Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 1 | 2009-08-13 tag ipsec-tools-0_7_3 |
Chia-chi Yeh | 051f86d | 2009-09-02 15:00:23 +0800 | [diff] [blame] | 2 | |
| 3 | 2009-08-13 Yvan Vanhullebus <vanhu@netasq.com> |
| 4 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 5 | * NEWS, configure.ac: 0.7.3 release |
| 6 | |
Chia-chi Yeh | 051f86d | 2009-09-02 15:00:23 +0800 | [diff] [blame] | 7 | * src/racoon/oakley.c: fixed a potential DoS in |
| 8 | oakley_do_decrypt(), reported by Orange Labs |
| 9 | |
| 10 | 2009-08-06 Timo Teras <timo.teras@iki.fi> |
| 11 | |
| 12 | * src/setkey/setkey.c: From Paul Wenau: Check fgets return value in |
| 13 | setkey to make gcc happy. |
| 14 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 15 | 2009-06-19 Timo Teras <timo.teras@iki.fi> |
Chia-chi Yeh | 051f86d | 2009-09-02 15:00:23 +0800 | [diff] [blame] | 16 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 17 | * src/racoon/ipsec_doi.c: Backport S.P.Zeidler's fix to IPv6 |
| 18 | address related stack smashing in ipsecdoi_id2str() from CVS HEAD. |
Chia-chi Yeh | 051f86d | 2009-09-02 15:00:23 +0800 | [diff] [blame] | 19 | |
| 20 | 2009-05-18 Timo Teras <timo.teras@iki.fi> |
| 21 | |
| 22 | * src/racoon/isakmp_inf.c: From Tomas Mraz: Remove variable that is |
| 23 | not really used; only referenced while uninitialized causing |
| 24 | valgrind error. |
| 25 | |
| 26 | * src/racoon/nattraversal.c: From Tomas Mraz: Fix natt_flags check. |
| 27 | |
| 28 | 2009-04-29 Timo Teras <timo.teras@iki.fi> |
| 29 | |
| 30 | * src/racoon/crypto_openssl.c: From Ross Meng: Fix a memory leak in |
| 31 | X509 certificate validation. |
| 32 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 33 | 2009-04-22 tag ipsec-tools-0_7_2 |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 34 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 35 | 2009-04-22 Timo Teras <timo.teras@iki.fi> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 36 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 37 | * NEWS, configure.ac: Updates for 0.7.2 release |
| 38 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 39 | * src/racoon/isakmp_frag.c: From Neil Kettle: Fix a possible null |
| 40 | pointer dereference in fragmentation code. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 41 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 42 | 2009-04-20 Timo Teras <timo.teras@iki.fi> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 43 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 44 | * src/racoon/: isakmp_inf.c, isakmp_xauth.c, plog.c: Orignally from |
| 45 | Bin Li: Fix possible memory corruption in binsanitize(). |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 46 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 47 | * src/racoon/crypto_openssl.c: From Stephen Bevan: Fix a x509 |
| 48 | signature verification memory leak. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 49 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 50 | * src/racoon/: admin.c, racoonctl.c: Originally from Bin Li: Fix a |
| 51 | crash with racoonctl logout user. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 52 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 53 | * src/racoon/nattraversal.c: Fix a memory leak in nat-t keepalive |
| 54 | code. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 55 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 56 | * src/racoon/handler.c: From Paul Moore: Phase2 message id's should |
| 57 | be unique wrt phase1, not globally. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 58 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 59 | 2009-02-16 Timo Teras <timo.teras@iki.fi> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 60 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 61 | * src/libipsec/policy_parse.y: From Paul Moore: Fix a heap |
| 62 | corruption bug (yacc return non-null terminated buffer and sprintf |
| 63 | writes over bounds). |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 64 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 65 | 2009-01-20 Timo Teras <timo.teras@iki.fi> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 66 | |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 67 | * configure.ac: Fix a CPPLAGS typo to CPPFLAGS which was intended |
| 68 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 69 | * misc/cvs2cl.pl, misc/cvsusermap, Makefile.am: Autogenerate |
| 70 | ChangeLog from NetBSD CVS. Put sourceforge.net changes to |
| 71 | ChangeLog.old. |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 72 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 73 | * misc/cvs2cl.pl: file cvs2cl.pl was added on branch |
| 74 | ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000 |
Chia-chi Yeh | f8a6a76 | 2011-07-04 17:21:23 -0700 | [diff] [blame] | 75 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 76 | * misc/cvsusermap: file cvsusermap was added on branch |
| 77 | ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000 |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 78 | |
| 79 | 2008-11-27 Yvan Vanhullebus <vanhu@netasq.com> |
| 80 | |
| 81 | * src/racoon/main.c: Set up a default value for Mode Config Pool |
| 82 | size if pool address specified but pool size not specified |
| 83 | |
