| 2009-08-13 tag ipsec-tools-0_7_3 |
| |
| 2009-08-13 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * NEWS, configure.ac: 0.7.3 release |
| |
| * src/racoon/oakley.c: fixed a potential DoS in |
| oakley_do_decrypt(), reported by Orange Labs |
| |
| 2009-08-06 Timo Teras <timo.teras@iki.fi> |
| |
| * src/setkey/setkey.c: From Paul Wenau: Check fgets return value in |
| setkey to make gcc happy. |
| |
| 2009-06-19 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/ipsec_doi.c: Backport S.P.Zeidler's fix to IPv6 |
| address related stack smashing in ipsecdoi_id2str() from CVS HEAD. |
| |
| 2009-05-18 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/isakmp_inf.c: From Tomas Mraz: Remove variable that is |
| not really used; only referenced while uninitialized causing |
| valgrind error. |
| |
| * src/racoon/nattraversal.c: From Tomas Mraz: Fix natt_flags check. |
| |
| 2009-04-29 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/crypto_openssl.c: From Ross Meng: Fix a memory leak in |
| X509 certificate validation. |
| |
| 2009-04-22 tag ipsec-tools-0_7_2 |
| |
| 2009-04-22 Timo Teras <timo.teras@iki.fi> |
| |
| * NEWS, configure.ac: Updates for 0.7.2 release |
| |
| * src/racoon/isakmp_frag.c: From Neil Kettle: Fix a possible null |
| pointer dereference in fragmentation code. |
| |
| 2009-04-20 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/: isakmp_inf.c, isakmp_xauth.c, plog.c: Orignally from |
| Bin Li: Fix possible memory corruption in binsanitize(). |
| |
| * src/racoon/crypto_openssl.c: From Stephen Bevan: Fix a x509 |
| signature verification memory leak. |
| |
| * src/racoon/: admin.c, racoonctl.c: Originally from Bin Li: Fix a |
| crash with racoonctl logout user. |
| |
| * src/racoon/nattraversal.c: Fix a memory leak in nat-t keepalive |
| code. |
| |
| * src/racoon/handler.c: From Paul Moore: Phase2 message id's should |
| be unique wrt phase1, not globally. |
| |
| 2009-02-16 Timo Teras <timo.teras@iki.fi> |
| |
| * src/libipsec/policy_parse.y: From Paul Moore: Fix a heap |
| corruption bug (yacc return non-null terminated buffer and sprintf |
| writes over bounds). |
| |
| 2009-01-20 Timo Teras <timo.teras@iki.fi> |
| |
| * configure.ac: Fix a CPPLAGS typo to CPPFLAGS which was intended |
| |
| * misc/cvs2cl.pl, misc/cvsusermap, Makefile.am: Autogenerate |
| ChangeLog from NetBSD CVS. Put sourceforge.net changes to |
| ChangeLog.old. |
| |
| * misc/cvs2cl.pl: file cvs2cl.pl was added on branch |
| ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000 |
| |
| * misc/cvsusermap: file cvsusermap was added on branch |
| ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000 |
| |
| 2008-11-27 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/main.c: Set up a default value for Mode Config Pool |
| size if pool address specified but pool size not specified |
| |
| * src/racoon/isakmp_cfg.c: Fixed pool resizing |
| |
| 2008-09-25 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp.c: Fixed resending mechanism to have non-ESP |
| marker for retransmitted packets |
| |
| 2008-09-17 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: Fixed port match in purge_ipsec_spi() |
| when NAT-T enabled and trying to purge non NAT-T SAs |
| |
| 2008-08-12 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp.c: From Krzysztof Oledzki: Remove ph1handler if |
| we received an invalid first exchange from initiator. |
| |
| 2008-07-23 tag ipsec-tools-0_7_1 |
| |
| 2008-07-23 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * NEWS: NEWS for 0.7.1 release |
| |
| 2008-07-23 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/Makefile.am: Do not use GNU make specific extension. |
| |
