See also https://libreswan.org/
v3.32 (May 11, 2020)
* SECURITY: Fixes CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763
* IKEv2: Support non-narrowed child rekey for narrowing (regression in 3.31)
* FIPS: ECDSA keys were mistakenly rejected as "too weak" [Paul]
* FIPS: Minimum RSA key size is 2048, not 3072 [Paul]
* FIPS: Use NSS to check FIPS mode instead of manually checking fips=1 [Paul]
* IKEv2: Do not use fragments if not appropriate (regression from v3.30) [Paul]
* IKEv1: Add NSS KDF support for the Quick Mode KDF [Andrew/Paul]
* libipsecconf: support old-style ",," to mean "\," in specifying id [Paul]
* libipsecconf: left/rightinterface-ip= are not kt_obsolete [Paul]
* whack: Add missing ecdsa/sha2 and compat rsa policy options to whack [Paul]
* Fix left=%iface syntax due to string length miscalculation [Antony]
* X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN [Paul]
* packaging: debian fixes [Antony]
* building: USE_NSS_KDF=true now uses NSS for all KDF functions
Using this option, libreswan no longer needs FIPS certification
v3.31 (March 3, 2020)
* IKEv2: Opportunistic conns specifying keyingtries=0 are changed to 1 [Paul]
* IKEv2: Fix ikev2 rekey failures due to bad Traffic Selector proposa [Antony]
* IKEv2: Verify (not ignore) expected TSi/TSr payloads for IPsec rekeys [Paul]
* IKEv1: Support for XFRMi interfaces [Paul]
* X509: When IDr payload is type ID_DER_ASN1_DN, don't check for SAN [Paul]
* pluto: Disable log_to_audit if kernel does not support audit [Paul]
* pluto: Increase max IKEv2 fragments to 32 to support Windows [John Mah]
* addconn: Do not assert on ipsec-interface=no [Paul]
* nat_traversal: Fix not to send nat-t keepalives when there is no nat [Tuomo]
* KLIPS: Fix _updown.klips (regression introduced in 3.30) [Wolfgang]
v3.30 (February 13, 2020)
* WARNING: This is the last release that supports the KLIPS stack,
use the new ipsec-interface= virtual interfaces instead.
* XFRM: Fix detection on kernels without xfrm_stat (debian et all) [Paul]
* XFRM: XFRMi interface support using ipsec-interface= and iface-ip= [Antony]
* IKEv2: Message ID handling: remove a O(#STATES) lookup [Andrew]
* IKEv2: OE previous half-open state overwrites IPsec policy [Paul/Stepan]
* IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul]
* IKEv2: Prevent leak in ikev2_send_certreq() on sending error [Paul]
* IKEv2: Remove SHA1 from default proposal list [Paul]
* IKEv2: On PPK failure with insist, return AUTHENTICATION_FAILED [Vukasin]
* IKEv2: Do not try to delete (replaced) bare shunts [Paul]
* IKEv2: Delete pending outgoing bare shunts if incoming IPsec happened [Paul]
* IKEv2: Allow CP payload in CREATE_CHILD_SA (RFC 7296 Appendix C.4) [Paul]
* IKEv2: calculate_sa_prio() now allows OE shunt to override priority [Paul]
* IKEv2: calculate_sa_prio() support for /32 template vs instance [Hugh/Paul]
* IKEv2: IPv6 support for addresspool= option [Antony]
* IKEv2: Updated support for MOBIKE triggered events [Antony]
* IKEv2: Support reconnecting authnull clients [Paul]
* IKEv2: New whack commands --rekey-ike and --rekey-ipsec [Antony]
* IKEv2: Prefer RFC 7427 Digital Signatures for default authby=rsasig [Sahana]
* IKEv2: Refuse SHA1 for RFC 7427 Digital Signatures as per RFC 8247 [Sahana]
* IKEv2: Use IKEv2 fragment size values (not IKEv1) [Andrew]
* IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul]
* IKEv1: Re-implement CVE-2019-10155 fix to prevent future occurances [Andrew]
* IKEv1: do not assert on bad virtual private entry [Paul]
* pluto: Simplify plutodebug= options to: base, cpu-usage, crypt, private and tmi
(maps old values to new ones for compatibility) [Andrew]
* pluto: non-default ipsec.conf did not load auto=add connections [Paul]
* pluto: fix %defaultroute for link-local and non-link-local gateway [Antony]
* pluto: Improve whackfd handling (prevent console hangs/omissions) [Andrew]
* pluto: Support to disable SAN checks (require-id-on-certificate=no) [Paul]
* pluto: Audit log IKE SA and IPsec SA failures for Common Criteria (CC) [Paul]
* pluto: Disable support for DH2/modp1024 at compile time [Paul]
* pluto: Add audit-log=yes|no (default yes) [Paul]
* pluto: DDNS event should not cause connection initialization [Paul]
* pluto: Various O(STATE) optimializations [Andrew]
* pluto: Fixup reporting of esp-hw-offload capabilities in kernel/nic [Paul]
* pluto: Add chacha20_poly1305 and curve25519 to default proposals [Paul]
* pluto: Updated SECCOMP syscall whitelist [Paul]
* pluto: With non-default config file, connections loading was skipped [Paul]
* pluto: Fix Opportunistic Encryption with Transport Mode policies [Paul]
* pluto: Fix various memory leaks in IKE and X.509 code [Andrew]
* pluto: netlink: increase the additional bufferspace to 32KiB [Antony]
* pluto: pluto --selftest no longer logs to stderr with timestamps [Paul]
* pluto: fix for redirect-to type when it is FQDN [John Mah]
* pluto: addresspool: give new lease to different (xauth)usernames [Paul]
* pluto: addresspool: reduce complexity from O(#LEASES) to O(1) [Andrew]
* whack: Remove obsoleted --whackrecord and --whackstoprecord options [Andrew]
* whack: Added whack --ddns to trigger DNS refresh event manually [Paul]
* X509: Offload most code to helpers for significant performance boost [Andrew]
* X509: Simplify code, cut redundant calculations, speed improvements [Andrew]
* X509: SAN checks should confirm IKE peer ID on responder too [Paul]
* letsencrypt: new command "ipsec letsencrypt" [Rishabh]
* _updown.netkey: PLUTO_VIRT_INTERFACE replaces PLUTO_INTERFACE [Antony]
* _updown.netkey: add IPv6 routing support [Tuomo]
* _updown.netkey: don't remove old resolv.conf, just update it [Tuomo]
* _updown.netkey: fix for iproute2 >= 5.1 which no longer ignores /mask [Paul]
* libswan: Don't leak ECDSA pubkey on form_ckaid_ecdsa() failure [Paul]
* libswan: Close netlink socket on send error in netlink_query() [Paul]
* libipsecconf: don't throw error for not finding a wildcarded include [Paul]
* verify: improve support for python2 and python3 [Anand Bibhuti/Paul]
* KLIPS: Support for kernels >= 4.20 with SYNC_SKCIPHER_REQUEST_ON_STACK [Paul]
* KLIPS: Userland tools compile fixes [Hugh/Paul]
* building: No longer build with DH2(modp1024) support (see RFC 8247) [Paul]
* building: Add config for PYTHON_BINARY, default being /usr/bin/python3 [Tuomo]
* building: Add new USE_NSS_PRF, to use KDF from NSS [Robert Relyea/Andrew]
* building: Add USE_PRF_AES_XCBC, replaces USE_XCBC [Paul]
* building: Fixes for NetBSD build [Andrew]
* building: Fixes for gcc10 [Paul]
* packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul]
* packaging: Add Debian stretch specific configs and more cleanup [Antony]
* packaging: make deb jessie and xenial config detection [Antony]
* packaging: update python she-bang handling [Tuomo]
* testing: Added a new namespaces based testrun method [Antony]
* testing: setup: namespace based ipsec stop needs ip xfrm flush state [Paul]
* testing: setup: namespace based ipsec skips initsystem [Paul]
v3.29 (June 10, 2019)
* SECURITY: Fixes CVE-2019-10155 https://libreswan.org/security/CVE-2019-10155
* programs: Change to /proc/sys/net/core/xfrm_acq_expires to detect XFRM [Paul]
* barf: Fix shell script parse error and small cleanup [Tuomo/Hugh]
* packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul]
* packaging: rhel6 doesn't need USE_AVA_COPY=true or WERROR_CFLAGS= [Tuomo]
* packaging/rhel6: remove -lrt, not needed any more [Tuomo]
* systemd: change Restart default to on-failure [Tuomo]
* building: Makefiles: Use RT_LDFLAGS for glibc < 2.17 support [Tuomo]
* building: userland-cflags.mk: add RT_LDFLAGS= for older glibc [Tuomo]
v3.28 (May 20, 2019)
* SECURITY: Fixes CVE-2019-12312 https://libreswan.org/security/CVE-2019-12312
* KLIPS: Disable KLIPS userland support per default [Paul]
WARNING: Support for KLIPS will be removed in 2019
* MAST: Removed support for MAST variant of KLIPS stack [Paul]
* IKE: Change default connection from IKEv1 to IKEv2 [Paul]
* IKEv2: Don't try to encrypt notify response without SKEYSEED [Andrew/Paul/Hugh]
* IKEv2: ikev2= keyword changed to only accept "yes" or "no" [Paul]
* IKEv2: Support for REDIRECT (RFC 5685) [Vukasin Karadzic/GSoC]
(new keywords redirect-to, accept-redirect, global-redirect=
global-redirect-to and new ipsec whack --redirect command
* IKEv2: Initialize daily secret used for DCOOKIES [Paul/Andrew]
* IKEv2: Extend narrowing code to support protoports [Andrew/Paul]
* IKEv2: Fix bug that prevented AH from rekeying [Andrew]
* IKEv2: IKE SA rekey could lead to losing track of Child SA [Andrew/Antony]
* IKEv2: A spurious DH calculation was performed and discarded [Andrew]
* IKEv2: Support for IPCOMP (compress=yes) [Paul]
* IKEv2: Initialize NAT keepalives check on IKE SA establishment [Paul]
* IKEv2: Only sent NAT keepalives for IKE states (suppresses IPsec dups) [Paul]
* IKEv2: Timeout in receiving IKE_AUTH reply would abort connection [Paul]
* IKEv2: Add ECP384, ECP521 and CURVE25519 to default IKEv2 proposal [Paul]
* IKEv2: Remove SHA1 from default IKEv2 proposal [Paul]
* IKEv2: Delete on auto=start conn would not restart (introduced in 3.23) [Paul]
* IKEv2: Compact proposals to prevent fragmentation of IKE_INIT [Andrew]
* IKEv2: Fix opportunistic group policy on /32 groupinstances on delete [Paul]
* IKEv2: Fix opportunistic /32 on non-defaultroute interface [Paul]
* IKEv2: Do not send two requests for IKEv2_INTERNAL_IP4_ADDRESS [Paul]
* IKEv2: Show payload structure of received packet in RFC notation [Andrew]
* IKEv2: Release whack when peer ID is wrong [Paul]
* IKEv2: Hardened PPK code and fixed memory leaks [Hugh]
* IKEv2: Use less resources under DDoS attack to send/process COOKIES [Andrew]
* IKEv2: Delete partial Child SA states that can never establish [Paul]
* IKEv2: Remove SHA1 from default proposals [Paul]
* IKEv2: Add ECP groups and Curve25519 to default proposal [Paul]
* IKEv2: Fix AH rekeying (handle not having encrypter [Paul]
* IKEv2: NAT-T keepalives did not start if only IKEv2 conns were in use [Paul]
* IKEv2: Drop IKE_SA_INIT requests with non-zero SPIr [Andrew]
* IKEv2: On rekey, sometimes a CHILD SA was lost (wrong hash slot) [Andrew]
* IKEv1: Don't leave a dangling pointer after IKE SA delete [Paul/Hugh]
* IKEv1: Only sent NAT keepalives for IPsec states (suppresses 1 dup) [Paul]
* IKEv1: Do not activate DPD when peer does not support it [Paul]
* IKEv1: Reject key sizes <= 0 properly instead of crashing [Paul]
* IKEv1: Fix Aggressive Mode interop with Volans Technology [wuwei29]
* IKEv1: Remove bogus "duplicate Delete" check causing Windows 1m outage [Paul]
* IKEv1: If whack socket not there for passwd input, return STF_FATAL [Paul]
* IKEv1: Remove Win98 workaround ignoring IPsec SA deletes in first 60s [Paul]
* X509: Do not keep received CERTs beyond the connection lifetime [Andrew]
* X509: Support for NSS IPsec profiles mbz#1252891 [Kai Engbert/Paul]
* X509: Don't fail validation on critical flag in Key Usage payloads [Paul]
* X509: Fix ocsp-method=get|post to actually skip get when asked) [Stepan Broz]
* X509: Fix various leaks [Hugh, Andrew]
* X509: Cache contents read from NSS database for performance [Andrew]
* pluto: Re-initialize (w backoff) conns that should remain "up" [Paul/Hugh]
* pluto: Use any sent IKE message to reset the DPD/liveness counter [Paul]
* pluto: Add timing information to packet processing [Andrew]
* pluto: Significant performance improvements for conns and certs [Andrew]
* pluto: Simplify state lookups and SPI passing [Andrew]
* pluto: Speed up state lookups by only looking at proper hash chain [Andrew]
* pluto: metric= value should accept values > 255 [Tuomo]
* pluto: New "cpu-usage" plutodebug option displaying timing info [Andrew/Paul]
* pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul]
* pluto: Fix memory leak in CERTREQ sending [Hugh]
* pluto: Revive (with back-off) auto=start conns that receive Delete/Notify [Paul]
* pluto: Show all activated impairments in ipsec status [Andrew]
* pluto: Do not load a connection if its certificate has a problem [Andrew]
* pluto: Handle case when external use deletes certificate from NSS [Andrew]
* pluto: Fix resource leaks [Andrew/Hugh]
* pluto: Improve and extend pluto statistics [Paul]
* pluto: Deleting a connection should bring it down first to run _updown [Paul]
* pluto: Revive auto=start conns that receive Delete/Notify [Paul/Hugh/Andrew]
* pluto: Refuse to load connections with unsupported type=transport [Paul]
* pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul]
* addconn: Fix crash on startup with dnssec-enable=no [Stepan Broz]
* libswan: Only use valid ephemeral ports for libunbound context [Stepan Broz]