| 84 | * src/racoon/isakmp_cfg.c: Fixed pool resizing |
| 85 | |
| 86 | 2008-09-25 Yvan Vanhullebus <vanhu@netasq.com> |
| 87 | |
| 88 | * src/racoon/isakmp.c: Fixed resending mechanism to have non-ESP |
| 89 | marker for retransmitted packets |
| 90 | |
| 91 | 2008-09-17 Yvan Vanhullebus <vanhu@netasq.com> |
| 92 | |
| 93 | * src/racoon/isakmp_inf.c: Fixed port match in purge_ipsec_spi() |
| 94 | when NAT-T enabled and trying to purge non NAT-T SAs |
| 95 | |
| 96 | 2008-08-12 Yvan Vanhullebus <vanhu@netasq.com> |
| 97 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 98 | * src/racoon/isakmp.c: From Krzysztof Oledzki: Remove ph1handler if |
| 99 | we received an invalid first exchange from initiator. |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 100 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 101 | 2008-07-23 tag ipsec-tools-0_7_1 |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 102 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 103 | 2008-07-23 Yvan Vanhullebus <vanhu@netasq.com> |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 104 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 105 | * NEWS: NEWS for 0.7.1 release |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 106 | |
| 107 | 2008-07-23 Timo Teras <timo.teras@iki.fi> |
| 108 | |
| 109 | * src/racoon/Makefile.am: Do not use GNU make specific extension. |
| 110 | |
| 111 | * src/: libipsec/Makefile.am, racoon/Makefile.am, |
| 112 | setkey/Makefile.am: Do flex/bison invocation in a more standard |
| 113 | way, and keep the generated files in the dist tarball. |
| 114 | |
| 115 | 2008-07-22 Yvan Vanhullebus <vanhu@netasq.com> |
| 116 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 117 | * configure.ac: 0.7.1 coming ! |
| 118 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 119 | * src/racoon/proposal.c: From Kohki Ohhira: fix some memory leaks, |
| 120 | when malloc fails or when peer sends invalid proposal. |
| 121 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 122 | 2008-07-21 Timo Teras <timo.teras@iki.fi> |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 123 | |
| 124 | * src/racoon/cfparse.y: Correct typo to fix the build. |
| 125 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 126 | * src/racoon/cfparse.y: Do not set default gss id if xauth is used. |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 127 | |
| 128 | 2008-07-15 Matthew Grooms <mgrooms@shrew.net> |
| 129 | |
| 130 | * src/racoon/isakmp_cfg.c: Fix an a typo that prevented racoon from |
| 131 | building with hybrid enabled. |
| 132 | |
| 133 | * src/racoon/: crypto_openssl.c, eaytest.c, misc.c, misc.h, |
| 134 | racoonctl.c: Fix a conflict with the FreeBSD 8 system hexdump |
| 135 | function. |
| 136 | |
| 137 | 2008-07-11 Timo Teras <timo.teras@iki.fi> |
| 138 | |
| 139 | * src/racoon/: isakmp.c, isakmp_inf.c: Original patch from Atis |
| 140 | Elsts: Fix a double memory free and a memory corruption |
| 141 | (LIST_REMOVE() on an uninserted node) in some error handling paths. |
| 142 | |
| 143 | 2008-07-09 Timo Teras <timo.teras@iki.fi> |
| 144 | |
| 145 | * src/racoon/cfparse.y: From Chong Peng: fix a file descriptor and |
| 146 | memory leak on configuration file reread |
| 147 | |
| 148 | 2008-07-02 Yvan Vanhullebus <vanhu@netasq.com> |
| 149 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 150 | * src/racoon/isakmp_inf.c: From Timo Teras: fixed some %d to %zu |
| 151 | (size_t values). |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 152 | |
| 153 | 2008-06-18 Matthew Grooms <mgrooms@shrew.net> |
| 154 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 155 | * src/racoon/: grabmyaddr.c, admin.c, ipsec_doi.c, isakmp.c, |
| 156 | isakmp_cfg.c, isakmp_inf.c, remoteconf.c: Use utility functions |
| 157 | to evaluate and manipulate network port values. No functional |
| 158 | changes. Submitted by Timo Teras. |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 159 | |
| 160 | 2008-04-25 Yvan Vanhullebus <vanhu@netasq.com> |
| 161 | |
| 162 | * src/racoon/isakmp_inf.c: From Timo Teras: extract port numbers |
| 163 | from SADB_X_EXT_NAT_T[SD]PORT if present in purge_ipsec_spi(). |
| 164 | |
| 165 | 2008-03-06 Yvan Vanhullebus <vanhu@netasq.com> |
| 166 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 167 | * src/racoon/oakley.c: Generates a log if cert validation has been |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 168 | disabled by configuration |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 169 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 170 | 2008-03-05 Matthew Grooms <mgrooms@shrew.net> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 171 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 172 | * src/racoon/cfparse.y: Properly initialize the unity network |
| 173 | struct to prevent erroneous protocol and port info from being |
| 174 | transmitted. |
| 175 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 176 | * src/racoon/pfkey.c: Provide better handling for pfkey socket read |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 177 | errors. Submitted by Timo Teras. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 178 | |
