| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
o Fixed SHA256 detection on some systems
o Fixed a DoS in Informationnal messages processing (CVE-2007-1841).
|
|
Patch provided by Sergey Svishchev in private mail.
|
|
Changes since 0.6.3:
0.6.6
* src/racoon/isakmp_xauth.c: Build fix
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendgetspi().
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendupdate().
* src/racoon/isakmp_xauth.c: fix memory leak
* src/racoon/{cfparse.y|handler.h}: typos
0.6.5
* src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send()
fails in isakmp_ph1resend()
* src/racoon/{cfparse.y|ipsec_doi.c}: Temporary fix for /32
subnets parsing.
* src/racoon/isakmp_cfg.c: make software behave as the documentation
advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
avoid breaking backward compatibility.
* src/racoon/session.c: Fixed / cleaned up signal handling.
0.6.4
* configure.ac src/racoon/plog.c: backported Fred's workaround for
%zu problems on (at least) FreeBSD4.
* src/racoon/session.c: backport: fix possible race conditions in
signal handlers (see session.c 1.17).
* src/libipsec/pfkey_dump.c: fixed compilation when NAT_T
disabled (Fred has still some CVS problems).
* src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports
function to display SAD entries with their associated ports.
* src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag
in conjunction with -D to show SADs with the port, allow both get and
delete commands to use bracketed ports if needed.
* src/racoon/racoon.conf.5: Style changes
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
- Various bug fixes
- ISAKMP mode config works without Xauth
This update fixes the security vulnerability reported in SA17668.
|
|
Linux 2.6.x and newer.
|
|
- src/racoon/dnssec.c: fix bogus test on function result
- src/racoon/isakmp.c: Improved in/out SA addresses check in
purge_remote()
- src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings
- src/racoon/privsep.c: Fixed a %d -> %zu in port_check()
|
|
|
|
Changes since version 0.6b2:
- NAT-T fixes for situations where NAT-T is not used
- OpenSSL 0.9.8 support
- keys are not restricted to OpenSSL default size anymore
- PKCS7 support
- SHA2 support
|
|
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
|
|
Multiple bug fixes, the most important being NAT-T now working with
multiple endpoints behind the same NAT.
|
|
|
|
|
|
New features:
- PAM support
- privilege separation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
support.
|
|
|
|
no PKGREVISION bump as it is still enabled by default.
|
|
match with the libraries installed on the system.
|
|
|
|
|
|
without an unofficial patch yet.
|
|
to build...
|
|
|
|
* No need to use LIBTOOL_OVERRIDE.
* Remove unneeded ${EXAMPLESDIR} (??!!) after bl3.mk includes
* Remove unneeded BUILD_DEPEND, because this pkg uses bl3
Still libradius is broken...
|
|
establish IPsec security association with other hosts.
This is based on KAME racoon, with some enhancements such as
NAT-Traversal (needs a kernel patch), hybrid authentication,
ISAKMP mode config, RADIUS support, IKE fragmentation and others.
Ipsec-tools' racoon is able to act as a VPN server for the
Cisco VPN client using hybrid authentication.
|
