Home | History | Annotate | Line # | Download | only in ipsec-tools
NEWS revision 1.4.6.3 
      1 Version history:
      2 ----------------
      3 0.8.2	- 27 February 2014
      4 	o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev)
      5 	o Fix source port selection regression from version 0.8.1
      6 	o Various logging improvements
      7 	o Additional compliance and build fixes
      8 
      9 0.8.1	- 08 January 2013
     10 	o Improved X.509 subject name comparation (Gtz Babin-Ebell)
     11 	o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
     12 	o Allow simplified syntax for inherited remote blocks (Roman Antink)
     13 	o Never shring pfkey socket buffer (Marcelo Leitner)
     14 	o Privilege separation child process exit fix
     15 	o Multiple memory allocation and use-after-free fixes
     16 
     17 0.8	- 18 March 2011
     18 	o Fix authentication method ambiguity with kerberos and xauth
     19 	o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
     20 	o Local address code rewrite to speed things up
     21 	o Improved MIPv6 support (Arnaud Ebalard)
     22 	o ISAKMP SA (phase1) rekeying
     23 	o Improved scheduler (faster algorithm, support monotonic clock)
     24 	o Handle RESPONDER-LIFETIME in quick mode
     25 	o Handle INITIAL-CONTACT in from main mode too
     26 	o Rewritten event handling framework for admin port
     27 	o Ability to initiate IPsec SA through admin port
     28 	o NAT-T Original Address handling (transport mode NAT-T support)
     29 	o clean NAT-T - PFkey support
     30 	o support for multiple anonymous remoteconfs
     31 	o Remove various obsolete configuration options
     32 	o A lot of other bug fixes, performance improvements and clean ups
     33 
     34 0.7.1	- 23 July 2008
     35 	o Fixes a memory leak when invalid proposal received
     36 	o Some fixes in DPD
     37 	o do not set default gss id if xauth is used
     38 	o fixed hybrid enabled builds
     39 	o fixed compilation on FreeBSD8
     40 	o cleanup in network port value manipulation
     41 	o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
     42 	  purge_ipsec_spi()
     43 	o Generates a log if cert validation has been disabled by
     44 	  configuration
     45 	o better handling for pfkey socket read errors
     46 	o Fixes in yacc / bison stuff
     47 	o new plog() macro (reduced CPU usage when logging is disabled)
     48 	o Try to work better with huge SPD/SAD
     49 	o Corrected modecfg option syntax
     50 
     51 0.7	- 09 August 2007
     52 	o Xauth with pre-shared key PSK
     53 	o Xauth with certificates
     54 	o SHA2 support
     55 	o pkcs7 support
     56 	o system accounting (utmp)
     57 	o Darwin support
     58 	o configuration can be reloaded
     59 	o Support for UNIQUE generated policies
     60 	o Support for semi anonymous sainfos
     61 	o Support for ph1id to remoteid matching
     62 	o Plain RSA authentication
     63 	o Native LDAP support for Xauth and modecfg
     64 	o Group membership checks for Xauth and sainfo selection
     65 	o Camellia cipher support
     66 	o IKE Fragment force option
     67 	o Modecfg SplitNet attribute support
     68 	o Modecfg SplitDNS attribute support ( server side )
     69 	o Modecfg Default Domain attribute support
     70 	o Modecfg DNS/WINS server multiple attribute support
     71 
     72 0.6	- 27 June 2005
     73 	o Generated policies are now correctly flushed
     74 	o NAT-T works with multiple peers behind the NAT (need kernel support)
     75 	o Xauth can use shadow passwords
     76 	o TCP-MD5 support
     77 	o PAM support for Xauth
     78 	o Privilege separation
     79 	o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
     80 	o racoon admin interface is exported (header and library) to 
     81 	  help building control programs for racoon (think GUI)
     82 	o Fixed single DES support; single DES users MUST UPGRADE.
     83 
     84 0.5	- 10 April 2005
     85 	o Rewritten buildsystem. Now completely autoconfed, automaked,
     86 	  libtoolized.
     87 	o IPsec-tools now compiles on NetBSD and FreeBSD again.