| 179 | 2008-02-25 Emmanuel Dreyfus <manu@netbsd.org> |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 180 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 181 | * src/racoon/ipsec_doi.c: From Brian Haley <brian.haley@hp.com>: |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 182 | There's a cut/paste error in cmp_aproppair_i(), it's supposed to be |
| 183 | checking spi_size but it's not. I'm not sure this patch is correct, |
| 184 | but what's there isn't either. |
| 185 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 186 | Add fogotten entry in ChangeLog |
| 187 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 188 | 2008-02-22 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 189 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 190 | * src/racoon/isakmp.c: Fix bad address length computation, from |
| 191 | Brian Haley. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 192 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 193 | 2008-01-11 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 194 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 195 | * src/racoon/isakmp_inf.c: From Timo Teras: reset iph1->dpd_r_u in |
| 196 | the scheduler's callback, to avoid access to freed memory. |
| 197 | |
| 198 | * src/racoon/crypto_openssl.c: From Krzysztof Oledzki: Fix |
| 199 | compilation with IDEA and recent gcc. |
| 200 | |
| 201 | * src/racoon/isakmp_inf.c: From Krzysztof Oledzki: added some |
| 202 | details to some logs (also reported new getph1byaddr() arg). |
| 203 | |
| 204 | * src/racoon/isakmp.c: From Krzysztof Oledzki: Only search for |
| 205 | established ph1 handles in DPD (also reported new getph1byaddr() |
| 206 | arg). |
| 207 | |
| 208 | * src/racoon/: handler.c, handler.h: added an 'established' arg to |
| 209 | getph1byaddr() |
| 210 | |
| 211 | 2007-11-29 Yvan Vanhullebus <vanhu@netasq.com> |
| 212 | |
| 213 | * src/racoon/Makefile.am: From Natanael Copa: fixed a race |
| 214 | condition when building yacc stuff. |
| 215 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 216 | 2007-11-06 Yvan Vanhullebus <vanhu@netasq.com> |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 217 | |
| 218 | * src/racoon/crypto_openssl.c: From Scott Lamb: include plog.h to |
| 219 | work with the new plog macro. |
| 220 | |
| 221 | * src/racoon/kmpstat.c: From Scott Lamb: plog changed to _plog to |
| 222 | work with new plog macro |
| 223 | |
| 224 | * src/racoon/: plog.c, plog.h: From Scott Lamb: new plog macro. |
| 225 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 226 | 2007-10-15 Yvan Vanhullebus <vanhu@netasq.com> |
| 227 | |
| 228 | * src/libipsec/pfkey.c: Try to increase the buffer size of the |
| 229 | pfkey socket, this may help things when we have a huge SPD |
| 230 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 231 | 2007-09-19 Matthew Grooms <mgrooms@shrew.net> |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 232 | |
| 233 | * configure.ac: Fix autoconf check for selinux support. Submitted |
| 234 | by Joy Latten. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 235 | |
| 236 | 2007-09-03 Matthew Grooms <mgrooms@shrew.net> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 237 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 238 | * src/racoon/: cftoken.l, racoon.conf.5: Correct the syntax for |
| 239 | wins4 in the man page and add nbns4 as an alias. Pointed out by |
| 240 | Claas Langbehn. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 241 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 242 | 2007-08-09 tag ipsec-tools-0_7 |
| 243 | |
| 244 | 2007-08-09 Matthew Grooms <mgrooms@shrew.net> |
| 245 | |
| 246 | * NEWS, configure.ac: Prepare for 0.7 release tag. |
| 247 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 248 | 2007-08-07 Emmanuel Dreyfus <manu@netbsd.org> |
| 249 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 250 | * src/racoon/isakmp_xauth.c: Don't mix up RADIUS authentication and |
| 251 | authorization ports. Allow interoperability with freeradius |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 252 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 253 | 2007-08-01 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 254 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 255 | * configure.ac, src/libipsec/ipsec_dump_policy.c, |
| 256 | src/libipsec/ipsec_get_policylen.c, |
| 257 | src/libipsec/ipsec_strerror.c, src/libipsec/key_debug.c, |
| 258 | src/libipsec/libpfkey.h, src/libipsec/pfkey.c, |
| 259 | src/libipsec/pfkey_dump.c, src/libipsec/policy_parse.y, |
| 260 | src/libipsec/policy_token.l, src/libipsec/test-policy-priority.c, |
| 261 | src/racoon/admin.c, src/racoon/backupsa.c, src/racoon/cfparse.y, |
| 262 | src/racoon/cftoken.l, src/racoon/ipsec_doi.c, |
| 263 | src/racoon/isakmp.c, src/racoon/isakmp_inf.c, |
| 264 | src/racoon/isakmp_quick.c, src/racoon/pfkey.c, |
| 265 | src/racoon/policy.c, src/racoon/proposal.c, |
| 266 | src/racoon/remoteconf.c, src/racoon/sainfo.c, |
| 267 | src/racoon/session.c, src/racoon/sockmisc.c, |
| 268 | src/racoon/strnames.c, src/setkey/parse.y, src/setkey/setkey.c, |
| 269 | src/setkey/token.l: use a single PATH_IPSEC_H to fix some |
| 270 | path_to_ipsec.h issues |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 271 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 272 | 2007-07-24 Matthew Grooms <mgrooms@shrew.net> |
| 273 | |
| 274 | * NEWS: Update NEWS file with additional 0.7 improvements. |