| * src/: libipsec/Makefile.am, racoon/Makefile.am, |
| setkey/Makefile.am: Do flex/bison invocation in a more standard |
| way, and keep the generated files in the dist tarball. |
| |
| 2008-07-22 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * configure.ac: 0.7.1 coming ! |
| |
| * src/racoon/proposal.c: From Kohki Ohhira: fix some memory leaks, |
| when malloc fails or when peer sends invalid proposal. |
| |
| 2008-07-21 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/cfparse.y: Correct typo to fix the build. |
| |
| * src/racoon/cfparse.y: Do not set default gss id if xauth is used. |
| |
| 2008-07-15 Matthew Grooms <mgrooms@shrew.net> |
| |
| * src/racoon/isakmp_cfg.c: Fix an a typo that prevented racoon from |
| building with hybrid enabled. |
| |
| * src/racoon/: crypto_openssl.c, eaytest.c, misc.c, misc.h, |
| racoonctl.c: Fix a conflict with the FreeBSD 8 system hexdump |
| function. |
| |
| 2008-07-11 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/: isakmp.c, isakmp_inf.c: Original patch from Atis |
| Elsts: Fix a double memory free and a memory corruption |
| (LIST_REMOVE() on an uninserted node) in some error handling paths. |
| |
| 2008-07-09 Timo Teras <timo.teras@iki.fi> |
| |
| * src/racoon/cfparse.y: From Chong Peng: fix a file descriptor and |
| memory leak on configuration file reread |
| |
| 2008-07-02 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: From Timo Teras: fixed some %d to %zu |
| (size_t values). |
| |
| 2008-06-18 Matthew Grooms <mgrooms@shrew.net> |
| |
| * src/racoon/: grabmyaddr.c, admin.c, ipsec_doi.c, isakmp.c, |
| isakmp_cfg.c, isakmp_inf.c, remoteconf.c: Use utility functions |
| to evaluate and manipulate network port values. No functional |
| changes. Submitted by Timo Teras. |
| |
| 2008-04-25 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: From Timo Teras: extract port numbers |
| from SADB_X_EXT_NAT_T[SD]PORT if present in purge_ipsec_spi(). |
| |
| 2008-03-06 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/oakley.c: Generates a log if cert validation has been |
| disabled by configuration |
| |
| 2008-03-05 Matthew Grooms <mgrooms@shrew.net> |
| |
| * src/racoon/cfparse.y: Properly initialize the unity network |
| struct to prevent erroneous protocol and port info from being |
| transmitted. |
| |
| * src/racoon/pfkey.c: Provide better handling for pfkey socket read |
| errors. Submitted by Timo Teras. |
| |
| 2008-02-25 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/ipsec_doi.c: From Brian Haley <brian.haley@hp.com>: |
| There's a cut/paste error in cmp_aproppair_i(), it's supposed to be |
| checking spi_size but it's not. I'm not sure this patch is correct, |
| but what's there isn't either. |
| |
| Add fogotten entry in ChangeLog |
| |
| 2008-02-22 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp.c: Fix bad address length computation, from |
| Brian Haley. |
| |
| 2008-01-11 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: From Timo Teras: reset iph1->dpd_r_u in |
| the scheduler's callback, to avoid access to freed memory. |
| |
| * src/racoon/crypto_openssl.c: From Krzysztof Oledzki: Fix |
| compilation with IDEA and recent gcc. |
| |
| * src/racoon/isakmp_inf.c: From Krzysztof Oledzki: added some |
| details to some logs (also reported new getph1byaddr() arg). |
| |
| * src/racoon/isakmp.c: From Krzysztof Oledzki: Only search for |
| established ph1 handles in DPD (also reported new getph1byaddr() |
| arg). |
| |
| * src/racoon/: handler.c, handler.h: added an 'established' arg to |
| getph1byaddr() |
| |
| 2007-11-29 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/Makefile.am: From Natanael Copa: fixed a race |
