras 1254 1.1 tteras 2005-01-03 Emmanuel Dreyfus <manu (a] netbsd.org> 1255 1.1 tteras 1256 1.1 tteras * src/racoon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c|isakmp_xauth.h} 1257 1.1 tteras src/racoon/{cfparse.y|cftoken.l|racoon.conf.5} 1258 1.1 tteras src/racoon/doc/FAQ 1259 1.1 tteras configure.ac: PAM support for authentication and accounting in 1260 1.1 tteras hybrid auth 1261 1.1 tteras 1262 1.1 tteras 2005-01-02 Emmanuel Dreyfus <manu (a] netbsd.org> 1263 1.1 tteras 1264 1.1 tteras * src/racoon/admin.c: never fork, it buys nothing an break on some 1265 1.1 tteras operations 1266 1.1 tteras 1267 1.1 tteras 2004-12-30 Emmanuel Dreyfus <manu (a] netbsd.org> 1268 1.1 tteras 1269 1.1 tteras * src/racoon/{Makefile.am|admin.h|cfparse.y|cftoken.l|isakmp.c} 1270 1.1 tteras src/racoon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_var.h| isakmp_xauth.c} 1271 1.1 tteras src/racoon/{localconf.c|localconf.h|main.c|oakley.c|pfkey.c} 1272 1.1 tteras src/racoon/{racoon.conf.5|remoteconf.c|remoteconf.h|session.c} 1273 1.1 tteras src/racoon/{privsep.c|privsep.h}: new files 1274 1.1 tteras Privilege separation 1275 1.1 tteras 1276 1.1 tteras * src/racoon/{Makefile.am|admin.h|admin_var.h|kmpstat.c} 1277 1.1 tteras src/racoon/{racoonctl.c|racoonctl.h}: new files 1278 1.1 tteras configure.ac: publically export the adminport interface so that 1279 1.1 tteras external program can control racoon 1280 1.1 tteras 1281 1.1 tteras * src/racoon/{racoonctl.c|racoonctl.h|kmpstat.c}: Add interface 1282 1.1 tteras versionning 1283 1.1 tteras 1284 1.1 tteras * src/racoon/admin.h: make sure no / will be missing in adminsock path 1285 1.1 tteras 1286 1.1 tteras --------------------------------------------- 1287 1.1 tteras 1288 1.1 tteras Branch for 0.5 created (ipsec-tools-0_5-branch) 1289 1.1 tteras 1290 1.1 tteras 2004-12-23 Yvan Vanhullebus <vanhu (a] free.fr> 1291 1.1 tteras 1292 1.1 tteras * src/racoon/crypto_openssl.c: Indentation 1293 1.1 tteras 1294 1.1 tteras 2004-12-28 Yvan Vanhullebus <vanhu (a] free.fr> 1295 1.1 tteras 1296 1.1 tteras * src/racoon/crypto_openssl.c: Fixed eay_get_x509subjectaltname() 1297 1.1 tteras when getting an IP (Bug # 1092095) 1298 1.1 tteras 1299 1.1 tteras 1300 1.1 tteras 2004-12-26 Emmanuel Dreyfus <manu (a] netbsd.org> 1301 1.1 tteras 1302 1.1 tteras * src/racoon/session.c: remove outdated comment 1303 1.1 tteras 1304 1.1 tteras --------------------------------------------- 1305 1.1 tteras 1306 1.1 tteras 0.5.beta2 released 1307 1.1 tteras 1308 1.1 tteras 2004-12-21 Michal Ludvig <michal (a] logix.cz> 1309 1.1 tteras 1310 1.1 tteras * src/racoon/pfkey.c: Fix AES vs Rijndael defines. 1311 1.1 tteras 1312 1.1 tteras 2004-12-20 Yvan Vanhullebus <vanhu (a] free.fr> 1313 1.1 tteras 1314 1.1 tteras * configure.ac, src/racoon/isakmp.c, src/racoon/pfkey.c: 1315 1.1 tteras Some FreeBSD / NATT support. 1316 1.1 tteras 1317 1.1 tteras 2004-12-17 Emmanuel Dreyfus <manu (a] netbsd.org> 1318 1.1 tteras 1319 1.1 tteras * src/racoon/isakmp.c: only IPv4 NAT-T is supported, so skip IPv6 here. 1320 1.1 tteras * src/racoon/pfkey.c: Restore AES support on NetBSD. 1321 1.1 tteras 1322 1.1 tteras 2004-12-17 Yvan Vanhullebus <vanhu (a] free.fr> 1323 1.1 tteras 1324 1.1 tteras * src/racoon/crypto_openssl.c: Uses sprintf() instead of 1325 1.1 tteras asprintf() in eay_get_x509subjectaltname(), because of some 1326 1.1 tteras compilation problems reported with asprintf() on some platforms. 1327 1.1 tteras * src/racoon/oakley.c: just take the first cert in 1328 1.1 tteras oakley_savecert() if cert ID check is disabled. 1329 1.1 tteras 1330 1.1 tteras 2004-12-16 Emmanuel Dreyfus <manu (a] netbsd.org> 1331 1.1 tteras 1332 1.1 tteras * src/racoon/crypto_openssl.c: Build again on NetBSD 1333 1.1 tteras * src/racoon/samples/roadwarrior/server/racoon 1334 1.1 tteras src/racoon/samples/roadwarrior/server/racoon.conf-radius 1335 1.1 tteras src/racoon/samples/roadwarrior/README: Use DPD in sample files. 1336 1.1 tteras 1337 1.1 tteras 2004-12-16 Yvan Vanhullebus <vanhu (a] free.fr> 1338 1.1 tteras 1339 1.1 tteras * src/racoon/crypto_openssl.c: Fixed eay_get_x509subjectaltname() 1340 1.1 tteras when SubjectAltName contains an IP. OpenSSL code from Ludovic 1341 1.1 tteras Flament (ludovic.flament (a] free.fr). 1342 1.1 tteras 1343 1.1 tteras --------------------------------------------- 1344 1.1 tteras 1345 1.1 tteras 0.5.beta1 released 1346 1.1 tteras 1347 1.1 tteras 2004-12-13 Michal Ludvig <mludvig (a] suse.cz> 1348 1.1 tteras 1349 1.1 tteras From Ganesan R <rganesan (a] users.sourceforge.net>: 1350 1.1 tteras * src/racoon/Makefile.am, src/setkey/Makefile.am: Fix compilation 1351 1.1 tteras with shared libraries. 1352 1.1 tteras 1353 1.1 tteras 2004-12-10 Yvan Vanhullebus <vanhu (a] free.fr> 1354 1.1 tteras 1355 1.1 tteras * src/racoon/oakley.c: takes the first certificate which matches 1356 1.1 tteras the Identity, instead of just taking the first certificate. 1357 1.1 tteras 1358 1.1 tteras 2004-12-07 Yvan Vanhullebus <vanhu (a] free.fr> 1359 1.1 tteras 1360 1.1 tteras * src/racoon/isakmp_inf.c: Set spi_size for R-U-THERE/R-U-THERE-ACK. 1361 1.1 tteras 1362 1.1 tteras 2004-12-04 Aidas Kasparas <a.kasparas (a] gmc.lt> 1363 1.1 tteras 1364 1.1 tteras * src/libipsec/pfkey_dump.c: distinguish per-socket policies from 1365 1.1 tteras general ones (Linux case); 1366 1.1 tteras * src/racoon/pfkey.c: dito, do not negotiate policies if racoon 1367 1.1 tteras do not listen on out tunnel's source address. 1368 1.1 tteras 1369 1.1 tteras 2004-12-01 Yvan Vanhullebus <vanhu (a] free.fr> 1370 1.1 tteras 1371 1.1 tteras * src/racoon/isakmp_agg.c: code cleanup in NATT / DPD VIDs 1372 1.1 tteras generation in r1send() 1373 1.1 tteras 1374 1.1 tteras 2004-12-01 Yvan Vanhullebus <vanhu (a] free.fr> 1375 1.1 tteras 1376 1.1 tteras * src/racoon/remoteconf.{c|h}: DPD support option (enabled by default) 1377 1.1 tteras * src/racoon/{cfparse.y|cftoken.l}: DPD token, yyerror if DPD 1378 1.1 tteras parameters but compiled without ENABLE_DPD 1379 1.1 tteras * src/racoon/isakmp_{agg|ident}.c: Send DPD VID only if DPD 1380 1.1 tteras support activated in configuration 1381 1.1 tteras 1382 1.1 tteras 2004-11-30 Emmanuel Dreyfus <manu (a] netbsd.org> 1383 1.1 tteras 1384 1.1 tteras * src/racoon{evt.c|evt.h|admin.c}: init event queue at compile time, 1385 1.1 tteras to avoid garbage pointer if admin port is disabled. 1386 1.1 tteras * src/racoon/{throttle.c|throttle.h}: new files 1387 1.1 tteras src/racoon/{Makefile.am|isakmp_cfg.c|isakmp_xauth.c|racoon.conf.5} 1388 1.1 tteras configure.ac: Add a per-host throttling count. When throttling, 1389 1.1 tteras don't sleep, schedule the answer for later instead. 1390 1.1 tteras * src/racoon/kmpstat.c: default with no hexdump of the packet 1391 1.1 tteras * src/racoon/admin.c: don't remove admin socket after first request, 1392 1.1 tteras on the other hand remove on startup stale sockets left by 1393 1.1 tteras crashed racoon. 1394 1.1 tteras * src/racoon/samples/roadwarrior/README 1395 1.1 tteras src/racoon/kmpstat.c: fix option parsing problem on Linux 1396 1.1 tteras 1397 1.1 tteras 2004-11-29 Yvan Vanhullebus <vanhu (a] free.fr> 1398 1.1 tteras 1399 1.1 tteras * src/racoon/session.c: Only listen on pfkey socket when received 1400 1.1 tteras shutdown signal 1401 1.1 tteras 1402 1.1 tteras 2004-11-28 Emmanuel Dreyfus <manu (a] netbsd.org> 1403 1.1 tteras 1404 1.1 tteras * src/racoon/{cfparse.y|cftoken.l|isakmp_cfg.c|isakmp_cfg.h} 1405 1.1 tteras src/racoon/{isakmp_xauth.c|racoon.conf.5}: Add a one second throttle 1406 1.1 tteras on each Xauth authentication to avoid brute force attacks 1407 1.1 tteras 1408 1.1 tteras 2004-11-24 Emmanuel Dreyfus <manu (a] netbsd.org> 1409 1.1 tteras 1410 1.1 tteras * src/racoon/samples/roadwarrior/README 1411 1.1 tteras src/racoon/samples/roadwarrior/client{phase1-up.sh|phase1-down.sh} 1412 1.1 tteras src/racoon/samples/roadwarrior/client/{racoon.conf|racoon.conf-radius} 1413 1.1 tteras src/racoon/samples/roadwarrior/server/{racoon.conf|phase1-down.sh}: 1414 1.1 tteras Fill Linux gaps for hybrid auth client, Replace public IP by 1415 1.1 tteras private and example IP in the sample config files. 1416 1.1 tteras 1417 1.1 tteras 2004-11-24 Emmanuel Dreyfus <manu (a] netbsd.org> 1418 1.1 tteras 1419 1.1 tteras DPD patch from Yvan Vanhullebus <vanhu (a] free.fr> 1420 1.1 tteras * src/racoon/cfparse.y: missing bits for DPD support 1421 1.1 tteras 1422 1.1 tteras 2004-11-23 Aidas Kasparas <a.kasparas (a] gmc.lt> 1423 1.1 tteras 1424 1.1 tteras * src/setkey/parse.y: generate require fwd policies for unique in 1425 1.1 tteras policies. 1426 1.1 tteras * src/setkey/setkey.c: made -r/-k options awailable only when 1427 1.1 tteras system has FWD policies. 1428 1.1 tteras * src/setkey/setkey.8: updated docs about change above. 1429 1.1 tteras 1430 1.1 tteras 2004-11-22 Michal Ludvig <mludvig (a] suse.cz> 1431 1.1 tteras 1432 1.1 tteras * src/racoon/{admin.c,pfkey.c}: Wrap adminport-parts to 1433 1.1 tteras #ifdef ENABLE_ADMINPORT/#endif. 