| 275 | |
| 276 | 2007-07-18 Matthew Grooms <mgrooms@shrew.net> |
| 277 | |
| 278 | * src/racoon/racoon.conf.5: Various racoon configuration manpage |
| 279 | updates. |
| 280 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 281 | 2007-07-16 Yvan Vanhullebus <vanhu@netasq.com> |
| 282 | |
| 283 | * src/racoon/grabmyaddr.c: fixed a socket leak |
| 284 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 285 | 2007-06-12 tag ipsec-tools-0_7-RC1 |
| 286 | |
| 287 | 2007-06-12 tag ipsec-tools-0_7-rc1 |
| 288 | |
| 289 | 2007-06-12 Emmanuel Dreyfus <manu@netbsd.org> |
| 290 | |
| 291 | * configure.ac: ipsec-tools used to use tags in lower case |
| 292 | |
| 293 | 2007-06-12 Yvan Vanhullebus <vanhu@netasq.com> |
| 294 | |
| 295 | * configure.ac: 0.7-RC1 |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 296 | |
| 297 | 2007-06-07 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 298 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 299 | * src/racoon/: main.c, policy.h, security.c: From Joy Latten |
| 300 | <latten@austin.ibm.com> Fix file descriptor shortage when using |
| 301 | labeled IPsec. |
| 302 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 303 | * src/racoon/isakmp_cfg.c: From Paul Winder |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 304 | <Paul.Winder@tadpole.com> Fix ignored INTERNAL_DNS4_LIST |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 305 | |
| 306 | 2007-06-06 Yvan Vanhullebus <vanhu@netasq.com> |
| 307 | |
| 308 | * src/racoon/: eaytest.c, var.h: From Rong-En Fan: fix compilation |
| 309 | with gcc 4.2 |
| 310 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 311 | 2007-06-06 Emmanuel Dreyfus <manu@netbsd.org> |
| 312 | |
| 313 | * src/racoon/kmpstat.c: From Jianli Liu <jlliu@nortel.com>: Use the |
| 314 | specified socket path instead of the default location |
| 315 | |
| 316 | 2007-06-06 Yvan Vanhullebus <vanhu@netasq.com> |
| 317 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 318 | * src/racoon/session.c: From Jianli Liu: speed up interfaces update |
| 319 | when they change. |
| 320 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 321 | * src/racoon/handler.c: ignore obsolete lifebyte when validating |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 322 | reloaded configuration |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 323 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 324 | 2007-05-04 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 325 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 326 | * src/racoon/handler.c: search a ph1 by address if iph2->ph1 is |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 327 | NULL when validating the new config |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 328 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 329 | * src/racoon/handler.c: added some debug in getph1byaddr() to track |
| 330 | some port matching problems with NAT-T |
| 331 | |
| 332 | * src/racoon/isakmp.c: added some debug in isakmp_chkph1there() to |
| 333 | track some port matching problems with NAT-T |
| 334 | |
| 335 | * src/racoon/isakmp_inf.c: added some debug for DELETE_SA process |
| 336 | |
| 337 | * src/racoon/pfkey.c: Force the update of ph2 in pk_recvupdate() if |
| 338 | NAT_T support, to solve some port match problems with the first |
| 339 | IPSec SAs negociated as initiator |
| 340 | |
| 341 | 2007-04-04 Yvan Vanhullebus <vanhu@netasq.com> |
| 342 | |
| 343 | * src/racoon/ipsec_doi.c: checks proto_id in ipsecdoi_chkcmpids() |
| 344 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 345 | * src/racoon/oakley.c: dumps peer's ID and peer's certificate |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 346 | subject /subjectaltname if they don't match |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 347 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 348 | 2007-03-29 tag ipsec-tools-0_7-beta3 |
| 349 | |
| 350 | 2007-03-29 Emmanuel Dreyfus <manu@netbsd.org> |
| 351 | |
| 352 | * configure.ac: Bump to 0.7beta3 |
| 353 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 354 | 2007-03-26 Yvan Vanhullebus <vanhu@netasq.com> |
| 355 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 356 | * src/racoon/isakmp_inf.c: Store the DPD main scheduler in ph1 |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 357 | handler, to be able to cancel it when removing the handler, and some |
| 358 | minor cleanups in DPD code |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 359 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 360 | 2007-03-23 Yvan Vanhullebus <vanhu@netasq.com> |
| 361 | |
| 362 | * src/racoon/: ipsec_doi.c, security.c: From Joy Latten: fix a |
| 363 | segfault when using security labels between 32bit and 64bit host. |
| 364 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 365 | * src/racoon/handler.c: expire zombie handlers in getph2byid(), to |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 366 | avoid situations where we'll never negociate a phase2 again |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 367 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 368 | * src/racoon/: oakley.c, racoon.conf.5: From Cyrus Rahman: give |
| 369 | more details about what is checked when using certificates to |
