| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changes since the 0.6 branch:
0.7.1 - 23 July 2008
o Fixes a memory leak when invalid proposal received
o Some fixes in DPD
o do not set default gss id if xauth is used
o fixed hybrid enabled builds
o fixed compilation on FreeBSD8
o cleanup in network port value manipulation
o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_sp
i()
o Generates a log if cert validation has been disabled by configuration
o better handling for pfkey socket read errors
o Fixes in yacc / bison stuff
o new plog() macro (reduced CPU usage when logging is disabled)
o Try to works better with huge SPD/SAD
o Corrected modecfg option syntax
o Many other various fixes...
0.7 - 09 August 2007
o Xauth with pre-shared key PSK
o Xauth with certificates
o SHA2 support
o pkcs7 support
o system accounting (utmp)
o Darwin support
o configuration can be reloaded
o Support for UNIQUE generated policies
o Support for semi anonymous sainfos
o Support for ph1id to remoteid matching
o Plain RSA authentication
o Native LDAP support for Xauth and modecfg
o Group membership checks for Xauth and sainfo selection
o Camellia cipher support
o IKE Fragment force option
o Modecfg SplitNet attribute support
o Modecfg SplitDNS attribute support ( server side )
o Modecfg Default Domain attribute support
o Modecfg DNS/WINS server multiple attribute support
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
o Fixed SHA256 detection on some systems
o Fixed a DoS in Informationnal messages processing (CVE-2007-1841).
|
|
Patch provided by Sergey Svishchev in private mail.
|
|
Changes since 0.6.3:
0.6.6
* src/racoon/isakmp_xauth.c: Build fix
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendgetspi().
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendupdate().
* src/racoon/isakmp_xauth.c: fix memory leak
* src/racoon/{cfparse.y|handler.h}: typos
0.6.5
* src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send()
fails in isakmp_ph1resend()
* src/racoon/{cfparse.y|ipsec_doi.c}: Temporary fix for /32
subnets parsing.
* src/racoon/isakmp_cfg.c: make software behave as the documentation
advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
avoid breaking backward compatibility.
* src/racoon/session.c: Fixed / cleaned up signal handling.
0.6.4
* configure.ac src/racoon/plog.c: backported Fred's workaround for
%zu problems on (at least) FreeBSD4.
* src/racoon/session.c: backport: fix possible race conditions in
signal handlers (see session.c 1.17).
* src/libipsec/pfkey_dump.c: fixed compilation when NAT_T
disabled (Fred has still some CVS problems).
* src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports
function to display SAD entries with their associated ports.
* src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag
in conjunction with -D to show SADs with the port, allow both get and
delete commands to use bracketed ports if needed.
* src/racoon/racoon.conf.5: Style changes
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
- Various bug fixes
- ISAKMP mode config works without Xauth
This update fixes the security vulnerability reported in SA17668.
|
|
Linux 2.6.x and newer.
|
|
- src/racoon/dnssec.c: fix bogus test on function result
- src/racoon/isakmp.c: Improved in/out SA addresses check in
purge_remote()
- src/libipsec/{key_debug.c|pfkey.c|pfkey_dump.c}: de-lint, warnings
- src/racoon/privsep.c: Fixed a %d -> %zu in port_check()
|
|
|
|
Changes since version 0.6b2:
- NAT-T fixes for situations where NAT-T is not used
- OpenSSL 0.9.8 support
- keys are not restricted to OpenSSL default size anymore
- PKCS7 support
- SHA2 support
|
|
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
|
|
Multiple bug fixes, the most important being NAT-T now working with
multiple endpoints behind the same NAT.
|
|
|
|
|
|
New features:
- PAM support
- privilege separation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
support.
|
|
|
|
no PKGREVISION bump as it is still enabled by default.
|
|
match with the libraries installed on the system.
|
|
|
|
|
|
without an unofficial patch yet.
|
|
to build...
|
|
|
|
* No need to use LIBTOOL_OVERRIDE.
* Remove unneeded ${EXAMPLESDIR} (??!!) after bl3.mk includes
* Remove unneeded BUILD_DEPEND, because this pkg uses bl3
Still libradius is broken...
|
|
establish IPsec security association with other hosts.
This is based on KAME racoon, with some enhancements such as
NAT-Traversal (needs a kernel patch), hybrid authentication,
ISAKMP mode config, RADIUS support, IKE fragmentation and others.
Ipsec-tools' racoon is able to act as a VPN server for the
Cisco VPN client using hybrid authentication.
|