1434 1.1 tteras 1435 1.1 tteras 2004-11-22 Michal Ludvig <mludvig (a] suse.cz> 1436 1.1 tteras 1437 1.1 tteras Revert these changes (ludvigm, 2004-11-18): 1438 1.1 tteras * src/racoon/Makefile.am: install sample racoon.conf and psk.txt. 1439 1.1 tteras * src/setkey/Makefile.am: Install setkey.conf. 1440 1.1 tteras 1441 1.1 tteras 2004-11-22 Emmanuel Dreyfus <manu (a] netbsd.org> 1442 1.1 tteras 1443 1.1 tteras * src/raccon/{isakmp_cfg.c|isakmp_cfg.h|isakmp_xauth.c}: defer phase 1 1444 1.1 tteras removal so that it's not used after been deleted. 1445 1.1 tteras * src/racoon/{evt.h|isakmp.c|isakmp_agg.c|isakmp_base.c|session.c} 1446 1.1 tteras src/racoon/{isakmp_ident.c|isakmp_inf.c|kmpstat.c}: report more 1447 1.1 tteras errors to racoonctl 1448 1.1 tteras 1449 1.1 tteras 2004-11-21 Emmanuel Dreyfus <manu (a] netbsd.org> 1450 1.1 tteras 1451 1.1 tteras * src/racoon/doc/FAQ: NAT-T kernel patch for NetBSD is now on 1452 1.1 tteras the ipsec-tools web site 1453 1.1 tteras * src/racoon/{kmpstat.c|racoonctl.8}: New racoonctl command to 1454 1.1 tteras display all events reported by racoon: show-event 1455 1.1 tteras * src/racoon/isakmp_cfg.c: don't send ISAKMP mode config message 1456 1.1 tteras with immature or dying phase 1 1457 1.1 tteras * src/racoon/kmpstat.c: racoonctl vd awaits phase 1 to get down 1458 1.1 tteras 1459 1.1 tteras 2004-11-20 Emmanuel Dreyfus <manu (a] netbsd.org> 1460 1.1 tteras 1461 1.1 tteras * src/racoon/isakmp_agg.c: for hybrid auth client, advertise ourself 1462 1.1 tteras as Unity compliant. 1463 1.1 tteras * src/racoon/{evt.c|evt.h}: new files 1464 1.1 tteras src/racoon/{Makefile.am|admin.c|admin.h|isakmp.c|isakmp_cfg.c} 1465 1.1 tteras src/racoon/{isakmp_xauth.c|kmpstat.c|pfkey.c}: framework for 1466 1.1 tteras event reporting from racoon to racoonctl 1467 1.1 tteras 1468 1.1 tteras 2004-11-20 Aidas Kasparas <a.kasparas (a] gmc.lt> 1469 1.1 tteras 1470 1.1 tteras * src/racoon/grabmyaddr.c: Prevent doubling addresses and error messages 1471 1.1 tteras when racoon is compiled with INET6 support and kernel is not. 1472 1.1 tteras Fixed with help of Zilvinas Valinskas. 1473 1.1 tteras * src/racoon/{var.h|sockmisc.c}: Fixed compilation with gcc-3.4.2+ 1474 1.1 tteras problem. 1475 1.1 tteras 1476 1.1 tteras 2004-11-19 Emmanuel Dreyfus <manu (a] netbsd.org> 1477 1.1 tteras 1478 1.1 tteras * src/racoon/doc/FAQ: more options and warn about software patents. 1479 1.1 tteras 1480 1.1 tteras 2004-11-18 Emmanuel Dreyfus <manu (a] netbsd.org> 1481 1.1 tteras 1482 1.1 tteras * src/racoon/vmbuf.c: don't allocate zero-length buffer 1483 1.1 tteras * src/racoon/samples/roadwarrior/client/phase1-down.sh 1484 1.1 tteras src/racoon/samples/roadwarrior/server/phase1-down.sh: Also 1485 1.1 tteras flush SAD when disconnecting. 1486 1.1 tteras * src/racoon/admin.c: Send a notification when deleting ISAKMP SA 1487 1.1 tteras * src/racoon/samples/roadwarrior/README: accomodate the recent 1488 1.1 tteras sysconfdir change 1489 1.1 tteras 1490 1.1 tteras 2004-11-18 Michal Ludvig <mludvig (a] suse.cz> 1491 1.1 tteras 1492 1.1 tteras * src/racoon/Makefile.am: Fix adminsocket dir, install sample 1493 1.1 tteras racoon.conf and psk.txt. 1494 1.1 tteras * src/racoon/localconf.h: Look for racoon.conf in $(SYSCONFDIR), 1495 1.1 tteras not $(SYSCONFDIR)/racoon. 1496 1.1 tteras * src/racoon/algorithm.h, src/racoon/eaytest.c, 1497 1.1 tteras src/racoon/schedule.h, src/racoon/gnuc.h: Build fixes for really 1498 1.1 tteras strict environments. 1499 1.1 tteras * src/setkey/setkey.conf: Yet another sample config file. 1500 1.1 tteras * src/setkey/Makefile.am: Install setkey.conf. 1501 1.1 tteras * rpm/suse/{ipsec-tools.spec.in,sysconfig.racoon,racoon.init}: New 1502 1.1 tteras files. 1503 1.1 tteras * rpm/suse/{Makefile.am,.cvsignore}: New files. 1504 1.1 tteras * configure.ac, rpm/Makefile.am: Build in rpm/suse. 1505 1.1 tteras 1506 1.1 tteras 2004-11-17 Aidas Kasparas <a.kasparas (a] gmc.lt> 1507 1.1 tteras 1508 1.1 tteras * configure.ac: paste bugfix by Zilvinas Valinskas 1509 1.1 tteras * src/racon/{isakmp_quick.c|policy.c|strnames.c}: fwd policy support 1510 1.1 tteras for generated policies. Path by Patrick McHardy. 1511 1.1 tteras 1512 1.1 tteras 2004-11-16 Emmanuel Dreyfus <manu (a] netbsd.org> 1513 1.1 tteras 1514 1.1 tteras * src/racoon/racoonctl.8: racoonctl man page (new file) 1515 1.1 tteras 1516 1.1 tteras 2004-11-16 Emmanuel Dreyfus <manu (a] netbsd.org> 1517 1.1 tteras 1518 1.1 tteras From Ganesan <rganesan (a] users.sourceforge.net> 1519 1.1 tteras * src/racoon/ipsec_doi.c: fix free'd memory access 1520 1.1 tteras 1521 1.1 tteras 2004-11-16 Michal Ludvig <mludvig (a] suse.cz> 1522 1.1 tteras 1523 1.1 tteras DPD patch from Yvan Vanhullebus <vanhu (a] free.fr> 1524 1.1 tteras * configure.ac, src/racoon/cfparse.y, src/racoon/cftoken.l, 1525 1.1 tteras src/racoon/handler.c, src/racoon/handler.h, 1526 1.1 tteras src/racoon/isakmp.c, src/racoon/isakmp.h, 1527 1.1 tteras src/racoon/isakmp_agg.c, src/racoon/isakmp_ident.c, 1528 1.1 tteras src/racoon/isakmp_inf.c, src/racoon/isakmp_inf.h, 1529 1.1 tteras src/racoon/racoon.conf.5 src/racoon/remoteconf.c, 1530 1.1 tteras src/racoon/remoteconf.h, src/racoon/vendorid.c, 1531 1.1 tteras src/racoon/vendorid.h: Dead Peer Detection (DPD) support. 1532 1.1 tteras 1533 1.1 tteras 2004-11-16 Michal Ludvig <mludvig (a] suse.cz> 1534 1.1 tteras 1535 1.1 tteras * configure.ac: Remove a bash-specific construction, take II. 1536 1.1 tteras * src/racoon/grabmyaddr.c: FreeBSD fix for headers. 1537 1.1 tteras 1538 1.1 tteras 2004-11-15 Michal Ludvig <mludvig (a] suse.cz> 1539 1.1 tteras 1540 1.1 tteras * configure.ac: Use correct include paths during ./configure run. 1541 1.1 tteras * src/racoon/Makefile.am: Compile cftoken.l from $(srcdir), 1542 1.1 tteras remove samples/racoon.conf.sample-cvpn, added samples/roadwarrior 1543 1.1 tteras (hint, hint, manu :-)) 1544 1.1 tteras 1545 1.1 tteras 2004-11-15 Emmanuel Dreyfus <manu (a] netbsd.org> 1546 1.1 tteras 1547 1.1 tteras * README: update the docs 1548 1.1 tteras * src/racoon/doc/FAQ: update the docs 1549 1.1 tteras * configure.ac: Remove a bash-specific construction 1550 1.1 tteras 1551 1.1 tteras 2004-11-14 Aidas Kasparas <a.kasparas (a] gmc.lt> 1552 1.1 tteras 1553 1.1 tteras * src/racoon/cfparse.y: ensure that returns from rules are 1554 1.1 tteras initialized even on erroneous config file. 1555 1.1 tteras * src/racoon/admin_var.h: changed management socket location 1556 1.1 tteras * src/racoon/Makefile.am: ditto, added rule to install directory 1557 1.1 tteras for management socket. 1558 1.1 tteras * src/setkey/{setkey.c|parse.y}: introduced rfc/kernel modes, 1559 1.1 tteras added generation of fwd policies for every in policy spdadd'ed. 1560 1.1 tteras * src/setkey/setkey.8,src/libipsec/ipsec_set_policy.3: updated docs 1561 1.1 tteras * src/setkey/policy_token.l: return something reasonable when 1562 1.1 tteras fwd direction is parsed on systems with no forward policy 1563 1.1 tteras support. 1564 1.1 tteras 1565 1.1 tteras 2004-11-14 Emmanuel Dreyfus <manu (a] netbsd.org> 1566 1.1 tteras 1567 1.1 tteras * src/racoon/isakmp.c: avoid a double free when using IKE fragmentation 1568 1.1 tteras * src/racoon/{backupsa.c|ipsec_doi.c|localconf.c|str2val.c} 1569 1.1 tteras src/{libipsec/key_debug.c|setkey/parse.y}: fix build warnings 1570 1.1 tteras * configure.ac src/racoon/{admin.c|admin_var.h} 1571 1.1 tteras src/racoon/racoon.conf.5 src/racoon/samples/roadwarrior/README 1572 1.1 tteras src/racoon/samples/roadwarrior/client/racoon.conf: make the default 1573 1.1 tteras mode for the admin socket more secure. 1574 1.1 tteras 1575 1.1 tteras 2004-11-13 Emmanuel Dreyfus <manu (a] netbsd.org> 1576 1.1 tteras 1577 1.1 tteras * src/racoon/{cfparse.y|remoteconf.c|crypto_openssl.c|crypto_openssl.h} 1578 1.1 tteras src/racoon/{eaytest.c|oakley.c|racoon.conf.5|cftoken.l|remoteconf.h} 1579 1.1 tteras src/racoon/samples/roadwarrior/README 1580 1.1 tteras src/racoon/samples/roadwarrior/client/racoon.conf: Make the root 1581 1.1 tteras certificate authority location per-peer and configurable. 1582 1.1 tteras * src/racoon/isakmp_frag.c: fix unallocated memory access 1583 1.1 tteras * src/racoon/isakmp_agg.c: fix incorrect queue deallocation 1584 1.1 tteras * src/racoon/remoteconf.c: fix uninitialized data 1585 1.1 tteras * src/racoon/{admin.c|isakmp_xauth.c}: fix free'ed memory access 1586 1.1 tteras 1587 1.1 tteras 2004-11-12 Emmanuel Dreyfus <manu (a] netbsd.org> 1588 1.1 tteras 1589 1.1 tteras * src/racoon/{Makefile.am|kmpstat.c}: Make racoonctl vc and vd 1590 1.1 tteras commands IPv6 friendly. 1591 1.1 tteras * src/racoon/{admin.c|admin.h|handler.c|handler.h|kmpstat.c}: 1592 1.1 tteras Add an admin message to flush all the SA for a given peer. 1593 1.1 tteras Convert racoonctl vd to use it. 1594 1.1 tteras * src/racoon/{admin.c|kmpstat.c|cftoken.l|cfparse.y} 1595 1.1 tteras src/racoon/{admin_var.h|admin.h|raccon.conf.5}: Enable the 1596 1.1 tteras administrator to choose the admin socket path, ownership and mode. 1597 1.1 tteras * src/racoon/sample/roadwarrior: complete config files for 1598 1.1 tteras road warriors using hybrid authentication. 1599 1.1 tteras 1600 1.1 tteras 2004-11-12 Michal Ludvig <mludvig (a] suse.cz> 1601 1.1 tteras 1602 1.1 tteras * configure.ac: Config option --enable-natt=kernel 1603 1.1 tteras * src/racoon/Makefile.am: Distribute only yacc/lex source files, 1604 1.1 tteras not the preprocessed .c files. 