| 370 | authenticate |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 371 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 372 | 2007-03-22 Yvan Vanhullebus <vanhu@netasq.com> |
| 373 | |
| 374 | * src/racoon/: cfparse.y, ipsec_doi.c: fixed subnet check to |
| 375 | generate IPV4_ADDRESS when needed in sockaddr2id() |
| 376 | |
| 377 | 2007-03-21 Yvan Vanhullebus <vanhu@netasq.com> |
| 378 | |
| 379 | * src/racoon/: handler.c, isakmp.c, isakmp_inf.c, pfkey.c: NULL |
| 380 | sched check is now done in SCHED_KILL |
| 381 | |
| 382 | * src/racoon/schedule.h: checks if arg is NULL in SCHED_KILL |
| 383 | |
| 384 | 2007-03-15 Yvan Vanhullebus <vanhu@netasq.com> |
| 385 | |
| 386 | * src/racoon/grabmyaddr.c: From Yves-Alexis Perez: enable |
| 387 | monitoring of ipv6 address changes on Linux. |
| 388 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 389 | * src/racoon/isakmp.c: Consider a negociation timeout when |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 390 | retry_counter is <=0 instead of < 0 |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 391 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 392 | 2007-03-06 tag ipsec-tools-0_7-beta2 |
| 393 | |
| 394 | 2007-03-06 Emmanuel Dreyfus <manu@netbsd.org> |
| 395 | |
| 396 | * configure.ac: Bump to 0.7beta2 |
| 397 | |
| 398 | 2007-03-01 Matthew Grooms <mgrooms@shrew.net> |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 399 | |
| 400 | * src/racoon/ipsec_doi.c: Add logic to allow ip address ids to be |
| 401 | matched to ip subnet ids when appropriate. |
| 402 | |
| 403 | 2007-02-21 Yvan Vanhullebus <vanhu@netasq.com> |
| 404 | |
| 405 | * src/racoon/ipsec_doi.c: block variable declaration before code in |
| 406 | ipsecdoi_id2str() |
| 407 | |
| 408 | 2007-02-20 Yvan Vanhullebus <vanhu@netasq.com> |
| 409 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 410 | * src/racoon/isakmp_inf.c: Removed a debug printf.... |
| 411 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 412 | * src/racoon/isakmp.c: Only delete a generated SPD if it's creation |
| 413 | date matches the creation date of the SA we are currently deleting |
| 414 | |
| 415 | * src/racoon/: handler.c, isakmp_var.h: updated delete_spd() calls |
| 416 | |
| 417 | * src/racoon/: isakmp_inf.c, pfkey.c: fills creation date of |
| 418 | generated SPDs |
| 419 | |
| 420 | * src/racoon/policy.h: added 'created' var |
| 421 | |
| 422 | 2007-02-19 Yvan Vanhullebus <vanhu@netasq.com> |
| 423 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 424 | * src/racoon/isakmp.c: Removed a debug printf.... |
| 425 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 426 | 2007-02-16 tag ipsec-tools-0_7-beta1 |
| 427 | |
| 428 | 2007-02-16 Emmanuel Dreyfus <manu@netbsd.org> |
| 429 | |
| 430 | * configure.ac: Bump to 0.7beta1 |
| 431 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 432 | 2007-02-16 Yvan Vanhullebus <vanhu@netasq.com> |
| 433 | |
| 434 | * src/racoon/ipsec_doi.c: From Olivier Warin: Fix a %zu in a |
| 435 | printf. |
| 436 | |
| 437 | 2007-02-15 Emmanuel Dreyfus <manu@netbsd.org> |
| 438 | |
Chia-chi Yeh | c91307a | 2012-03-26 14:18:52 -0700 | [diff] [blame] | 439 | * src/racoon/security.c: Missing file for SELinux |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 440 | |
| 441 | * configure.ac: Missing stuff for SELinux |
| 442 | |
| 443 | 2007-02-15 Yvan Vanhullebus <vanhu@netasq.com> |
| 444 | |
| 445 | * src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: Just |
| 446 | expire a ph1 handle when receiving a DELETE-SA instead of calling |
| 447 | purge_remote(). |
| 448 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 449 | * src/racoon/isakmp.c: Fixed the way phase1/2 messages are |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 450 | sent/resent, to avoid zombie handles and acces to freed memory |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 451 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 452 | 2007-02-02 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 453 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 454 | * src/racoon/cfparse.y: Fixed a check of NAT-T support in libipsec |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 455 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 456 | 2007-02-01 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 457 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 458 | * src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: When |
| 459 | receiving an ISAKMP DELETE_SA, get the cookie of the SA to be |
| 460 | deleted from payload instead of just deleting the ISAKMP SA used to |
| 461 | protect the informational exchange. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 462 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 463 | 2006-12-18 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 464 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 465 | * src/racoon/crypto_openssl.c: From Joy Latten: fix a memory leak |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 466 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 467 | 2006-12-10 tag ipsec-tools-0_7-base |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 468 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 469 | 2006-12-10 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 470 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 471 | * src/: libipsec/Makefile.am, libipsec/libpfkey.h, |
