Home | History | Annotate | Line # | Download | only in ipsec-tools
NEWS revision 1.4.6.2 
      1 Version history:
      2 ----------------
      3 0.8.1	- 08 January 2013
      4 	o Improved X.509 subject name comparation (Gtz Babin-Ebell)
      5 	o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
      6 	o Allow simplified syntax for inherited remote blocks (Roman Antink)
      7 	o Never shring pfkey socket buffer (Marcelo Leitner)
      8 	o Privilege separation child process exit fix
      9 	o Multiple memory allocation and use-after-free fixes
     10 
     11 0.8	- 18 March 2011
     12 	o Fix authentication method ambiguity with kerberos and xauth
     13 	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
     14 	o Local address code rewrite to speed things up
     15 	o Improved MIPv6 support (Arnaud Ebalard)
     16 	o ISAKMP SA (phase1) rekeying
     17 	o Improved scheduler (faster algorithm, support monotonic clock)
     18 	o Handle RESPONDER-LIFETIME in quick mode
     19 	o Handle INITIAL-CONTACT in from main mode too
     20 	o Rewritten event handling framework for admin port
     21 	o Ability to initiate IPsec SA through admin port
     22 	o NAT-T Original Address handling (transport mode NAT-T support)
     23 	o clean NAT-T - PFkey support
     24 	o support for multiple anonymous remoteconfs
     25 	o Remove various obsolete configuration options
     26 	o A lot of other bug fixes, performance improvements and clean ups
     27 
     28 0.7.1	- 23 July 2008
     29 	o Fixes a memory leak when invalid proposal received
     30 	o Some fixes in DPD
     31 	o do not set default gss id if xauth is used
     32 	o fixed hybrid enabled builds
     33 	o fixed compilation on FreeBSD8
     34 	o cleanup in network port value manipulation
     35 	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
     36 	  purge_ipsec_spi()
     37 	o Generates a log if cert validation has been disabled by
     38 	  configuration
     39 	o better handling for pfkey socket read errors
     40 	o Fixes in yacc / bison stuff
     41 	o new plog() macro (reduced CPU usage when logging is disabled)
     42 	o Try to work better with huge SPD/SAD
     43 	o Corrected modecfg option syntax
     44 
     45 0.7	- 09 August 2007
     46 	o Xauth with pre-shared key PSK
     47 	o Xauth with certificates
     48 	o SHA2 support
     49 	o pkcs7 support
     50 	o system accounting (utmp)
     51 	o Darwin support
     52 	o configuration can be reloaded
     53 	o Support for UNIQUE generated policies
     54 	o Support for semi anonymous sainfos
     55 	o Support for ph1id to remoteid matching
     56 	o Plain RSA authentication
     57 	o Native LDAP support for Xauth and modecfg
     58 	o Group membership checks for Xauth and sainfo selection
     59 	o Camellia cipher support
     60 	o IKE Fragment force option
     61 	o Modecfg SplitNet attribute support
     62 	o Modecfg SplitDNS attribute support ( server side )
     63 	o Modecfg Default Domain attribute support
     64 	o Modecfg DNS/WINS server multiple attribute support
     65 
     66 0.6	- 27 June 2005
     67 	o Generated policies are now correctly flushed
     68 	o NAT-T works with multiple peers behind the NAT (need kernel support)
     69 	o Xauth can use shadow passwords
     70 	o TCP-MD5 support
     71 	o PAM support for Xauth
     72 	o Privilege separation
     73 	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
     74 	o racoon admin interface is exported (header and library) to 
     75 	  help building control programs for racoon (think GUI)
     76 	o Fixed single DES support; single DES users MUST UPGRADE.
     77 
     78 0.5	- 10 April 2005
     79 	o Rewritten buildsystem. Now completely autoconfed, automaked,
     80 	  libtoolized.
     81 	o IPsec-tools now compiles on NetBSD and FreeBSD again.