| condition when building yacc stuff. |
| |
| 2007-11-06 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/crypto_openssl.c: From Scott Lamb: include plog.h to |
| work with the new plog macro. |
| |
| * src/racoon/kmpstat.c: From Scott Lamb: plog changed to _plog to |
| work with new plog macro |
| |
| * src/racoon/: plog.c, plog.h: From Scott Lamb: new plog macro. |
| |
| 2007-10-15 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/libipsec/pfkey.c: Try to increase the buffer size of the |
| pfkey socket, this may help things when we have a huge SPD |
| |
| 2007-09-19 Matthew Grooms <mgrooms@shrew.net> |
| |
| * configure.ac: Fix autoconf check for selinux support. Submitted |
| by Joy Latten. |
| |
| 2007-09-03 Matthew Grooms <mgrooms@shrew.net> |
| |
| * src/racoon/: cftoken.l, racoon.conf.5: Correct the syntax for |
| wins4 in the man page and add nbns4 as an alias. Pointed out by |
| Claas Langbehn. |
| |
| 2007-08-09 tag ipsec-tools-0_7 |
| |
| 2007-08-09 Matthew Grooms <mgrooms@shrew.net> |
| |
| * NEWS, configure.ac: Prepare for 0.7 release tag. |
| |
| 2007-08-07 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp_xauth.c: Don't mix up RADIUS authentication and |
| authorization ports. Allow interoperability with freeradius |
| |
| 2007-08-01 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * configure.ac, src/libipsec/ipsec_dump_policy.c, |
| src/libipsec/ipsec_get_policylen.c, |
| src/libipsec/ipsec_strerror.c, src/libipsec/key_debug.c, |
| src/libipsec/libpfkey.h, src/libipsec/pfkey.c, |
| src/libipsec/pfkey_dump.c, src/libipsec/policy_parse.y, |
| src/libipsec/policy_token.l, src/libipsec/test-policy-priority.c, |
| src/racoon/admin.c, src/racoon/backupsa.c, src/racoon/cfparse.y, |
| src/racoon/cftoken.l, src/racoon/ipsec_doi.c, |
| src/racoon/isakmp.c, src/racoon/isakmp_inf.c, |
| src/racoon/isakmp_quick.c, src/racoon/pfkey.c, |
| src/racoon/policy.c, src/racoon/proposal.c, |
| src/racoon/remoteconf.c, src/racoon/sainfo.c, |
| src/racoon/session.c, src/racoon/sockmisc.c, |
| src/racoon/strnames.c, src/setkey/parse.y, src/setkey/setkey.c, |
| src/setkey/token.l: use a single PATH_IPSEC_H to fix some |
| path_to_ipsec.h issues |
| |
| 2007-07-24 Matthew Grooms <mgrooms@shrew.net> |
| |
| * NEWS: Update NEWS file with additional 0.7 improvements. |
| |
| 2007-07-18 Matthew Grooms <mgrooms@shrew.net> |
| |
| * src/racoon/racoon.conf.5: Various racoon configuration manpage |
| updates. |
| |
| 2007-07-16 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/grabmyaddr.c: fixed a socket leak |
| |
| 2007-06-12 tag ipsec-tools-0_7-RC1 |
| |
| 2007-06-12 tag ipsec-tools-0_7-rc1 |
| |
| 2007-06-12 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * configure.ac: ipsec-tools used to use tags in lower case |
| |
| 2007-06-12 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * configure.ac: 0.7-RC1 |
| |
| 2007-06-07 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/: main.c, policy.h, security.c: From Joy Latten |
| <latten@austin.ibm.com> Fix file descriptor shortage when using |
| labeled IPsec. |
| |
| * src/racoon/isakmp_cfg.c: From Paul Winder |
| <Paul.Winder@tadpole.com> Fix ignored INTERNAL_DNS4_LIST |
| |
| 2007-06-06 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/: eaytest.c, var.h: From Rong-En Fan: fix compilation |
| with gcc 4.2 |
| |
| 2007-06-06 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/kmpstat.c: From Jianli Liu <jlliu@nortel.com>: Use the |
| specified socket path instead of the default location |
| |
| 2007-06-06 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/session.c: From Jianli Liu: speed up interfaces update |
| when they change. |
| |