| 472 | libipsec/pfkey.c, racoon/backupsa.c, racoon/cfparse.y, |
| 473 | racoon/pfkey.c: Bring back API and ABI backward compatibility |
| 474 | with previous libipsec before recent interface change. Bump libipsec |
| 475 | minor version. Remove ifdefs in struct pfkey_send_sa_args to avoid |
| 476 | ABI compatibility lossage. Add a capability flags to detect missing |
| 477 | optional feature in libipsec |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 478 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 479 | * src/racoon/: Makefile.am, doc/README.plainrsa: From Joy Latten: |
| 480 | README.plainrsa documenting plain RSA auth |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 481 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 482 | 2006-12-09 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 483 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 484 | * configure.ac, src/libipsec/libpfkey.h, src/libipsec/pfkey.c, |
| 485 | src/racoon/Makefile.am, src/racoon/backupsa.c, |
| 486 | src/racoon/backupsa.h, src/racoon/cftoken.l, |
| 487 | src/racoon/ipsec_doi.c, src/racoon/ipsec_doi.h, |
| 488 | src/racoon/isakmp_inf.c, src/racoon/isakmp_quick.c, |
| 489 | src/racoon/pfkey.c, src/racoon/policy.c, src/racoon/policy.h, |
| 490 | src/racoon/proposal.c, src/racoon/proposal.h, |
| 491 | src/racoon/remoteconf.c: From Joy Latten: Add support for SELinux |
| 492 | security contexts. Also cleanup the libipsec interface for adding |
| 493 | and updating security associations. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 494 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 495 | * src/racoon/racoon.conf.5: From Simon Chang: More hints about |
| 496 | plain RSA authentication |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 497 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 498 | 2006-12-05 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 499 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 500 | * src/racoon/: proposal.c, proposal.h, racoon.conf.5: Check keys |
| 501 | length regarding proposal_check level |
| 502 | |
| 503 | 2006-11-16 Matthew Grooms <mgrooms@shrew.net> |
| 504 | |
| 505 | * src/racoon/sainfo.c: Correct issues associated with anonymous |
| 506 | sainfo selection in racoon. |
| 507 | |
| 508 | 2006-11-09 Christos Zoulas <christos@netbsd.org> |
| 509 | |
| 510 | * src/racoon/crypto_openssl.c: eliminate the only variable stack |
| 511 | array allocation. |
| 512 | |
| 513 | 2006-10-31 Christian Biere <cbiere@netbsd.org> |
| 514 | |
| 515 | * src/racoon/sockmisc.c: Don't define the deprecated |
| 516 | IPV6_RECVDSTADDR if the "advanced IPv6 API" is used because |
| 517 | IPV6_RECVPKTINFO and IPV6_PKTINFO are used to prevent potential bugs |
| 518 | in the future just in case that the numeric value of the socket |
| 519 | option is ever recycled. |
| 520 | |
| 521 | 2006-10-22 Yvan Vanhullebus <vanhu@netasq.com> |
| 522 | |
| 523 | * src/racoon/: backupsa.c, cfparse.y: From Michal Ruzicka: fix |
| 524 | typos |
| 525 | |
| 526 | 2006-10-19 Yvan Vanhullebus <vanhu@netasq.com> |
| 527 | |
| 528 | * src/racoon/sainfo.c: From Matthew Grooms: use |
| 529 | ipsecdoi_chkcmpids() and changed src/dst to loc/rmt in getsainfo(). |
| 530 | |
| 531 | * src/racoon/: ipsec_doi.c, ipsec_doi.h: From Matthew Grooms: Added |
| 532 | ipsecdoi_chkcmpids() function. |
| 533 | |
| 534 | 2006-10-09 Emmanuel Dreyfus <manu@netbsd.org> |
| 535 | |
| 536 | * src/racoon/proposal.c: Fix memory leak (Coverity 3438 and 3437) |
| 537 | |
| 538 | * src/racoon/isakmp_unity.c: Correctly check read() return value: |
| 539 | it's signed (Coverity 1251) |
| 540 | |
| 541 | 2006-10-06 Emmanuel Dreyfus <manu@netbsd.org> |
| 542 | |
| 543 | * configure.ac, src/libipsec/pfkey_dump.c, src/racoon/algorithm.c, |
| 544 | src/racoon/algorithm.h, src/racoon/cftoken.l, |
| 545 | src/racoon/crypto_openssl.c, src/racoon/crypto_openssl.h, |
| 546 | src/racoon/eaytest.c, src/racoon/ipsec_doi.c, |
| 547 | src/racoon/ipsec_doi.h, src/racoon/oakley.h, src/racoon/pfkey.c, |
| 548 | src/racoon/racoon.conf.5, src/racoon/strnames.c, |
| 549 | src/setkey/setkey.8, src/setkey/test-pfkey.c, src/setkey/token.l: |
| 550 | Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki |
| 551 | <okazaki@kick.gr.jp> |
| 552 | |
| 553 | 2006-10-03 Emmanuel Dreyfus <manu@netbsd.org> |
| 554 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 555 | * src/racoon/admin.c: fix endianness issue introduced yesterday |
| 556 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 557 | 2006-10-03 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 558 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 559 | * src/racoon/racoon.conf.5: Added remoteid/ph1id syntax |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 560 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 561 | * src/racoon/: cfparse.y, cftoken.l: Parses remoteid/ph1id values |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 562 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 563 | * src/racoon/: handler.c, isakmp_quick.c, pfkey.c, sainfo.c: Uses |
