From 48dc3934ccc9e04e9547b50f39e51a3cf56c0f0b Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Mon, 25 Sep 2006 07:26:16 +0000
Subject: [PATCH] updated NEWS and ChangeLog for 4.0.4 release

---
 ChangeLog        | 73 ++++++++++++++++++++++++++++++++++++++++++++++++
 ChangeLog.update |  2 +-
 NEWS             | 32 +++++++++++++++++++++
 3 files changed, 106 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 8e74c2f0d..23063a235 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,76 @@
+ strongswan-4.0.4 / R:1289 
+===========================
+
+fixed some compiler warnings
+extended statusall output
+  added job/event-queue statistics
+  added allocation statistics when using LEAK_DETECTIVE
+fixed include typo
+public declaration of all HASH_SIZEs in hasher.h
+support of encrypted private key files
+added copyright notice to sha2_hasher
+included SHA2 in build process
+implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512
+added support for 3DES encryption algorithm in IKE
+fixed the ids parsing bug
+fixed the ids parsing bug
+updated TODOs
+fixed memleak
+fixed proper handling of id parsing errors
+proper return value when no PSK found
+added HOST_ACCESS for firewall script as default
+more debugging output for PSK authentication
+some cleanups here and there
+added auth_method field
+added auth_method field
+cosmetics
+verify_emsa_pkcs1_signature returns status_t
+cosmetics
+added PSK support
+enabled firewall support
+proper error handling for socket creation
+handle certificate parsing error more generous
+fixed certificate verification bug!
+fixed memleak when receiving invalid certificate
+version bump to 4.0.4
+version bump to 4.0.4
+two new test scenarios
+fixed path to images directory
+implemented updown script to handle firewalling
+add priority management for kernel policy
+let ROUTED policies installed, until manuall removed
+introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
+ike_sa_manager cleanups
+implemented handling of dpdaction and dpddelay ipsec.conf parameters
+reuse reqid when a ROUTED child_sa gets INSTALLED
+fixed a bug in retransmission code
+added support for the "keyingtries" ipsec.conf parameter
+added support for the "dpddelay" ipsec.conf parameter
+done some work for "dpdaction" behavior
+some other cleanups and fixes
+fixed a at-least-one-year-old bug which caused crashed in the scheduler
+added raw socket filter for IPv6
+implemented NAT detection for IPv6
+removed unneeded constructor
+initial support for IPv6 (more testing needed)
+  socket works (without v6 filter)
+  traffic selector handle IPv4/v4 cleanly
+    improvements in traffic selector code
+  kernel interface accepts v6 traffic selectors and hosts
+  host_t class has full IPv6 support
+added stddef.h include for compilers which do not support the offsetof() directive
+moved interface enumeration code to socket, where it belongs
+query interfaces every time we need it to respect changes in network config
+added address listing on startup and "ipsec statusall"
+version bump of UML kernel to 2.6.17.11
+fixed crash bug when doing "ipsec down" with an unknown connection
+added name property in CHILD_SA, allows proper status output
+fixed bug which prevented port float when nat is detected
+version bumps
+'sha' and 'sha1' are now treated as synonyms
+updated Changelog and other docs
+
+
  strongswan-4.0.3 / R:1235 
 ===========================
 
diff --git a/ChangeLog.update b/ChangeLog.update
index 30258c669..c847f04a4 100755
--- a/ChangeLog.update
+++ b/ChangeLog.update
@@ -6,7 +6,7 @@ echo " strongswan-4.x.x / R:$current " > ChangeLog.tmp
 echo "===========================" >> ChangeLog.tmp
 echo "" >> ChangeLog.tmp
 
-svn log -r $current:$last | grep -v "| mwilli |" | grep -v "| andreas | " | grep -v ^$ | grep -v ^------ >> ChangeLog.tmp
+svn log -r $current:$last | grep -v "| martin |" | grep -v "| andreas | " | grep -v ^$ | grep -v ^------ >> ChangeLog.tmp
 
 echo "" >> ChangeLog.tmp
 echo "" >> ChangeLog.tmp
diff --git a/NEWS b/NEWS
index f63078fc4..63a760be0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,35 @@
+strongswan-4.0.4
+----------------
+
+- Implemented full support for IPv6-in-IPv6 tunnels.
+
+- Added configuration options for dead peer detection in IKEv2. dpd_action
+  types "clear", "hold" and "restart" are supported. The dpd_timeout
+  value is not used, as the normal retransmission policy applies to
+  detect dead peers. The dpd_delay parameter enables sending of empty
+  informational message to detect dead peers in case of inactivity.
+
+- Added support for preshared keys in IKEv2. PSK keys configured in
+  ipsec.secrets are loaded. The authby parameter specifies the authentication
+  method to authentificate ourself, the other peer may use PSK or RSA.
+
+- Changed retransmission policy to respect the keyingtries parameter.
+
+- Added private key decryption. PEM keys encrypted with AES or DES/3DES are
+  supported.
+
+- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to
+  encrypt IKE traffic.
+
+- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates
+  signed with such a hash algorithm.
+
+- Added initial support for updown scripts. The actions up-host/client and
+  down-host/client are executed. The leftfirewall=yes parameter
+  uses the default updown script to insert dynamic firewall rules, a custom
+  updown script may be specified with the leftupdown parameter.
+
+
 strongswan-4.0.3
 ----------------