| * src/racoon/handler.c: ignore obsolete lifebyte when validating |
| reloaded configuration |
| |
| 2007-05-04 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/handler.c: search a ph1 by address if iph2->ph1 is |
| NULL when validating the new config |
| |
| * src/racoon/handler.c: added some debug in getph1byaddr() to track |
| some port matching problems with NAT-T |
| |
| * src/racoon/isakmp.c: added some debug in isakmp_chkph1there() to |
| track some port matching problems with NAT-T |
| |
| * src/racoon/isakmp_inf.c: added some debug for DELETE_SA process |
| |
| * src/racoon/pfkey.c: Force the update of ph2 in pk_recvupdate() if |
| NAT_T support, to solve some port match problems with the first |
| IPSec SAs negociated as initiator |
| |
| 2007-04-04 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/ipsec_doi.c: checks proto_id in ipsecdoi_chkcmpids() |
| |
| * src/racoon/oakley.c: dumps peer's ID and peer's certificate |
| subject /subjectaltname if they don't match |
| |
| 2007-03-29 tag ipsec-tools-0_7-beta3 |
| |
| 2007-03-29 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * configure.ac: Bump to 0.7beta3 |
| |
| 2007-03-26 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: Store the DPD main scheduler in ph1 |
| handler, to be able to cancel it when removing the handler, and some |
| minor cleanups in DPD code |
| |
| 2007-03-23 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/: ipsec_doi.c, security.c: From Joy Latten: fix a |
| segfault when using security labels between 32bit and 64bit host. |
| |
| * src/racoon/handler.c: expire zombie handlers in getph2byid(), to |
| avoid situations where we'll never negociate a phase2 again |
| |
| * src/racoon/: oakley.c, racoon.conf.5: From Cyrus Rahman: give |
| more details about what is checked when using certificates to |
| authenticate |
| |
| 2007-03-22 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/: cfparse.y, ipsec_doi.c: fixed subnet check to |
| generate IPV4_ADDRESS when needed in sockaddr2id() |
| |
| 2007-03-21 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/: handler.c, isakmp.c, isakmp_inf.c, pfkey.c: NULL |
| sched check is now done in SCHED_KILL |
| |
| * src/racoon/schedule.h: checks if arg is NULL in SCHED_KILL |
| |
| 2007-03-15 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/grabmyaddr.c: From Yves-Alexis Perez: enable |
| monitoring of ipv6 address changes on Linux. |
| |
| * src/racoon/isakmp.c: Consider a negociation timeout when |
| retry_counter is <=0 instead of < 0 |
| |
| 2007-03-06 tag ipsec-tools-0_7-beta2 |
| |
| 2007-03-06 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * configure.ac: Bump to 0.7beta2 |
| |
| 2007-03-01 Matthew Grooms <mgrooms@shrew.net> |
| |
| * src/racoon/ipsec_doi.c: Add logic to allow ip address ids to be |
| matched to ip subnet ids when appropriate. |
| |
| 2007-02-21 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/ipsec_doi.c: block variable declaration before code in |
| ipsecdoi_id2str() |
| |
| 2007-02-20 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: Removed a debug printf.... |
| |
| * src/racoon/isakmp.c: Only delete a generated SPD if it's creation |
| date matches the creation date of the SA we are currently deleting |
| |
| * src/racoon/: handler.c, isakmp_var.h: updated delete_spd() calls |
| |
| * src/racoon/: isakmp_inf.c, pfkey.c: fills creation date of |
| generated SPDs |
| |
| * src/racoon/policy.h: added 'created' var |
| |
| 2007-02-19 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp.c: Removed a debug printf.... |
| |
| 2007-02-16 tag ipsec-tools-0_7-beta1 |
| |
| 2007-02-16 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * configure.ac: Bump to 0.7beta1 |
