Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 1 | Version history: |
| 2 | ---------------- |
| 3 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 4 | 0.7.3 - 23 August 2009 |
| 5 | o Fix a remote crash and a memory leak |
| 6 | o Fixed a NAT-T flag check |
| 7 | o Some code cleanups/compilation fixes with recent gcc |
| 8 | |
| 9 | 0.7.2 - 22 April 2009 |
| 10 | o Fix a remote crash in fragmentation code |
| 11 | o Phase2 message identities are phase1 specific (Vista compatibility= |
| 12 | o Autogenerate ChangeLog from cvs metadata |
| 13 | o Fix mode config pool resizing |
| 14 | o NAT-T fixes related to purging of IPsec SA:s and retransmission |
| 15 | o Remove phase1 handler immediately if first exchange is bad |
| 16 | o A bunch of memory leak and possible memory corruptions (triggerable |
| 17 | by bad configuration or startup parameters) |
| 18 | |
| 19 | 0.7.1 - 23 July 2008 |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 20 | o Fixes a memory leak when invalid proposal received |
| 21 | o Some fixes in DPD |
| 22 | o do not set default gss id if xauth is used |
| 23 | o fixed hybrid enabled builds |
| 24 | o fixed compilation on FreeBSD8 |
| 25 | o cleanup in network port value manipulation |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 26 | o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi() |
| 27 | o Generates a log if cert validation has been disabled by configuration |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 28 | o better handling for pfkey socket read errors |
| 29 | o Fixes in yacc / bison stuff |
| 30 | o new plog() macro (reduced CPU usage when logging is disabled) |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 31 | o Try to works better with huge SPD/SAD |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 32 | o Corrected modecfg option syntax |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 33 | o Many other various fixes... |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 34 | |
| 35 | 0.7 - 09 August 2007 |
| 36 | o Xauth with pre-shared key PSK |
| 37 | o Xauth with certificates |
| 38 | o SHA2 support |
| 39 | o pkcs7 support |
| 40 | o system accounting (utmp) |
| 41 | o Darwin support |
| 42 | o configuration can be reloaded |
| 43 | o Support for UNIQUE generated policies |
| 44 | o Support for semi anonymous sainfos |
| 45 | o Support for ph1id to remoteid matching |
| 46 | o Plain RSA authentication |
| 47 | o Native LDAP support for Xauth and modecfg |
| 48 | o Group membership checks for Xauth and sainfo selection |
| 49 | o Camellia cipher support |
| 50 | o IKE Fragment force option |
| 51 | o Modecfg SplitNet attribute support |
| 52 | o Modecfg SplitDNS attribute support ( server side ) |
| 53 | o Modecfg Default Domain attribute support |
| 54 | o Modecfg DNS/WINS server multiple attribute support |
| 55 | |
| 56 | 0.6 - 27 June 2005 |
| 57 | o Generated policies are now correctly flushed |
| 58 | o NAT-T works with multiple peers behind the NAT (need kernel support) |
| 59 | o Xauth can use shadow passwords |
| 60 | o TCP-MD5 support |
| 61 | o PAM support for Xauth |
| 62 | o Privilege separation |
| 63 | o ESP fragmentation in tunnel mode can be tunned (NetBSD only) |
| 64 | o racoon admin interface is exported (header and library) to |
| 65 | help building control programs for racoon (think GUI) |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 66 | o Fixed single DES support; single DES users MUST UPGRADE. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 67 | |
| 68 | 0.5 - 10 April 2005 |
| 69 | o Rewritten buildsystem. Now completely autoconfed, automaked, |
| 70 | libtoolized. |
| 71 | o IPsec-tools now compiles on NetBSD and FreeBSD again. |
| 72 | o Support for server-side hybrid authentication, with full |
