NEWS revision 1.1.1.6.6.4
1 Version history: 2 ---------------- 3 4 0.7.2 - 22 April 2009 5 o Fix a remote crash in fragmentation code 6 o Phase2 message identities are phase1 specific (Vista compatibility= 7 o Autogenerate ChangeLog from cvs metadata 8 o Fix mode config pool resizing 9 o NAT-T fixes related to purging of IPsec SA:s and retransmission 10 o Remove phase1 handler immediately if first exchange is bad 11 o A bunch of memory leak and possible memory corruptions (triggerable 12 by bad configuration or startup parameters) 13 14 0.7.1 - 23 July 2008 15 o Fixes a memory leak when invalid proposal received 16 o Some fixes in DPD 17 o do not set default gss id if xauth is used 18 o fixed hybrid enabled builds 19 o fixed compilation on FreeBSD8 20 o cleanup in network port value manipulation 21 o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi() 22 o Generates a log if cert validation has been disabled by configuration 23 o better handling for pfkey socket read errors 24 o Fixes in yacc / bison stuff 25 o new plog() macro (reduced CPU usage when logging is disabled) 26 o Try to works better with huge SPD/SAD 27 o Corrected modecfg option syntax 28 o Many other various fixes... 29 30 0.7 - 09 August 2007 31 o Xauth with pre-shared key PSK 32 o Xauth with certificates 33 o SHA2 support 34 o pkcs7 support 35 o system accounting (utmp) 36 o Darwin support 37 o configuration can be reloaded 38 o Support for UNIQUE generated policies 39 o Support for semi anonymous sainfos 40 o Support for ph1id to remoteid matching 41 o Plain RSA authentication 42 o Native LDAP support for Xauth and modecfg 43 o Group membership checks for Xauth and sainfo selection 44 o Camellia cipher support 45 o IKE Fragment force option 46 o Modecfg SplitNet attribute support 47 o Modecfg SplitDNS attribute support ( server side ) 48 o Modecfg Default Domain attribute support 49 o Modecfg DNS/WINS server multiple attribute support 50 51 0.6 - 27 June 2005 52 o Generated policies are now correctly flushed 53 o NAT-T works with multiple peers behind the NAT (need kernel support) 54 o Xauth can use shadow passwords 55 o TCP-MD5 support 56 o PAM support for Xauth 57 o Privilege separation 58 o ESP fragmentation in tunnel mode can be tunned (NetBSD only) 59 o racoon admin interface is exported (header and library) to 60 help building control programs for racoon (think GUI) 61 o Fixed single DES support; single DES users MUST UPGRADE. 62 63 0.5 - 10 April 2005 64 o Rewritten buildsystem. Now completely autoconfed, automaked, 65 libtoolized. 66 o IPsec-tools now compiles on NetBSD and FreeBSD again. 67 o Support for server-side hybrid authentication, with full 68 RADIUS supoort. This is interoperable with the Cisco VPN client. 69 o Support for client-side hybrid authentication (Tested only with 70 a racoon server) 71 o ISAKMP mode config support 72 o IKE fragmentation support 73 o Fixed FWD policy support. 74 o Fixed IPv6 compilation. 75 o Readline is optional, fixed setkey when compiled without readline. 76 o Configurable Root-CA certificate. 77 o Dead Peer Detection (DPD) support. 78 79 0.4rc1 - 09 August 2004 80 o Merged support for PlainRSA keys from the 'plainrsa' branch. 81 o Inheritance of 'remote{}' sections. 82 o Support for SPD policy priorities in setkey. 83 o Ciphers are now used through the 'EVP' interface which allows 84 using hardware crypto accelerators. 85 o Setkey has new option -n (no action). 86 o All source files now have 3-clause BSD license. 87 88 0.3 - 14 April 2004 89 o Fixed setkey to handle multiline commands again. 90 o Added command 'exit' to setkey. 91 o Fixed racoon to only Warn if no CRL was found. 92 o Improved testsuite. 93 94 0.3rc5 - 05 April 2004 95 o Security bugfix WRT handling X.509 signatures. 96 o Stability fix WRT unknown PF_KEY messages. 97 o Fixed NAT-T with more proposals (e.g. more crypto algos). 98 o Setkey parses lines one by one => doesn't exit on errors. 99 o Setkey supports readline => more user friendly. 100 101 0.3rc4 - 25 March 2004 102 o Fixed adding "null" encryption via 'setkey'. 103 o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 104 o Fixed NAT-T in aggresive mode. 105 o Fixed testsuite and added testsuite run into make check. 106 107 0.3rc3 - 19 March 2004 108 o Fixed compilation error with --enble-yydebug 109 o Better diagnostic when proposals don't match. 110 o Changed/added options to setkey. 111 112 0.3rc2 - 11 March 2004 113 o Added documentation for NAT-T 114 o Better NAT-T diagnostic. 115 o Test and workaround for missing va_copy() 116 117 0.3rc1 - 04 March 2004 118 o Support for NAT Traversal (NAT-T) 119 120 0.2.4 - 29 January 2004 121 o Sync with KAME as of 2004-01-07 122 o Fixed unauthorized deletion of SA in racoon (again). 123 124 0.2.3 - 15 January 2004 125 o Support for SA lifetime specified in bytes 126 (see setkey -bs/-bh options) 127 o Enhance support for OpenSSL 0.9.7 128 o Let racoon be more verbose 129 o Fixed some simple bugs (see ChangeLog for details) 130 o Fixed unauthorized deletion of SA in racoon 131 o Fixed problems on AMD64 132 o Ignore multicast addresses for IKE 133 134 0.2.2 - 13 March 2003 135 o Fix racoon to build on some systems that require linking against -lfl 136 o add an RPM spec to the distribution 137 138 0.2.1 - 07 March 2003 139 o Fix some more gcc-3.2.2 compiler warnings 140 o Fix racoon to actually configure with ssl in a non-standard location 141 o Fix racoon to not complain if krb5-config is not installed 142 143 0.2 - 06 March 2003 144 o Glibc-2.3 support 145 o OpenSSL-0.9.7 support 146 o Fixed duplicate-macro problems 147 o Fix racoon lex/yacc support 148 o Install psk.txt mode 600, racoon.conf mode 644 149 o Fix racoon to look in the correct directory for config files 150 151 0.1 - 03 March 2003 152 o Initial release of IPsec-Tools 153
Indexes created Sat Feb 28 05:31:39 UTC 2026