| |
| 2007-02-16 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/ipsec_doi.c: From Olivier Warin: Fix a %zu in a |
| printf. |
| |
| 2007-02-15 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/security.c: Missing file for SELinux |
| |
| * configure.ac: Missing stuff for SELinux |
| |
| 2007-02-15 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: Just |
| expire a ph1 handle when receiving a DELETE-SA instead of calling |
| purge_remote(). |
| |
| * src/racoon/isakmp.c: Fixed the way phase1/2 messages are |
| sent/resent, to avoid zombie handles and acces to freed memory |
| |
| 2007-02-02 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/cfparse.y: Fixed a check of NAT-T support in libipsec |
| |
| 2007-02-01 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: When |
| receiving an ISAKMP DELETE_SA, get the cookie of the SA to be |
| deleted from payload instead of just deleting the ISAKMP SA used to |
| protect the informational exchange. |
| |
| 2006-12-18 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/crypto_openssl.c: From Joy Latten: fix a memory leak |
| |
| 2006-12-10 tag ipsec-tools-0_7-base |
| |
| 2006-12-10 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/: libipsec/Makefile.am, libipsec/libpfkey.h, |
| libipsec/pfkey.c, racoon/backupsa.c, racoon/cfparse.y, |
| racoon/pfkey.c: Bring back API and ABI backward compatibility |
| with previous libipsec before recent interface change. Bump libipsec |
| minor version. Remove ifdefs in struct pfkey_send_sa_args to avoid |
| ABI compatibility lossage. Add a capability flags to detect missing |
| optional feature in libipsec |
| |
| * src/racoon/: Makefile.am, doc/README.plainrsa: From Joy Latten: |
| README.plainrsa documenting plain RSA auth |
| |
| 2006-12-09 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * configure.ac, src/libipsec/libpfkey.h, src/libipsec/pfkey.c, |
| src/racoon/Makefile.am, src/racoon/backupsa.c, |
| src/racoon/backupsa.h, src/racoon/cftoken.l, |
| src/racoon/ipsec_doi.c, src/racoon/ipsec_doi.h, |
| src/racoon/isakmp_inf.c, src/racoon/isakmp_quick.c, |
| src/racoon/pfkey.c, src/racoon/policy.c, src/racoon/policy.h, |
| src/racoon/proposal.c, src/racoon/proposal.h, |
| src/racoon/remoteconf.c: From Joy Latten: Add support for SELinux |
| security contexts. Also cleanup the libipsec interface for adding |
| and updating security associations. |
| |
| * src/racoon/racoon.conf.5: From Simon Chang: More hints about |
| plain RSA authentication |
| |
| 2006-12-05 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/: proposal.c, proposal.h, racoon.conf.5: Check keys |
| length regarding proposal_check level |
| |
| 2006-11-16 Matthew Grooms <mgrooms@shrew.net> |
| |
| * src/racoon/sainfo.c: Correct issues associated with anonymous |
| sainfo selection in racoon. |
| |
| 2006-11-09 Christos Zoulas <christos@netbsd.org> |
| |
| * src/racoon/crypto_openssl.c: eliminate the only variable stack |
| array allocation. |
| |
| 2006-10-31 Christian Biere <cbiere@netbsd.org> |
| |
| * src/racoon/sockmisc.c: Don't define the deprecated |
| IPV6_RECVDSTADDR if the "advanced IPv6 API" is used because |
| IPV6_RECVPKTINFO and IPV6_PKTINFO are used to prevent potential bugs |
| in the future just in case that the numeric value of the socket |
| option is ever recycled. |
| |
| 2006-10-22 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/: backupsa.c, cfparse.y: From Michal Ruzicka: fix |
| typos |
| |
| 2006-10-19 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/sainfo.c: From Matthew Grooms: use |
| ipsecdoi_chkcmpids() and changed src/dst to loc/rmt in getsainfo(). |
| |