* libswan: Do not process DNSSEC root key or trust anchors when disabled [Paul]
* libipsecconf: conn %default content could get overwritten rhbz#1704085 [Hugh]
* libipsecconf: Allow IKEv2 style ike/esp proposals using '+' symbol [Andrew]
(example: ike=aes_gcm+chacha20_poly1305,aes-sha2+sha1)
* libipsecconf: Updated defaults for filling in proposal elements [Andrew]
(drop sha1, sha2_512 before sha2_256 for esp, lots of new DH groups)
* libipsecconf: Be more tolerant of duplicate proposals and 'none' DH [Andrew]
* confreadwrite: Fix double host printing, line and bad ikev2=UNKNOWN [Paul]
* ipsec: Add "ipsec traffic" as shorthand for "ipsec trafficstatus" [Paul]
* ipsec: Add "ipsec brief" as shorthand for "ipsec briefcstatus" [Paul]
* _stackmanager: Do not attempt to load PF_KEY (af_key.ko) module [Paul]
* whack: Fix option name to and documentation of ms-dh-downgrade [Tuomo]
* whack: Two new impairments: del-with-notify and bad-ikev2-xchg [Andrew/Paul]
* whack: Fix non operational connection flags / arguments [Daniel Kautz]
* whack: Add new --briefstatus which skips showing all states [Paul]
* auto: Fix replace operation for when changing from subnet= to subnets= [wuwei29]
* verify: Removed broken IP forwarding check [Paul]
* FIPS: X.509 minimum public key size check was rejecting valid keys [Paul]
* FIPS: Disallow AES-XCBC from PRF/INTEG, Allow AES-GMAC [Paul]
* FIPS: Fixup FIPS_IKE_SA_LIFETIME_MAXIMUM to 24h as per NIST SP 800-77 [Paul]
* FIPS: Force IKE maximum lifetime of 24h (default is 1h) [Paul/Vukasin]
* XFRM: Use netlink for last remaining obsolete PF_KEY API API calls [Antony]
* XFRM: Clean up and aadd logging to IPsec SA for nic-offload= [Hugh/Paul]
* XFRM: Set default XFRM_LIFETIME_DEFAULT to 30 (was 300) [Paul]
* libswan: Fix leaks in badly formed secrets/ppk_id [Vukasin Karadzic]
* libswan: Don't crash on mangled PSK or PPK secrets [Vukasin Karadzic]
* initsystems/systemd: Install tmpfiles config when installing unitfile [Tuomo]
* barf: No longer look for netstat, ifconfig and mii-tool [Paul]
* building: Sort all wildcarded object files for build reproducibility [dkg]
* building: Update NSS includes to not use obsoleted header files [Paul/Andrew]
* building: USE_NSS_AVA_COPY ?= false, only needed with NSS < 3.30 [Tuomo]
* building: USE_UNBOUND_EVENT_H_COPY ?= false, enable only for [Tuomo]
unbound <= 1.7.3 without unbound-event.h
* building: Fix UNBOUND_VERSION testing so result compiles on Fedora 29 [Hugh]
* building: USE_NSS_IPSEC_PROFILE ?= true, Requires nss >= 3.41 [Tuomo]
* building: Support for unbound > 1.8.0 [Antony]
* building: Update XFRM headers [Antony]
* building: Add 'make install-rpm-dep' and 'make install-deb-dep' [Antony]
* testing: Lots of new and improved test cases [lots of people]
* packaging: Add a spec file for RHEL8/CentOS8 [Paul]
* packaging: debian: explicitly set ARCH for reproducibility [dkg]
* packaging: debian updates [Antony/Paul]
v3.27 (October 7, 2018)
* XFRM: SA marks must be included for delete operation [Tijs Van Buggenhout]
* pluto: Resolve a crasher in ECDSA freeing code [Hugh/Sahana]
* pluto: Resolve a hang when recursively loading same config file [Hugh]
* pluto: Refuse to load conns with different subnet address families [Paul]
* IKEv2: Fix regression on ID_NULL causing a new conn instance [Paul]
* IKEv1: Drop duplicates when not a reply [Andrew]
* IKEv1: Don't respond with errors to invalid encrypted packets [Andrew]
* IKEv1: Don't print empty informational warning on delete payload [Paul]
* IKEv1: Don't add spurious ESP-NULL proposal to AH proposals [Andrew]
* whack: Release whack socket on IKE_AUTH errors [Andrew]
* libswan: fix buffer size to getnameinfo() call in resolve_ppp_peer() [Hugh]
* libipsecconf: Don't accidentally clear modecfgdomains= entries [Andrew]
* building: Fixup NSS includes and links (fixes Debian builds) [Andrew/Paul]
* documentation: Update (L)GPL license links and http -> https links [dkg]
* Bugtracker bugs fixed:
#177 left=%defaultroute not working when "src" in the default route [Kim]
#80 VTI interface vanishes when peer goes down and up [yu-shiba]
v3.26 (September 16, 2018)
* IKEv2: Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 [Sahana Prasad]
* IKEv2: Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 [Sahana Prasad]
* IKEv2: Use DER handling code of NSS instead of our custom code [Andrew]
* IKEv2: Fix core dump when impaired and proposing esp=null-none [Andrew]
* IKEv2: Fix traffic selector lookup for asymmetric conns [Andrew/Paul]
* IKEv2: Add IKE and ESP support for chacha20poly1305 (RFC 7634) [Andrew]
* IKEv2: Fix leaks in ikev2_calculate_rsa_hash [Hugh]
* IKEv2: Simplify proposal generating [Hugh]
* IKEv1: Fix handling XAUTH empty passwords [Andrew]
* IKEv1: Various code cleanup, next payload handling [Hugh]
* IKEv1: fix optional key-length regression (in v3.25) with ESP prop [Andrew]
* IKEv1: Don't delete replaced IKE SA, it confuses third party clients [Paul]
* pluto: Relax strictness of DH in ESP/AH proposals [Andrew]
* pluto: Fix for two roadwarriors using ID_IPv4 behind same NAT [Paul]
* pluto: Do not hand out old lease address for authby=secret conns [Paul]
* pluto: new --selftest option that exits pluto after startup tests [Paul]
* pluto: Updated known Vendor ID table [Paul]
* XFRM: Don't call init_pfkey() on boot so Linux upstream can kill it [Andrew]
*_unbound-hook: Fixup adding IPv4 pubkey, unbound now quotes arg as 1 [Paul]
* building: Fix listed patches for debian build [Paul]
* building: enable DH31 (curve25519) per default [Paul]
* building: disable DH23,DH24 per default [Paul]
* testing: prepare to migrate from f22 to f28 [Andrew, Antony, Paul]
* Bugtracker bugs fixed:
#166 IPsec/XAuth reusing lease for multiple clients behind same NAT [Paul]
v3.25 (June 27, 2018)
* IKEv2: MOBIKE Initiator support (RFC 4555) [Antony]
* IKEv2: Support for IKE SA rekeying RFC7296 1.3.2, initiator [Antony]
* IKEv2: Support for IPsec SA rekeying RFC7296 1.3.3, initiator [Antony]
* IKEv2: Support for IKE SA reauth=yes|no RFC7296 2.8.3 [Antony]
* IKEv2: Temporarily disable Liveness/DPD when MOBIKE kick in [Antony]
* IKEv2: No longer allow contradicting esp= and pfs= options [Andrew]
* IKEv2: PPK support for authby=rsasig [Vukasin Karadzic]
* IKEv2: Support for CURVE25519 (RFC 8031) [Andrew]
* IKEv2: IANA INTERNAL_DNSSEC_TA allocation added [Paul]
* IKEv2: Add PPK support to authby=rsasig [Vukasin]
* IKEv2: Don't calculate NO_PPK_AUTH when the POLICY is INSIST [Vukasin]
* IKEv2: fix PPK when responder is ppk=no but has a valid PPKID [Paul/Vukasin]
* IKEv2: Support for protoport based Opportunistic IPsec [Paul]
* IKEv2: Support multiple authby values (eg authby=rsasig,null) [Paul]
* IKEv2: Support for AUTHNULL fallback via private use Notify [Vukasin]
* IKEv2: Fix v3.23 regression causing liveness check to always fail [Tuomo]
* IKEv2: Support for Microsoft rekey bug: ms-dh-downgrade=yes|no [Andrew/Paul]
* IKEv2: Allow switching between OE instances with different protoports [Paul]
* IKEv2: process INITIAL_CONTACT and delete old states from a connection [Paul]
* IKEv2: Only retransmit fragments on receiving first fragment [Andrew]
* IKEv2: When sending fragments, also update st_msgid_lastreplied [Paul]
* IKEv2: Encrypt IKE_AUTH reply when authenticaion failed [Andrew]
* IKEv2: Fix handling of corrupt encrypted packets [Andrew]
* IKEv2: Do not call ISAKMP_SA_established() during CREATE_CHILD_SA [Paul]
* IKEv2: When receiving Initial Contact, delete old IPsec SA's [Paul]
* IKEv2: Harden IP triggered OE with new dns-match-id=yes|no [AntonyPaul]
* IKEv2: Add PRF/INTEG support for AES_XCBC / AES_CMAC [Andrew]
* IKEv2: permit DH=none (as in esp=aes;none,aes;dh22) [Andrew]
* IKEv1: Prevent crashes with IKEv1 mistakenly allowing narrowing=yes [Paul]
* IKEv1: DPD was not getting scheduled (bug introduced in 3.23) [Paul]
* IKEv1: modecfg_send_set() must not ignore failure of modecfg_resp() [Hugh]
* X509: Extend support for wildcard certs matching remote peer ID [Paul/Hugh]
* X509: Support PKCS7 for Microsoft interop with intermediate certs [Andrew]
* X509: Handle CRL fetching in separate thread [Andrew]
* pluto: Obsoleted connaddrfamily= (fixes 6in4 and 4in6) [Paul]
* pluto: New hostaddrfamily= and clientaddrfamily= (only needed w DNS) [Paul]
* pluto: Cleanup of state/md passing code [Andrew]
* pluto: Allow switching back from wrong instance to template conn [Paul]
* pluto: disentangle IKEv1 and IKEv2 packet sending code [Andrew]
* pluto: Allow rightsubnets= without leftsubnet(s)= [Paul]
* pluto: don't share IP leases for authby=secret (in case of group ID) [Paul]
* pluto: Parser bug prevented 4in6 config [mhuntxu at github, Daniel M. Weeks]
* pluto: Find and delete old connection/states with same ID [Paul/Hugh]
* pluto: traffic log (and updown) line had in/out bytes swapped [Paul/Tuomo]
* pluto: Fix memory/fd leaks found by Coverity and in cert code [Hugh/Andrew]
* pluto: Improve SPD longest prefix to priority calculation [Andrew/Paul/Hugh]
* addconn: Fix auto=route and auto=start processing [Paul]
* whack/auto: Ensure all status and list commands return no error code [Paul]
* KLIPS: Replace deprecated blkcipher with skcipher crypto API [Tijs Van Buggenhout]
* FIPS: Support new NIST ACVP protocol with cavp tool cmdline args [Andrew]
* FIPS: Don't attempt HMAC integrity test on rsasigkey (rhbz#1544143) [Paul]
* FIPS: Don't allow RSA keys < 3072 [Matt/Paul]
* FIPS: Enable our PRF aes_xcbc wrapper on NSS hash code in FIPS mode [Andrew]
* FIPS: Raise minimum RSA key length allowed to 3072 [Paul]
* CAVP: Add -<acvp-key> <acvp-value> and -json(output) options to CAVP [Andrew]
* portexcludes: new command ipsec portexcludes (see portexcludes.conf) [Paul]
* _updown.netkey: fix deleting routes when half routes are used [Tuomo]
* _updown.netkey: don't delete VTI interfaces until we can refcount [Tuomo]
* _updown.netkey: fix unroute: "need at least a destination address" [Tuomo]
* _updown.netkey: don't do proxyarp for direct host-host tunnels [Tuomo]
* _updown.netkey: force routing if we don't have route to remote network [Tuomo]
* _unbound-hook: Pass all IPSECKEY's to pluto, not just the first [Paul]
* contrib/python-swan: module to check if traffic get be encrypted [Kim]
* contrib/c-swan: example code to check if traffic get be encrypted [Kim]
* building: added USE_GLIBC_KERN_FLIP_HEADERS (default off) [Paul]
* building: when ElectricFence enabled, add extra system calls to seccomp [Andrew]
* ipsec: add checknss option --settrusts to reset CA trusts in nss db [Tuomo]
* _updown.netkey: force routing when necessary for IPsec to work [Tuomo]
* _updown.netkey: do not proxyarp for host-host tunnels [Tuomo]
* look: sort XFRM output by priority [Andrew]
* Bugtracker bugs fixed:
#311: segfault in crl fetching git master f5b17dc [Andrew, Tuomo]
#314: IPv6 default route is deleted by mistake
#318: vti interface gets down on previous initiator if roles switch [Tuomo]
#320: nsspassword file location is half implemented
#328: Addcon crash on duplicit "left" or "leftid" keys in conn config [Stepan Broz]
v3.24 (June 26, 2018)
* This release was never published
v3.23 (January 25, 2018)
* IKEv2: MOBIKE Responder support (RFC 4555) [Antony/Paul]
* IKEv2: Add support for modecfgdns= and modecfgdomains= like for IKEv1 [Paul]
* IKEv2: EXPERIMENTAL: Support for Postquantim Preshared Keys [Vukasin Karadzic]
based on draft-ietf-ipsecme-qr-ikev2-01 (using private use numbers)
new option: ppk=yes|no|insist (default no)
* pluto: Fix DEFAULT_RUNDIR to be set so it is really configurable [Tuomo]
* pluto: Add support IDr payload (You Tarzan, me Jane) [Paul]
* pluto: pass state to send_crypto_helper_request() [Andrew]
* pluto: Internal time/scheduling changes, micro-seconds logging [Andrew]
* pluto: make counts of states consistently "unsigned" [Hugh]
* pluto/lib: Remove obsoleted/unused %myid support [Paul]
* pluto: add --impair replay-forward,replay-backward [Andrew]
* pluto: add --impair dup-incoming-packets [Andrew]
* pluto: Rework nic offload detection code [Aviv Heller]
* pluto: Retry send on -EAGAIN in check_msg_errqueue() (up to 32x) [Paul/Hugh]
* pluto: Pull latest kernel traffic counters before logging/deleting SA [Paul]
* pluto: STF_INLINE, STF_TOOMUCHCRYPTO no longer needed in helpers [Andrew]
* pluto: Replace socket queues with a simple queue and mutex+cont [Andrew]
* pluto: Do not send DPD/liveness probes for replaced inactive IPsec SAs [Paul]
* pluto: crypto processing cleanup [Andrew]
* XFRM: XFRM_MIGRATE support, used for MOBIKE [Antony]
* XFRM: Listen to NETLINK_ROUTE messages from kernel for MOBIKE [Antony]
* XFRM: Fix unique marks accidentally setting -1 instead of random [Paul]
* XFRM: Only install IPv6 holes when system has configured IPv6 [Antony]