| 73 | RADIUS supoort. This is interoperable with the Cisco VPN client. |
| 74 | o Support for client-side hybrid authentication (Tested only with |
| 75 | a racoon server) |
| 76 | o ISAKMP mode config support |
| 77 | o IKE fragmentation support |
| 78 | o Fixed FWD policy support. |
| 79 | o Fixed IPv6 compilation. |
| 80 | o Readline is optional, fixed setkey when compiled without readline. |
| 81 | o Configurable Root-CA certificate. |
| 82 | o Dead Peer Detection (DPD) support. |
| 83 | |
| 84 | 0.4rc1 - 09 August 2004 |
| 85 | o Merged support for PlainRSA keys from the 'plainrsa' branch. |
| 86 | o Inheritance of 'remote{}' sections. |
| 87 | o Support for SPD policy priorities in setkey. |
| 88 | o Ciphers are now used through the 'EVP' interface which allows |
| 89 | using hardware crypto accelerators. |
| 90 | o Setkey has new option -n (no action). |
| 91 | o All source files now have 3-clause BSD license. |
| 92 | |
| 93 | 0.3 - 14 April 2004 |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 94 | o Fixed setkey to handle multiline commands again. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 95 | o Added command 'exit' to setkey. |
| 96 | o Fixed racoon to only Warn if no CRL was found. |
| 97 | o Improved testsuite. |
| 98 | |
| 99 | 0.3rc5 - 05 April 2004 |
| 100 | o Security bugfix WRT handling X.509 signatures. |
| 101 | o Stability fix WRT unknown PF_KEY messages. |
| 102 | o Fixed NAT-T with more proposals (e.g. more crypto algos). |
| 103 | o Setkey parses lines one by one => doesn't exit on errors. |
| 104 | o Setkey supports readline => more user friendly. |
| 105 | |
| 106 | 0.3rc4 - 25 March 2004 |
| 107 | o Fixed adding "null" encryption via 'setkey'. |
| 108 | o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7 |
| 109 | o Fixed NAT-T in aggresive mode. |
| 110 | o Fixed testsuite and added testsuite run into make check. |
| 111 | |
| 112 | 0.3rc3 - 19 March 2004 |
| 113 | o Fixed compilation error with --enble-yydebug |
| 114 | o Better diagnostic when proposals don't match. |
| 115 | o Changed/added options to setkey. |
| 116 | |
| 117 | 0.3rc2 - 11 March 2004 |
| 118 | o Added documentation for NAT-T |
| 119 | o Better NAT-T diagnostic. |
| 120 | o Test and workaround for missing va_copy() |
| 121 | |
| 122 | 0.3rc1 - 04 March 2004 |
| 123 | o Support for NAT Traversal (NAT-T) |
| 124 | |
| 125 | 0.2.4 - 29 January 2004 |
| 126 | o Sync with KAME as of 2004-01-07 |
| 127 | o Fixed unauthorized deletion of SA in racoon (again). |
| 128 | |
| 129 | 0.2.3 - 15 January 2004 |
| 130 | o Support for SA lifetime specified in bytes |
| 131 | (see setkey -bs/-bh options) |
| 132 | o Enhance support for OpenSSL 0.9.7 |
| 133 | o Let racoon be more verbose |
| 134 | o Fixed some simple bugs (see ChangeLog for details) |
| 135 | o Fixed unauthorized deletion of SA in racoon |
| 136 | o Fixed problems on AMD64 |
| 137 | o Ignore multicast addresses for IKE |
| 138 | |
| 139 | 0.2.2 - 13 March 2003 |
| 140 | o Fix racoon to build on some systems that require linking against -lfl |
| 141 | o add an RPM spec to the distribution |
| 142 | |
| 143 | 0.2.1 - 07 March 2003 |
| 144 | o Fix some more gcc-3.2.2 compiler warnings |
| 145 | o Fix racoon to actually configure with ssl in a non-standard location |
| 146 | o Fix racoon to not complain if krb5-config is not installed |
| 147 | |
| 148 | 0.2 - 06 March 2003 |
| 149 | o Glibc-2.3 support |
| 150 | o OpenSSL-0.9.7 support |
| 151 | o Fixed duplicate-macro problems |
| 152 | o Fix racoon lex/yacc support |
| 153 | o Install psk.txt mode 600, racoon.conf mode 644 |
| 154 | o Fix racoon to look in the correct directory for config files |
| 155 | |
| 156 | 0.1 - 03 March 2003 |
| 157 | o Initial release of IPsec-Tools |