Home | History | Annotate | Line # | Download | only in ipsec-tools
NEWS revision 1.1.1.6.6.4
      1 Version history:
      2 ----------------
      3 
      4 0.7.2 - 22 April 2009
      5 	o Fix a remote crash in fragmentation code
      6 	o Phase2 message identities are phase1 specific (Vista compatibility=
      7 	o Autogenerate ChangeLog from cvs metadata
      8 	o Fix mode config pool resizing
      9 	o NAT-T fixes related to purging of IPsec SA:s and retransmission
     10 	o Remove phase1 handler immediately if first exchange is bad
     11 	o A bunch of memory leak and possible memory corruptions (triggerable
     12 	  by bad configuration or startup parameters)
     13 
     14 0.7.1 - 23 July 2008
     15 	o Fixes a memory leak when invalid proposal received
     16 	o Some fixes in DPD
     17 	o do not set default gss id if xauth is used
     18 	o fixed hybrid enabled builds
     19 	o fixed compilation on FreeBSD8
     20 	o cleanup in network port value manipulation
     21 	o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
     22 	o Generates a log if cert validation has been disabled by configuration
     23 	o better handling for pfkey socket read errors
     24 	o Fixes in yacc / bison stuff
     25 	o new plog() macro (reduced CPU usage when logging is disabled)
     26 	o Try to works better with huge SPD/SAD
     27 	o Corrected modecfg option syntax
     28 	o Many other various fixes...
     29 
     30 0.7	- 09 August 2007
     31 	o Xauth with pre-shared key PSK
     32 	o Xauth with certificates
     33 	o SHA2 support
     34 	o pkcs7 support
     35 	o system accounting (utmp)
     36 	o Darwin support
     37 	o configuration can be reloaded
     38 	o Support for UNIQUE generated policies
     39 	o Support for semi anonymous sainfos
     40 	o Support for ph1id to remoteid matching
     41 	o Plain RSA authentication
     42 	o Native LDAP support for Xauth and modecfg
     43 	o Group membership checks for Xauth and sainfo selection
     44 	o Camellia cipher support
     45 	o IKE Fragment force option
     46 	o Modecfg SplitNet attribute support
     47 	o Modecfg SplitDNS attribute support ( server side )
     48 	o Modecfg Default Domain attribute support
     49 	o Modecfg DNS/WINS server multiple attribute support
     50 
     51 0.6	- 27 June 2005
     52 	o Generated policies are now correctly flushed
     53 	o NAT-T works with multiple peers behind the NAT (need kernel support)
     54 	o Xauth can use shadow passwords
     55 	o TCP-MD5 support
     56 	o PAM support for Xauth
     57 	o Privilege separation
     58 	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
     59 	o racoon admin interface is exported (header and library) to 
     60 	  help building control programs for racoon (think GUI)
     61  	o Fixed single DES support; single DES users MUST UPGRADE.
     62 
     63 0.5	- 10 April 2005
     64 	o Rewritten buildsystem. Now completely autoconfed, automaked,
     65 	  libtoolized.
     66 	o IPsec-tools now compiles on NetBSD and FreeBSD again.
     67 	o Support for server-side hybrid authentication, with full 
     68 	  RADIUS supoort. This is interoperable with the Cisco VPN client.
     69 	o Support for client-side hybrid authentication (Tested only with
     70 	  a racoon server)
     71 	o ISAKMP mode config support
     72 	o IKE fragmentation support
     73 	o Fixed FWD policy support.
     74 	o Fixed IPv6 compilation.
     75 	o Readline is optional, fixed setkey when compiled without readline.
     76 	o Configurable Root-CA certificate.
     77 	o Dead Peer Detection (DPD) support.
     78 
     79 0.4rc1	- 09 August 2004
     80 	o Merged support for PlainRSA keys from the 'plainrsa' branch.
     81 	o Inheritance of 'remote{}' sections.
     82 	o Support for SPD policy priorities in setkey.
     83 	o Ciphers are now used through the 'EVP' interface which allows
     84 	  using hardware crypto accelerators.
     85 	o Setkey has new option -n (no action).
     86 	o All source files now have 3-clause BSD license.
     87 
     88 0.3	- 14 April 2004
     89         o Fixed setkey to handle multiline commands again.
     90 	o Added command 'exit' to setkey.
     91 	o Fixed racoon to only Warn if no CRL was found.
     92 	o Improved testsuite.
     93 
     94 0.3rc5	- 05 April 2004
     95 	o Security bugfix WRT handling X.509 signatures.
     96 	o Stability fix WRT unknown PF_KEY messages.
     97 	o Fixed NAT-T with more proposals (e.g. more crypto algos).
     98 	o Setkey parses lines one by one => doesn't exit on errors.
     99 	o Setkey supports readline => more user friendly.
    100 
    101 0.3rc4	- 25 March 2004
    102 	o Fixed adding "null" encryption via 'setkey'.
    103 	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
    104 	o Fixed NAT-T in aggresive mode.
    105 	o Fixed testsuite and added testsuite run into make check.
    106 
    107 0.3rc3	- 19 March 2004
    108 	o Fixed compilation error with --enble-yydebug
    109 	o Better diagnostic when proposals don't match.
    110 	o Changed/added options to setkey.
    111 
    112 0.3rc2	- 11 March 2004
    113 	o Added documentation for NAT-T
    114 	o Better NAT-T diagnostic.
    115 	o Test and workaround for missing va_copy()
    116 
    117 0.3rc1	- 04 March 2004
    118 	o Support for NAT Traversal (NAT-T)
    119 
    120 0.2.4	- 29 January 2004
    121 	o Sync with KAME as of 2004-01-07
    122 	o Fixed unauthorized deletion of SA in racoon (again).
    123 
    124 0.2.3	- 15 January 2004
    125 	o Support for SA lifetime specified in bytes
    126 	  (see setkey -bs/-bh options)
    127 	o Enhance support for OpenSSL 0.9.7
    128 	o Let racoon be more verbose
    129 	o Fixed some simple bugs (see ChangeLog for details)
    130 	o Fixed unauthorized deletion of SA in racoon
    131 	o Fixed problems on AMD64
    132 	o Ignore multicast addresses for IKE
    133 
    134 0.2.2	- 13 March 2003
    135 	o Fix racoon to build on some systems that require linking against -lfl
    136 	o add an RPM spec to the distribution
    137 
    138 0.2.1	- 07 March 2003
    139 	o Fix some more gcc-3.2.2 compiler warnings
    140 	o Fix racoon to actually configure with ssl in a non-standard location
    141 	o Fix racoon to not complain if krb5-config is not installed
    142 
    143 0.2	- 06 March 2003
    144 	o Glibc-2.3 support
    145 	o OpenSSL-0.9.7 support
    146 	o Fixed duplicate-macro problems
    147 	o Fix racoon lex/yacc support
    148 	o Install psk.txt mode 600, racoon.conf mode 644
    149 	o Fix racoon to look in the correct directory for config files
    150 
    151 0.1	- 03 March 2003
    152 	o Initial release of IPsec-Tools
    153