1605 1.1 tteras 1606 1.1 tteras 2004-11-11 Emmanuel Dreyfus <manu (a] netbsd.org> 1607 1.1 tteras 1608 1.1 tteras * src/racoon/samples/racoon.conf.sample-cvpn: more complete setup 1609 1.1 tteras and comments in the VPN concentrator setup for the Cisco VPN client 1610 1.1 tteras * src/racoon/racoon.conf.5: fix documentation 1611 1.1 tteras * src/racoon/isakmp_cfg.c: get the internal IPv4 address in script 1612 1.1 tteras hooks event if we are a server. 1613 1.1 tteras 1614 1.1 tteras 2004-11-10 Emmanuel Dreyfus <manu (a] netbsd.org> 1615 1.1 tteras 1616 1.1 tteras * src/racoon/{ipsec_doi.c|remoteconf.c}: fix LP64 problems 1617 1.1 tteras 1618 1.1 tteras 2004-11-09 Michal Ludvig <mludvig (a] suse.cz> 1619 1.1 tteras 1620 1.1 tteras * Makefile.am: Remove aclocal-related lines. 1621 1.1 tteras * src/racoon/Makefile.am: Add isakmp_frag.h into noints_HEADERS 1622 1.1 tteras * configure.ac: Cleanup, define INET6 if IPv6 shoud be supported, 1623 1.1 tteras better handling of KRB5 and NAT-T. 1624 1.1 tteras * src/racoon/{isakmp_cfg.c,isakmp_frag.c,isakmp_unity.c}: Make 1625 1.1 tteras FreeBSD happy with includes (Arrgh...&^#$^@!!!) 1626 1.1 tteras 1627 1.1 tteras 2004-11-08 Michal Ludvig <mludvig (a] suse.cz> 1628 1.1 tteras 1629 1.1 tteras * src/libipsec/policy_parse.y: Define INT32_MAX/INT32_MIN. 1630 1.1 tteras * src/libipsec/policy_token.l, src/racoon/kmpstat.c, 1631 1.1 tteras src/racoon/{pfkey.c,prsa_par.y,rsalist.c,token.l}: Small 1632 1.1 tteras fixes to support FreeBSD (tested with 4.10). 1633 1.1 tteras 1634 1.1 tteras 2004-11-05 Michal Ludvig <mludvig (a] suse.cz> 1635 1.1 tteras 1636 1.1 tteras * configure.ac: Add --with-readline switch. 1637 1.1 tteras * src/setkey/setkey.c(stdin_loop): Fix newlines and comments 1638 1.1 tteras when compiled without readline. 1639 1.1 tteras 1640 1.1 tteras 2004-11-01 Aidas Kasparas <a.kasparas (a] gmc.lt> 1641 1.1 tteras 1642 1.1 tteras * src/racoon/isakmp_quick.c: generated policy refresh patch 1643 1.1 tteras by Yvan Vanhullebus 1644 1.1 tteras 1645 1.1 tteras 2004-10-29 Michal Ludvig <mludvig (a] suse.cz> 1646 1.1 tteras 1647 1.1 tteras * configure.ac: Check for IPSEC_DIR_FWD and eventually define 1648 1.1 tteras HAVE_POLICY_FWD. 1649 1.1 tteras * src/libipsec/{ipsec_dump_policy.c,policy_token.l}: Use 1650 1.1 tteras HAVE_POLICY_FWD in ifdefs. 1651 1.1 tteras * NEWS: Mention the fix. 1652 1.1 tteras * src/racoon/kmpstat.c: Fix compilation on Linux. 1653 1.1 tteras * src/racoon/ipsec_doi.h: Ditto. 1654 1.1 tteras * src/racoon/Makefile.am, src/setkey/Makefile.am: Update 1655 1.1 tteras explicit dependencies. 1656 1.1 tteras 1657 1.1 tteras 2004-10-29 Emmanuel Dreyfus <manu (a] netbsd.org> 1658 1.1 tteras 1659 1.1 tteras * src/racoon/{isakmp_cfg.h,grabmyaddr.c,handler.c,handler.h}: 1660 1.1 tteras do not reconfigure internal addresses obtained through ISAKMP 1661 1.1 tteras mode config. 1662 1.1 tteras * src/racoon/{isakmp.c,isakmp_cfg.c,isakmp_xauth.c}: On authentication 1663 1.1 tteras failure, kill the phase 1 and log the failure. Do not run the sa_up 1664 1.1 tteras script in this case. 1665 1.1 tteras * src/racoon/{admin.c,admin.h,isakmp_xauth.c,kmpstat.c,remoteconf.h}: 1666 1.1 tteras Add -u user to racoonctl establish-sa, prompt for the PSK from 1667 1.1 tteras the terminal, and add a vpn-connect target with simplified syntax 1668 1.1 tteras for establishing a SA in the road warrior case. 1669 1.1 tteras * src/racoon/{admin.c,kmpstat.c}: implement delete-sa and 1670 1.1 tteras vpn-disconnect commands of racoonctl 1671 1.1 tteras * src/racoon/{cfparse.y,cftoken.l,handler.c,isakmp.c,isakmp_cfg.c} 1672 1.1 tteras src/racoon/{isakmp_var.h,racoon.conf.5,remoteconf.c,remoteconf.h}: 1673 1.1 tteras Remove sa_up and sa_down and replace them by a more general 1674 1.1 tteras script hook framework. 1675 1.1 tteras 1676 1.1 tteras 2004-10-27 Emmanuel Dreyfus <manu (a] netbsd.org> 1677 1.1 tteras 1678 1.1 tteras * src/racoon/nattraversal.c: Use macros instead of magic numbers 1679 1.1 tteras * src/racoon/kmpstat.c: pull up fixes from KAME so that racoonctl 1680 1.1 tteras can actually establish a SA 1681 1.1 tteras * src/racoon/{cfparse.y,cftoken.l,handler.c,isakmp.c,isakmp_cfg.c} 1682 1.1 tteras src/racoon/{isakmp_var.h,racoon.conf.5,remoteconf.c,remoteconf.h}: 1683 1.1 tteras Shell script hooks for ISAKMP SA creation and removal 1684 1.1 tteras 1685 1.1 tteras 2004-10-26 Emmanuel Dreyfus <manu (a] netbsd.org> 1686 1.1 tteras 1687 1.1 tteras * src/racoon/rfc/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt: removed 1688 1.1 tteras src/racoon/rfc/draft-ietf-ipsec-isakmp-mode-cfg-04.txt: removed 1689 1.1 tteras src/racoon/rfc/draft-beaulieu-ike-xauth-02.txt: new file 1690 1.1 tteras src/racoon/rfc/draft-dukes-ike-mode-cfg-02.txt: new file 1691 1.1 tteras Update to the latest drafts 1692 1.1 tteras 1693 1.1 tteras 2004-10-25 Emmanuel Dreyfus <manu (a] netbsd.org> 1694 1.1 tteras 1695 1.1 tteras * src/racoon/rfc/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt: new file 1696 1.1 tteras src/racoon/rfc/draft-ietf-ipsec-isakmp-mode-cfg-04.txt: new file 1697 1.1 tteras src/racoon/rfc/draft-ietf-ipsec-isakmp-xauth-07.txt: new file 1698 1.1 tteras drafts documenting ISAKMP mode config, Xauth and hybrid auth 1699 1.1 tteras * src/racoon/cftoken.l: fix build problem, add an error message 1700 1.1 tteras when using hybrid auth options while hybrid auth is not built 1701 1.1 tteras * src/racoon/isakmp_cfg.c: build without RADIUS support too 1702 1.1 tteras 1703 1.1 tteras 2004-10-24 Emmanuel Dreyfus <manu (a] netbsd.org> 1704 1.1 tteras 1705 1.1 tteras * src/racoon/{algorithm.c,algorithm.h,cfparse.y,cftoken.l} 1706 1.1 tteras src/racoon/{ipsec_doi.c,ipsec_doi.h,isakmp.c,isakmp_agg.c} 1707 1.1 tteras src/racoon/{isakmp_cfg.c,isakmp_cfg.h,isakmp_xauth.c,isakmp_xauth.h} 1708 1.1 tteras src/racoon/{oakley.c,oakley.h,racoon.conf.5} 1709 1.1 tteras src/racoon/{remoteconf.c,remoteconf.h,strnames.c}: Client side 1710 1.1 tteras of hybrid auth and ISAKMP mode config 1711 1.1 tteras 1712 1.1 tteras 2004-10-24 Emmanuel Dreyfus <manu (a] netbsd.org> 1713 1.1 tteras 1714 1.1 tteras * src/racoon/{cfparse.y,cftoken.l,handler.h,isakmp.c} 1715 1.1 tteras src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_frag.c,isakmp_frag.h} 1716 1.1 tteras src/racoon/{isakmp_inf.c,racoon.conf.5,remoteconf.c,remoteconf.h}: 1717 1.1 tteras Receiver-side of IKE fragmentation 1718 1.1 tteras 1719 1.1 tteras 2004-10-24 Emmanuel Dreyfus <manu (a] netbsd.org> 1720 1.1 tteras 1721 1.1 tteras * src/racoon/isakmp_cfg.c: Fix read buffer overflow 1722 1.1 tteras * src/racoon/isakmp_xauth.c: Fix weak authentication 1723 1.1 tteras * src/racoon/{oakley.c,oakley.h}: Fix weak authentication 1724 1.1 tteras 1725 1.1 tteras 2004-10-21 Michal Ludvig <mludvig (a] suse.cz> 1726 1.1 tteras 1727 1.1 tteras From Emmanuel Dreyfus: 1728 1.1 tteras * src/racoon/{isakmp_frag.c,isakmp_frag.h}: New files. 1729 1.1 tteras * src/racoon/isakmp_cfg.c: Fix endianness. 1730 1.1 tteras 1731 1.1 tteras 2004-10-20 Michal Ludvig <mludvig (a] suse.cz> 1732 1.1 tteras 1733 1.1 tteras From Emmanuel Dreyfus: 1734 1.1 tteras * src/racoon/{cfparse.y,cftoken.l,handler.c}, 1735 1.1 tteras src/racoon/{isakmp_cfg.c,isakmp_cfg.h,isakmp_xauth.c}, 1736 1.1 tteras src/racoon/racoon.conf.5: RADIUS IP addresses allocation 1737 1.1 tteras and RADIUS accounting. 1738 1.1 tteras * configure.ac, 1739 1.1 tteras src/racoon/{Makefile.am,handler.h,isakmp.c,isakmp.h}, 1740 1.1 tteras src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_inf.c}, 1741 1.1 tteras src/racoon/{vendorid.c,vendorid.h}: IKE Fragmentation patch. 1742 1.1 tteras 1743 1.1 tteras 2004-10-08 Michal Ludvig <mludvig (a] suse.cz> 1744 1.1 tteras 1745 1.1 tteras * src/racoon/isakmp_cfg.c: Fixes from Emmanuel Dreyfus. 1746 1.1 tteras 1747 1.1 tteras 2004-10-06 Aidas Kasparas <a.kasparas (a] gmc.lt> 1748 1.1 tteras 1749 1.1 tteras * src/racoon/remoteconf.c: dupidvl(), dupetypes() - new functions 1750 1.1 tteras to duplicate dynamically allocatd structures; duprmconf() - call 1751 1.1 tteras these functions to produce private copy of inherited id and etype 1752 1.1 tteras structures. 1753 1.1 tteras * src/racoon/remoteconf.c: declaration for dupetypes(). 1754 1.1 tteras 1755 1.1 tteras 2004-10-04 Aidas Kasparas <a.kasparas (a] gmc.lt> 1756 1.1 tteras 1757 1.1 tteras * src/racoon/cfparse.y: check inherited_from dereferencing 1758 1.1 tteras * src/racoon/crypto_openssl.c: prevent crash on incorect DNs 1759 1.1 tteras 1760 1.1 tteras 2004-09-27 Michal Ludvig <mludvig (a] suse.cz> 1761 1.1 tteras 1762 1.1 tteras From KOVACS Krisztian <hidden (a] balabit.hu>: 1763 1.1 tteras * src/racoon/sockmisc.c(sendfromto): Set src address. 