| 564 | remoteid/ph1id values |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 565 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 566 | * src/racoon/: remoteconf.h, sainfo.h: Added remoteid/ph1id values |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 567 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 568 | 2006-10-02 Emmanuel Dreyfus <manu@netbsd.org> |
| 569 | |
| 570 | * src/racoon/isakmp_base.c: |
| 571 | avoid reusing free'd pointer (Coverity 2613) |
| 572 | |
| 573 | * src/racoon/isakmp_inf.c: Check for NULL pointer (COverity 4175) |
| 574 | |
| 575 | * src/racoon/isakmp_ident.c: Remove dead code (Coverity 3451) |
| 576 | |
| 577 | * src/racoon/algorithm.c: Fix array overrun (Coverity 4172) |
| 578 | |
| 579 | * src/racoon/admin.c: Fix memory leak (Coverity 2002) |
| 580 | |
| 581 | * src/racoon/: admin.c, isakmp.c, sockmisc.c: Fix memory leak |
| 582 | (Coverity 2001), refactor the code to use port get/set functions |
| 583 | |
| 584 | * src/racoon/admin.c: Avoid reusing free'd pointer (Coverity 4200) |
| 585 | |
| 586 | * src/racoon/oakley.c: Don't use NULL pointer (Coverity 3443), |
| 587 | reformat to 80 char/line |
| 588 | |
| 589 | 2006-10-02 Tom Spindler <dogcow@netbsd.org> |
| 590 | |
| 591 | * src/racoon/ipsec_doi.c: If you're going to initialize a pointer, |
| 592 | you have to init it with a pointer type, not an int. |
| 593 | |
| 594 | 2006-10-02 Emmanuel Dreyfus <manu@netbsd.org> |
| 595 | |
| 596 | * src/racoon/isakmp.c: Don't use NULL pointer (coverity 3439) |
| 597 | |
| 598 | * src/racoon/ipsec_doi.c: Don't use NULL pointer (Coverity 1334) |
| 599 | |
| 600 | * src/racoon/pfkey.c: Don't use NULL pointer (Coverity 944) |
| 601 | |
| 602 | * src/racoon/proposal.c: Don't use NULL pointer (Coverity 941) |
| 603 | |
| 604 | * src/racoon/racoonctl.c: Don't use NULL pointer (Coverity 942) |
| 605 | |
| 606 | * src/racoon/sockmisc.c: Don't use null pointer (Coverity 863) |
| 607 | |
| 608 | 2006-10-01 Emmanuel Dreyfus <manu@netbsd.org> |
| 609 | |
| 610 | * src/racoon/ipsec_doi.c: FIx memory leak (Coverity 4181) |
| 611 | |
| 612 | * src/racoon/isakmp.c: Check that iph1->remote is not NULL before |
| 613 | using it (Coverity 3436) |
| 614 | |
| 615 | 2006-09-30 Emmanuel Dreyfus <manu@netbsd.org> |
| 616 | |
| 617 | * src/racoon/isakmp_agg.c: emove dead code (Coverity 4165) |
| 618 | |
| 619 | * src/racoon/isakmp_cfg.c: Fix memory leak (Coverity 4179) |
| 620 | |
| 621 | * src/racoon/samples/roadwarrior/client/: phase1-down.sh, |
| 622 | phase1-up.sh: update the scripts for wrorking around routing |
| 623 | problems on NetBSD |
| 624 | |
| 625 | * src/racoon/session.c: Reuse existing code for closing IKE |
| 626 | sockets, and avoid screwing things by setting p->sock = -1, which is |
| 627 | not expected (Coverity 4173). |
| 628 | |
| 629 | * src/racoon/admin.c: Do not free id and key, as they are used |
| 630 | later |
| 631 | |
| 632 | 2006-09-29 Emmanuel Dreyfus <manu@netbsd.org> |
| 633 | |
| 634 | * src/racoon/racoonctl.c: Fix the fix: handle_recv closes the |
| 635 | socket, so we must call com_init before sending any data. |
| 636 | |
| 637 | 2006-09-28 Emmanuel Dreyfus <manu@netbsd.org> |
| 638 | |
| 639 | * src/racoon/isakmp_xauth.c: Fix unchecked mallocs (Coverity 4176, |
| 640 | 4174) |
| 641 | |
| 642 | * src/racoon/racoonctl.c: Fix access after free (Coverity 4178) |
| 643 | |
| 644 | 2006-09-26 Emmanuel Dreyfus <manu@netbsd.org> |
| 645 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 646 | * src/racoon/cfparse.y: Fix memory leak (Coverity) |
| 647 | |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 648 | * src/racoon/backupsa.c: Fix memory leak (Coverity) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 649 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 650 | * src/racoon/admin.c: Remove dead code (Coverity) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 651 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 652 | * src/racoon/admin.c: Fix memory leak (Coverity) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 653 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 654 | * src/racoon/admin.c: One more memory leak |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 655 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 656 | * src/racoon/admin.c: Fix memory leak in racoonctl (coverity) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 657 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 658 | * src/racoon/ipsec_doi.c: Fix buffer overflow Also fix credits: SA |
| 659 | bundle fix was contributed by Jeff Bailey, not Matthew Grooms. |
| 660 | Matthew updated the patch for current code, though. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 661 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 662 | * src/racoon/: pfkey.c, proposal.c: fix SA bundle (e.g.: for |
| 663 | negotiating ESP+IPcomp) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 664 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 665 | 2006-09-25 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 666 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 667 | * src/racoon/isakmp.c: From Yves-Alexis Perez: struct ip -> struct |
| 668 | iphdr for Linux |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 669 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 670 | 2006-09-25 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 671 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 672 | * src/racoon/isakmp.c: style (mostly for testing |