* XFRM: Add support for decap-dscp=yes|no (default no) [Paul]
* XFRM: Add support for nopmtudisc=yes|no (default no) [Paul]
* KLIPS: Support kernels 4.14+ with renamed dev->priv_destructor [Paul]
* KLIPS: updown fixes for IPv6 default route and metric/mtu settings [Wolfgang]
* SECCOMP: Update syscall whitelist for use of libunbound [Paul]
* IKEv1: better handle ESP with no integrity vs unknown integrity [Andrew]
* IKEv1: Fix packet retransmit code wrf timeouts vs duplucates [Andrew]
* IKEv1: Prevent duplicate responder states on retransmision [Andrew]
* IKEv1: Don't linger R1 states for 1h but use configured timeouts [Paul]
* IKEv2: nat_traversal_change_port_lookup() code moved [Antony]
* IKEv2: Macros could misinterpret some IKE/IPsec states [Paul/Antony]
* IKEv2: Updated Group transforms to comply with RFC 8247 [Paul]
* PAM: Don't cancel pam threads (unsupported!) but drop results instead [Andrew]
* _updown: Fix resolv.conf handling (github #130) [Tuomo]
* _updown: Fix POINTPOINT interfaces not to use nexthop [Tuomo]
* _updown.netkey: Add source ip to dev lo by default [Tuomo]
* Makefiles: Fix INC_MANDIR to be share/man and add FINALMANDIR [Tuomo]
* packaging: Move debian/ to packaging ('make deb' still works) [Antony]
* contrib: Added ipsec-dyndns to demonstrante how push an IPSECKEY [Paul]
* Bugtracker bugs fixed:
#313: changesource in updown_klips doesn't respect PLUTO_METRIC [Wolfgang]
#314: IPv6 default route is deleted by mistake [Wolfgang]
v3.22 (October 22, 2017)
* IKEv2: EXPERIMENTAL: unbound DNS server ipsecmod support [Opportunistic IPsec]
* IKEv2: Initial support for RFC 7427 Digital Signature [Sahana Prasad/GSoC]
* IKEv2: Do not include INTEG=NONE in AEAD IKE proposals [Andrew]
* IKEv2: Accept both ESP=AEAD+NONE and ESP=AEAD in proposals [Andrew]
(See also: https://www.rfc-editor.org/errata/eid5109)
* IKEV2: Fix interop with old pluto that rejected esp=aead+none [Andrew]
* IKEv2: Add support for GMAC via esp=null_auth_aes_gcm [Andrew]
* IKEv2: Fragmentation code cleanup and memory leak fixes [Andrew]
* IKEv1: Fix XAUTH retransmits and packet storage [Antony]
* IKEv1: Perform custom state change for XAUTH without ModeCFG [Paul]
* IKEv1: Add support for nat-ikev1-method=none [Paul]
* IKEv1: XAUTH password length wasn't consistent at 128 [Stepan Broz]
* pluto: Natively install ICMPv6 neighbour discovery holes [Mayank Totale/GSoC]
* pluto: Fixup XAUTH/PAM thread cancellation handling [Andrew/Antony]
* pluto: Change default rundir from /var/run/pluto to /run/pluto [Paul]
* pluto: Various ike_alg parsing updates [Andrew]
* pluto: Various cleanups in addresspool and XAUTH code [Hugh]
* pluto: Fix missing ntohl() on the SPI numbers in ipsec status [Paul]
* pluto: Various memory leak fixes [Antony,Paul,Hugh]
* pluto: Make ioctl(SIOCGIFFLAGS) failure for labeled devices non-fatal [Paul]
* pluto: Give IKE traffic preference via SO_PRIO [Paul]
* pluto: New setup options: ike-socket-errqueue= , ike-socket-bufsiza=e [Paul]
* pluto: Improve whack --listevents with libevent [Antony]
* pluto: Fixup NIC offload support [Antony, Hugh]
* pluto: Track and try the number of EAGAIN errors on IKE socket [Hugh/Paul]
* pluto: Prevent spurious initiating states on responder-only conn [Antony]
* pluto: don't call sanitize_string() in fmt_log() as it is expensive [Paul]
* pluto: No longer need to specify null for AEAD, can use esp=aes_gcm [Andrew]
* pluto: Increase default nhelpers for 1 CPU (2) and 2 CPUs (4) [Paul]
* pluto: New option logip= (default yes) to disable log of incoming IPs [Paul]
* pluto: signal handling cleanup [Andrew/Hugh]
* pluto: Don't try to retransmit unsent packet [Paul/Hugh]
* pluto: state hashing improvements [Andrew]
* pluto: Fix erranious connecting switching (bug in v3.21) [Paul]
* pluto: when deleting parent, don't deschedule DH for wrong child [Andrew]
* pluto: dpdaction=restart fixup when using %any [Antony]
* pluto: Don't die on labeled interfaces without SIOCGIFFLAGS support [Paul]
* addconn: left=%defaultroute would fail if >500 host routes [Kim]
* showhostkey/rsasigkey: Fixup mismatch of public key display [Andrew]
* FIPS: Some selftests did not run properly under FIPS mode [Andrew]
* KLIPS: Removed old premade patches, use make targets instead [paul]
* updown Don't remove source ip if it's still used (rhbz#1492501) [Tuomo]
* updown: Allow disabling via leftupdown="" or leftupdown="%disabled" [Paul]
* updown: SPI numbers were missing ntohl() conversion [Paul]
* various: phase out --ctlbase for --ctlsocket and --rundir [Paul]
* libipsecconf: reject unavailable kernel algorithms in parser [Andrew]
* libswan/pluto: throw a clearer error for broken libunbound [Paul]
* libswan/pluto: Cleanup logging and tighten logging lock [Andrew]
* libswan/pluto: Greatly optimize logging code [Andrew]
* libswan/pluto: Some logging algorithm renames for more consistency [Andrew]
* building: remove -fexceptions; breaks pthread_cleanup_push [Andrew]
* packaging: Update debian/ and move to packaging/debian [Antony]
* packaging: Update fedora/rhel spec files [Tuomo]
* testing: --impair-foo changed to --impair foo [Andrew]
* testing: Some new impair options for testing [Andrew,Sahana,Paul]
* testing: Allow null encryption with null auth for testing [Andrew]
* Bugtracker bugs fixed:
#294: Bug in public key reported by rsasigkey [Tijs Van Buggenhout/Andrew]
#299: Fix overlapping addresspool and static lease from passwd file [Antony]
#300: Fix bug in v3.21 that rejected hardcodes certs without a CA [Paul]
#302: IKEv1-only and IKEv2-only must not share IKE SA [Paul]
#303: xauth password length limited to 64 bytes [Stepan Broz]
v3.21 (August 9, 2017)
* FIPS: Don't crash on too weak PSK's in FIPS mode, warn for non-FIPS [Andrew]
* FIPS: rsasigkey: Use modulus F4, not 3 (FIPS 186-4, section B.3.1) [Paul]
* pluto: Support for "idXXX" esp/ike transform IDs removed [Andrew,Paul]
* pluto: Do not return whack error when termining an alias connection [Paul]
* pluto: Remove IKE policy bits on passthrough conns [Paul]
* pluto: Minor memory leak fixes [Paul]
* pluto: Fix memory leak due to addresspool reference count error [Antony]
* pluto: Re-add support for ipsec whack --listevents [Antony]
* pluto: Cleanup listed events on shutdown to please leak-detective [Antony]
* pluto: Perform stricter SubjectAltName checks on configured ID's [Paul]
* pluto: Handle *subnets in --route and --unroute via whack [Mika/Tuomo]
* pluto: Unify IKEv1 XAUTH and IKEv2 PAM threading code [Andrew]
* pluto: Use pthread_cancel() (not SIGINT, conflicts with debuggers) [Andrew]
* pluto: Fix memory corruption with XAUTH/PAM threads [Andrew/Hugh]
* pluto: Fix resource leak processing XAUTH password authentication [Andrew]
* pluto: Fix warnings generated by gcc 7.1 [Lubomir Rintel]
* pluto: NIC offload support nic-offload=auto|yes|no (eg mellanox) [Ilan Tayari]
* pluto: Use common function in ikev1 / ikev2 for dpd/liveness actions [Antony]
* NSS: Try harder finding private keys that reside on hardware tokens [Andrew]
* IKEv2: Opportunistic IPsec support for IPSECKEY records [Antony]
* IKEv2: New dnssec-enable=yes|no, dnssec-rootkey-file=, dnssec-anchors= [Paul]
* IKEv2: If CREATE_CHILD_SA superseded retransmit, drop it [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.1) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.2 responder) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.3 responder) [Antony]
* IKEv2: Flush ESP/AH proposals on the initiator. It could be stale [Antony]
* IKEv2: State Machine (svm) updates to simplify CREATE_CHILD_SA [Antony]
* IKEv2: DH role is based on message role not Original Initiator role [Antony]
* IKEv2: Return CHILD_SA_NOT_FOUND when appropriate [Antony]
* IKEv2: After an IKE rekey, rehash inherited Child SA to new parent [Antony]
* IKEv2: Rekeying must update SPIs when inheriting a Child SA [Antony]
* IKEv2: Decrypt and verify the paylods before calling processor [Andrew]
* IKEv2: Fragmentation code cleanup [Andrew]
* IKEv2: Drop CREATE_CHILD_SA message when no IKE state found [Antony]
* IKEv2: Do not send a new delete request for the same Child SA [Antony]
* IKEv2: During Child SA rekey, abort when ESP proposals mismatch [Antony]
* IKEv2: OE client check should take responders behind NAT into account [Paul]
* IKEv2: Improved dpdaction=hold processing [Antony]
* IKEv1: Only initiate and create IKE SA for appropriate dpdaction [Antony]
* IKEv1: Re-add SHA2_256 (preferred) and SHA2_512 to IKEv1 defaults [Andrew]
* IKEv1: Aggressive Mode fixes for sending CERT / CERTREQ payloads [Paul]
* IKEv1: Multiple CISCO_SPLIT_INC's cause duplicate spd_routes [Oleg Rosowiecki]
* X509: Improve some failure logging [Paul]
* XFRM: Use proper alignment for IPv4 AH as per RFC4302 Section 3.3.3.2.1 [Paul]
* XFRM: Update including system or local copy of xfrm.h [Paul/Antony]
* XFRM: Remove no longer needed {rt}netlink.h copies [Paul]
* KLIPS: cryptoapi: switch from hash to ahash [Richard]
* KLIPS: Add traffic accounting support [Richard/Paul]
* KLIPS: Support for linux 4.11 [Paul]
* lib: Move the alg_info lookup-by-name code to libswan [Andrew]
* lib: Move all conditionally compiled ike_alg*.c files to libswan.a [Andrew]
* addconn: Replace ttoaddr() with calls supporting DNSSEC [Paul/Antony]
* libswan: Algo code cleanup [Andrew]
* libipsecconf: Load specified RSA keys irrespective of policy [Paul]
* libipsecconf/pluto: Be more strict in authby= & type= combinations [Paul]
* libipsecconf: Fail to load connections with unsatisfied auto= clause [Hugh]
* parser: Numerous algorithm parser fixes, eg. esp=aes_ccm_8_128-null [Andrew]
* algparse: (Experimental) modified to run algorithm parser stand-alone [Andrew]
* newhostkey: Actually append to secrets as the warning claims it will [Paul]
* _updown.netkey: Fix syntax failure when PLUTO_MY_SOURCEIP is not set [Tuomo]
* _updown.netkey,klips: Fix use of printf when updating resolv.conf [Tuomo]
* _updown.netkey: Remove wrong use of PLUTO_PEER_CLIENT netmask [Tuomo]
* _updown: Add MAX_CIDR variable for host netmask [Tuomo]
* ipsec import: Trust bits correction did not always trigger [Tuomo]
* building: Convert lib/ to use mk/library.mk [Andrew]
* building: Work around rhel-6 gcc [Andrew]
* building: Add copy unbound-event.h work around broken unbound installs [Paul]
* packaging: Better split rpm and make variables [Paul]
* packaging: Updates for new requirements for ldns, unbound-devel [Paul]
* testing: Add DNSSEC, Opportunistic IPsec testcases, fixups [Multiple people]
* contrib: Munin plugin for libreswan [Kim/Paul]
v3.20 (March 14, 2017)
* pluto: Add ECP dh19(secp256r1), dh20(secp384r1) and dh21(secp521r1) [Andrew]
* pluto: Add dh= aliases for all modp= groups (eg "dh2" for "modp1024") [Paul]
* pluto: Add statistics support to ipsec whack --globalstatus [Paul]
* pluto: Add statistics clearing support using ipsec whack --clearstats [Paul]
* pluto: Fix use-after-free in whack event handler (since v3.19) [Andrew]
* pluto: Cleanup kernel_netlink.c [Hugh]
* pluto: Print AH= algorithm and ESN when established [Paul/Andrew]
* pluto: strip file path from abort messages [Andrew]
* pluto: Support initiating template conn with --remote-host <ipaddr> [Paul]
* pluto/libswan: Change most ttoaddr() to ttoaddr_num() to prevent DNS [Paul]
* pluto: fix use-after-free with EVENT_v2_RELEASE_WHACK [Andrew]
* pluto: orient() asserted on SPLIT_INC without remote-peer-type=cisco [Paul]
(reported by Oleg Rosowiecki)
* pluto: accurately size a buffer for the decimal representation [Hugh]
(debian bug 853507)
* pluto: avoid gcc unused variable warnings when USE_KLIPS=false [dkg]
* pluto: Support for Linux systems without IFA_F_TENTATIVE (CentOS5) [Paul]
* pluto: Ignore uniqueids= for roadwarrior PSK and assume non-unique [Paul]
* IKEv2: CREATE_CHILD support for Parent SA and Child SA rekeying [Antony]
* IKEv2: Various refactoring for CREATE_CHILD support [Antony]
* IKEV2: OE/CAT: Don't send CP request when responder is behind NAT [Antony]
* IKEv2: log first notify payload when we receive an Notify Error [Paul]
* IKEv2: Fix memory leak in DH secret calculation (since v3.9) [Andrew]
(reported by Eric Andersson)
* IKEv2: If re-entering ikev2_crypto_start(), reset msgid [Paul]
* IKEv2: prevent copying bogus peer id when ID kind is IPv4/IPv6 [Paul]
(rhbz#1392191)
* IKEv2: suppress DELETE notifies for connections being replaced [Paul]
* IKEv2: re-instate ISAKMP_SA_established() [Paul]
* IKEv1: For IKE (phase 1), prefer 256-bit bit encryption [Andrew]
* IKEv1: Print conn algo's when using XAUTH [Andrew]
* IKEv1: Simplify ike= defaults (drop MODP1024, MD5, add MODP2048) [Andrew]
* IKEv1: Prefer 256-bit keys over 128-bit keys for IKE [Andrew]
* IKEv1: Also call ISAKMP_SA_established() in Aggressive Mode [Paul]