1764 1.1 tteras 1765 1.1 tteras 2004-09-24 Aidas Kasparas <a.kasparas (a] gmc.lt> 1766 1.1 tteras 1767 1.1 tteras * configure.ac: added check for linux-gnu, as my box reports 1768 1.1 tteras * src/racoon/grabmyaddr.c: added missing <linux/types.h> include 1769 1.1 tteras 1770 1.1 tteras 2004-09-21 Michal Ludvig <mludvig (a] suse.cz> 1771 1.1 tteras 1772 1.1 tteras Merged 'autoconf' branch to mainline: 1773 1.1 tteras * .cvsignore, ChangeLog, Makefile.am, bootstrap, configure.ac, 1774 1.1 tteras src/racoon/.cvsignore, src/racoon/cfparse.y, 1775 1.1 tteras src/racoon/crypto_openssl.c, src/racoon/crypto_openssl.h, 1776 1.1 tteras src/racoon/ipsec_doi.c, src/racoon/isakmp.c, 1777 1.1 tteras src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, 1778 1.1 tteras src/racoon/isakmp_cfg.c, src/racoon/isakmp_ident.c, 1779 1.1 tteras src/racoon/isakmp_unity.c, src/racoon/main.c, 1780 1.1 tteras src/racoon/nattraversal.c, src/racoon/oakley.c, 1781 1.1 tteras src/racoon/oakley.h, src/racoon/sockmisc.c, 1782 1.1 tteras src/racoon/missing/crypto/sha2/sha2.c: Modified (see ChangeLog 1783 1.1 tteras in 'autoconf' branch for details). 1784 1.1 tteras * acracoon.m4, src/racoon/Makefile.am: New files. 1785 1.1 tteras * src/racoon/Makefile.in, src/racoon/aclocal.m4, 1786 1.1 tteras src/racoon/client-puzzle.c, src/racoon/config.guess, 1787 1.1 tteras src/racoon/config.sub, src/racoon/configure.in, 1788 1.1 tteras src/racoon/install-sh, src/racoon/doc/SantaBarbara-result.jp, 1789 1.1 tteras src/racoon/doc/helsinki-result.jp, src/racoon/doc/ibm-result.jp, 1790 1.1 tteras src/racoon/doc/pattern, src/racoon/doc/question, 1791 1.1 tteras src/racoon/doc/racoonquestion.sh, src/racoon/doc/redmond.txt, 1792 1.1 tteras src/racoon/doc/rules.jp, src/racoon/doc/sandiego-result.en, 1793 1.1 tteras src/racoon/doc/sandiego-result.jp, 1794 1.1 tteras src/racoon/doc/sandiego0009-result.en, 1795 1.1 tteras src/racoon/missing/addrinfo.h, src/racoon/missing/getaddrinfo.c, 1796 1.1 tteras src/racoon/missing/getnameinfo.c, src/racoon/samples/Makefile, 1797 1.1 tteras src/racoon/samples/sandiego.pl: Removed. 1798 1.1 tteras 1799 1.1 tteras 2004-09-17 Michal Ludvig <mludvig (a] suse.cz> 1800 1.1 tteras 1801 1.1 tteras * src/racoon/vendorid.[ch]: Rewrote the VendorID handling. 1802 1.1 tteras We don't use the array with fixed offsets anymore, instead 1803 1.1 tteras a generally unordered structure with ID, string and 1804 1.1 tteras precomputed MD5 hashes. 1805 1.1 tteras * src/racoon/{isakmp_agg.c,isakmp_base.c,isakmp_ident.c}, 1806 1.1 tteras src/racoon/nattraversal.c: Updated to the new VID model. 1807 1.1 tteras * src/racoon/main.c(main): Precompute VendorIDs. 1808 1.1 tteras * src/racoon/arc4random.h, src/racoon/missing/arc4random.c: 1809 1.1 tteras Files removed. Function arc4random() renamed to eay_random() 1810 1.1 tteras and moved to crypto_openssl.c. 1811 1.1 tteras * src/racoon/pfkey.c, src/racoon/oakley.c, src/racoon/main.c, 1812 1.1 tteras src/racoon/isakmp.c: Updated to the above change. 1813 1.1 tteras * src/racoon/Makefile.in, src/racoon/configure.in: Remove 1814 1.1 tteras arc4random() from building. 1815 1.1 tteras * src/racoon/crypto_openssl.[ch](eay_random): New function. 1816 1.1 tteras * src/racoon/isakmp_cfg.c, src/racoon/isakmp_unity.c, 1817 1.1 tteras src/racoon/isakmp_xauth.c: Cleaned up headers. 1818 1.1 tteras 1819 1.1 tteras 2004-09-16 Michal Ludvig <mludvig (a] suse.cz> 1820 1.1 tteras 1821 1.1 tteras * src/racoon/crypto_openssl.c (base64_encode): Terminate 1822 1.1 tteras the result with '\0'. 1823 1.1 tteras 1824 1.1 tteras 2004-09-15 Michal Ludvig <mludvig (a] suse.cz> 1825 1.1 tteras 1826 1.1 tteras * configure.ac: How about calling the next version 0.5? 1827 1.1 tteras * src/include-glibc/glibc-bugs.h: Define _XOPEN_SOURCE 1828 1.1 tteras _BSD_SOURCE and don't require <linux/types.h> 1829 1.1 tteras * src/racoon/isakmp_cfg.c, src/racoon/isakmp_unity.c, 1830 1.1 tteras src/racoon/isakmp_xauth.c: Don't include <netkey/key_var.h> 1831 1.1 tteras * src/racoon/Makefile.in: Add new files to distribution. 1832 1.1 tteras * src/racoon/configure.in: Fix linux kernel NATT detection. 1833 1.1 tteras * src/setkey/parse.y: Fix types. 1834 1.1 tteras * src/racoon/backupsa.c, src/racoon/ipsec_doi.c, 1835 1.1 tteras src/racoon/isakmp_inf.c, src/racoon/isakmp_quick.c, 1836 1.1 tteras src/racoon/pfkey.c, src/racoon/remoteconf.c, 1837 1.1 tteras src/racoon/session.c, src/racoon/sockmisc.c: Fix headers 1838 1.1 tteras ordering, use HAVE_NETINET6_IPSEC. 1839 1.1 tteras * src/racoon/isakmp_cfg.c: Use %z for size_t. 1840 1.1 tteras * src/racoon/configure.in: Clean up IPv6 stack check. 1841 1.1 tteras 1842 1.1 tteras 2004-09-15 Michal Ludvig <mludvig (a] suse.cz> 1843 1.1 tteras 1844 1.1 tteras Merged "Hybrid XAUTH" support from Emmanuel Dreyfus: 1845 1.1 tteras * src/racoon/isakmp_cfg.h, src/racoon/isakmp_cfg.c, 1846 1.1 tteras src/racoon/isakmp_unity.c, src/racoon/isakmp_unity.h, 1847 1.1 tteras src/racoon/isakmp_xauth.c, src/racoon/isakmp_xauth.h, 1848 1.1 tteras src/racoon/samples/racoon.conf.sample-cvpn: New files. 1849 1.1 tteras * src/racoon/algorithm.c, src/racoon/algorithm.h, 1850 1.1 tteras src/racoon/cfparse.y, src/racoon/cftoken.l, 1851 1.1 tteras src/racoon/handler.c, src/racoon/handler.h, 1852 1.1 tteras src/racoon/ipsec_doi.c, src/racoon/isakmp.c, 1853 1.1 tteras src/racoon/isakmp.h, src/racoon/isakmp_agg.c, 1854 1.1 tteras src/racoon/isakmp_inf.c, src/racoon/oakley.c, 1855 1.1 tteras src/racoon/oakley.h, src/racoon/strnames.c, 1856 1.1 tteras src/racoon/vendorid.c, src/racoon/vendorid.h: Added 1857 1.1 tteras code for XAUTH support. 1858 1.1 tteras * src/racoon/racoon.conf.5: Documentation for XAUTH. 1859 1.1 tteras * src/racoon/isakmp_base.c, src/racoon/isakmp_ident.c, 1860 1.1 tteras src/racoon/nattraversal.c: Added NATT VID "02\n" 1861 1.1 tteras * src/racoon/configure.in: New config option --enable-hybrid 1862 1.1 tteras 1863 1.1 tteras 2004-09-14 Michal Ludvig <mludvig (a] suse.cz> 1864 1.1 tteras 1865 1.1 tteras * configure.ac: Preset CFLAGS 1866 1.1 tteras * src/racoon/configure.in: Preset LDFLAGS instead of CFLAGS on NetBSD, 1867 1.1 tteras Check if printf() accepts "%z" modifiers. 1868 1.1 tteras * src/racoon/isakmp_agg.c(agg_i1send): Place #endif correctly. 1869 1.1 tteras * src/setkey/parse.y(fix_portstr): Init 'p2'. 1870 1.1 tteras * src/setkey/setkey.c: Add required prototypes. 1871 1.1 tteras 1872 1.1 tteras 2004-09-14 Aidas Kasparas <a.kasparas (a] gmc.lt> 1873 1.1 tteras 1874 1.1 tteras * src/racoon/gssapi.c: sa_len -> sysdep_sa_len. Patch by Andreas. 1875 1.1 tteras 1876 1.1 tteras 2004-09-14 Michal Ludvig <mludvig (a] suse.cz> 1877 1.1 tteras 1878 1.1 tteras * src/racoon/configure.in: Check for NetBSD NAT-T kernel support. 1879 1.1 tteras 1880 1.1 tteras 2004-09-13 Michal Ludvig <mludvig (a] suse.cz> 1881 1.1 tteras 1882 1.1 tteras * src/racoon/configure.in: Check for <openssl/engine.h> 1883 1.1 tteras * src/racoon/crypto_openssl.c: Only use OpenSSL engines if available. 1884 1.1 tteras * src/racoon/plainrsa-gen.c: Ditto. 1885 1.1 tteras 1886 1.1 tteras 2004-09-13 Michal Ludvig <mludvig (a] suse.cz> 1887 1.1 tteras 1888 1.1 tteras NetBSD fixes from Emmanuel Dreyfus <manu (a] netbsd.org>: 1889 1.1 tteras * Makefile.am: build in rpm/ only on Linux 1890 1.1 tteras * configure.ac: Check for netinet6/ipsec.h instead of netinet/ipsec.h 1891 1.1 tteras * src/Makefile.am: Build include-glibc only on Linux 1892 1.1 tteras * src/libipsec/{ipsec_dump_policy.c,ipsec_get_policylen.c, 1893 1.1 tteras ipsec_strerror.c,key_debug.c,pfkey.c,pfkey_dump.c, 1894 1.1 tteras policy_parse.y,policy_token.l,test-policy-priority.c}, 1895 1.1 tteras src/racoon/{cfparse.y,cftoken.l,grabmyaddr.c,isakmp.c, 1896 1.1 tteras nattraversal.c,pfkey.c,plainrsa-gen.c,policy.c, 1897 1.1 tteras proposal.c,sainfo.c,schedule.c,strnames.c}, 1898 1.1 tteras src/setkey/{parse.y,setkey.c,token.l}: Fix headers and some 1899 1.1 tteras ifdefs. 1900 1.1 tteras * src/racoon/sockmisc.c(sendfromto): Wrap for Linux only. 1901 1.1 tteras * src/racoon/configure.in: Check for kernel NAT-T support, 1902 1.1 tteras fix libipsec.a linkage path. 1903 1.1 tteras * src/racoon/eaytest.c(certtest): Use %z for size_t. 1904 1.1 tteras 1905 1.1 tteras 2004-09-12 Aidas Kasparas <a.kasparas (a] gmc.lt> 1906 1.1 tteras 1907 1.1 tteras * src/racoon/grabmyaddr.c: improoved socket selection algorithm for 1908 1.1 tteras case when link-local addresses comes w/o sin6_scope_id set. 1909 1.1 tteras 1910 1.1 tteras 2004-09-07 Aidas Kasparas <a.kasparas (a] gmc.lt> 1911 1.1 tteras 1912 1.1 tteras * src/racoon/session.c: fix for SIGHUP handler for case when config 1913 1.1 tteras file contains listen directives. 1914 1.1 tteras 1915 1.1 tteras 2004-09-01 Aidas Kasparas <a.kasparas (a] gmc.lt> 1916 1.1 tteras 1917 1.1 tteras * src/racoon/grabmyaddr.c: added scope id handling for link-local 1918 1.1 tteras IPv6 addresses. Now racoon will not err on such addresses. 