1Version history:
2----------------
30.8.x CVS (no official release yet)
4          o A lot of code cleanup
5          o XXX TODO
6
70.8.2     - 27 February 2014
8          o Fix admin port establish-sa for tunnel mode SAs (Alexander Sbitnev)
9          o Fix source port selection regression from version 0.8.1
10          o Various logging improvements
11          o Additional compliance and build fixes
12
130.8.1     - 08 January 2013
14          o Improved X.509 subject name comparation (Götz Babin-Ebell)
15          o Relax DPD cookie check for Cisco IOS compatibility (Roman Antink)
16          o Allow simplified syntax for inherited remote blocks (Roman Antink)
17          o Never shring pfkey socket buffer (Marcelo Leitner)
18          o Privilege separation child process exit fix
19          o Multiple memory allocation and use-after-free fixes
20
210.8       - 18 March 2011
22          o Fix authentication method ambiguity with kerberos and xauth
23          o RFC2253 compliant escaping of asn1dn identifiers (Cyrus Rahman)
24          o Local address code rewrite to speed things up
25          o Improved MIPv6 support (Arnaud Ebalard)
26          o ISAKMP SA (phase1) rekeying
27          o Improved scheduler (faster algorithm, support monotonic clock)
28          o Handle RESPONDER-LIFETIME in quick mode
29          o Handle INITIAL-CONTACT in from main mode too
30          o Rewritten event handling framework for admin port
31          o Ability to initiate IPsec SA through admin port
32          o NAT-T Original Address handling (transport mode NAT-T support)
33          o Remove various obsolete configuration options
34          o A lot of other bug fixes, performance improvements and clean ups
35
360.7.1     - 23 July 2008
37          o Fixes a memory leak when invalid proposal received
38          o Some fixes in DPD
39          o do not set default gss id if xauth is used
40          o fixed hybrid enabled builds
41          o fixed compilation on FreeBSD8
42          o cleanup in network port value manipulation
43          o Gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in
44            purge_ipsec_spi()
45          o Generates a log if cert validation has been disabled by
46            configuration
47          o better handling for pfkey socket read errors
48          o Fixes in yacc / bison stuff
49          o new plog() macro (reduced CPU usage when logging is disabled)
50          o Try to work better with huge SPD/SAD
51          o Corrected modecfg option syntax
52
530.7       - 09 August 2007
54          o Xauth with pre-shared key PSK
55          o Xauth with certificates
56          o SHA2 support
57          o pkcs7 support
58          o system accounting (utmp)
59          o Darwin support
60          o configuration can be reloaded
61          o Support for UNIQUE generated policies
62          o Support for semi anonymous sainfos
63          o Support for ph1id to remoteid matching
64          o Plain RSA authentication
65          o Native LDAP support for Xauth and modecfg
66          o Group membership checks for Xauth and sainfo selection
67          o Camellia cipher support
68          o IKE Fragment force option
69          o Modecfg SplitNet attribute support
70          o Modecfg SplitDNS attribute support ( server side )
71          o Modecfg Default Domain attribute support
72          o Modecfg DNS/WINS server multiple attribute support
73
740.6       - 27 June 2005
75          o Generated policies are now correctly flushed
76          o NAT-T works with multiple peers behind the NAT (need kernel support)
77          o Xauth can use shadow passwords
78          o TCP-MD5 support
79          o PAM support for Xauth
80          o Privilege separation
81          o ESP fragmentation in tunnel mode can be tunned (NetBSD only)
82          o racoon admin interface is exported (header and library) to
83            help building control programs for racoon (think GUI)
84          o Fixed single DES support; single DES users MUST UPGRADE.
85
860.5       - 10 April 2005
87          o Rewritten buildsystem. Now completely autoconfed, automaked,
88            libtoolized.
89          o IPsec-tools now compiles on NetBSD and FreeBSD again.
90          o Support for server-side hybrid authentication, with full
91            RADIUS supoort. This is interoperable with the Cisco VPN client.
92          o Support for client-side hybrid authentication (Tested only with
93            a racoon server)
94          o ISAKMP mode config support
95          o IKE fragmentation support
96          o Fixed FWD policy support.
97          o Fixed IPv6 compilation.
98          o Readline is optional, fixed setkey when compiled without readline.
99          o Configurable Root-CA certificate.
100          o Dead Peer Detection (DPD) support.
101
1020.4rc1    - 09 August 2004
103          o Merged support for PlainRSA keys from the 'plainrsa' branch.
104          o Inheritance of 'remote{}' sections.
105          o Support for SPD policy priorities in setkey.
106          o Ciphers are now used through the 'EVP' interface which allows
107            using hardware crypto accelerators.
108          o Setkey has new option -n (no action).
109          o All source files now have 3-clause BSD license.
110
1110.3       - 14 April 2004
112          o Fixed setkey to handle multiline commands again.
113          o Added command 'exit' to setkey.
114          o Fixed racoon to only Warn if no CRL was found.
115          o Improved testsuite.
116
1170.3rc5    - 05 April 2004
118          o Security bugfix WRT handling X.509 signatures.
119          o Stability fix WRT unknown PF_KEY messages.
120          o Fixed NAT-T with more proposals (e.g. more crypto algos).
121          o Setkey parses lines one by one => doesn't exit on errors.
122          o Setkey supports readline => more user friendly.
123
1240.3rc4    - 25 March 2004
125          o Fixed adding "null" encryption via 'setkey'.
126          o Fixed segfault when using AES in Phase1 with OpenSSL>=0.9.7
127          o Fixed NAT-T in aggressive mode.
128          o Fixed testsuite and added testsuite run into make check.
129
1300.3rc3    - 19 March 2004
131          o Fixed compilation error with --enble-yydebug
132          o Better diagnostic when proposals don't match.
133          o Changed/added options to setkey.
134
1350.3rc2    - 11 March 2004
136          o Added documentation for NAT-T
137          o Better NAT-T diagnostic.
138          o Test and workaround for missing va_copy()
139
1400.3rc1    - 04 March 2004
141          o Support for NAT Traversal (NAT-T)
142
1430.2.4     - 29 January 2004
144          o Sync with KAME as of 2004-01-07
145          o Fixed unauthorized deletion of SA in racoon (again).
146
1470.2.3     - 15 January 2004
148          o Support for SA lifetime specified in bytes
149            (see setkey -bs/-bh options)
150          o Enhance support for OpenSSL 0.9.7
151          o Let racoon be more verbose
152          o Fixed some simple bugs (see ChangeLog for details)
153          o Fixed unauthorized deletion of SA in racoon
154          o Fixed problems on AMD64
155          o Ignore multicast addresses for IKE
156
1570.2.2     - 13 March 2003
158          o Fix racoon to build on some systems that require linking against -lfl
159          o add an RPM spec to the distribution
160
1610.2.1     - 07 March 2003
162          o Fix some more gcc-3.2.2 compiler warnings
163          o Fix racoon to actually configure with ssl in a non-standard location
164          o Fix racoon to not complain if krb5-config is not installed
165
1660.2       - 06 March 2003
167          o Glibc-2.3 support
168          o OpenSSL-0.9.7 support
169          o Fixed duplicate-macro problems
170          o Fix racoon lex/yacc support
171          o Install psk.txt mode 600, racoon.conf mode 644
172          o Fix racoon to look in the correct directory for config files
173
1740.1       - 03 March 2003
175          o Initial release of IPsec-Tools
176