     88 	o Support for server-side hybrid authentication, with full 
     89 	  RADIUS supoort. This is interoperable with the Cisco VPN client.
     90 	o Support for client-side hybrid authentication (Tested only with
     91 	  a racoon server)
     92 	o ISAKMP mode config support
     93 	o IKE fragmentation support
     94 	o Fixed FWD policy support.
     95 	o Fixed IPv6 compilation.
     96 	o Readline is optional, fixed setkey when compiled without readline.
     97 	o Configurable Root-CA certificate.
     98 	o Dead Peer Detection (DPD) support.
     99 
    100 0.4rc1	- 09 August 2004
    101 	o Merged support for PlainRSA keys from the 'plainrsa' branch.
    102 	o Inheritance of 'remote{}' sections.
    103 	o Support for SPD policy priorities in setkey.
    104 	o Ciphers are now used through the 'EVP' interface which allows
    105 	  using hardware crypto accelerators.
    106 	o Setkey has new option -n (no action).
    107 	o All source files now have 3-clause BSD license.
    108 
    109 0.3	- 14 April 2004
    110 	o Fixed setkey to handle multiline commands again.
    111 	o Added command 'exit' to setkey.
    112 	o Fixed racoon to only Warn if no CRL was found.
    113 	o Improved testsuite.
    114 
    115 0.3rc5	- 05 April 2004
    116 	o Security bugfix WRT handling X.509 signatures.
    117 	o Stability fix WRT unknown PF_KEY messages.
    118 	o Fixed NAT-T with more proposals (e.g. more crypto algos).
    119 	o Setkey parses lines one by one => doesn't exit on errors.
    120 	o Setkey supports readline => more user friendly.
    121 
    122 0.3rc4	- 25 March 2004
    123 	o Fixed adding "null" encryption via 'setkey'.
    124 	o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
    125 	o Fixed NAT-T in aggresive mode.
    126 	o Fixed testsuite and added testsuite run into make check.
    127 
    128 0.3rc3	- 19 March 2004
    129 	o Fixed compilation error with --enble-yydebug
    130 	o Better diagnostic when proposals don't match.
    131 	o Changed/added options to setkey.
    132 
    133 0.3rc2	- 11 March 2004
    134 	o Added documentation for NAT-T
    135 	o Better NAT-T diagnostic.
    136 	o Test and workaround for missing va_copy()
    137 
    138 0.3rc1	- 04 March 2004
    139 	o Support for NAT Traversal (NAT-T)
    140 
    141 0.2.4	- 29 January 2004
    142 	o Sync with KAME as of 2004-01-07
    143 	o Fixed unauthorized deletion of SA in racoon (again).
    144 
    145 0.2.3	- 15 January 2004
    146 	o Support for SA lifetime specified in bytes
    147 	  (see setkey -bs/-bh options)
    148 	o Enhance support for OpenSSL 0.9.7
    149 	o Let racoon be more verbose
    150 	o Fixed some simple bugs (see ChangeLog for details)
    151 	o Fixed unauthorized deletion of SA in racoon
    152 	o Fixed problems on AMD64
    153 	o Ignore multicast addresses for IKE
    154 
    155 0.2.2	- 13 March 2003
    156 	o Fix racoon to build on some systems that require linking against -lfl
    157 	o add an RPM spec to the distribution
    158 
    159 0.2.1	- 07 March 2003
    160 	o Fix some more gcc-3.2.2 compiler warnings
    161 	o Fix racoon to actually configure with ssl in a non-standard location
    162 	o Fix racoon to not complain if krb5-config is not installed
    163 
    164 0.2	- 06 March 2003
    165 	o Glibc-2.3 support
    166 	o OpenSSL-0.9.7 support
    167 	o Fixed duplicate-macro problems
    168 	o Fix racoon lex/yacc support
    169 	o Install psk.txt mode 600, racoon.conf mode 644
    170 	o Fix racoon to look in the correct directory for config files
    171 
    172 0.1	- 03 March 2003
    173 	o Initial release of IPsec-Tools
    174