Home | History | Annotate | Line # | Download | only in ipsec-tools
NEWS revision 1.4.52.1 
      1 Version history:
      2 ----------------
      3 0.8.x CVS (no official release yet)
      4 	o A lot of code cleanup
      5 	o XXX TODO
      6 
      7 0.8.2	- 27 February 2014
      8 	o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev)
      9 	o Fix source port selection regression from version 0.8.1
     10 	o Various logging improvements
     11 	o Additional compliance and build fixes
     12 
     13 0.8.1	- 08 January 2013
     14 	o Improved X.509 subject name comparation (Gtz Babin-Ebell)
     15 	o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
     16 	o Allow simplified syntax for inherited remote blocks (Roman Antink)
     17 	o Never shring pfkey socket buffer (Marcelo Leitner)
     18 	o Privilege separation child process exit fix
     19 	o Multiple memory allocation and use-after-free fixes
     20 
     21 0.8	- 18 March 2011
     22 	o Fix authentication method ambiguity with kerberos and xauth
     23 	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
     24 	o Local address code rewrite to speed things up
     25 	o Improved MIPv6 support (Arnaud Ebalard)
     26 	o ISAKMP SA (phase1) rekeying
     27 	o Improved scheduler (faster algorithm, support monotonic clock)
     28 	o Handle RESPONDER-LIFETIME in quick mode
     29 	o Handle INITIAL-CONTACT in from main mode too
     30 	o Rewritten event handling framework for admin port
     31 	o Ability to initiate IPsec SA through admin port
     32 	o NAT-T Original Address handling (transport mode NAT-T support)
     33 	o Remove various obsolete configuration options
     34 	o A lot of other bug fixes, performance improvements and clean ups
     35 
     36 0.7.1	- 23 July 2008
     37 	o Fixes a memory leak when invalid proposal received
     38 	o Some fixes in DPD
     39 	o do not set default gss id if xauth is used
     40 	o fixed hybrid enabled builds
     41 	o fixed compilation on FreeBSD8
     42 	o cleanup in network port value manipulation
     43 	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
     44 	  purge_ipsec_spi()
     45 	o Generates a log if cert validation has been disabled by
     46 	  configuration
     47 	o better handling for pfkey socket read errors
     48 	o Fixes in yacc / bison stuff
     49 	o new plog() macro (reduced CPU usage when logging is disabled)
     50 	o Try to work better with huge SPD/SAD
     51 	o Corrected modecfg option syntax
     52 
     53 0.7	- 09 August 2007
     54 	o Xauth with pre-shared key PSK
     55 	o Xauth with certificates
     56 	o SHA2 support
     57 	o pkcs7 support
     58 	o system accounting (utmp)
     59 	o Darwin support
     60 	o configuration can be reloaded
     61 	o Support for UNIQUE generated policies
     62 	o Support for semi anonymous sainfos
     63 	o Support for ph1id to remoteid matching
     64 	o Plain RSA authentication
     65 	o Native LDAP support for Xauth and modecfg
     66 	o Group membership checks for Xauth and sainfo selection
     67 	o Camellia cipher support
     68 	o IKE Fragment force option
     69 	o Modecfg SplitNet attribute support
     70 	o Modecfg SplitDNS attribute support ( server side )
     71 	o Modecfg Default Domain attribute support
     72 	o Modecfg DNS/WINS server multiple attribute support
     73 
     74 0.6	- 27 June 2005
     75 	o Generated policies are now correctly flushed
     76 	o NAT-T works with multiple peers behind the NAT (need kernel support)
     77 	o Xauth can use shadow passwords
     78 	o TCP-MD5 support
     79 	o PAM support for Xauth
     80 	o Privilege separation
     81 	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
     82 	o racoon admin interface is exported (header and library) to 
     83 	  help building control programs for racoon (think GUI)
     84 	o Fixed single DES support; single DES users MUST UPGRADE.
     85 
     86 0.5	- 10 April 2005
     87 	o Rewritten buildsystem. Now completely autoconfed, automaked,
     88 	  libtoolized.