* newhostkey: Convert remaining --configdir for --nssdir [Tuomo]
* barf: Ensure proper macros are used. Add certutil/crlutil output [Paul]
* misc: Fix various spelling errors in code/comments/man pages [dkg]
* packaging: spec files should use 0 and 1, not true and false [David Arnold]
* building: NSS_REQ_AVA_COPY?=true to support new NSS lib export fix [Paul]
* building: Remove no longer needed NSSCERT_CheckCrlTimes() copy [Paul]
* building: fetch: remove support for ancient LDAP version 2 [Tuomo]
* building: move whack to separate programs/whack/ directory [Andrew]
* building: Various Makefile variable cleanups and double link fixes [Andrew]
* building: Don't check runtime for SElinux/systemd with DESTDIR [Paul]
* documentation: added oe-letsencrypt-* example configs [Paul]
v3.19 (January 15, 2017)
* NSS: Support for configurable nss dir via @IPSEC_NSSDIR@ [dkg/Tuomo]
* FIPS: Only pluto needs a .hmac file, reducing crypto boundary [Paul]
* FIPS: do not allow DBG_PRIVATE to be set when running in FIPS mode [Paul]
* FIPS: Ignore failureshunt=passthrough and negotiationshunt=passthrough [Paul]
* FIPS: Filter default proposals of non-FIPS allowed proposals [Andrew]
* FIPS: Added CAVP test for pluto GCM code [Andrew]
* FIPS: More cleanup of crypto related structs and functions [Andrew]
* FIPS: Implement SHA based PRFs directly in NSS [Andrew]
* FIPS: Support for CAVP testing 'HMAC construct' based SHA PRF code [Andrew]
* IKEv2: Don't crash on bogus mixed protocol Delete Payloads [Hugh/Paul]
* IKEv2: Add asymmetric AUTH support (leftauth= and rightauth=) [Antony/Paul]
* IKEv2: refactored AUTH handling payload into v2_check_auth() [Paul]
* IKEv2: support CERT chain sending [Paul]
* IKEv2: Allow CERT and CERTREQ payloads multiple times [Paul]
* IKEv2: do not attempt to send notify in reply to IKE_AUTH reply [Paul]
* IKEv2: When receiving DELETE, ensure expire+restart when needed [Antony]
* IKEv1: If a queued up DPD probe finds no IKE SA, create a new one [Paul]
* IKEv1: accept_delete() check if IKE SA is shared before deleting [Paul]
* IKEv1: Remove ADNS, DNS continuations and IKEv1 OE code [Paul/Antony]
* IKEv1: Schedule IPsec SA REPLACE immediately when receiving DELETE [Antony]
* IKEv1: Some IKE SA failure on initiator could lead to hanging whack [Paul]
* KLIPS: fix for unregister_netdevice() for Linux 3.6.11 and up [Richard/Paul]
* XFRM: EXPERIMENTAL Support for configuring IP address on the VTI device [Paul]
keyword: leftvti=address/mask
* XFRM: Fix NAT-T support when userland compiled without KLIPS support [Paul]
* X509: Obsolete /etc/ipsec.d/crls (load_crls()) and whack --rereadcrls [Paul]
* X509: New whack --fetchcrls (alias ipsec crls) to trigger a fetch [Paul]
* X509: Iterate all X.509 certs and try to fetch their crls [Kim]
* X509: Start a fetch for CRLs 5 seconds after startup [Kim]
* X509: --rereadcrls no longer overwrites newer CRLs with older ones [Paul]
* X509: log the NSS error when CERT_ImportCerts() fails [Paul]
* X509: Don't attempt to fetch crl->uri when not present [Paul/Matt]
* X509: Additional OCSP options to tweak the cache and fetch method [Paul]
(new keywords: ocsp-method ocsp-cache-size ocsp-cache-min-age
ocsp-cache-max-age)
* X509: Fix memory leak in certificate handling (lsbz#278) [William Rios]
* X509: Fix memory leak in certificate chain handling [Matt]
* pluto: close whack socket in add_pending when dup pending is skipped [Hugh]
* pluto: Avoid adding duplicate bare shunts causing lockup [Paul]
* pluto: drop modp1024 (DH2) from IKEv1 "ike=" default list [Andrew]
* pluto: send_packet() now refuses to send a packet to 0.0.0.0 [Paul]
* pluto: find_hostpair ignore CK_INSTANCES that are ID_NULL [Antony]
* pluto: Fix ca name and generalName leak lsbz#276 [Bill Rios]
* pluto: EXPERIMENTAL SECCOMP support (seccomp=enabled|tolerant|disabled) [Paul]
* pluto: connection instances need their own reqid [Antony]
(this resolves multiple clients behind same NAT router issue)
* pluto: Use a global reqid counter instead of looping every time [Paul]
* pluto: use sets instead of nested loops for transform processing [Andrew]
* pluto: Prefer not switching connections when possible [Paul/Hugh]
* pluto: Move unique mark from rw_instantiate() to instantiate() for OE [Paul]
* pluto: log more information when a bare shunt is missing [Hugh]
* pluto: redo process_encrypted_informational_ikev2 [Hugh]
* pluto: Add new config option encapsulation=auto|yes|no [Paul/Patrick Kerpan]
replacing forceencaps=yes|no
* pluto: No longer log bogus reapchildren warning [Paul]
* libipsecconf: libipsecconf: remove last remnants of manual keying [Paul]
* libipsecconf: remove auth= alias for phase2= [Paul]
* _updown.netkey: Move addcat call from route-host to up-client [Paul]
* ipsec: initnss|import use --nssdir for nssdb directory option [Tuomo]
* newhostkey: use --nssdir for nssdb directory option [Tuomo]
* showhostkey: use --nssdir for nssdb directory option [Tuomo]
* barf: minor improvements with systemd/journalctl [Paul]
* verify: fix "with FIPS" output to print OK [Paul]
* _stackmanager: add cmac and chacha20poly1305 to modprobe list [Paul]
* building: libreswan assumes -std=gnu99 when building [Andrew]
* building: USE_EXTRACRYPTO replaced by USE_SERPENT and USE_TWOFISH [Paul]
* building: Disable DH22 by default. To re-enable use USE_DH22=true [Paul]
* building: work around flex 2.5.4 (CentOS 5); use: -o/output/file [Andrew]
* sysvinit: remove unnecessary warnings about already stopped pluto [Tuomo]
* initsystems: Enable "systemctl help ipsec" [dkg]
* testing: various web output fixes (see testing.libreswan.org) [Andrew]
* testing: various test updates / additions [Paul/Antony]
* documentation: fixup changes in GPL 2.0 / LGPL like FSF address [dkg]
* Bugtracker bugs fixed:
#270 newhostkey: text output produces 1 character bug in pubkey [Andew]
#272 Option --leak-detective causes assertion failure [Bill / Paul]
#277 pluto: fix pluto events leak in timer_event_cb [Bill Rios]
#152: ipsec whack --initiate for xauth does not release whack [Paul/Hugh]
v3.18 (July 27, 2016)
* SECURITY: CVE-2016-5391: IKEv2 proposal lacking DH causes restart [Andrew]
* XFRM: EXPERIMENTAL Support for NAT OE Client Address Translation [Antony]
keyword: leftcat=yes|no
* XFRM: EXPERIMENTAL Support for routed-VPNs using VTI [Paul/Tuomo]
keywords: vti-interface=<name> vti-routing=yes|no vti-shared=yes|no
* XFRM: EXPERIMENTAL Support for Traffic Flow Confidentiality tfc=XXX [Paul]
* KLIPS: Fix for /proc/net/pf_key oops on < 4.4 [Erik Andersson]
* KLIPS: Fix overwriting the sk pointer in 4.4 kernels [Ofer Heifetz]
* FIPS: Only the pluto binary needs a fipscheck .hmac file for self-test [Paul]
* FIPS: Change SA_LIFE_DURATION_MAXIMUM from 1 day to 8h [Paul]
* FIPS: Do not allow Linux-style sha2 truncation for ESP in FIPS mode [Paul]
* FIPS: Allow PSK in FIPS mode. This was erroneously not allowed [Paul]
* FIPS: Added new ipsec whack --fipsstatus [Paul]
* IKEv2: For default proposals, prefer MODP2048 over MODP1536 [Andrew]
* IKEv2: For proposals like ike=aes-sha2, prefer AES_256 over AES_128 [Andrew]
* IKEv2: For default ESP proposals, include and prefer AES_GCM [Andrew]
* IKEv2: For default ESP/AH proposals, do not propose MD5 integrity [Andrew]
* IKEv2: Add MODP3072 to defaults to ease interop with strongswan [Andrew]
* IKEv2: Prefer sha2-512 over sha2-256 for ESP to avoid linux bug [Andrew]
* IKEv2: fix use of ikev2_cert_req_fields [Lubomir Rintel]
* IKEv2: Extend and improve notify handling [Paul]
* IKEv2: Update ike endpoint as per rfc7296#section-2.23 [Antony/Paul]
* IKEv2: If first liveness probe failed, we never noticed liveness failure [Paul]
* pluto: Extend mark= support for mark-in= and mark-out= [Paul]
* pluto: implement unique marks by using mark=-1 [Paul]
* pluto: Add systemd watchdog support via USE_SYSTEMD_WATCHDOG [Matt/Paul]
* pluto: Follow connaddrfamily when resolving hostnames [Daniel M. Weeks]
* pluto: Check enum names consistency on startup [Hugh]
* pluto: Log mismatched DH group (KE payload) to log (not debug) [Andrew]
* pluto: Don't try to delete non-existing ipsec sa's (github #50) [Paul]
* pluto: Prevent double free of id data [Hugh]
* pluto: Avoid crashing on gaining remote ip locally (rhbz#1229766) [Paul]
* pluto: ESN could use uninitialised values and fail [Paul/Andrew]
* X509: Try subsequent crl distribution points when first one fails [Kim]
* whack: Display IPv4 lease address in --trafficstatus [Andrew]
* libipsecconf: New keyword left/rightckaid=XXX [Andrew]
* libipsecconf: Remove legacy keyword subnetwithin= [Hugh]
* libipsecconf: Clean out kv_auto / kv_manual attributes [Hugh]
* updown: Add SPI_IN= and SPI_OUT= to updown scripts [Paul]
* programs: Removed obsoleted ikeping and livetest [Paul]
* newhostkey: No longer touch any secret files [Andrew]
* showhostkey: Only look at NSS - don't require ipsec.secrets [Andrew]
* libswan: Fix unbound dnsctx handling [Hugh/Paul]
* libswan/libipsecconf: Clean up SECRETS code [Andrew]
* libswan: Delete getNSSPassword; replaced by lsw_nss_get_password [Andrew]
* addconn: Find peer IP address when resolving default route [Daniel M. Weeks]
* barf: If systemd detected, use journalctl to get logs [Paul]
* building: The make variable NSSLIBS was renamed to NSS_LDFLAGS [Andrew]
* building: Fix building without DNSSEC support [Hugh/Paul]
* packaging: Updates for debian packaging [dkg]
* initsystem: Add docker support using 'make INITSYSTEM=docker' [Kim]
* ipsec import: Add --configdir|--ipsecdir option for nss db location [Tuomo]
* _import_crl: Fix to work with nsspasswd [Andrew]
* _stackmanager: Remove loading of hardware random modules [Tuomo]
* _stackmanager: hide error if /proc/sys/net is read-only (i.e. docker) [Kim]
* ipsec: remove run by root check for Neutron/VPNaaS [Tuomo]
* ipsec: add option [--configdir|--ipsecdir /etc/ipsec.d] [Tuomo]
* testing: Various improvements for running tests, include web tree [Andrew]
* testing: New makefile targets, see 'make kvm-help' [Andrew]
* testing: pluto support for --expire-bare-shunt <interval> [Paul]
v3.17 (April 4, 2016)
* SECURITY: CVE-2016-3071: IKEv2 aes_xcbc transform causes restart [Andrew]
* pluto: replace make variable HAVE_NO_FORK with USE_FORK, USE_DAEMON, and
USE_VFORK [Andrew]
* pluto: add make variable USE_PTHREAD_SETSCHEDPRIO used by Darwin [Andrew]
* IKEv2: Add Vendor ID support and VID_OPPORTUNISTIC [Paul]
* IKEv2: Send VID_OPPORTUNISTIC when doing AUTH-NULL Opportunistic IPsec [Paul]
* IKEv2: New keyword drop-oppo-null=no|yes (default no) [Paul]
* IKEv2: ikev2_out_generic{_raw}() functions [Paul]
* IKEv2: Raise minimum nonce size from 8 to 16 bytes as per RFC-7296 [Paul]
* IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes [Paul]
* IKEv2: Fix memory leak of dcookies [Paul]
* IKEv2: Switch pluto to native IKEv2 SA code, disentangle from IKEv1 [Andrew]
* IKEv2: Log local and remote IKE and ESP/AH proposal sets [Andrew]
* IKEv2: ESN support (XFRM linux 2.6.39+) via esn=yes|no(default)|either [Paul]
* IKEv2: Do not include aes_xcbc in proposal list until NSS supports it [Paul]
* IKEv2: Prefer sha2_512 over sha2_256 over sha1 [Paul]
* IKEv2: Use SHA2-256 instead of SHA1 as hash algorithm for dcookies [Paul]
* IKEv2: Validate unexpected dcookies to limit TRANSCRIPT attack [Paul]
* IKEv2: Don't duplicate failed IKE SA every pending cycle of 120s [Paul]
* IKEv2: add --impair-send-bogus-dcookie for testing [Paul]
* IKEv1: Packet retransmit fixes for Main/Aggr/Xauth modes [Paul]
* IKEv1: Minor logging changes for DPD/NAT-T/AGGR [Paul]
* IKEv1: Prefix a few functions with ikev1_* where not obvious [Paul]
* IKEv1: Always send modecfg banner and domain if they are set [Lubomir Rintel]
* pluto: fetch crls from middleCA/endcert AIA distribution points [Kim/Mika]
* pluto: crls must be refreshed periodically, not only near expiry [Kim/Mika]
* pluto: Raise IKEv1 and IKEv2 default nonce size from 16 to 32 bytes [Paul]
* pluto: Don't delete IKE SA when shared with multiple connections [Paul]
* pluto: connection restart failed for dynamic dns conns [Wolfgang]
* pluto: Ignore tentative and failed IPv6 addresses [Lubomir Rintel]
* pluto: Fix various coverity warnings and corner cases [Hugh, Paul]
* pluto: Rename *xauthusername= to *username= (keep compat alias) [Paul]
* pluto: accept/verify the KE contents before creating the state [Andrew]
* pluto: Parse the IKE SA proposals before creating the state [Andrew]
* pluto/rsasigkey: libgmp functions obsoleted by native NSS [Andrew]
* pluto: Be more careful handling realloc() failure [Hugh]
* pluto: Fix leaks in NSS/certificate handling code [William Rios]
* pluto: Refuse to load conns with protoport=XX/%any on both sides [Paul]
