--------------------------------------------- 0.2.5 released 2004-04-05 Michal Ludvig <mludvig@suse.cz> * NEWS: Notes about 0.2.5 * configure.ac: Bump up version to 0.2.5 2004-04-05 Michal Ludvig <mludvig@suse.cz> Fix for a security bug found by Ralf Spenneberg: * src/racoon/crypto_openssl.c (eay_check_x509sign): Directly generate 'evp' instead of 'pubkey'. (eay_rsa_sign): Use the above. * src/racoon/crypto_openssl.h: Update prototypes for the above. 2004-02-03 Michal Ludvig <mludvig@suse.cz> * src/racoon/Makefile.in: Fix install to $(sbindir) * src/setkey/parse.y: Avoid GCC 3.3 warning (type-punned pointer). --------------------------------------------- 0.2.4 released 2004-01-29 Michal Ludvig <mludvig@suse.cz> * NEWS: Notes about 0.2.4 * configure.ac: Bump up version to 0.2.4 2004-01-27 Michal Ludvig <mludvig@suse.cz> * src/libipsec/pfkey.c: Don't include 'sadb_key' in SADB_UPDATE message for IPcomp SA. (by Brian Buesker <bbuesker@qualcomm.com>) * src/libipsec/ipsec_dump_policy.c: Dump FWD policies correctly. 2004-01-26 Aidas Kasparas <a.kasparas@gmc.lt> Backout of changes breaking interface and functionality backwards compatibility. Following changes backed: - encryption algorithm name simple -> null - mip6->proxy - setkey: no key accepted if algo do not requires one - ESP parameter checks in proposals 2004-01-17 Aidas Kasparas <a.kasparas@gmc.lt> * src/racoon/isakmp_inf.c: endian mismatch fix. From iij seil team 2004-01-17 Aidas Kasparas <a.kasparas@gmc.lt> Sync with KAME 2004-01-07 * src/libipsec/pfkey.c: memory leak fix; comment typo fixes * src/libipsec/{pfkey.c,pfkey_dump.c}: allow compilation even no SADB_X_EXT_TAG defined * src/libipsec/pfkey_dump.c: information about algorithms ripemd160, aes-xcbc, aes-ctr; bigger buffers; <tag> support * src/libipsec/policy_parse.y: memory leak * src/libipsec/policy_token.l: memory leak * src/libipsec/test-policy.c: unneeded \n removed * src/racoon/Makefile.in: $(sbindir) support * src/racoon/admin.c: interface changes due to proxy support * src/racoon/algorithm.c: SHA2 #ifdefs * src/racoon/{cfparse.y,cftoken.l}: license text added * src/racoon/cfparse.y: mip6 obsoleted by proxy support * src/racoon/cfparse.y: from directive support; new algorithms * src/racoon/cftoken.l: support for globbing of include files * src/racoon/configure.in: more verbose information about problems with SHA2 * src/racoon/crypto_openssl.c: use new DES API if supported; algorithm key size fixes * src/racoon/eaytest.c: SHA2 #ifdefs; keysize len check * src/racoon/ipsec_doi.c: use VPTRINIT; ESP parameter validity checks; style change * src/racoon/isakmp.c: use VPTRINIT; interface changes due to mip6->proxy; typo * src/racoon/isakmp_inf.c: use VPTRINIT * src/racoon/isakmp_quick.c: mip6->proxy * src/racoon/kmpstat.c: not used variables removed * src/racoon/pfkey.c: mip6->proxy; schedule leak * src/racoon/proposal.c: style * src/racoon/remoteconf.c: mip6->proxy * src/racoon/sainfo.c: from directive support * src/racoon/sockmisc.c: side correction; addrinfo leak * src/racoon/strnames.c: typo in descriptions; wrong upper bound check * src/racoon/missing/crypto/sha2/sha2.c: wrong size * src/setkey/parse.y: extra algorithms; tagged; not needed periods