     89 	o IPsec-tools now compiles on NetBSD and FreeBSD again.
     90 	o Support for server-side hybrid authentication, with full 
     91 	  RADIUS supoort. This is interoperable with the Cisco VPN client.
     92 	o Support for client-side hybrid authentication (Tested only with
     93 	  a racoon server)
     94 	o ISAKMP mode config support
     95 	o IKE fragmentation support
     96 	o Fixed FWD policy support.
     97 	o Fixed IPv6 compilation.
     98 	o Readline is optional, fixed setkey when compiled without readline.
     99 	o Configurable Root-CA certificate.
    100 	o Dead Peer Detection (DPD) support.
    101 
    102 0.4rc1	- 09 August 2004
    103 	o Merged support for PlainRSA keys from the 'plainrsa' branch.
    104 	o Inheritance of 'remote{}' sections.
    105 	o Support for SPD policy priorities in setkey.
    106 	o Ciphers are now used through the 'EVP' interface which allows
    107 	  using hardware crypto accelerators.
    108 	o Setkey has new option -n (no action).
    109 	o All source files now have 3-clause BSD license.
    110 
    111 0.3	- 14 April 2004
    112 	o Fixed setkey to handle multiline commands again.
    113 	o Added command 'exit' to setkey.
    114 	o Fixed racoon to only Warn if no CRL was found.
    115 	o Improved testsuite.
    116 
    117 0.3rc5	- 05 April 2004
    118 	o Security bugfix WRT handling X.509 signatures.
    119 	o Stability fix WRT unknown PF_KEY messages.
    120 	o Fixed NAT-T with more proposals (e.g. more crypto algos).
    121 	o Setkey parses lines one by one => doesn't exit on errors.
    122 	o Setkey supports readline => more user friendly.
    123 
    124 0.3rc4	- 25 March 2004
    125 	o Fixed adding "null" encryption via 'setkey'.
    126 	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
    127 	o Fixed NAT-T in aggresive mode.
    128 	o Fixed testsuite and added testsuite run into make check.
    129 
    130 0.3rc3	- 19 March 2004
    131 	o Fixed compilation error with --enble-yydebug
    132 	o Better diagnostic when proposals don't match.
    133 	o Changed/added options to setkey.
    134 
    135 0.3rc2	- 11 March 2004
    136 	o Added documentation for NAT-T
    137 	o Better NAT-T diagnostic.
    138 	o Test and workaround for missing va_copy()
    139 
    140 0.3rc1	- 04 March 2004
    141 	o Support for NAT Traversal (NAT-T)
    142 
    143 0.2.4	- 29 January 2004
    144 	o Sync with KAME as of 2004-01-07
    145 	o Fixed unauthorized deletion of SA in racoon (again).
    146 
    147 0.2.3	- 15 January 2004
    148 	o Support for SA lifetime specified in bytes
    149 	  (see setkey -bs/-bh options)
    150 	o Enhance support for OpenSSL 0.9.7
    151 	o Let racoon be more verbose
    152 	o Fixed some simple bugs (see ChangeLog for details)
    153 	o Fixed unauthorized deletion of SA in racoon
    154 	o Fixed problems on AMD64
    155 	o Ignore multicast addresses for IKE
    156 
    157 0.2.2	- 13 March 2003
    158 	o Fix racoon to build on some systems that require linking against -lfl
    159 	o add an RPM spec to the distribution
    160 
    161 0.2.1	- 07 March 2003
    162 	o Fix some more gcc-3.2.2 compiler warnings
    163 	o Fix racoon to actually configure with ssl in a non-standard location
    164 	o Fix racoon to not complain if krb5-config is not installed
    165 
    166 0.2	- 06 March 2003
    167 	o Glibc-2.3 support
    168 	o OpenSSL-0.9.7 support
    169 	o Fixed duplicate-macro problems
    170 	o Fix racoon lex/yacc support
    171 	o Install psk.txt mode 600, racoon.conf mode 644
    172 	o Fix racoon to look in the correct directory for config files
    173 
    174 0.1	- 03 March 2003
    175 	o Initial release of IPsec-Tools
    176