* pluto: Ignore unsupported keys from the NSS database [Andrew]
* pluto: orphan_hold() can encounter connection in delete phase [Antony]
* rsasigkey: Only print the comment line, pubkey and CKAID [Paul]
* secrets: Remove wrapper for "ipsec secrets" and make it inline [Paul]
* libipsecconf: Make handling of policy bits more systematic [Hugh]
* barf: Only sysvinit printed the string "subsystem" [Paul]
* FIPS: Code cleanup and misc. fixes [Andrew / Paul]
* FIPS: Add _import_crl to the FIPS file list [Paul]
* KLIPS: Support for Linux 4.4.x kernel (lsw#256) [Wolfgang]
* KLIPS: IPv6 can't determine routing device (lsw#237) [Wolfgang]
* KLIPS: Fix pluto compile for USE_KLIPS=false [Paul]
* barf: Does not show pluto log correctly in the output (rhbz#1309764) [Paul]
* packaging: debian/ fixes [Marc-Christian Petersen / Tuomo]
* sysvinit: Fix displaying number of tunnels in status command [Paul]
* Bugtracker bugs fixed:
#258 DPD with dynamic dns can't reconnect a host connection [Wolfgang]
v3.16 (December 18, 2015)
* auto: add new option --start which is like auto=start [Tuomo]
* libipsecconf: allow time with no unit suffix (openswan compat) [Hugh]
* libipsecconf: cleanup parser.y to work on old/new GCC and 32/64bit [Hugh]
* libipsecconf: re-introduce strictcrlpolicy= as alias for crl-strict= [Paul]
* libipsecconf: Allow time specification for dpdtimeout= / dpddelay= [Paul]
* libipsecconf: aliases curl_timeout / curl_iface for openswan migration [Paul]
* libswan: Fix memory leak in match_rdn() [Valeriu Goldberger]
* PAM: Fix some IKEv1 XAUTH methods always returning "denied" [Antony]
* PAM: stacked pam modules (eg pam_ssss) need CAP_DAC_READ_SEARCH [Matt]
* newhostkey: fix seeddev device [Paul]
* pluto: terminate_connection() when we become unoriented (rhbz#609343) [Paul]
* pluto: find_client_connection() must ignore unoriented c (rhbz#1166146) [Paul]
* pluto: Fix trafficstatus byte counter output [Antony]
* pluto: accept racoon's over-sized padding (got rejected in 3.14) [Andrew]
* pluto: obsolete plutofork= and ignore the keyword on startup [Paul]
* pluto: send_crl_to_import: use waitpid(2) to wait for correct child [Hugh]
* pluto: cleanup struct spd_route and related tidying [Hugh]
* pluto: fix eclipsed to iterate over connection's spd_routes [Hugh]
* pluto: accept delete payload with wrong side's SPI (CISCO bug) [Paul+Hugh]
* pluto: initialise phase2 our_lastused/peer_lastused on creation [Paul+Hugh]
* pluto: pluto: OE: add shunts.total count to ipsec whack --globalstatus [Paul]
* pluto: Add keyword replay-window= (default 32, 0 means disable) [Paul]
* pluto: Add fake-strongswan=yes|no (default no) to send strongswan VID [Paul]
* pluto: Add support for XFRM marking cia mark=val/mask [Amir Naftali]
* pluto: Use selinux dynamic class/perm discovery, not old API [Lubomir Rintel]
* pluto: Fix for uniqueids killing second tunnel between hosts [Tuomo]
* pluto: Don't refuse to load passthrough conn with ike= / esp= settings [Paul]
* pluto: Free the event struct initialized in main loop and tidy [Antony]
* pluto: Add event for child handling of addconn [Wolfgang/Antony]
* pluto: release_fragments() cannot try both IKEv1 and IKEv2 fragments [Paul]
* X509: load_end_nss_certificate() cleanup [Matt]
* X509: Add on-demand loading of NSS certificate private keys [Matt]
* X509: Fix possible NSS cert leaks in trusted_ca_nss() [Matt]
* IKEv2: delete_state() should only handle shunt of real parent SA [Paul]
* IKEv2: retransmit_v2_msg() should delete parent and child SA on failure [Paul]
* IKEv2: mixup in parent/child SA caused keyingtries to be lost [Paul]
* IKEv2: Remove two bogus state machine entries for INFORMATIONAL [Paul]
* IKEv2: Remove duplicate SEND_V2_NOTIFICATION() [Paul]
* IKEv2: Only let passthrough conn win if it has longer prefix [Paul]
* OE: Deleting opportunistic Parent with no Child SA [Paul]
* OE: Send authentication failed for OE child fail [Paul]
* OE: Don't reject IPv6 family for OE foodgroups [Antony]
* OE: Move orphan_holdpass() call into delete_state() [Paul]
* OE: Call orphan_holdpass() for opportunistic conns for EVENT_SA_EXPIRE [Paul]
* OE: Do not answer IKE request if we matched authby=never conn [Paul]
* OE: Fix memory leaks in nullgw and bs->why [Antony]
* OE: At IKE rekey time, delete the IKE/IPsec SA when idle [Antony]
* FIPS: fips.h should only require compiled libexec/ components [Paul]
* XAUTH: Fix for connection going up->down->up causing passert [Hugh]
* XAUTH: Do not interpret padding as incomplete attribute [Lubomir Rintel]
* XAUTH: Improve failure logging [Paul]
* XFRM: Workaround bug in Linux kernel NLMSG_OK's definition [Hugh]
* KLIPS: kernels 4.1.x+ always use the same interface to uids [Roel van Meer]
* KLIPS: Various changes to support 4.1.x kernels [Wolfgang]
* ipsec: custom directory not recognized, github issue #44 [Tuomo]
* updown.*: Fix NetworkManager callback [Lubomir Rintel]
* addconn: tidy [Hugh]
* building: obsolete USE_ADNS and disable building adns helpers [Paul]
* building: Do not link all binaries with nss,nspr and gmp [Paul]
* building install "ipsec_initnss.8" and "ipsec_import.8" man pages [Andrew]
* packaging: debian/ directory update [Paul/Daniel]
* testing: Various testing updates and improvements [Antony/Paul/Andrew]
* documentation: added CODE_OF_CONDUCT.d [Paul]
* Bugtracker bugs fixed:
#216 No longer require :RSA entries for X.509 certs in ipsec.secrets [Matt]
#233 pluto sends delete SAs in wrong order and reconnection issues [Wolfgang]
#247 KLIPS: fix pluto can't add ipv6 addresses to ipsec devices [Wolfgang]
#248 keyingtries=%forever doesn't work anymore [Wolfgang]
v3.15 (August 24, 2015)
* SECURITY: CVE-2015-3240 IKE daemon restart when receiving a bad DH gx [Hugh]
* KLIPS: fix use of *iovec() functions for linux 4.x kernels [Greg Ungerer]
* IKEv1: Remove old IPsec SA's when newest IPsec SA is removed [CHEN, JIANFU]
* IKEv1: Fix Labeled IPsec SECCTX parsing - bug introduced in 3.14 [Matt]
* NETKEY: workaround for NLMSG_OK() macro causing build failure on i686 [Hugh]
* NETKEY: Fix IPsec SA priority on type=passthrough conns [Antony]
* NETKEY: Fix nflog= on type=passthrough conns [Paul]
* pluto: Use PORT_ErrorToString() to translate NSS errors [Matt]
* pluto/whack: add --impair-send-zero-gx to test CVE-2015-3240 [Paul]
* ipsec: checknss/initnss must both convert old database if it exists [Tuomo]
* packaging: debian fixes for userland package [Antony]
v3.14 (August 11, 2015)
* NSS: Major rewrite of PRF / PRFPLUS / integrity functions for FIPS [Andrew]
* FIPS: Added programs/pluto/cavp for NIST CVAS testing [Andrew]
* IKEv2: RFC 7383 IKEv2 Fragmentation support [Herbert/Hugh]
* IKEv2: RFC 7619 Auth Null support (authby=null) [Paul/Antony/Hugh]
* IKEv2: RFC 7619 ID Null support (leftid=%null) [Paul/Antony/Hugh]
* IKEv2: whack and smc related time out fixes [Antony]
* IKEv2: rekey, expire, delete refactoring and fixes [Antony]
* IKEv2: do not pad IKE messages (fix interop w. InsideSecure) [Paul]
* IKEv2: Fix esp=camellia to use the IKEv2 IANA registry number for ESP [Paul]
* IKEv2: Fix memory leaks in addresspool and child exchange sadb [Antony]
* IKEv2: Support for INVALID_KE DH group re-transmits [Paul/Hugh]
* IKEv2: if applicable, add CERTREQ payload to IKE_SA_INIT response [Antony]
* IKEv2: Various memory leak fixes [Hugh]
* IKEv2: Delete parent/child SA when IPsec SA expires due inactivity [Antony]
* IKEv2: Added pam-authorize= (default no) for userid verification [Antony]
* IKEv2: Informational exchange did not always update msgid counters [Paul]
* IKEv2: Don't send v2N_INVALID_MSGID in response to duplicate IKE_INIT packet
* IKEv2: Time all crypto operations, not just DH IKEv2 [Antony]
* IKEv2: reduce leaks involving sa_v2_convert [Hugh]
* IKEv2: eliminate leaks of st_tpacket [Hugh]
* IKEv2: fix send certreq [Antony]
* IKEv2: find_host_connection now checks RSA, PSK and NULL one by one [Antony]
* IKEv1: Don't copy isakmp_sa from received packet [Paul]
* IKEv1: Do not retransmit forever [Antony/Herbert]
* FIPS: Enforce crypto restrictions in FIPS mode (no md5,twofish, etc) [Paul]
* XAUTH: retransmit user/password request in 10s (instead of 30s) [Wolfgang]
* X509: Re-added CRL and OCSP support using NSS [Matt]
* X509: Expired certificate could crash pluto [Wolfgang]
* x509: New options: ocsp_enable= ocsp_strict= ocsp_timeout= [Matt]
ocsp_uri= and ocsp_trust_name=
* pluto: Converted select() loop to use libevent and subsecond timers [Antony]
* pluto: unroute IPSEC SA instead of hold, if oppo and CK_INSTANCE [Antony]
* pluto: Added --impair-send-no-ikev2-auth and --impair-force-fips [Paul]
* pluto: Added retransmit-timeout= (default 60s) [Antony]
* pluto: Added retransmit-interval= in ms (default 500) [Antony]
* pluto: Greatly reduce time to retransmit from 20s to 0.5s [Antony]
* pluto: Support for IKEv2 AES_CTR (ike=aes_ctr) [Andrew Cagney]
* pluto: Support for CBC/CTR test vectors using NSS [Andrew Cagney]
* pluto: Remove last weary old FreeS/WAN X.509 code and use NSS instead [Matt]
* pluto: Static IP support using passwd file with addresspool= [Wolfgang]
* pluto: major tidy of labeled ipsec code [Hugh]
* pluto: fixes for uninitialized fields in output struct [Hugh/Paul]
* pluto: audit format and log item update as per audit spec [Paul]
* pluto: simplify and clarify sa_copy_sa and friends [Hugh]
* pluto: small steps improving crypto helpers [Hugh]
* pluto: plutostderrlog= renamed to logfile= [Paul]
* pluto: plutostderrlogtime= renamed to logtime= [Paul]
* pluto: New option logappend=yes|no (default yes) [Paul]
* pluto: Removed obsoleted loopback= support [Paul]
* pluto: advanced state counting (anon,auth,halfopen,child) [Paul/Andrew/Hugh]
(see ipsec whack --globalstatus)
* pluto/rsasigkey: added --seedbits option (and seedbits= option) [Paul]
* pluto: do not terminate_connection() in-flight [Hugh]
* pluto: don't use an expired reserved kernel SPI as fallback [Herbert Xu]
* pluto: Use "third best" monotime() on mismatched kernel/glibc headers [Paul]
* pluto: removed bool inbound_only from delete_ipsec_sa() [Paul/Herbert]
* pluto: fix modecfg client/server status display (was swapped) [Herbert]
* pluto: Global NFLOG support via nflog-all= keyword (default off) [Paul]
* pluto: Per-conn NFLOG support via nflog= keyword (default off) [Paul]
* pluto: Reduce default logging for unknown/halfopen/opportunistic SA's [Paul]
* pluto: Fix bogus "no RSA public key known for '%fromcert'" [Herbert Xu]
* pluto: exclude ike/esp options from %default for never-negotiate conns [Paul]
* pluto: added xfrmlifetime= (default 300) to customise NETKEY acquires [Paul]
* pluto: added shuntlifetime= (default 15m) for bare shunts [Paul]
* pluto: added negotiationshunt= (default hold) [Paul]
* pluto: Obsoleted force-busy= for ddos-mode= [Paul]
* pluto: Added config setup keyword ddos-mode= (default auto) [Paul]
* pluto: Added config setup keyword ddos-ike-threshold= (default 25000) [Paul]
* pluto: Added config setup keyword max-halfopen-ike= (default 50000) [Paul]
* pluto: route_owner() don't passert on changed interface [Paul]
* pluto: Remove DNSSEC DLV support (DLV is decommissioned) [paul]
* pluto: Support for unbound < 1.4.21 [Tony Whyman]
* libipsecconf: Improve parser for pipe case (with NM) [Hugh/Lubomir Rintel]
* libcrypto/twofish: Fix CALC_SB_* macros [Lubomir Rintel]
* readwriteconf: improve error handling [Hugh]
* ipsec: ipsec --import does not need to run restorecon [Paul]
* ipsec: --checknss option automatically updates NSS DB to SQL [Matt]
* ipsec: --checknflog option installs nflog-group= iptables rules [Paul]
* rsasigkey: Rename --random to --seeddev [Paul]
* packaging: Various SPEC file fixes and Buildrequires: updates [Tuomo/Kim]
* packaging: Add v6neighbour-hole.conf for Neighbour Discovery hole [Paul]
* initsystems: run ipsec --checknss before start [Tuomo]
* building: overhaul of build system Makefiles (see mk/) [Andrew]
* testing: docker test type support [Antony]
* testing: test case updates/additions [Antony/Paul/Andrew/Matt]
* testing: more FIPS support and --impair-force-fips option added [Paul]
* NETKEY: Fix bare shunt management code to work properly for NETKEY [Paul/Hugh/Antony]
* NETKEY: Increase netlink message buffer for larger SElinux labels [Paul]
* NETKEY: kernel netlink decode and log policy expire message [Antony]
* KLIPS: move udp_encap_enable() to not be within spinlock [Wolfgang]
* KLIPS: ipsec_rcv_decap_ipip broken for IPv6 lsb#227 [Frank Schmirler]
* KLIPS: Support for SHA2 via CryptoAPI [Wolfgang]
* KLIPS: Support for sha2_truncbug [Wolfgang]
* whack: New ipsec whack --purgeocsp [Matt]
* whack: New ipsec whack --ddos-busy | --ddos-auto | --ddos-unlimited [Paul]
* whack: New ipsec whack --globalstatus [Paul]
* whack: New ipsec whack --shuntstatus [Paul]