| * src/racoon/: ipsec_doi.c, ipsec_doi.h: From Matthew Grooms: Added |
| ipsecdoi_chkcmpids() function. |
| |
| 2006-10-09 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/proposal.c: Fix memory leak (Coverity 3438 and 3437) |
| |
| * src/racoon/isakmp_unity.c: Correctly check read() return value: |
| it's signed (Coverity 1251) |
| |
| 2006-10-06 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * configure.ac, src/libipsec/pfkey_dump.c, src/racoon/algorithm.c, |
| src/racoon/algorithm.h, src/racoon/cftoken.l, |
| src/racoon/crypto_openssl.c, src/racoon/crypto_openssl.h, |
| src/racoon/eaytest.c, src/racoon/ipsec_doi.c, |
| src/racoon/ipsec_doi.h, src/racoon/oakley.h, src/racoon/pfkey.c, |
| src/racoon/racoon.conf.5, src/racoon/strnames.c, |
| src/setkey/setkey.8, src/setkey/test-pfkey.c, src/setkey/token.l: |
| Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki |
| <okazaki@kick.gr.jp> |
| |
| 2006-10-03 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/admin.c: fix endianness issue introduced yesterday |
| |
| 2006-10-03 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/racoon.conf.5: Added remoteid/ph1id syntax |
| |
| * src/racoon/: cfparse.y, cftoken.l: Parses remoteid/ph1id values |
| |
| * src/racoon/: handler.c, isakmp_quick.c, pfkey.c, sainfo.c: Uses |
| remoteid/ph1id values |
| |
| * src/racoon/: remoteconf.h, sainfo.h: Added remoteid/ph1id values |
| |
| 2006-10-02 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp_base.c: |
| avoid reusing free'd pointer (Coverity 2613) |
| |
| * src/racoon/isakmp_inf.c: Check for NULL pointer (COverity 4175) |
| |
| * src/racoon/isakmp_ident.c: Remove dead code (Coverity 3451) |
| |
| * src/racoon/algorithm.c: Fix array overrun (Coverity 4172) |
| |
| * src/racoon/admin.c: Fix memory leak (Coverity 2002) |
| |
| * src/racoon/: admin.c, isakmp.c, sockmisc.c: Fix memory leak |
| (Coverity 2001), refactor the code to use port get/set functions |
| |
| * src/racoon/admin.c: Avoid reusing free'd pointer (Coverity 4200) |
| |
| * src/racoon/oakley.c: Don't use NULL pointer (Coverity 3443), |
| reformat to 80 char/line |
| |
| 2006-10-02 Tom Spindler <dogcow@netbsd.org> |
| |
| * src/racoon/ipsec_doi.c: If you're going to initialize a pointer, |
| you have to init it with a pointer type, not an int. |
| |
| 2006-10-02 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp.c: Don't use NULL pointer (coverity 3439) |
| |
| * src/racoon/ipsec_doi.c: Don't use NULL pointer (Coverity 1334) |
| |
| * src/racoon/pfkey.c: Don't use NULL pointer (Coverity 944) |
| |
| * src/racoon/proposal.c: Don't use NULL pointer (Coverity 941) |
| |
| * src/racoon/racoonctl.c: Don't use NULL pointer (Coverity 942) |
| |
| * src/racoon/sockmisc.c: Don't use null pointer (Coverity 863) |
| |
| 2006-10-01 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/ipsec_doi.c: FIx memory leak (Coverity 4181) |
| |
| * src/racoon/isakmp.c: Check that iph1->remote is not NULL before |
| using it (Coverity 3436) |
| |
| 2006-09-30 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp_agg.c: emove dead code (Coverity 4165) |
| |
| * src/racoon/isakmp_cfg.c: Fix memory leak (Coverity 4179) |
| |
| * src/racoon/samples/roadwarrior/client/: phase1-down.sh, |
| phase1-up.sh: update the scripts for wrorking around routing |
| problems on NetBSD |
| |
| * src/racoon/session.c: Reuse existing code for closing IKE |
| sockets, and avoid screwing things by setting p->sock = -1, which is |
| not expected (Coverity 4173). |
| |
| * src/racoon/admin.c: Do not free id and key, as they are used |
| later |
| |
| 2006-09-29 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/racoonctl.c: Fix the fix: handle_recv closes the |