1919 1.1 tteras 1920 1.1 tteras 2004-08-19 Aidas Kasparas <a.kasparas (a] gmc.lt> 1921 1.1 tteras 1922 1.1 tteras * src/racoon/crypto_openssl.c: hmac memory leak fix by R. Ganesan 1923 1.1 tteras * src/racoon/eaytest.c: eay_init_error() -> eay_init() due to 1924 1.1 tteras 2004-06-01 changes in src/racoon/crypto_openssl.c 1925 1.1 tteras 1926 1.1 tteras 2004-08-15 Aidas Kasparas <a.kasparas (a] gmc.lt> 1927 1.1 tteras 1928 1.1 tteras * src/racoon/cfparse.y src/racoon/crypto_openssl.c 1929 1.1 tteras src/racoon/eaytest.c src/racoon/genlist.h src/racoon/ipsec_doi.c 1930 1.1 tteras src/racoon/racoon.conf.5 src/racoon/remoteconf.c 1931 1.1 tteras src/racoon/remoteconf.h: peers_identifier wildcard and 1932 1.1 tteras list patch by James Matheson 1933 1.1 tteras 1934 1.1 tteras --------------------------------------------- 1935 1.1 tteras 1936 1.1 tteras 0.4rc1 released 1937 1.1 tteras 1938 1.1 tteras 2004-08-09 Michal Ludvig <mludvig (a] suse.cz> 1939 1.1 tteras 1940 1.1 tteras * NEWS: Notes for release 0.4rc1 1941 1.1 tteras * configure.ac: Bump up version to 0.4rc1 1942 1.1 tteras 1943 1.1 tteras 2004-07-12 Michal Ludvig <mludvig (a] suse.cz> 1944 1.1 tteras 1945 1.1 tteras PlainRSA support. 1946 1.1 tteras See ChangeLog.prsa from the 'plainrsa' branch for details. 1947 1.1 tteras * src/racoon/stringlist.c src/racoon/stringlist.h: Removed. 1948 1.1 tteras * src/racoon/genlist.c src/racoon/genlist.h 1949 1.1 tteras src/racoon/plainrsa-gen.8 src/racoon/plainrsa-gen.c 1950 1.1 tteras src/racoon/prsa_par.y src/racoon/prsa_tok.l 1951 1.1 tteras src/racoon/rsalist.c src/racoon/rsalist.h 1952 1.1 tteras src/racoon/samples/racoon.conf.sample-plainrsa: New files. 1953 1.1 tteras * src/racoon/Makefile.in src/racoon/configure.in 1954 1.1 tteras src/racoon/cfparse.y src/racoon/cftoken.l 1955 1.1 tteras src/racoon/crypto_openssl.c src/racoon/crypto_openssl.h 1956 1.1 tteras src/racoon/handler.h src/racoon/ipsec_doi.c 1957 1.1 tteras src/racoon/ipsec_doi.h src/racoon/isakmp.h src/racoon/main.c 1958 1.1 tteras src/racoon/oakley.c src/racoon/plog.c src/racoon/remoteconf.c 1959 1.1 tteras src/racoon/remoteconf.h src/racoon/sockmisc.c 1960 1.1 tteras src/racoon/sockmisc.h src/racoon/eaytest.c: Updated. 1961 1.1 tteras 1962 1.1 tteras 2004-07-12 Michal Ludvig <mludvig (a] suse.cz> 1963 1.1 tteras 1964 1.1 tteras * src/racoon/main.c, src/racoon/eaytest.c, src/racoon/plog.c: Move 1965 1.1 tteras f_foreground to plog.c. 1966 1.1 tteras * src/racoon/proposal.c (cmpsaprop_alloc): Fix printing of encmode 1967 1.1 tteras adjusting. 1968 1.1 tteras * src/racoon/ipsec_doi.c, src/racoon/isakmp.c, src/racoon/isakmp_quick.c, 1969 1.1 tteras src/racoon/oakley.c: Fix typos, newlines and printf() format strings. 1970 1.1 tteras 1971 1.1 tteras 2004-06-16 Aidas Kasparas <a.kasparas (a] gmc.lt> 1972 1.1 tteras 1973 1.1 tteras * src/racoon/crypto_openssl.c (eay_get_x509cert): small memory 1974 1.1 tteras leak fix. Noticed B.Buesker, patch L.Stellingwerff 1975 1.1 tteras * src/racoon/crypto_openssl.c (eay_aes_{en|de}crypt, evp_crypt): 1976 1.1 tteras small memory leaks fixed. 1977 1.1 tteras 1978 1.1 tteras 2004-06-15 Aidas Kasparas <a.kasparas (a] gmc.lt> 1979 1.1 tteras 1980 1.1 tteras SECURITY 1981 1.1 tteras * src/racoon/crypto_openssl.[ch] (cb_check_cert_local, 1982 1.1 tteras cb_check_cert_remote): split cb_check_cert() due to stricter 1983 1.1 tteras requirements for certificates received from network. 1984 1.1 tteras * src/racoon/crypto_openssl.[ch] (eay_check_x509cert): new parameter 1985 1.1 tteras local to specify how strict cert check should be 1986 1.1 tteras * src/racoon/oakley.c, src/racoon/eaytest.c: adjust to use above 1987 1.1 tteras 1988 1.1 tteras 2004-06-11 Michal Ludvig <mludvig (a] suse.cz> 1989 1.1 tteras 1990 1.1 tteras * src/racoon/nattraversal.c (natt_vendorid, natt_fill_options): Support 1991 1.1 tteras for all known NAT-T versions. 1992 1.1 tteras * vendorid.h: Ditto. 1993 1.1 tteras 1994 1.1 tteras 2004-06-08 Michal Ludvig <mludvig (a] suse.cz> 1995 1.1 tteras 1996 1.1 tteras * src/racoon/stringlist.c, src/racoon/stringlist.h: New files. 1997 1.1 tteras * src/racoon/Makefile.in: Compile stringlist.o. 1998 1.1 tteras 1999 1.1 tteras 2004-06-07 Michal Ludvig <mludvig (a] suse.cz> 2000 1.1 tteras 2001 1.1 tteras * configure.ac: Set version to 'cvs'. 2002 1.1 tteras * src/{racoon,setkey,libipsec}/*.h: Wrap headers between 2003 1.1 tteras #ifndef/#define/#endif to allow multiple inclusions of the 2004 1.1 tteras same file. 2005 1.1 tteras * plog.h (plog): Attribute __printf__ for automatic checking 2006 1.1 tteras of the parameters' validity. 2007 1.1 tteras * cftoken.l, crypto_openssl.c, grabmyaddr.c, ipsec_doi.c, 2008 1.1 tteras isakmp.c, isakmp_quick.c, oakley.c, pfkey.c, proposal.c, 2009 1.1 tteras sockmisc.c: Fix warnings/errors in the plog() parameters with 2010 1.1 tteras the above change. 2011 1.1 tteras 2012 1.1 tteras 2004-06-05 Aidas Kasparas <a.kasparas (a] gmc.lt> 2013 1.1 tteras 2014 1.1 tteras * src/setkey/setkey.c: -n (no action) support. 2015 1.1 tteras Thanks Thomas Habets. 2016 1.1 tteras * src/setkey/setkey.8: Documentation for above. 2017 1.1 tteras * src/racoon/doc/README.certificate: updated link to more recent 2018 1.1 tteras version of document. Debian bug #252513 by Jose Luis Domingo Lopez 2019 1.1 tteras 2020 1.1 tteras 2004-06-01 Michal Ludvig <mludvig (a] suse.cz> 2021 1.1 tteras 2022 1.1 tteras * src/racoon/algorithm.c: Enable compilation without SHA2 support. 2023 1.1 tteras * src/racoon/crypto_openssl.c: Ditto. 2024 1.1 tteras 2025 1.1 tteras 2004-06-01 Michal Ludvig <mludvig (a] suse.cz> 2026 1.1 tteras 2027 1.1 tteras * src/racoon/crypto_openssl.c: Remove unneeded workarounds for older 2028 1.1 tteras OpenSSLs. 2029 1.1 tteras (eay_init): New function. 2030 1.1 tteras (eay_init_error, eay_check_pkcs7sign): Removed. 2031 1.1 tteras * src/racoon/crypto_openssl.h: Reflect the above changes. 2032 1.1 tteras * src/racoon/main.c: Call eay_init() instead of eay_init_error(). 2033 1.1 tteras 2034 1.1 tteras 2004-05-27 Michal Ludvig <mludvig (a] suse.cz> 2035 1.1 tteras 2036 1.1 tteras Support for inheritance of 'remote' statements: 2037 1.1 tteras * src/racoon/cftoken.l: New keyword 'inherit'. 2038 1.1 tteras * src/racoon/cfparse.y: Support for 'inherit', remove 2039 1.1 tteras global 'prhead', use cur_rmconf->prhead instead. 2040 1.1 tteras * src/racoon/remoteconf.c (rmtree): Changed from 2041 1.1 tteras LIST queue to TAILQ queue. 2042 1.1 tteras (getrmconf): Renamed to getrmconf_strict(). 2043 1.1 tteras (copyrmconf, duprmconf) 2044 1.1 tteras (dump_rmconf_single, dumprmconf): New functions. 2045 1.1 tteras (rm2str): Deleted. 2046 1.1 tteras * src/racoon/remoteconf.h: Prototypes for the above. 2047 1.1 tteras (struct remoteconf): New fields 'inherited_from' and 'prhead'. 2048 1.1 tteras * src/racoon/sockmisc.c (saddr2str): Can print anonymous entries. 2049 1.1 tteras * src/racoon/algorithm.c (alg_oakley_encdef_name) 2050 1.1 tteras (alg_oakley_hashdef_name, alg_oakley_dhdef_name) 2051 1.1 tteras (alg_oakley_authdef_name): New functions. 2052 1.1 tteras * src/racoon/algorithm.h: Prototpes for the above. 2053 1.1 tteras * src/racoon/strnames.c (num2str): Make extern. 2054 1.1 tteras (s_doi, s_etype, s_idtype, s_switch): New functions. 2055 1.1 tteras * src/racoon/strnames.h: Prototpes for the above. 2056 1.1 tteras * src/racoon/main.c: New parameter -C for dumping the parsed config. 2057 1.1 tteras * src/racoon/racoon.conf.5: Document inheritance. 2058 1.1 tteras * src/racoon/samples/racoon.conf.sample-inherit: Sample config file. 2059 1.1 tteras * src/racoon/Makefile.in: Distribute racoon.conf.sample-inherit 2060 1.1 tteras 2061 1.1 tteras 2004-05-24 Michal Ludvig <mludvig (a] suse.cz> 2062 1.1 tteras 2063 1.1 tteras * configure.in, backupsa.c, ipsec_doi.c, isakmp_inf.c, 2064 1.1 tteras isakmp_quick.c, pfkey.c, remoteconf.c, session.c, 2065 1.1 tteras sockmisc.c: Allow compilation with --disable-ipv6 2066 1.1 tteras 2067 1.1 tteras 2004-05-21 Michal Ludvig <mludvig (a] suse.cz> 2068 1.1 tteras 2069 1.1 tteras * src/racoon/crypto_openssl.[ch]: Use EVP_*() instead of 2070 1.1 tteras algorithm specific functions. 2071 1.1 tteras 2072 1.1 tteras 2004-05-20 Aidas Kasparas <a.kasparas (a] gmc.lt> 2073 1.1 tteras 2074 1.1 tteras Manual page updates. Thanks Brian 2075 1.1 tteras * src/libipsec/ipsec_set_policy.3 2076 1.1 tteras * src/setkey/setkey.8 2077 1.1 tteras * src/libipsec/test-policy-priority.c: new file from policy 2078 1.1 tteras priority patch, which I forgot to add 2079 1.1 tteras 2080 1.1 tteras 2004-05-18 Aidas Kasparas <a.kasparas (a] gmc.lt> 2081 1.1 tteras 2082 1.1 tteras Policy priority integer handling fixes by Brian Buesker. 2083 1.1 tteras * src/libipsec/ipsec_strerror.c 2084 1.1 tteras * src/libipsec/ipsec_strerror.h 2085 1.1 tteras * src/libipsec/libpfkey.h 2086 1.1 tteras * src/libipsec/policy_parse.y 2087 1.1 tteras * src/libipsec/test-policy-priority.c 2088 1.1 tteras Manual page corrections by me 2089 1.1 tteras * src/libipsec/ipsec_set_policy.3 2090 1.1 tteras * src/setkey/setkey.8 2091 1.1 tteras 2092 1.1 tteras 2004-05-15 Aidas Kasparas <a.kasparas (a] gmc.lt> 2093 1.1 tteras 2094 1.1 tteras Policy priority support patch from Brian Buesker. Applied as is 2095 1.1 tteras except src/libipsec/Makefile.am is modified instead of 2096 1.1 tteras src/libipsec/Makefile.in as found in the patch. 2097 1.1 tteras 2098 1.1 tteras 2004-05-10 Michal Ludvig <mludvig (a] suse.cz> 2099 1.1 tteras 2100 1.1 tteras From Heiko Hund, approved by the copyright holder: 2101 1.1 tteras * src/racoon/gssapi.[ch]: Update to 3-clause BSD license. 2102 1.1 tteras 2103 1.1 tteras 2004-04-27 Michal Ludvig <mludvig (a] suse.cz> 2104 1.1 tteras 2105 1.1 tteras From Heiko Hund: 2106 1.1 tteras * src/include-glibc/sys/queue.h: Update to 3-clause BSD license. 