* whack: New ipsec whack --deleteid --name <id> [Antony]
* whack: cleanup help text [Tuomo]
* _stackmanager: Don't load blacklisted modules (rhbz#1207689) [Paul/Tuomo]
* _stackmanager: Support for xfrmlifetime= ipsec.conf option [Paul]
* _updown: add proxy arp for cases where routing won't work [Tuomo/Wolfgang]
* Bugtracker bugs fixed:
#260: libswan: extra safety around same_id() when ID_FROMCERT is used [Paul]
v3.13 (June 1, 2015)
* SECURITY: CVE-2015-3204 malicious payload causing restart [Javantea/Hugh]
v3.12 (November 6, 2014)
* IKEv2: CP payload now installs internal address and dns [Antony]
* IKEv2: Don't try to decrypt if DH is incomplete [Antony]
* IKEv2: If applicable, add a CERTREQ payload in IKE_SA_INIT response [Antony]
* IKEv2: Fix parent I2 replace event delay [Antony]
* IKEv2: Liveness fix for restarting instantiated connection [Antony]
* IKEv2: Schedule expire instead of replace when rekey=no [Antony]
* IKEv2: Zero out CP payload before sending [Antony]
* IKEv2: Fix message id in create child sa response [Antony]
* IKEv2: Don't try to instantiate unoriented connections [Antony]
* XAUTH: Fix 2 missing breaks when deciding on sending ModeCFG payloads [Paul]
* X509: Ensure that root CA does not end up in the ca_path list [Matt]
* pluto: Cleanup DYNDNS code and other clang warnings [Hugh]
* pluto: lswconf.c: getNSSPassword: fix bugs and tidy [Hugh]
* pluto: check return value of ike_alg_register_enc for twofish/serpent [Paul]
* pluto: fix various uninitialised variables in out_struct() calls [Paul/Hugh]
* KLIPS: Fix missing breaks in spi command algo type parsing [Paul]
* KLIPS: Support for kernel 3.17 [David/Paul]
* building: disable libcap-ng and NM support for OSX [Paul]
v3.11 (October 22, 2014)
* x509: IKEv1 CA cert chain support with sendca option [Matt]
* pluto: Fix mtu= option mangling introduced in 3.10 [Kim]
* pluto: Fixes auto=start and auto=route with %defaultroute [Kim/Tuomo/Paul]
(troubled in 3.9 and 3.10)
* pluto: Don't register ESP_BLOWFISH [Paul]
* pluto: ESP support for aes_xcbc [Paul]
* pluto: ESP support for aes_ctr [Paul]
* pluto: ESP support for camellia on NETKEY [Paul]
* pluto: IKE support for aes_xcbc (pending NSS update) [Paul]
* IKEv1: Default to DH Group 2 and 5 for initiating Aggressive Mode [Paul]
(3.9 included DH 14 which was preferred, causing interop issues)
* pluto: Force ESP_CAST to only allow 128 bit key sizes [Paul]
* pluto: Log_crypto_workers threads did not use static bool first_time [Coverity]
* pluto: Warn (not fail) on empty NSS private key passwords [Oskari Saarenmaa]
- rhbz#1145231 (rhel7) and rhbz#1144941 (fedora)
* pluto: Added PLUTO_IN_BYTES= / PLUTO_OUT_BYTES= for updown [Antony]
* pluto: Handle list of certs from parse_pkcs7_cert [Hugh]
* pluto: Fix --impair-retransmits IMPAIR code [Hugh]
* pluto: separate SEND_V2_NOTIFICATION from SEND_NOTIFICATION [Hugh]
* pluto: Various fixes/cleanups in algo registration functions [Paul/Hugh]
* pluto: ah=null as a valid phase2alg for a connection [Paul]
* pluto: Clean up complete_v*_state_transitions and related things [Hugh]
* pluto: More crypto helper cleanup [Hugh]
* NETKEY: Don't trust PF_KEY API to tell us about IPCOMP support [Paul]
* KLIPS: ip_select_ident was backported to 3.2.63 [Bram]
* IKEv2: Don't copy reserved ISAKMP flags in reply msg (rhbz#1052811) [Paul]
* IKEv2: ISAKMP_FLAGS_v2_IKE_I was not always set on Original Initiator [Paul]
* IKEv2: CP payload support for responder [Antony]
* IKEv2: CREATE_CHILD_SA support for responder [Antony]
(NON_ADDITIONAL_SAS stub removed)
* systemd: Use After=network-online.target instead of network.target [Kim]
- rhbz#1145245 (rhel7) and rhbz#1144832 (fedora)
* systemd: Add Wants=network-online.target [Lukas Wunner]
* addconn: Route before and after listen (bug introduced in 3.10) [Paul/Hugh]
* rsasigkey: Use a version of jam_str instead of strcpy() for hostname [Paul]
* IKEv2: CERTREQ payload should use SHA1 hash of DN instead of IKEv1 DN [Matt]
* updown: Pluto should give CAP_NET_RAW to updown for iptables -t mangle [Paul]
* _stackmanager: Fixed to work again with mawk [Marc-Christian Petersen/Tuomo]
* testing: Many test case updates [Paul/Antony/Hugh/Matt]
* Bugtracker bugs fixed:
#206: Libreswan v3.10 on 32-bit does not work [Kim]
v3.10 (September 1, 2014)
* XAUTH: New option: ipsec whack --trafficstatus [Antony]
* XAUTH: New option: ipsec --deleteuser --name xauth-username [Antony]
* XAUTH: Do not strip "-" from XAUTH usernames [Paul]
* _updown.netkey: New environment variable PLUTO_ADDTIME for IPsec SA's [Paul]
* _updown.netkey: Don't skip routing if mtu= option is used [Tuomo]
* NETKEY: protoport= installed broken swapped src/dst passthrough SA's [Antony]
* NETKEY: fix names for RIPEMD160 and AES_CTR [Paul]
* KLIPS: support 3.16+ kernels with update __ip_select_ident() [Thomas Geulig]
* _stackmanager: KLIPS support for alias devices [Marc-Christian Petersen]
* pluto: Simplify/tidy alg_info [Hugh]
* pluto: Simplify find_host_connection() and terminate_connection() [Hugh]
* pluto: Fix a leaking socket in whack [Hugh]
* pluto: Combine same_dn() and match_dn() to avoid deduplicate logic [Hugh]
* pluto: Add strneq(); get rid of most remaining strncmp calls [Hugh]
* pluto: Get rid of or document strcat, strncat, strcpy, etc [Hugh]
* pluto: malloc/calloc/realloc/free tidying, including a few bug fixes [Hugh]
* pluto: Fix memory allocation/free errors (especially in ike_frag) [Hugh/Paul]
(triggered as of 3.9 when --leak-detective was used)
* pluto: Various warning fixes from LLVM/Coverity [Hugh]
* pluto: Don't listen before all connections are loaded [Paul]
(this sub-optimal behaviour was introduced in 3.1)
* cryptohelpers: cleanup and improved error logging [Hugh]
* IKEv2: esp=/phase2alg= should be strict (bug introduced in 3.9) [Paul]
* IKEv2: Don't abort all proposals when encountering unknown PRF [Hugh]
* IKEv2: ikev2_parse_*_sa_body: stop matching after first success [Hugh]
* IKEv2: Reject responder SA with multiple proposals [Hugh]
* IKEv2: Enforce proposal numbering rules [Hugh]
* IKEv2: first initiating XCHG of Original Responder is not a retransmit [Paul]
* IKEv2: Don't respond to reply messages when parent SA was not found [Paul]
* IKEv2: clarify O_responder/O_initiator and Request/Reply code [Paul]
* IKEv2: Check received msgid is larger then previous before storing [Paul]
* IKEv1: parse_ipsec_sa_body() did not allow newer AH transforms [Paul]
* IKEv1: Add sha2 and aes_xcbc support for AH/ESP auth algorithm [Paul]
* IKEv1: cap IKE lifetimes > 1d to 1d, instead of rejecting SA [Paul]
* IKEv1: cisco-unity=yes now also sends VID when acting as VPN server
* whack: Don't change exit status for RC_INFORMATIONAL* [Mike Gilbert]
* rsasigkey: a logic error limited the randomness of the key size [Paul]
* ipsec: create NSS DB on startup when missing [Paul]
* ipsec: Added "ipsec --checknss" that creates-when-missing NSS DB [Paul]
* verify: Make verify python3 compatible [Slavek Kabrda]
* readwriteconf: Fix writing kt_invertbool's (like aggrmode=) [Paul]
* testing: Obsoleted dotest.sh with dotest.py, speed increase [Antony]
* testing: Added more test cases and general cleanup [Antony/Paul]
* compiling: Fix ADNS without USE_DNSSEC compile [Tuomo]
v3.9 (July 9, 2014)
* Documentation: cleanup of README.* and docs/* [Paul]
* libswan: Cleanup allocation and certificate handling functions [Hugh]
* libswan: Introduce add_str() to replace abused strncat() [Hugh]
* libswan: Complain when loading connection with expired certificate [Paul]
* libswan: Some error messages did not make it to the whack log (user) [Paul]
* pluto: STF_TOOMUCHCRYPTO handling should not delete the state [Paul/Hugh]
* pluto: Default cipher keysizes is now RFC compliant 128 (not 256) [Paul]
* pluto: Allow sha2 as an alias for sha2_256 [Paul/Matt]
* pluto: Allow more DBG_* and IMPAIR options [Hugh]
* pluto: Some enc transforms did not send KEY LENGTH for default key size [Paul]
* pluto: Ensure required KEY_LENGTH attributes for some ciphers are sent [Paul]
* pluto: Default ESP key size was "max" instead of "default" [Paul/Hugh]
* pluto: Bogus keysizes (eg 3des666) was not rejected at IKE level [Paul/Hugh]
* pluto: esp=aes now accepts both aes128 and aes256 [Paul/Hugh]
* pluto: ipsec status did not display "000" for ESP default size [Paul]
* pluto: ipsec status did not print IKE algo separator (",") [Paul]
* pluto: ipsec status no longer prints remote nexthop when oriented [Paul]
* pluto: sa_copy_sa_first() memory leak fixed [Hugh]
* pluto: Improved exponential backoff in message retransmission [Hugh]
* pluto: timer.c simplifications and improvements for monotonic time [Hugh]
* pluto: Cleanup and document wire_chunk crypto helper code [Hugh]
* pluto: rename program files using proper ikev[12]_* prefixes [Paul]
* pluto: Don't load certs via load_acerts() from /etc/ipsec.d/acerts/ [Paul]
* pluto: Drop CAP_DAC_OVERRIDE privs later to support non-root dirs [Paul]
* pluto: Remove unused libaes/libdes/liblswcrypto [Paul]
* pluto: Print proper cipher/algo/modp groups in phase1/parent SA [Paul]
* pluto: Various IANA updates to ipsec/ike/ikev2 registries [Paul]
* pluto: STF_TOOMUCHCRYPTO could cause double delete of state [Hugh]
* pluto: Alias "sha" to "sha1" for ike= and esp= [Matt]
* pluto: Simplify/cleanup NSS and cryptohelper code [Hugh]
* pluto: pluto_crypt.c used non-thread-safe strerror() [Hugh]
* pluto: ensure addconn thread uses the same ctlbase as pluto did [Paul]
* pluto: LEAK_DETECTIVE is now a runtime --leak-detective pluto option [Paul]
* pluto: Add modp2048 to default proposal list [Paul]
* pluto: oakley_alg_makedb() algo preference picking fixed [Paul/Hugh]
* pluto: Added --impair-send-key-size-check for testing [Paul]
* pluto: Make timer.c code IKE version independent [Antony]
* addconn: Default gateway finding logic fixes [Wolfgang]
* addconn: Only resolve %defaultroute using the main routing table [Wolfgang]
* addconn: ensure expired certificates show clearly over whack
* NATT: Added nat-ikev1-method=drafts|rfc|both to workaround buggy Ciscos [Paul]
* NATT: non port-floating (4500) NATT draft support removed [Paul]
* NATT: Change order of NATT payloads to accommodate racoon sensitivity [Paul]
* NATT: ignore incoming ISAKMP_NEXT_SAK (AKA ISAKMP_NEXT_NATD_BADDRAFTS) [Paul]
* NATT: Added IKEv2 NAT-Traversal support [Antony]
* XAUTH: Cleanup code [Hugh]
* XAUTH: Workaround for Android bug sending trailing NULL with password [Hugh]
* XAUTH: Improved logging and output for automated processing (eg for NM) [Paul]
* XAUTH: Hand out previously given IP lease to same client on reconnect [Antony]
* DPD: openbsd isakmpd bug workaround for duplicate DPD seqno [Paul]
* IKEv1: aggr mode: print names of ignored proposals part [Paul]
* IKEv1: rename init_am_st_oakley() to init_aggr_st_oakley() [Paul]
* IKEv2: Rekey / Delete event scheduling fixes [Antony]
* IKEv2: liveness (DPD) fix msgid handling for Informational XCHG [Matt]
* IKEv2: Improved RESPONDER_TIMEOUT logic [Antony]
* IKEv2: Extend smc with SMF2_CONTINUE_MATCH for cookie state matching [Hugh]
* IKEv2: handle DDOS cookie without creating state and using memory [Hugh]
* IKEv2: Fix IS_IPSEC_SA_ESTABLISHED macro to include IKEv2 [Antony]
* IKEv2: CREATE_CHILD_SA exchange can return NO_ADDITIONAL_SAS [Antony]
* IKEv2: Lingering states were never cleaned up [Antony]
* IKEv2: Support Authenticated Header ("AH") [Hugh]
* IKEv2: don't call dpd_active_locally() on an undefined state [Paul]
* IKEv2: Return proper message to the user when our RSA/PSK is missing [Paul]
* IKEv2: Always add SAi TSi TSr in I2 to allow IKE SA Reauthentication [Antony]
* IKEv2: When deleting CHILD_SA without a IKE SA don't try to send v2D [Antony]
* IKEv2: Fix process_informational_ikev2() for Delete payloads [Paul/Hugh]
* IKEv2: Improved logging of IKEv2 transform IDs [Hugh]
* pluto/whack: Allow shutdown command for different MAGIC [Paul]
* NSS: Changed PR_ASSERT() calls to passert() calls [Paul]
* NSS: ipsec initnss can now take a non-default location [Paul]
* newhostkey: Return proper error codes, no longer allow stdin [Paul]
* OCF: ipsec_ocf_cbimm KLIPS option was always ignored by mistake [Hugh]
* OCF: Remove obsoleted HAVE_OCF support for IKE acceleration [Paul]
(kernel OCF support is still available and supported)
* NETKEY: esp=cast failed due to wrong crypto identifier [Paul]
* KLIPS: SAref patches for Ubuntu kernel 3.11.0-15.25 [Simon Deziel]
* KLIPS: Improved support for various 3.x Linux kernels [various]
* KLIPS: support for CONFIG_USER_NS [Matt]
* _stackmanager: only unload stack when switching (rhbz#1025687) [Paul/Tuomo]
* building: remove LIBDIR as we install all programs in LIBEXECDIR [Tuomo]
* packaging: NSS fixups for deb packaging [mountaincat]