removed; memory shortage checks * src/setkey/setkey.8: typos; tagged; new algorithms * src/setkey/setkey.c: standard argument names for main(); hexdump support; info in file support * src/setkey/token.l: new algorithms; memory shortage checks Parts not taken from KAME: * kernelfs stuff; * sysctl stuff --------------------------------------------- 0.2.3 released 2004-01-15 Michal Ludvig <mludvig@suse.cz> * src/racoon/isakmp.c: Don't try to bind to IPv6 multicast addresses. * src/racoon/isakmp_inf.c: Prevent unauthorized deletion of SA (reported on bugtraq, fixed by itojun). * src/racoon/plog.c: Fix racoon segfault on AMD64 (backport from mainline). * bootstrap: Don't require older versions of autoconf & co. * src/racoon/config.{sub,guess}: Update to recognize AMD64. * configure.ac: Bump up version to 0.2.3 (yes, we're getting closer). * src/racoon/main.c: Ditto. * src/racoon/crypto_openssl.c: Enhance support for OpenSSL 0.9.7 (by Brian Buesker <bbuesker@qualcomm.com> and Christophe Saout <christophe@saout.de>) * NEWS: Update for 0.2.3 2004-01-07 Michal Ludvig <michal@logix.cz> * src/setkey/token.l, src/setkey/parse.y: Add support for lifetime specified in bytes (by Michal Ludvig). * src/setkey/setkey.8: Document -bh/-bs options for the above feature. 2004-01-07 Michal Ludvig <michal@logix.cz> * src/racoon/proposal.c: Be more verbose. 2004-01-02 Michal Ludvig <michal@logix.cz> * src/racoon/cfparse.y: Flush SA on SIGHUP (by Brian Buesker <bbuesker@qualcomm.com>) * src/racoon/pfkey.c: IPcomp fixes (by Brian Buesker <bbuesker@qualcomm.com>) * src/racoon/proposal.c: Fix typo lifebyte -> lifetime. * src/racoon/grabmyaddr.c: Prevent segfault if getifaddrs() returns an entry with NULL ifa_addr (Michal Ludvig). * configure.ac: Change path to kernel headers from /usr/src/devel-2.5/devel to /usr/src/linux 2003-06-20 Derek Atkins <derek@ihtfp.com> * src/racoon/aclocal.m4: * src/racoon/configure: Don't execute "for i in $3" if "$3" doesn't exist. Fixes bug #721296. 2003-03-13 Derek Atkins <derek@ihtfp.com> * rpm/ipsec-tools.spec.in: Bill Nottingham's SPEC-file patch: This switches it to use %{_lib} (for /lib64 systems such as x86-64 and s390x, and has it own the /etc/racoon directory in the package as well. --------------------------------------------- 0.2.2 released 2003-03-13 Derek Atkins <derek@ihtfp.com> * configure.am, NEWS: Update for 0.2.2 release * Makefile.am: distribute depcomp 2003-03-10 Derek Atkins <derek@ihtfp.com> * src/racoon/Makefile.in: add @LEXLIB@ to the LIBS line to make sure we link against the lexer library when necessary. 2003-03-07 Derek Atkins <derek@ihtfp.com> * configure.am: * Makefile.am: * rpm/Makefile.am: * rpm/ipsec-tools.spec.in: Added RPM SPEC to CVS --------------------------------------------- 0.2.1 released 2003-03-07 Derek Atkins <derek@ihtfp.com> * src/racoon/configure.in: change "CFLAGS" to "CPPFLAGS" for ssl include directory, to make sure the other tests work properly. 2003-03-06 Derek Atkins <derek@ihtfp.com> * src/racoon/kmpstat.c: fix gcc-3.2.2 compiler warning * src/racoon/configure.in: look for krb5-config and don't use it if it's not found. Fixes a configure-time warning. -------------------------------------------- 0.2 Released