2107 1.1 tteras 2108 1.1 tteras 2004-04-26 Aidas Kasparas <a.kasparas (a] gmc.lt> 2109 1.1 tteras 2110 1.1 tteras * src/racoon/grabmyaddr.c (update_myaddrs): Only trust kernel to 2111 1.1 tteras send notifications about changed interfaces. 2112 1.1 tteras 2113 1.1 tteras 2004-04-24 Aidas Kasparas <a.kasparas (a] gmc.lt> 2114 1.1 tteras 2115 1.1 tteras * src/racoon/grabmyaddr.c (recvaddrs): Only trust kernel to send 2116 1.1 tteras information about interfaces. Thanks Steve Grubb and Bill 2117 1.1 tteras Nottingham. Affects users with glibc w/o getifaddrs(). Users 2118 1.1 tteras with glibc earlier than 2003-11-14 should upgrade their glibc. 2119 1.1 tteras 2120 1.1 tteras 2004-04-19 Michal Ludvig <mludvig (a] suse.cz> 2121 1.1 tteras 2122 1.1 tteras * src/racoon/isakmp.c (isakmp_handler): Reject too big 2123 1.1 tteras packets (CAN-2004-0403). 2124 1.1 tteras 2125 1.1 tteras --------------------------------------------- 2126 1.1 tteras 2127 1.1 tteras 0.3 released 2128 1.1 tteras 2129 1.1 tteras 2004-04-14 Michal Ludvig <mludvig (a] suse.cz> 2130 1.1 tteras 2131 1.1 tteras * NEWS: Notes for release 0.3 2132 1.1 tteras * configure.ac: Bump up version to 0.3 2133 1.1 tteras * src/racoon/Makefile.in: Use install-sh instead of mkinstalldirs. 2134 1.1 tteras * src/racoon/remoteconf.c (foreachrmconf): Avoid warning about 2135 1.1 tteras uninitialised variable. 2136 1.1 tteras * src/racoon/samples/racoon.conf.in: Cleaned up to work with Linux 2137 1.1 tteras and FreeSWAN. 2138 1.1 tteras 2139 1.1 tteras 2004-04-13 Michal Ludvig <mludvig (a] suse.cz> 2140 1.1 tteras 2141 1.1 tteras * src/racoon/grabmyaddr.c (suitable_ifaddr6): Anycast addresses are 2142 1.1 tteras not suitable. 2143 1.1 tteras 2144 1.1 tteras 2004-04-09 Michal Ludvig <mludvig (a] suse.cz> 2145 1.1 tteras 2146 1.1 tteras * src/racoon/crypto_openssl.c (cb_check_cert): Warn if no CRL is found. 2147 1.1 tteras * src/racoon/isakmp_ident.c (ident_r2recv): Removed debug plog(). 2148 1.1 tteras * src/racoon/proposal.c (cmpsatrns): Downgrade severity of trns_id 2149 1.1 tteras mismatch to LLV_WARNING. 2150 1.1 tteras * src/libipsec/pfkey_dump.c, src/racoon/algorithm.c 2151 1.1 tteras src/racoon/algorithm.h src/racoon/cftoken.l 2152 1.1 tteras src/racoon/ipsec_doi.c src/racoon/ipsec_doi.h 2153 1.1 tteras src/racoon/oakley.h src/racoon/pfkey.c src/racoon/strnames.c 2154 1.1 tteras src/setkey/token.l: Renamed Rijndael to AES. 2155 1.1 tteras * src/setkey/token.l: Recognize exit/quit/bye tokens. 2156 1.1 tteras * src/setkey/parse.y (exit_command): New. 2157 1.1 tteras * src/setkey/setkey.c (stdin_loop): Exit when exit_now is set 2158 1.1 tteras in exit_command. 2159 1.1 tteras 2160 1.1 tteras 2004-04-08 Michal Ludvig <mludvig (a] suse.cz> 2161 1.1 tteras 2162 1.1 tteras * src/setkey/setkey.c (main): Call get_supported() in interactive mode. 2163 1.1 tteras (stdin_loop): Concat multiline input into a single line before parsing. 2164 1.1 tteras 2165 1.1 tteras 2004-04-07 Michal Ludvig <mludvig (a] suse.cz> 2166 1.1 tteras 2167 1.1 tteras * src/racoon/nattraversal.c (natt_keepalive_send): Log sending KA 2168 1.1 tteras with level DEBUG. Having it with level INFO only pollutes logfiles. 2169 1.1 tteras 2170 1.1 tteras 2004-04-06 Michal Ludvig <mludvig (a] suse.cz> 2171 1.1 tteras 2172 1.1 tteras * src/racoon/Makefile.in: eaytest now links plog.o 2173 1.1 tteras * src/racoon/crypto_openssl.c: Remove all #ifdef EAYDEBUG/#endif 2174 1.1 tteras surrounding plog(). 2175 1.1 tteras * src/racoon/eaytest.c (rsatest): Enabled RSA tests again, now 2176 1.1 tteras verifying both good and bad signatures. 2177 1.1 tteras 2178 1.1 tteras --------------------------------------------- 2179 1.1 tteras 2180 1.1 tteras 0.3rc5 released 2181 1.1 tteras 2182 1.1 tteras 2004-04-05 Michal Ludvig <mludvig (a] suse.cz> 2183 1.1 tteras 2184 1.1 tteras * NEWS: Notes for release 0.3rc5 2185 1.1 tteras * configure.ac: Bump up version to 0.3rc5 2186 1.1 tteras 2187 1.1 tteras 2004-04-05 Michal Ludvig <mludvig (a] suse.cz> 2188 1.1 tteras 2189 1.1 tteras Fix for a security bug found by Ralf Spenneberg: 2190 1.1 tteras * src/racoon/crypto_openssl.c (eay_check_x509sign): Directly generate 2191 1.1 tteras 'evp' instead of 'pubkey'. 2192 1.1 tteras (eay_rsa_sign): Use the above. 2193 1.1 tteras * src/racoon/crypto_openssl.h: Update prototypes for the above. 2194 1.1 tteras * src/racoon/eaytest.c: Disabled RSA tests because of the API change. 2195 1.1 tteras 2196 1.1 tteras 2004-04-05 Michal Ludvig <mludvig (a] suse.cz> 2197 1.1 tteras 2198 1.1 tteras * src/racoon/pfkey.c (pfkey_handler): Safety check before accessing 2199 1.1 tteras the array (thx to Ren.J.Y for report). 2200 1.1 tteras (pkrecvf): Added entry for SADB_X_NAT_T_NEW_MAPPING (NULL for now). 2201 1.1 tteras * src/racoon/strnames.c (name_pfkey_type): Ditto. 2202 1.1 tteras 2203 1.1 tteras 2004-04-02 Michal Ludvig <mludvig (a] suse.cz> 2204 1.1 tteras 2205 1.1 tteras * src/racoon/eaytest.c (ciphertest_1): Correct padlen. 2206 1.1 tteras 2207 1.1 tteras 2004-04-01 Michal Ludvig <mludvig (a] suse.cz> 2208 1.1 tteras 2209 1.1 tteras * src/racoon/ipsec_doi.c (setph2proposal0): Move proposal encmode 2210 1.1 tteras update from here ... 2211 1.1 tteras (ipsecdoi_setph2proposal): ... to here. Hopefully this is a 2212 1.1 tteras better place to do the update. 2213 1.1 tteras 2214 1.1 tteras 2004-03-30 Michal Ludvig <mludvig (a] suse.cz> 2215 1.1 tteras 2216 1.1 tteras * src/racoon/crypto_openssl.c (eay_3des_expand_key): New function. 2217 1.1 tteras (eay_3des_encrypt, eay_3des_decrypt): Expand key if necessary. 2218 1.1 tteras * src/racoon/eaytest.c (ciphertest_1): New function. 2219 1.1 tteras (ciphertest): Simplified to simple calls of ciphertest_1(). 2220 1.1 tteras 2221 1.1 tteras 2004-03-29 Michal Ludvig <mludvig (a] suse.cz> 2222 1.1 tteras 2223 1.1 tteras * README: Rewritten. Mentioned where to report bugs. 2224 1.1 tteras 2225 1.1 tteras 2004-03-26 Michal Ludvig <mludvig (a] suse.cz> 2226 1.1 tteras 2227 1.1 tteras * configure.ac: Check for readline.h and libreadline. 2228 1.1 tteras * src/setkey/setkey.c: Call stdin_loop() when '-c' was given. 2229 1.1 tteras (stdin_loop): Read user input and parse it line-by-line. 2230 1.1 tteras * src/setkey/token.l (parse_string): New function. 2231 1.1 tteras 2232 1.1 tteras --------------------------------------------- 2233 1.1 tteras 2234 1.1 tteras 0.3rc4 released 2235 1.1 tteras 2236 1.1 tteras 2004-03-25 Michal Ludvig <mludvig (a] suse.cz> 2237 1.1 tteras 2238 1.1 tteras * configure.ac: Bump up version to 0.3rc4 2239 1.1 tteras * NEWS: Notes for release 0.3rc4 2240 1.1 tteras * src/racoon/cfparse.y (algorithm): Hint about missing module. 2241 1.1 tteras * src/racoon/crypto_openssl.c (eay_3des_*): Check for strict key 2242 1.1 tteras length only with old API. 2243 1.1 tteras (eay_des_encrypt): Ditto. 2244 1.2 snj * src/racoon/eaytest.c: Make the testsuite useful, i.e. exit with 2245 1.1 tteras non-zero error code if any of the tests fail. 2246 1.1 tteras (main): Print banner with version. 2247 1.1 tteras * src/racoon/Makefile.in: Run eaytest in 'make check'. 2248 1.1 tteras 2249 1.1 tteras 2004-03-23 Michal Ludvig <mludvig (a] suse.cz> 2250 1.1 tteras 2251 1.1 tteras * src/racoon/isakmp_agg.c (agg_i2recv): Copy remote cookie before 2252 1.1 tteras comparing NAT-D payloads. (thx to Gaurav Kansal for report). 2253 1.1 tteras * src/racoon/crypto_openssl.c: Avoid type-punned warnings. 2254 1.1 tteras * src/racoon/eaytest.c: Disable 'cert' tests. 2255 1.1 tteras * src/racoon/crypto_openssl.c (eay_des_encrypt): No need to check 2256 1.1 tteras for strict length. 2257 1.1 tteras (eay_aes_encrypt): Keylength is in bits, not bytes. 2258 1.1 tteras 2259 1.1 tteras 2004-03-22 Michal Ludvig <mludvig (a] suse.cz> 2260 1.1 tteras 2261 1.1 tteras * src/setkey/parse.y (ALG_ENC_NOKEY, ALG_ENC_OLD): Use "" for key 2262 1.1 tteras instead of NULL and check for availability. 2263 1.1 tteras 2264 1.1 tteras --------------------------------------------- 2265 1.1 tteras 2266 1.1 tteras 0.3rc3 released 2267 1.1 tteras 2268 1.1 tteras 2004-03-19 Michal Ludvig <mludvig (a] suse.cz> 2269 1.1 tteras 2270 1.1 tteras * configure.ac: Bump up version to 0.3rc3 2271 1.1 tteras * NEWS: Notes for release 0.3rc3 2272 1.1 tteras * src/racoon/cftoken.l: Add 'null' as an alias for 'null_enc'. 2273 1.1 tteras * src/racoon/proposal.c (cmpsatrns): New parameter proto_id, 2274 1.1 tteras better diagnostic output when trns_id don't match. 2275 1.1 tteras * src/racoon/proposal.h (cmpsatrns): Update prototype. 2276 1.1 tteras * src/setkey/setkey.c: Change option -h to -H (for hexdump), new 2277 1.1 tteras options -h (help) and -V (version). 2278 1.1 tteras * src/setkey/setkey.8: Document the above changes. 2279 1.1 tteras * src/racoon/rfc/*: Many standards related to IPsec/IKE/NAT-T/... 2280 1.1 tteras 2281 1.1 tteras 2004-03-15 Michal Ludvig <mludvig (a] suse.cz> 2282 1.1 tteras 2283 1.1 tteras * src/racoon/configure.in: Prevent compilation error with 2284 1.1 tteras --enable-yydebug. 