* testing: a LOT of test case updates [many people]
* Bugfixes for better C-library compatibility with "musl" [Hugh/Paul]
* Bugtracker bugs fixed:
#67: uniqueids: don't compare ipv4 and ipv6 addresses [Tuomo]
#86: left=%defaultroute does not work in a conn [Hugh/Paul]
v3.8 (January 15, 2014)
* SECURITY: CVE-2013-6467 missing IKEv2 payloads causes restart [Iustina/Hugh]
* building: Remove #ifdef DEBUG - always compile into userland [Paul]
* IKEv2: Updated AUTH names to latest IANA registry entries [Paul]
* pluto/whack: Added --impair-send-ikev2-ke test option [Paul]
* pluto: allow shutdown command even with bad WHACK_BASIC_MAGIC [Paul]
* addconn: ignore obsoleted --defaultroute and --defaultroutenexthop [Paul]
* Various code cleanup [Hugh]
* initscripts: sysv should try harder to kill pluto without ctl file [Tuomo]
* gentoo: fixes to build and init system on Gentoo [Mike Gilbert]
* KLIPS: fix NAT-T status in eroute output [Paul]
* pluto: updated ietf_constants.h with IANA entries [Paul]
* IKE: Make sure sha2 is an alias for sha2_256 for ike= and esp= [Hugh/Paul]
* Bugtracker bugs fixed:
#171: showhostkey.c:322: bad switch statement
v3.7 (December 10, 2013)
* SECURITY: CVE-2013-4564 Denial of service via unauth packet [Paul/Hugh]
* SECURITY: fix insecure tmp file in rpm %post - introduced in 3.6 [Tuomo]
* SECURITY: Properly handle IKEv2 I1 notification without KE payload [Paul]
* IKE: aes_gcm and aes_ccm now specify key size without salt [Paul/Hugh]
* NETKEY: Added twofish and serpent as valid ESP algorithms [Paul]
* KLIPS: Fix for crashes in ipsec_xmit_ipip() [Thomas/Roel/David]
* KLIPS: Fix NAT-T (NEED_UDP_ENCAP_ENABLE) for 3.4 kernel [Roel]
* KLIPS: Fix compiling for 3.9 kernels (PDE_DATA fix) [Paul]
* KLIPS: Claim we do namespaces - makes it work on simple host case [Paul]
* IKEv2: Add support for AES-GCM, AES-CCM [Paul/Hugh]
* IKEv2: Check for inbound traffic before sending liveness exchange [Matt]
* IKEv2: Fix some error codes that mistakenly used IKEv1 versions [Paul]
* IKEv2: in R1 don't copy their IKEv2 minor for our reply packet [Paul]
* IKEv2: Don't kill unrelated states on same hash chain in IKE DEL [Hugh]
* pluto: change ipsec_notification_names to ikev[12]_notify_names [Paul]
* pluto: Various cleanup and reducing scope of variables [Hugh]
* building: support for slackware version/init system detection [Roel]
* rsasigkey: Remove spurious debug line confusing ipsec showhostkey [Paul]
(rhbz#1039655)
* initsystems: fix typo in openrc script [Natanael Copa]
* testing: KVM test system updates [Paul]
* secrets: Log glob failing for secrets parser as warning, not error [Paul]
* setup: fix systemd init detection [Tuomo]
* labeled ipsec: Set default value of secctx_attr_value to 32001 [Paul]
(rhbz#923250)
* barf: don't load l2tp kernel modules and use new syntax (rhbz#1033191) [Paul]
* Bugtracker bugs fixed:
#116: Don't load connections when leftcert= cert not found in NSS DB [Matt]
v3.6 (October 30, 2013)
* IKEv2: Fix interoperability bug in SKEYSEED generation [Paul/Hugh/Antony]
* IKEv2: Add liveness checks (a.k.a DPD for IKEv2) [Matt Rogers]
* IKEv2: ikev2=insist allowed ikev1 when acting as responder [Matt Rogers]
* IKEv2: Fix fallback to ikev1 when remote has ikev2=no [Paul]
* IKEv1: Cleanup AGGR Mode VendorID - also send fragmentation vid [Paul]
* IKEv1: Added cisco_unity= (default no) option which sends VID [Paul]
* IKEv1: Fix compatibility with NAT-T and remote_peer_type=cisco [Paul]
* IKEv1: dpdaction=restart_by_peer is now called dpdaction=restart [Paul]
* IKEv1: Added support for modecfgbanner= and modecfgdomain= [Paul]
* IKE: introduce ikepad=yes|no (default yes) for Checkpoint interop [David]
* pluto: work around for Cisco VPN clients sending extraneous bytes [Paul/Hugh]
* pluto: Support for google-authenticator OTP via pam [Paul]
* pluto: fix kernel.c typo in word outgoing [Tuomo]
* pluto: remove dsa/elgamal stubs from gnupg that were unused [Paul]
* pluto: Added per conn priority= to specify kernel IPsec SA priority [Paul]
* keyword: auto=route and ipsec auto --route renamed to "ondemand" [Paul]
* NETKEY/BSD: Added per conn reqid= to specify kernel IPsec SA [Paul]
(based on idea by Panagiotis Tamtamis)
* pluto: %fromcert now works for local certs and those received via IKE [Matt]
* pluto: Allow \\ masking in RDNs similar to ,, [Matt Rogers]
* pluto: merge updateresolvconf/restoreresolv.conf in client-up|down [Paul]
* building: Removed USE_MODP_RFC5114 flag. Support is always added [Paul]
* building: Removed USE_AGGRESSIVE flag. Support is always added [Paul]
* building: Removed USE_XAUTH flag, Support is always added [Paul]
* building: Removed MODECFG* flags, Support is always added [Paul]
* building: Remove blowfish (use twofish instead) [Paul]
* building: Generate Makefile depend files automatically [Tuomo]
* building: Add support for openrc initsystem on Alpine Linux [Paul]
* packaging: spec files now initialise NSS DB when not found [Paul]
* NETKEY: Take protoport= into account when setting IPsec SA priority [Paul]
* NETKEY: Change Update SA to Add SA when existing SA is not found [Mattias]
* NETKEY: Fix Labeled IPsec (broken in openswan 2.6.33) [Paul]
* KLIPS: Support for 3.10+ kernels (/proc use via seq_* functions) [David]
* Changed HAVE_STATSD compile option to statsbin= runtime option [Paul]
* sysvinit: status function used incorrect variable for pid file [Tuomo]
* _stackmanager: coding style cleanup - fixes bashism [Tuomo]
* testing: Various interop test case updates [Paul]
* FIPS: Support versioned hmac files, fips test in non-fips mode [Paul]
* rsasigkey/newhostkey: Keysize for new RSA keys keysize increased from 2192
to randomised 3072-4096 (in blocks of 16) to fight keysize monoculture [Paul]
* Removed unused and unmaintained USE_TAPROOM functionality [Paul]
* NAT-T: Added 100.64.0.0/10 from RFC 6598 to virtual_private [Paul]
* NSS: pluto should not open NSS files in readwrite, just read [Paul]
* Bugtracker bugs fixed:
#130: debian debuild creates a deb with /usr/libexec contents
[Marc-Christian Petersen]
#145: support old location of /selinux/enforce still in use by CentOS6 [Paul]
v3.5 (July 13, 2013)
* NETKEY: _stackmanager: Clear disable_xfm/disable_policy /proc files
for labeled IPsec [Paul]
* KLIPS: Added support for kernel 3.9.x [Paul/David]
* KLIPS: NATT support for kernel 3.5+ needs udp_encap_enable() [David]
* KLIPS: pointer can look valid during free process [Unknown/David]
* KLIPS: change default for hidetos (quality of service) to yes [Paul]
* KLIPS: preliminary SHA2 family support via OCF/CryptoAPI [David]
* MAST: _stackmanager: bring mast0 up even if module was loaded [neoXite]
* MAST: Add support for IPv6 iptables mangle table in updown.mast [Paul]
* _stackmanager: Move iptables mangle rules to MAST only section [Paul]
* _stackmanager: re-add support for hidetos=, overridemtu= and fragicmp= [Paul]
* _stackmanager: Clear disable_xfm/disable_policy for labeled IPsec [Paul]
* pluto: Fix reading ipsec.secrets without trailing newline [Hugh]
* pluto: 'ipsec status' output changes, added 'config setup' items [Paul]
* pluto: Added config setup, compile paths, runtime info to ipsec status [Paul]
* pluto: removed IKE_ALG and KERNEL_ALG defines [Paul]
* pluto: Simplify Pluto_IsFIPS(), remove redundant log message [Paul]
* pluto: Added Pluto_IsSElinux() to log SElinux runtime status [Paul]
* pluto: Removed unused alg_info parameters permitman and permitike [Paul]
* pluto: Fix STATE_XAUTH_R0/STATE_XAUTH_R1 state names [Paul]
* pluto: out_modify_previous_np() should allow ISAKMP_NEXT_SIG for RSA [Paul]
* building: cleanup old vars, and allow more env overrides [Paul]
* packaging: Fix systemd script Alias target (rhbz#982166) [Paul]
* newhostkey: help the user when nssdb is not initialized yet [Paul]
* newhostkey: simplify default nss dir handling [Paul]
* lswan_detect: cleanup coding style and fix help for unknown options [Tuomo]
* lswan_detect: add gentoo detection [Tuomo]
* setup: add rhsysv, openrc, and real sysv init support [Tuomo]
* barf: do not cause any iptables modules to get loaded (rhbz#954249) [Paul]
* look: Don't cause loading of iptables kernel modules (rhbz#954249) [Paul]
* FIPS: Remove hardcoded /usr/libexec/ipsec path, use IPSEC_EXECDIR [Paul]
* FIPS: Add warning in ipsec verify for prelink command [Paul]
* testing: Add option for "post" scripts during a test run [Matt Rogers]
* testing: dist_cert support for commands in different path locations [Matt]
* testing: Generate CRL with leading zero byte for testing [Paul]
* Bugtracker bugs fixed:
#82: Phase out DBG_KLIPS/DBG_NETKEY for DBG_KERNEL [Paul]
#96: lswan_detect: Alpine linux compatibility [Tuomo]
#99: NETKEY: Segfault on acquire_netlink with labeled_ipsec [Kim/Tuomo]
#101: restore port when ipsec policy is generated for nat-t [Kim/Tuomo]
#124: pluto: Add usage comment for addresspool.* [Paul]
#126: pluto: nhelpers= does not default to -1 [Paul]
#128: pluto: prevent libcurl sigalarm from crashing pluto (lsbz#128) [Paul]
v3.4 (June 6, 2013)
* Change coding style to Linux kernel [Team]
* IN MEMORIAM: June 3rd, 2013 Hugh Daniel
v3.3 (May 13, 2013)
* SECURITY: atodn() buffer overflow with oe=yes [Florian/Hugh/Paul]
affected: libreswan 3.0 and 3.1 (CVE-2013-2052)
see also: openswan up to 2.6.38 (CVE-2013-2053)
see also: strongswan up to 4.3.4 (CVE-2013-2054)
* security: dn_parse(), hex_str() write beyond end of the buffer [Florian]
* security: get_rnd_bytes: Abort on random number generator failure [Florian]
* security: Integer overflow if the leak detective enabled [Florian]
* security: Check that origin of netlink message is the kernel [Florian]
* security: Abort on crypto failure for 3des/aes to prevent leaks [Florian]
* security: Check PK11_CreateContextBySymKey() for NULL and SECFailure [Paul]
* security: RSA: Check modulus length against key overall length [Florian]
* security: fetch_curl: Set timeout for the entire request [Florian]
* security: Multiple hardening fixes from security audit [Florian Weimer]
* security: Cleanup buffer usage for traffic logging with XAUTH [Hugh]
* security: Cleanup ASN1_BUF_LEN use and remove unused load_host_cert() [Paul]
* security: cleanup CFLAGS handling [Paul]
* security: IKEv2 crashed when using nhelpers=0 [Paul]
* security: Remove stale non-NSS ASN1 handling and pem decryption code [Paul]
* security: Initial loading of file CRL fails for NSS CAs [Matt Rogers]
(rhbz#960171)
* security: Removal of USE_WEAKSTUFF and USE_NOCRYPTO (1DES, modp768) [Paul]
* security: Removal of 1DES for KLIPS using CryptoAPI [Paul]
* security: * security: Cleanup of ASN1_BUF_LEN/BUF_LEN/PATH_MAX defines [Paul]
* pluto: Add support for OID_SHA224_WITH_RSA signatures [Paul]
* pluto: Always list section headers --list* calls, even when empty [Paul]
* X509: Fix for CRL sig failure if first byte is zero [Dhr/Matt/Paul]
(rhbz#958969)
* _stackmanager: fix loading of aes-x86_64 module [Tuomo]
* Bugtracker bugs fixed:
#64: removal of /dev/*random everywhere put feeding nss pools [Paul]
#90: NETKEY: Transport mode inbound eroute was from client [Kim/Tuomo]
#91: SAREF: Patches updated for 3.4.x (tested on 3.4.42) [Andreas Herz]
v3.2 (April 13, 2013)
* addresspool: Identify reconnecting client and re-use lease [Antony]
* IKEv1: Support for sending initial_contact in Main Mode [Paul]
* addconn: improve defaultroute finder [Kim]
* compiling: fix use of variables in buildsystem consistent [Tuomo]
* ipsec: fix syntax error in --help introduced in 3.1 [Tuomo]
* verify: fix wrong confdir location [Tuomo]
* pluto: cleanup of XAUTHuser and traffic statistics logging [Paul]
* pluto: Obsoleted force_keepalive= and --force_keepalive [Paul]
* pluto: Added per-conn nat_keepalive=yes|no (default yes) [Paul]
* pluto: Log our own vendorid as "received" instead of "ignored" [Paul]
* pluto: Prevent logging from truncating XAUTHuser= [Paul]
* pluto: Don't log (0 byte) SA traffic statistics for ISAKMP SA's [Paul]
* pluto: Some more changes in the output of ipsec auto --status [Paul]
* pluto: wipe old logfile on restart (match previous behaviour) [Antony]
* _stackmanager: When unloading NETKEY, unload ip_vti before xfrm*tunnel [Paul]
* _stackmanager: Stack was not cleaned up for upstart / non-modular [Paul]
* building: Fix warnings when compiling with clang [Florian Weimer]
* building: Add -pie to linker flags, ensure relro is not overwritten [Paul]
* building: fix "make depend" in programs/pluto [Antony]
* packaging: Split RHEL spec file into rhel5/rhel6, add USE_OCF flag [Paul]
* initsystem: fixed default sysv init status function [Tuomo]
* KLIPS: SAref patches for 3.0.55+ and RHEL 2.6.32-358.2.1 [Pavel Kopchyk]
* Bugtracker bugs fixed:
#75: Libreswan inserts wrong xfrm policies on some configurations [Tuomo]