| socket, so we must call com_init before sending any data. |
| |
| 2006-09-28 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp_xauth.c: Fix unchecked mallocs (Coverity 4176, |
| 4174) |
| |
| * src/racoon/racoonctl.c: Fix access after free (Coverity 4178) |
| |
| 2006-09-26 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/cfparse.y: Fix memory leak (Coverity) |
| |
| * src/racoon/backupsa.c: Fix memory leak (Coverity) |
| |
| * src/racoon/admin.c: Remove dead code (Coverity) |
| |
| * src/racoon/admin.c: Fix memory leak (Coverity) |
| |
| * src/racoon/admin.c: One more memory leak |
| |
| * src/racoon/admin.c: Fix memory leak in racoonctl (coverity) |
| |
| * src/racoon/ipsec_doi.c: Fix buffer overflow Also fix credits: SA |
| bundle fix was contributed by Jeff Bailey, not Matthew Grooms. |
| Matthew updated the patch for current code, though. |
| |
| * src/racoon/: pfkey.c, proposal.c: fix SA bundle (e.g.: for |
| negotiating ESP+IPcomp) |
| |
| 2006-09-25 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/isakmp.c: From Yves-Alexis Perez: struct ip -> struct |
| iphdr for Linux |
| |
| 2006-09-25 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp.c: style (mostly for testing |
| ipsec-tools-commits@netbsd.org) |
| |
| * src/racoon/ipsec_doi.c: Fix double free, from Matthew Grooms |
| |
| 2006-09-21 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/libipsec/pfkey.c: use sysdep_sa_len to make it compile on |
| Linux |
| |
| 2006-09-19 Thomas Klausner <wiz@netbsd.org> |
| |
| * src/racoon/racoon.conf.5: Bump date for ike_frag force. |
| |
| * src/racoon/: plainrsa-gen.8, racoon.conf.5: New sentence, new |
| line. |
| |
| * src/racoon/: racoon.conf.5, plainrsa-gen.8: Remove trailing |
| whitespace. |
| |
| 2006-09-19 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * src/racoon/proposal.c: From Yves-Alexis Perez: fixes default |
| value for encmodesv in set_proposal_from_policy() |
| |
| * src/racoon/isakmp.c: always include some headers, as they are |
| required even without NAT-T |
| |
| * src/: libipsec/pfkey_dump.c, setkey/token.l: From Larry Baird: |
| define SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed |
| |
| * src/racoon/crypto_openssl.c: From Larry Baird: some printf() -> |
| plog() |
| |
| 2006-09-18 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/: cfparse.y, cftoken.l, isakmp.c, isakmp_frag.h, |
| isakmp_inf.c, racoon.conf.5, remoteconf.c: From Matthew Grooms: |
| ike_frag force option to force the use of IKE on first packet |
| exchange (prior to peer consent) |
| |
| 2006-09-18 Yvan Vanhullebus <vanhu@netasq.com> |
| |
| * rpm/suse/ipsec-tools.spec, src/racoon/prsa_tok.c: removed |
| generated files from the CVS |
| |
| * src/racoon/prsa_par.c: removed generated files from the CVS |
| |
| * src/racoon/: cfparse.c, cftoken.c: removed generated files from |
| the CVS |
| |
| 2006-09-18 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/isakmp.c: From Matthew Grooms: handle IKE frag used in |
| the first packet. That should not normally happen, as the initiator |
| does not know yet if the responder can handle IKE frag. However, in |
| some setups, the first packet is too big to get through, and |
| assuming the peer supports IKE frag is the only way to go. |
| |
| racoon should have a setting in the remote section to do taht |
| (something like ike_frag force) |
| |
| 2006-09-16 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/ipsec_doi.c: Trivial bugfix in RFC2407 4.6.2 |
| conformance, from Matthew Grooms |
| |
| 2006-09-15 Emmanuel Dreyfus <manu@netbsd.org> |
| |
| * src/racoon/ipsec_doi.c: Fix build on Linux |
| |
| For older changes see ChangeLog.old |