2285 1.1 tteras 2286 1.1 tteras --------------------------------------------- 2287 1.1 tteras 2288 1.1 tteras 0.3rc2 released 2289 1.1 tteras 2290 1.1 tteras 2004-03-11 Michal Ludvig <mludvig (a] suse.cz> 2291 1.1 tteras 2292 1.1 tteras * configure.ac: Bump up version to 0.3rc2 2293 1.1 tteras * NEWS: Notes for release 0.3rc2 2294 1.1 tteras * src/racoon/aclocal.m4 (RACOON_CHECK_VA_COPY): New test. 2295 1.1 tteras * src/racoon/configure.in: Call RACOON_CHECK_VA_COPY 2296 1.1 tteras * src/racoon/plog.c (plogv): Replace va_copy() with VA_COPY. 2297 1.1 tteras * src/racoon/racoon.conf.5: Note that NAT-T support is a compile 2298 1.1 tteras time option. 2299 1.1 tteras 2300 1.1 tteras 2004-03-10 Michal Ludvig <mludvig (a] suse.cz> 2301 1.1 tteras 2302 1.1 tteras * src/racoon/racoon.conf.5: Document nat_traversal option. 2303 1.1 tteras * src/racoon/racoon.8: DOcument new options (-L and -P). 2304 1.1 tteras 2305 1.1 tteras 2004-03-09 Michal Ludvig <mludvig (a] suse.cz> 2306 1.1 tteras 2307 1.1 tteras * src/racoon/grabmyaddr.c (autoconf_myaddrsport): Prepare addrs for 2308 1.1 tteras UDP-Encap ports if NAT-T is enabled. 2309 1.1 tteras (dupmyaddr): New function. 2310 1.1 tteras * src/racoon/grabmyaddr.h: Prototype for dupmyaddr(). 2311 1.1 tteras * src/racoon/isakmp.c (isakmp_open): Complain if NAT-T is enabled, but 2312 1.1 tteras no port for UDP-Encap was open. 2313 1.1 tteras * src/racoon/isakmp_var.h (PORT_ISAKMP_NATT): New define. 2314 1.1 tteras * src/racoon/localconf.c, src/racoon/localconf.h: Define and setup 2315 1.1 tteras lcconf->port_isakmp_natt. 2316 1.1 tteras * src/racoon/main.c (main): Print nicer banner, 2317 1.1 tteras (usage): Document new options (-L and -P). 2318 1.1 tteras (parse): Recognise the above. 2319 1.1 tteras * src/racoon/nattraversal.c (natt_fill_options): Don't use hardcoded 2320 1.1 tteras constants for float_port. 2321 1.1 tteras (natt_enabled_in_rmconf, natt_enabled_in_rmconf_stub): New functions. 2322 1.1 tteras * src/racoon/nattraversal.h: Prototype for natt_enabled_in_rmconf(). 2323 1.1 tteras * src/racoon/plog.c: Don't print source:line:function by default. 2324 1.1 tteras * src/racoon/remoteconf.c (foreachrmconf): New helper function. 2325 1.1 tteras * src/racoon/remoteconf.h: Prototype for the above. 2326 1.1 tteras * package_version.h: Define strings for use in banners. 2327 1.1 tteras * configure.ac: Fill up the above header. 2328 1.1 tteras 2329 1.1 tteras 2004-03-09 Michal Ludvig <mludvig (a] suse.cz> 2330 1.1 tteras 2331 1.1 tteras * src/racoon/configure.in: Don't put -O into OPTFLAGS, 2332 1.1 tteras add new option --disable-natt. 2333 1.1 tteras * src/racoon/cfparse.y, src/racoon/handler.c, 2334 1.1 tteras src/racoon/ipsec_doi.c, src/racoon/isakmp.c, 2335 1.1 tteras src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, 2336 1.1 tteras src/racoon/isakmp_ident.c, src/racoon/pfkey.c, 2337 1.1 tteras src/racoon/proposal.c, src/racoon/session.c: Replace WITH_NATT 2338 1.1 tteras with ENABLE_NATT. 2339 1.1 tteras * src/racoon/crypto_openssl.c: Replace %d with %zd for size_t arguments. 2340 1.1 tteras 2341 1.1 tteras 2004-03-06 Aidas Kasparas <a.kasparas (a] gmc.lt> 2342 1.1 tteras 2343 1.1 tteras * configure.ac: Refuse to continue if lexer library (yywrap() 2344 1.1 tteras function) is missing. Should prevent bugs like #892067, #908758 2345 1.1 tteras * src/racoon/configure.in: renamed --with-ssleay to --with-openssl. 2346 1.1 tteras Users should not be given false idea that they require both OpenSSL 2347 1.1 tteras and SSLeay to compile racoon. (See bug #902197) 2348 1.1 tteras 2349 1.1 tteras --------------------------------------------- 2350 1.1 tteras 2351 1.1 tteras 0.3rc1 released 2352 1.1 tteras 2353 1.1 tteras 2004-03-04 Michal Ludvig <mludvig (a] suse.cz> 2354 1.1 tteras 2355 1.1 tteras * configure.ac: Bump up version to 0.3rc1 2356 1.1 tteras * NEWS: Mention release 0.3rc1 (and copy 0.2.3 and 0.2.4 notes 2357 1.1 tteras from 0.2 branch). 2358 1.1 tteras * src/racoon/samples/racoon.conf.sample-natt: New sample config file. 2359 1.1 tteras * src/racoon/Makefile.in: Tweak file lists to make 'distcheck' happy, 2360 1.1 tteras enabled NATT by default (will become a config option later). 2361 1.1 tteras 2362 1.1 tteras 2004-03-04 Michal Ludvig <mludvig (a] suse.cz> 2363 1.1 tteras 2364 1.1 tteras Merge with 'nat-t_branch' to bring NAT-T (NAT traversal) support 2365 1.1 tteras to racoon. 2366 1.1 tteras * src/racoon/Makefile.in, src/racoon/cfparse.y, 2367 1.1 tteras src/racoon/cftoken.l, src/racoon/grabmyaddr.c, 2368 1.1 tteras src/racoon/grabmyaddr.h, src/racoon/handler.c, 2369 1.1 tteras src/racoon/handler.h, src/racoon/ipsec_doi.c, 2370 1.1 tteras src/racoon/ipsec_doi.h, src/racoon/isakmp.c, src/racoon/isakmp.h, 2371 1.1 tteras src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, 2372 1.1 tteras src/racoon/isakmp_ident.c, src/racoon/isakmp_quick.c, 2373 1.1 tteras src/racoon/localconf.c, src/racoon/localconf.h, 2374 1.1 tteras src/racoon/pfkey.c, src/racoon/proposal.c, src/racoon/proposal.h, 2375 1.1 tteras src/racoon/racoon.conf.5, src/racoon/remoteconf.c, 2376 1.1 tteras src/racoon/remoteconf.h, src/racoon/session.c, 2377 1.1 tteras src/racoon/strnames.c, src/racoon/vendorid.h 2378 1.1 tteras src/libipsec/pfkey.c, 2379 1.1 tteras src/racoon/nattraversal.c, src/racoon/nattraversal.h, 2380 1.1 tteras src/racoon/sockmisc.c: Affected files. 2381 1.1 tteras 2382 1.1 tteras 2004-02-27 Michal Ludvig <mludvig (a] suse.cz> 2383 1.1 tteras 2384 1.1 tteras * src/racoon/isakmp.c (set_isakmp_header1): Renamed from 2385 1.1 tteras set_isakmp_header(). 2386 1.1 tteras (set_isakmp_header): New function common for set_isakmp_header1() 2387 1.1 tteras and set_isakmp_header2(). 2388 1.1 tteras (copy_ph1addresses): Obey original port. 2389 1.1 tteras (isakmp_plist_append, isakmp_plist_set_all): New helper functions. 2390 1.1 tteras * src/racoon/isakmp_var.h: Prototypes for the above. 2391 1.1 tteras * src/racoon/isakmp.h (struct payload_list): New structure. 2392 1.1 tteras * src/racoon/isakmp_agg.c, src/racoon/isakmp_base.c, 2393 1.1 tteras src/racoon/isakmp_ident.c: Use isakmp_plist_* functions. 2394 1.1 tteras 2395 1.1 tteras 2004-02-03 Michal Ludvig <mludvig (a] suse.cz> 2396 1.1 tteras 2397 1.1 tteras * src/racoon/Makefile.in: Fix install to $(sbindir) 2398 1.1 tteras * src/setkey/parse.y: Avoid GCC 3.3 warning (type-punned pointer). 2399 1.1 tteras 2400 1.1 tteras 2004-01-19 Michal Ludvig <mludvig (a] suse.cz> 2401 1.1 tteras 2402 1.1 tteras * rpm/ipsec-tools.FC1: Startup script for Fedora Core 1 2403 1.1 tteras (thanks to Kimmo Koivisto <kimmo.koivisto (a] surfeu.fi>) 2404 1.1 tteras 2405 1.1 tteras 2004-01-17 Aidas Kasparas <a.kasparas (a] gmc.lt> 2406 1.1 tteras 2407 1.1 tteras * src/racoon/isakmp_inf.c: endian mismatch fix. From iij seil team 2408 1.1 tteras 2409 1.1 tteras 2004-01-15 Michal Ludvig <mludvig (a] suse.cz> 2410 1.1 tteras 2411 1.1 tteras * src/racoon/isakmp_inf.c: Prevent unauthorized deletion of SA 2412 1.1 tteras (reported on bugtraq, fixed by iij seil team). 2413 1.1 tteras * src/racoon/isakmp.c: Don't try to bind to IPv6 multicast addresses. 2414 1.1 tteras 2415 1.1 tteras 2004-01-14 Michal Ludvig <mludvig (a] suse.cz> 2416 1.1 tteras 2417 1.1 tteras * src/racoon/plog.c: Fix segfault on AMD64 (va_list can be used 2418 1.1 tteras only once). 2419 1.1 tteras * configure.ac: Don't build shared libipsec by default (can be 2420 1.1 tteras enabled by --enable-shared). 2421 1.1 tteras * bootstrap: Don't run automake for racoon. 2422 1.1 tteras 2423 1.1 tteras 2004-01-12 Michal Ludvig <mludvig (a] suse.cz> 2424 1.1 tteras 2425 1.1 tteras * src/racoon/configure.in: Fix AC_DEFINEs to make autoheader happy, 2426 1.1 tteras use config.h for defines instead of -DHAVE_* gcc options, 2427 1.1 tteras fix CRYPTOBJS to include missing rijndael libraries only once, 2428 1.1 tteras checking for AES support in OpenSSL now (hopefully) finally 2429 1.1 tteras works on both OpenSSL 0.9.6 and 0.9.7. 2430 1.1 tteras * src/racoon/*.[cyl]: Include autogenerated "config.h" 2431 1.1 tteras * src/racoon/missing/crypto/*/*.c: Ditto. 2432 1.1 tteras * src/racoon/.cvsignore: Add config.h, config.h.in 2433 1.1 tteras 2434 1.1 tteras 2004-01-09 Michal Ludvig <mludvig (a] suse.cz> 2435 1.1 tteras 2436 1.1 tteras * src/racoon/.cvsignore: Add "autom4te.cache" and "configure". 