#76: NSS:: ipsec initnss fails with a @FINALCONFDDIR@ replace and
no default configdir [Tuomo]
#78: NSS: segfault on libnss functions when using ikev2 [Antony]
#85: NETKEY: Pass traffic selectors to the kernel in Transport Mode
support was incomplete and broke nat-t transport mode [Kim/Tuomo]
v3.1 (March 14, 2013)
* XAUTH: Support for leftaddresspool= [Antony]
* XAUTH: Added xauthby=alwaysok option [Paul]
* XAUTH: Added xauthfail=hard|soft option [Paul]
* IKEv1: Support for IKE fragmentation via ike_frag= [Wolfgang/Paul/Hugh]
* IKEv1: Support for removing bogus non-ESP markers [Paul/Hugh]
* NETKEY: Show traffic stats in ipsec auto --status and teardown [Wes/Paul]
* ipsec: Add "ipsec start|stop|restart|status" aliases [Paul]
* testing: Many updates to KVM testing infrastructure [Paul/Antony]
* starter: auto=route and auto=start only performed auto=add [Wolfgang]
* libswan: logging cleanups from openswan 2.5.x era [DHR/Antony/Paul]
* pluto: log XAUTHusername in the "established IPsec SA" line [Paul]
* pluto: Show labeled IPsec information in ipsec auto --status [Paul]
* pluto: Various minor changes to ipsec auto --status output [Paul]
* pluto: Debug logs were not written if a file was specified [Paul/Antony]
* pluto: fix for additional proposal sizes when enabling 1DES [Paul]
* IKEv2: narrowing used a wrong port range in determining bestfit [Coverity]
* IKEv1: Better logging of Vendor IDs in [Paul]
* KLIPS: enable crytoAPI in packaging/makefiles/module.defs [Paul]
* SAREF: patches for Ubuntu kernel 3.2.0-33.52 [Simon]
* libipsecconf: Improved fix for osw#1370 (segfault on no EOL) [Philippe]
* libipsecconf: Forbid rekey=no plus dpdaction=restart(_by_peer) [Paul]
* libipsecconf: crlcheckinterval unit is time, not number [Tuomo]
* libipsecconf: Remove bogus key_from_DNS_on_demand policy for PSK [Paul]
* libipsecconf: Raise POLICY bits from int (32) to lset_t(64) [Paul]
* libipsecconf: sourceip= setting could overwrite nexthop= setting [Paul]
* XAUTH: ModeConfig DNS options only worked via whack, not config file [Paul]
* XAUTH: modecfg_wins[12]= support removed [Paul]
* XAUTH: Use re_entrant versions of localtime_r/gmtime_r [Paul]
* XAUTH: Added threading mutex locks for log functions [Philippe/Paul]
* XAUTH: Added threading mutex locks for crypt() [Philippe]
(crypt_r is not available on all platforms)
* XAUTH: Only try to update resolveconf/restoreconf when XAUTH client [Paul]
* addconn: If no protostack= is configured, return "netkey" as default [Paul]
* addconn: Fix for addconn loading Point-To-Point connections [Kim]
* X509: Initialise libcurl for SSL to support CRLs over HTTPS [Paul]
* X509: Warn 14 days before certificates expire [Tuomo]
* packaging: add /etc/ipsec.d/{crls,cacerts} to rpm spec files [Tuomo]
* packaging: Fixes to spec file, added kmod spec file for KLIPS [Paul]
* compiling: added -pthread to CFLAGS [Tuomo]
* _plutorun: pass all command line options to pluto [Tuomo]
* _updown: Various fixes for klips/netkey version [Tuomo/Antony]
* X509: Reintroduced lock_certs_and_keys()/unlock_certs_and_keys() [Paul]
* initsystem: change sysv initscripts to use new _plutorun interface [Tuomo]
* DPD: Don't try to delete non-events [Paul]
* Bugtracker bugs fixed:
#8 honour compress=no option [Matt Rogers]
#50 It is assumed ipsec.conf lives in the same dir as rc.d/init.d [Tuomo]
#53 ipsec auto --status does not show phase2 parameters when using
(unspecified) defaults? [Matt Rogers]
#71 Libreswan pre-3.1 git version breaks on-demand ipv6 tunneling [Tuomo]
v3.0 (January 02, 2013)
* FORK: Rename from Openswan to Libreswan [Team]
(for older CHANGES see docs/CHANGES.openswan)
* FORK: Changed our VendorID prefix to "OEN" [Team]
* LICENSE: Updated FSF address on the GPLv2 COPYING file [Team]
* TRADEMARK: Give everyone unlimitel eternal royalty-free license to
use the name "libreswan" to refer to this software and website [Team]
* NSS: is now mandatory - custom crypto code removed [Paul]
* NSS: Support reading NSS password from file [Avesh]
* NSS: Added "ipsec initnss" and "ipsec import" commands [Paul]
* NSS: We need to include nsperror.h for PR_GetError() [Paul]
* NSS: PK11_DigestFinal() passed sizeof pointer instead of passing
sizeof *pointer [Paul]
* NSS: use pkg-config to find the right cflags and libs [Paul]
* DNS: Removed LWRES code and old static ISC libraries [Paul]
* DNS: Don't attempt to resolve numerical sourceip= values [Paul]
* DNS: starter and pluto now support USE_DNSSEC using libunbound [Paul]
* OE: Removed support for old KEY and TXT DNS records [Paul]
* OE: Add support for IPSECKEY in ipsec showhostkey [Paul]
* pluto: --config <fn> uses libipsecconf to read 'config setup' [Kim B. Heino]
* pluto: left=%defaultroute now obtains src ip from routing table [Kim B. Heino]
* pluto: Removed support for non-strict ike/esp lines [Paul]
* pluto: UDPFROMTO support was not enabled for NETKEY if not also build
with KLIPS [Paul]
* pluto: Pass traffic selectors to the kernel in Transport Mode [Avesh]
(rhbz#831669)
* pluto: Fix phase confusion in xauth/modeconfig [Avesh]
* pluto: Added new option plutostderrlogtime= (default=no) [Paul]
* pluto: Additional safety checks to strncat() calls for addrtot(),
inet_addrtot(), sin_addrtot(), alg_info_snprint_esp(),
alg_info_snprint_ah(), idtoa() and format_end() [Paul]
* pluto: Removed unused OCSP code [Paul]
* pluto: Add Linux audit support via USE_LINUX_AUDIT (incomplete) [Paul/Antony]
* pluto: crlcheckinterval did not interpret plain numbers as seconds [Philippe]
* pluto: Change ft_mbz to ft_zig - Don't error on "must be zero" but instead
"zero ignore". This works around an Android ICS/racoon bug [Paul]
* pluto: Update known vendorids [Paul]
* pluto: phased out HAVE_THREADS, pluto/pam now thread-safe [Philippe/Paul]
* pluto: Fixed IPSEC_CONFDDIR handling which broke NSS in tests [Paul]
* pluto: obsoleted prepluto= postpluto= plutoopts= config setup options [Paul]
* pluto: obsoleted plutowait= and pluto= config setup option [Paul]
* pluto: obsoleted nocrsend= option removed (use leftsendcert=) [Paul]
* pluto: removed manual keying remnants [Paul]
* pluto: remove protostack=auto and --use-auto, netkey is new default [Paul]
* pluto: Added perpeerlog=yes|no and perpeerlogdir=/var/log [Paul]
* pluto: Added retransmits=yes|no (matches pluto --noretransmits) [Paul]
* pluto: Added plutofork=yes|no to match pluto --nofork [Paul]
* pluto: added ikeport= and nat_ikeport= options, and --natikeport [Paul]
* pluto: support for secretsfile= and ipsecdir= in ipsec.conf [Paul]
* pluto: remove old unused USE_IPSECPOLICY code [Paul]
* pluto: rhbz#609343: pluto crashes when removing logical interface [Avesh]
* pluto: don't stop processing after --coredir argument [Paul]
* pluto: perform whack --listen and addconn --autoall on startup [Paul]
* pluto: honour plutostderrlog= natively now _plutorun is gone
This also adds a new option --logfile to the pluto daemon [Paul]
* pluto: if started with --nofork, don't care about existing pid file [Paul]
* pluto: incorrect free in scan_proc_shunts() [Roel van Meer]
* pluto: eclipsed() was broken since freeswan-2.02 [Philippe]
* _plutoload: obsoleted [Kim/Paul]
* auto: no longer pass defaultroute/defaultrouteaddr to addconn [Paul]
* whack: fix handling --sha2_truncbug and --nm_configured options [Paul]
* whack: don't try to write to closed stdout tty [Philippe]
* DPD: reduce flood of DPD messages with unexpected seqno [Andrey Alexandrenko]
* DPD: We did not send DPD VID in aggressive mode with NAT-T disabled
* DPD: dpdaction=restart can cause full phase1 timeout after DPD
(rhbz#848132) [Avesh]
* PAM: updated contrib/pam.d/pluto (rhbz#815127) [Philippe Vouters]
* PAM: move pam out of contrib, and install config when HAVE_XAUTHPAM [Paul]
* IKEv1: In aggressive mode: allow ISAKMP_NEXT_CR ISAKMP_NEXT_CERT as
payloads [Philippe]
* IKEv1: aggressive mode sometimes picked wrong RSA/PSK conn [Philippe]
* IKEv1: Simplify outgoing NAT-T proposals, fix logging [Paul]
* XAUTH: Support for runtime choice of xauthby=<pam|file> [Philippe]
* XAUTH: Support for Mutual RSA + XAuth (interop with Shrew Soft) [Philippe]
* XAUTH: Fixed updown to remove ModeCfg (cisco) obtained sourceip [Avesh/Tuomo]
* XAUTH: Do not redo xauth/modecfg during rekey to cisco [Avesh]
* XAUTH: Use incoming XAUTH VID when picking best connection [Philippe]
* XAUTH: pam was failing when built with USE_LIBCAP_NG=true [Philippe Vouters]
* XAUTH: Fixup of defines [Paul/Philippe]
* XAUTH: Don't use XAUTH VID to put conn in policy XAUTH [Andrey Alexandrenko]
* XAUTH: Fix XAUTH TYPE handling and logging [Philippe]
* IKEv2: Comply to RFC's for "must be zero" to ignore instead of abort [Paul]
(rhbz#831669)
* IKEv2: road warrior support [Antony/Paul/Avesh]
* IKEv2: narrowing code extended to cover ports,protocol,subnets [Antony/Paul]
* Only set MODP768_MODULUS with USE_VERYWEAK_DH1 [Paul]
* NETKEY: ignore interfaces= line for NETKEY [Paul]
* NETKEY: Fix for three AES-GCM issues with key lengths 128, 192, 256 bits
and IV of 8, 12, 16 bytes as per RFC 4106 [Avesh]
* NETKEY: Labeled IPsec updates [Avesh]
* NETKEY: Support for SHA384/SHA512 and integ(ikev2) in ESP [Avesh]
* NETKEY: In _updown.netkey, insert route on correct interface when nexthop
is used [Tuomo]
* NETKEY: Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY"
This caused module unload issues and XFRM_MSG_REPLACE errors [Paul]
* KLIPS: Removed support for Linux < 2.4.4 [Paul]
* KLIPS: Changed _startklips to use ip route instead of netstat [Harald]
* KLIPS: misc. fixes, mostly satot() related [David]
* KLIPS: 20% speed gain on transmitting packets [David]
* MAST: Fixed _updown.mast missing incomplete if-clause [Harald]
* SAREF: kernel patches updated to linux 3.2.0 [Simon Deziel]
* addconn: mimic _plutoload, cleanup and fixup of functions [Paul]
* scripts: Support /etc/sysconfig/ipsec and /etc/default/ipsec (rhbz#789917)
* _stackmanager: new script replacing _startnetkey/_startklips [Paul]
* barf: do not grep lastlog, wtmp, tmp (rhbz#771612) [Paul]
* verify: ported ipsec verify from perl to python [Paul]
* verify: check ipsec.conf, ipsec.secrets syntax [Paul]
* verify: warn on newly obsoleted keywords [Paul]
* auto: fix --status output for vnet/vhost case [Ani]
* copyright: Removed obsoleted/unmaintained "ipsec copyright" command [Paul]
* showdefaults: removed ipsec showdefaults [Paul]
* _include: Removed obsolete _include program [Paul]
* policy: Removed broken 'ipsec policy' [Paul]
* mailkey: Removed obsolete command. Was already not build or installed [Paul]
* scripts: phased out /var/run/pluto/ipsec.info [Paul]
* OSX: Set __APPLE_USE_RFC_3542 required for udpfromto functionality [Paul]
* DOCS: Add man page leftid= note on Cisco ID_KEY_ID Group Name [Philippe]
* liblibreswan: Remove unused optionsfrom() temp file handling [Paul]
* liblibreswan: Support comma's inside OID's by using ",," to mean ","
inside the OID (rhbz#868986) [Matt Rogers]
* initsystems: Native support for systemd, upstart and sysvinit [Paul/Wes]
* testing: Ported broken UML harness to KVM/libvirt/9p [Paul/Antony]
(see the wiki on libreswan.org for details on how to use it)
* packaging: Updated libreswan.spec to reflect updated options [Paul]
* packaging: /usr/lib{64}/ipsec is no longer used [Paul]
* manpages: Build during build phase, not during install phase [Wes]
* compiling: Update standard compile options to be more hardened [Paul]
* Bugtracker bugs fixed:
#7 after 'make install' - check if the service is enabled
or not and notify the user [Wes]
#9 install /etc/pam.d/pluto if USE_XAUTH=true [Wes]
#25 addconn behaves differently from whack regarding case [Paul]
#33 warn on /usr/local install with selinux enabled [Wes]
#40 ensure make install checks and restorecon's SElinux policies [Wes]
osw#993 ipsec showhostkey: wrong kind of key PPK_XAUTH [Philippe Vouters]
osw#1308 forceencaps= setting does now show up in "ipsec auto --status"
[Matt Rogers]
osw#1329 IKEv2 core dumps on 2.6.32 with changes backported from the 2.6.38
tree [Steve Lanser]
osw#1334 Block rules created by openswan remain even after tunnel
establishment or XFRM_MSG_POLEXPIRE [Panagiotis Tamtamis]
osw#1349 pluto logging no subjectAltName matches ID '%fromcert', replaced
by subject DN [Tuomo]
osw#1359 Openswan L2TP and IPhone vpn connection [Paul]
osw#1370 Segfault on no new line at the end of ipsec.conf [Wes]
osw#1375 ipsec verify uses perl, should use python [Paul]
osw#1381 XAuth: the variable PLUTO_XAUTH_USERNAME is empty in the updown
script [Bram]
osw#1384 confusing output from ipsec auto --status [Bram]
For older changes, see docs/CHANGES.openswan
distrib
>
Mageia
>
7
>
armv7hl
>
media
>
core-updates
>
by-pkgid
>
6879a859fa61d3de7c5941387883f6d0
>
files
>
78