     82 	o Support for server-side hybrid authentication, with full 
     83 	  RADIUS supoort. This is interoperable with the Cisco VPN client.
     84 	o Support for client-side hybrid authentication (Tested only with
     85 	  a racoon server)
     86 	o ISAKMP mode config support
     87 	o IKE fragmentation support
     88 	o Fixed FWD policy support.
     89 	o Fixed IPv6 compilation.
     90 	o Readline is optional, fixed setkey when compiled without readline.
     91 	o Configurable Root-CA certificate.
     92 	o Dead Peer Detection (DPD) support.
     93 
     94 0.4rc1	- 09 August 2004
     95 	o Merged support for PlainRSA keys from the 'plainrsa' branch.
     96 	o Inheritance of 'remote{}' sections.
     97 	o Support for SPD policy priorities in setkey.
     98 	o Ciphers are now used through the 'EVP' interface which allows
     99 	  using hardware crypto accelerators.
    100 	o Setkey has new option -n (no action).
    101 	o All source files now have 3-clause BSD license.
    102 
    103 0.3	- 14 April 2004
    104 	o Fixed setkey to handle multiline commands again.
    105 	o Added command 'exit' to setkey.
    106 	o Fixed racoon to only Warn if no CRL was found.
    107 	o Improved testsuite.
    108 
    109 0.3rc5	- 05 April 2004
    110 	o Security bugfix WRT handling X.509 signatures.
    111 	o Stability fix WRT unknown PF_KEY messages.
    112 	o Fixed NAT-T with more proposals (e.g. more crypto algos).
    113 	o Setkey parses lines one by one => doesn't exit on errors.
    114 	o Setkey supports readline => more user friendly.
    115 
    116 0.3rc4	- 25 March 2004
    117 	o Fixed adding "null" encryption via 'setkey'.
    118 	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
    119 	o Fixed NAT-T in aggresive mode.
    120 	o Fixed testsuite and added testsuite run into make check.
    121 
    122 0.3rc3	- 19 March 2004
    123 	o Fixed compilation error with --enble-yydebug
    124 	o Better diagnostic when proposals don't match.
    125 	o Changed/added options to setkey.
    126 
    127 0.3rc2	- 11 March 2004
    128 	o Added documentation for NAT-T
    129 	o Better NAT-T diagnostic.
    130 	o Test and workaround for missing va_copy()
    131 
    132 0.3rc1	- 04 March 2004
    133 	o Support for NAT Traversal (NAT-T)
    134 
    135 0.2.4	- 29 January 2004
    136 	o Sync with KAME as of 2004-01-07
    137 	o Fixed unauthorized deletion of SA in racoon (again).
    138 
    139 0.2.3	- 15 January 2004
    140 	o Support for SA lifetime specified in bytes
    141 	  (see setkey -bs/-bh options)
    142 	o Enhance support for OpenSSL 0.9.7
    143 	o Let racoon be more verbose
    144 	o Fixed some simple bugs (see ChangeLog for details)
    145 	o Fixed unauthorized deletion of SA in racoon
    146 	o Fixed problems on AMD64
    147 	o Ignore multicast addresses for IKE
    148 
    149 0.2.2	- 13 March 2003
    150 	o Fix racoon to build on some systems that require linking against -lfl
    151 	o add an RPM spec to the distribution
    152 
    153 0.2.1	- 07 March 2003
    154 	o Fix some more gcc-3.2.2 compiler warnings
    155 	o Fix racoon to actually configure with ssl in a non-standard location
    156 	o Fix racoon to not complain if krb5-config is not installed
    157 
    158 0.2	- 06 March 2003
    159 	o Glibc-2.3 support
    160 	o OpenSSL-0.9.7 support
    161 	o Fixed duplicate-macro problems
    162 	o Fix racoon lex/yacc support
    163 	o Install psk.txt mode 600, racoon.conf mode 644
    164 	o Fix racoon to look in the correct directory for config files
    165 
    166 0.1	- 03 March 2003
    167 	o Initial release of IPsec-Tools
    168