| 673 | ipsec-tools-commits@netbsd.org) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 674 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 675 | * src/racoon/ipsec_doi.c: Fix double free, from Matthew Grooms |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 676 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 677 | 2006-09-21 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 678 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 679 | * src/libipsec/pfkey.c: use sysdep_sa_len to make it compile on |
| 680 | Linux |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 681 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 682 | 2006-09-19 Thomas Klausner <wiz@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 683 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 684 | * src/racoon/racoon.conf.5: Bump date for ike_frag force. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 685 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 686 | * src/racoon/: plainrsa-gen.8, racoon.conf.5: New sentence, new |
| 687 | line. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 688 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 689 | * src/racoon/: racoon.conf.5, plainrsa-gen.8: Remove trailing |
| 690 | whitespace. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 691 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 692 | 2006-09-19 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 693 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 694 | * src/racoon/proposal.c: From Yves-Alexis Perez: fixes default |
| 695 | value for encmodesv in set_proposal_from_policy() |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 696 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 697 | * src/racoon/isakmp.c: always include some headers, as they are |
| 698 | required even without NAT-T |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 699 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 700 | * src/: libipsec/pfkey_dump.c, setkey/token.l: From Larry Baird: |
| 701 | define SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 702 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 703 | * src/racoon/crypto_openssl.c: From Larry Baird: some printf() -> |
| 704 | plog() |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 705 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 706 | 2006-09-18 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 707 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 708 | * src/racoon/: cfparse.y, cftoken.l, isakmp.c, isakmp_frag.h, |
| 709 | isakmp_inf.c, racoon.conf.5, remoteconf.c: From Matthew Grooms: |
| 710 | ike_frag force option to force the use of IKE on first packet |
| 711 | exchange (prior to peer consent) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 712 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 713 | 2006-09-18 Yvan Vanhullebus <vanhu@netasq.com> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 714 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 715 | * rpm/suse/ipsec-tools.spec, src/racoon/prsa_tok.c: removed |
| 716 | generated files from the CVS |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 717 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 718 | * src/racoon/prsa_par.c: removed generated files from the CVS |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 719 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 720 | * src/racoon/: cfparse.c, cftoken.c: removed generated files from |
| 721 | the CVS |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 722 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 723 | 2006-09-18 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 724 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 725 | * src/racoon/isakmp.c: From Matthew Grooms: handle IKE frag used in |
| 726 | the first packet. That should not normally happen, as the initiator |
| 727 | does not know yet if the responder can handle IKE frag. However, in |
| 728 | some setups, the first packet is too big to get through, and |
| 729 | assuming the peer supports IKE frag is the only way to go. |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 730 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 731 | racoon should have a setting in the remote section to do taht |
| 732 | (something like ike_frag force) |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 733 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 734 | 2006-09-16 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 735 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 736 | * src/racoon/ipsec_doi.c: Trivial bugfix in RFC2407 4.6.2 |
| 737 | conformance, from Matthew Grooms |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 738 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 739 | 2006-09-15 Emmanuel Dreyfus <manu@netbsd.org> |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 740 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 741 | * src/racoon/ipsec_doi.c: Fix build on Linux |
Chung-yih Wang | 0a1907d | 2009-04-23 12:26:00 +0800 | [diff] [blame] | 742 | |
Chia-chi Yeh | 1c71527 | 2009-06-21 08:13:52 +0800 | [diff] [blame] | 743 | For older changes see ChangeLog.old |