2437 1.1 tteras 2438 1.1 tteras 2004-01-09 Aidas Kasparas <a.kasparas (a] gmc.lt> 2439 1.1 tteras 2440 1.1 tteras Sync with KAME 2004-01-07 2441 1.1 tteras * src/libipsec/pfkey.c: memory leak fix; comment typo fixes 2442 1.1 tteras * src/libipsec/{pfkey.c,pfkey_dump.c}: allow compilation even 2443 1.1 tteras no SADB_X_EXT_TAG defined 2444 1.1 tteras * src/libipsec/pfkey_dump.c: information about algorithms 2445 1.1 tteras ripemd160, aes-xcbc, aes-ctr; bigger buffers; <tag> support 2446 1.1 tteras * src/libipsec/policy_parse.y: memory leak 2447 1.1 tteras * src/libipsec/policy_token.l: memory leak 2448 1.1 tteras * src/libipsec/test-policy.c: unneeded \n removed 2449 1.1 tteras * src/racoon/Makefile.in: $(sbindir) support 2450 1.1 tteras * src/racoon/admin.c: interface changes due to proxy support 2451 1.1 tteras * src/racoon/algorithm.c: SHA2 #ifdefs 2452 1.1 tteras * src/racoon/{cfparse.y,cftoken.l}: license text added 2453 1.1 tteras * src/racoon/cfparse.y: mip6 obsoleted by proxy support 2454 1.1 tteras * src/racoon/cfparse.y: from directive support; new algorithms 2455 1.1 tteras * src/racoon/cftoken.l: support for globbing of include files 2456 1.1 tteras * src/racoon/configure.in: more verbose information about problems 2457 1.1 tteras with SHA2 2458 1.1 tteras * src/racoon/crypto_openssl.c: use new DES API if supported; algorithm 2459 1.1 tteras key size fixes 2460 1.1 tteras * src/racoon/eaytest.c: SHA2 #ifdefs; keysize len check 2461 1.1 tteras * src/racoon/ipsec_doi.c: use VPTRINIT; ESP parameter validity checks; 2462 1.1 tteras style change 2463 1.1 tteras * src/racoon/isakmp.c: use VPTRINIT; interface changes due to 2464 1.1 tteras mip6->proxy; typo 2465 1.1 tteras * src/racoon/isakmp_inf.c: use VPTRINIT 2466 1.1 tteras * src/racoon/isakmp_quick.c: mip6->proxy 2467 1.1 tteras * src/racoon/kmpstat.c: not used variables removed 2468 1.1 tteras * src/racoon/pfkey.c: mip6->proxy; schedule leak 2469 1.1 tteras * src/racoon/proposal.c: style 2470 1.1 tteras * src/racoon/remoteconf.c: mip6->proxy 2471 1.1 tteras * src/racoon/sainfo.c: from directive support 2472 1.1 tteras * src/racoon/sockmisc.c: side correction; addrinfo leak 2473 1.1 tteras * src/racoon/strnames.c: typo in descriptions; wrong upper bound check 2474 1.1 tteras * src/racoon/missing/crypto/sha2/sha2.c: wrong size 2475 1.1 tteras * src/setkey/parse.y: extra algorithms; tagged; not needed periods 2476 1.1 tteras removed; memory shortage checks 2477 1.1 tteras * src/setkey/setkey.8: typos; tagged; new algorithms 2478 1.1 tteras * src/setkey/setkey.c: standard argument names for main(); hexdump 2479 1.1 tteras support; info in file support 2480 1.1 tteras * src/setkey/token.l: new algorithms; memory shortage checks 2481 1.1 tteras Parts not taken from KAME: 2482 1.1 tteras * kernelfs stuff; 2483 1.1 tteras * sysctl stuff 2484 1.1 tteras 2485 1.1 tteras 2004-01-08 Michal Ludvig <mludvig (a] suse.cz> 2486 1.1 tteras 2487 1.1 tteras * src/racoon/config.{sub,guess}: Update from automake 1.7. 2488 1.1 tteras 2489 1.1 tteras 2004-01-08 Michal Ludvig <mludvig (a] suse.cz> 2490 1.1 tteras 2491 1.1 tteras Patch from Kostadin Karaivanov <larry (a] minfin.bg>: 2492 1.1 tteras * src/racoon/configure.in: Check for openssl/aes.h. 2493 1.1 tteras * src/racoon/crypto_openssl.c: Use OpenSSL AES functions if available. 2494 1.1 tteras 2495 1.1 tteras 2004-01-08 Michal Ludvig <mludvig (a] suse.cz> 2496 1.1 tteras 2497 1.1 tteras * src/racoon/configure: Remove, should be regenerated by bootstrap. 2498 1.1 tteras 2499 1.1 tteras 2004-01-02 Michal Ludvig <michal (a] logix.cz> 2500 1.1 tteras 2501 1.1 tteras * src/racoon/crypto_openssl.c: Update to work with OpenSSL 0.9.7 2502 1.1 tteras (by Brian Buesker <bbuesker (a] qualcomm.com> 2503 1.1 tteras and Christophe Saout <christophe (a] saout.de>) 2504 1.1 tteras * src/racoon/proposal.c: Be more verbose. (Michal Ludvig) 2505 1.1 tteras * src/libipsec/ipsec_dump_policy.c: Dump FWD policies correctly 2506 1.1 tteras (by Michal Ludvig). 2507 1.1 tteras * src/setkey/token.l, src/setkey/parse.y: Add support for lifetime 2508 1.1 tteras specified in bytes (by Michal Ludvig). 2509 1.1 tteras * src/setkey/setkey.8: Document -bh/-bs options for the above feature. 2510 1.1 tteras * src/libipsec/pfkey.c: Don't include 'sadb_key' in SADB_UPDATE 2511 1.1 tteras message for IPcomp SA. (by Brian Buesker <bbuesker (a] qualcomm.com>) 2512 1.1 tteras * src/racoon/cfparse.y: Flush SA on SIGHUP 2513 1.1 tteras (by Brian Buesker <bbuesker (a] qualcomm.com>) 2514 1.1 tteras * src/racoon/pfkey.c: IPcomp fixes 2515 1.1 tteras (by Brian Buesker <bbuesker (a] qualcomm.com>) 2516 1.1 tteras * src/racoon/proposal.c: Fix typo lifebyte -> lifetime. 2517 1.1 tteras * src/racoon/grabmyaddr.c: Prevent segfault if getifaddrs() returns 2518 1.1 tteras an entry with NULL ifa_addr (Michal Ludvig). 2519 1.1 tteras * configure.ac: Change path to kernel headers 2520 1.1 tteras from /usr/src/devel-2.5/devel to /usr/src/linux 2521 1.1 tteras * bootstrap: Use default tools, reconfigure src/racoon 2522 1.1 tteras * src/racoon/configure.in: Change LIBOBJS -> AC_LIBOBJ, 2523 1.1 tteras changed comments from 'dnl' to '#'. 2524 1.1 tteras 2525 1.1 tteras 2003-06-20 Derek Atkins <derek (a] ihtfp.com> 2526 1.1 tteras 2527 1.1 tteras * src/racoon/aclocal.m4: 2528 1.1 tteras * src/racoon/configure: 2529 1.1 tteras Don't execute "for i in $3" if "$3" doesn't exist. 2530 1.1 tteras Fixes bug #721296. 2531 1.1 tteras 2532 1.1 tteras 2003-03-31 Derek Atkins <derek (a] ihtfp.com> 2533 1.1 tteras 2534 1.1 tteras * src/setkey/parse.y: change the NAT-T Type to use UDP_ENCAP_ESPINUDP 2535 1.1 tteras (which is value '2') 2536 1.1 tteras 2537 1.1 tteras 2003-03-27 Derek Atkins <derek (a] ihtfp.com> 2538 1.1 tteras 2539 1.1 tteras * src/libipsec/key_debug.c: use ntohs() before printing port 2540 1.1 tteras * src/libipsec/pfkey.c: convert port# to network byte order 2541 1.1 tteras * src/libipsec/pfkey_dump.c: use ntohs() before printing ports 2542 1.1 tteras * src/setkey/parse.y: convert port#'s to network byte order 2543 1.1 tteras 2544 1.1 tteras 2003-03-24 Derek Atkins <derek (a] ihtfp.com> 2545 1.1 tteras 2546 1.1 tteras * src/libipsec/pfkey.c: Don't switch off NAT-T extensions 2547 1.1 tteras if they don't exist in the kernel. 2548 1.1 tteras 2549 1.1 tteras * src/racoon/sockmisc.c: use '34' for IPV6_IPSEC_POLICY, 2550 1.1 tteras as per Tom Lendacky <toml (a] us.ibm.com>. Also move the 2551 1.1 tteras setting of IPV6_IPSEC_POLICY to the top of the file. 2552 1.1 tteras 2553 1.1 tteras 2003-03-13 Derek Atkins <derek (a] ihtfp.com> 2554 1.1 tteras 2555 1.1 tteras Add initial support for NAT-T PFKey Extensions: 2556 1.1 tteras * src/libipsec/key_debug.c: add support to print information 2557 1.1 tteras about NAT-T extension packets. 2558 1.1 tteras * src/libipsec/libpfkey.h: add two new APIs to support NAT-T 2559 1.1 tteras for add and update as part of the SADB. 2560 1.1 tteras * src/libipsec/pfkey.c: 2561 1.1 tteras - Implement extended APIs to support NAT-T for add and update 2562 1.1 tteras of the SADB. 2563 1.1 tteras - Add APIs to fill a buffer with NAT-T packet types 2564 1.1 tteras * src/libipsec/pfkey_dump.c: Extend the SADB output to include 2565 1.1 tteras PFKey packets. Put port numbers with the source and dest 2566 1.1 tteras addresses, add an 'esp-udp' SA-type, and add a printout for 2567 1.1 tteras the NAT-OA. 2568 1.1 tteras * src/setkey/parse.y: 2569 1.1 tteras - Extend setkey to create an ESP-UDP SA. 2570 1.1 tteras - default UDP port is 4500 2571 1.1 tteras - extend 'add' to allow <ip-addr>[<portnum>] for source and dest 2572 1.1 tteras (the portnum specification requires the [] characters) 2573 1.1 tteras - add an ESPUDP "protocol" from the lexer. This will use 2574 1.1 tteras ESP and allow an optional Original Address setting. 2575 1.1 tteras - add a function to get a udp port from a struct sockaddr * 2576 1.1 tteras - pass the NAT-T extentions into PFKey 2577 1.1 tteras * src/setkey/token.l: add "esp-udp" token 2578 1.1 tteras 2579 1.1 tteras * rpm/ipsec-tools.spec.in: Bill Nottingham's SPEC-file patch: 2580 1.1 tteras This switches it to use %{_lib} (for /lib64 systems such as 2581 1.1 tteras x86-64 and s390x, and has it own the /etc/racoon directory in 2582 1.1 tteras the package as well. 2583 1.1 tteras 2584 1.1 tteras --------------------------------------------- 2585 1.1 tteras 2586 1.1 tteras 0.2.2 released 2587 1.1 tteras 2588 1.1 tteras 2003-03-13 Derek Atkins <derek (a] ihtfp.com> 2589 1.1 tteras 2590 1.1 tteras * configure.am, NEWS: 2591 1.1 tteras Update for 0.2.2 release 2592 1.1 tteras 2593 1.1 tteras * Makefile.am: distribute depcomp 2594 1.1 tteras 2595 1.1 tteras 2003-03-10 Derek Atkins <derek (a] ihtfp.com> 2596 1.1 tteras 2597 1.1 tteras * src/racoon/Makefile.in: add @LEXLIB@ to the LIBS line to make 2598 1.1 tteras sure we link against the lexer library when necessary. 2599 1.1 tteras 2600 1.1 tteras 2003-03-07 Derek Atkins <derek (a] ihtfp.com> 2601 1.1 tteras 2602 1.1 tteras * configure.am: 2603 1.1 tteras * Makefile.am: 2604 1.1 tteras * rpm/Makefile.am: 2605 1.1 tteras * rpm/ipsec-tools.spec.in: 2606 1.1 tteras Added RPM SPEC to CVS 2607 1.1 tteras 2608 1.1 tteras --------------------------------------------- 2609 1.1 tteras 2610 1.1 tteras 0.2.1 released 2611 1.1 tteras 2612 1.1 tteras 2003-03-07 Derek Atkins <derek (a] ihtfp.com> 2613 1.1 tteras 2614 1.1 tteras * src/racoon/configure.in: change "CFLAGS" to "CPPFLAGS" for 2615 1.1 tteras ssl include directory, to make sure the other tests work properly. 2616 1.1 tteras 2617 1.1 tteras 2003-03-06 Derek Atkins <derek (a] ihtfp.com> 2618 1.1 tteras 2619 1.1 tteras * src/racoon/kmpstat.c: fix gcc-3.2.2 compiler warning 2620 1.1 tteras 2621 1.1 tteras * src/racoon/configure.in: look for krb5-config and don't 2622 1.1 tteras use it if it's not found. Fixes a configure-time warning. 2623 1.1 tteras 2624 1.1 tteras -------------------------------------------- 2625 1.1 tteras 2626 1.1 tteras 0.2 Released 2627
Indexes created Sat Feb 28 05:31:39 UTC 2026