updated NEWS and ChangeLog for 4.0.4 release
This commit is contained in:
parent
1ce2ad09c3
commit
48dc3934cc
73
ChangeLog
73
ChangeLog
|
@ -1,3 +1,76 @@
|
||||||
|
strongswan-4.0.4 / R:1289
|
||||||
|
===========================
|
||||||
|
|
||||||
|
fixed some compiler warnings
|
||||||
|
extended statusall output
|
||||||
|
added job/event-queue statistics
|
||||||
|
added allocation statistics when using LEAK_DETECTIVE
|
||||||
|
fixed include typo
|
||||||
|
public declaration of all HASH_SIZEs in hasher.h
|
||||||
|
support of encrypted private key files
|
||||||
|
added copyright notice to sha2_hasher
|
||||||
|
included SHA2 in build process
|
||||||
|
implemented sha2_hasher which supports SHA-256, SHA-384 and SHA-512
|
||||||
|
added support for 3DES encryption algorithm in IKE
|
||||||
|
fixed the ids parsing bug
|
||||||
|
fixed the ids parsing bug
|
||||||
|
updated TODOs
|
||||||
|
fixed memleak
|
||||||
|
fixed proper handling of id parsing errors
|
||||||
|
proper return value when no PSK found
|
||||||
|
added HOST_ACCESS for firewall script as default
|
||||||
|
more debugging output for PSK authentication
|
||||||
|
some cleanups here and there
|
||||||
|
added auth_method field
|
||||||
|
added auth_method field
|
||||||
|
cosmetics
|
||||||
|
verify_emsa_pkcs1_signature returns status_t
|
||||||
|
cosmetics
|
||||||
|
added PSK support
|
||||||
|
enabled firewall support
|
||||||
|
proper error handling for socket creation
|
||||||
|
handle certificate parsing error more generous
|
||||||
|
fixed certificate verification bug!
|
||||||
|
fixed memleak when receiving invalid certificate
|
||||||
|
version bump to 4.0.4
|
||||||
|
version bump to 4.0.4
|
||||||
|
two new test scenarios
|
||||||
|
fixed path to images directory
|
||||||
|
implemented updown script to handle firewalling
|
||||||
|
add priority management for kernel policy
|
||||||
|
let ROUTED policies installed, until manuall removed
|
||||||
|
introduced new naming scheme to allow proper shutdown of IKE/CHILD_SAs
|
||||||
|
ike_sa_manager cleanups
|
||||||
|
implemented handling of dpdaction and dpddelay ipsec.conf parameters
|
||||||
|
reuse reqid when a ROUTED child_sa gets INSTALLED
|
||||||
|
fixed a bug in retransmission code
|
||||||
|
added support for the "keyingtries" ipsec.conf parameter
|
||||||
|
added support for the "dpddelay" ipsec.conf parameter
|
||||||
|
done some work for "dpdaction" behavior
|
||||||
|
some other cleanups and fixes
|
||||||
|
fixed a at-least-one-year-old bug which caused crashed in the scheduler
|
||||||
|
added raw socket filter for IPv6
|
||||||
|
implemented NAT detection for IPv6
|
||||||
|
removed unneeded constructor
|
||||||
|
initial support for IPv6 (more testing needed)
|
||||||
|
socket works (without v6 filter)
|
||||||
|
traffic selector handle IPv4/v4 cleanly
|
||||||
|
improvements in traffic selector code
|
||||||
|
kernel interface accepts v6 traffic selectors and hosts
|
||||||
|
host_t class has full IPv6 support
|
||||||
|
added stddef.h include for compilers which do not support the offsetof() directive
|
||||||
|
moved interface enumeration code to socket, where it belongs
|
||||||
|
query interfaces every time we need it to respect changes in network config
|
||||||
|
added address listing on startup and "ipsec statusall"
|
||||||
|
version bump of UML kernel to 2.6.17.11
|
||||||
|
fixed crash bug when doing "ipsec down" with an unknown connection
|
||||||
|
added name property in CHILD_SA, allows proper status output
|
||||||
|
fixed bug which prevented port float when nat is detected
|
||||||
|
version bumps
|
||||||
|
'sha' and 'sha1' are now treated as synonyms
|
||||||
|
updated Changelog and other docs
|
||||||
|
|
||||||
|
|
||||||
strongswan-4.0.3 / R:1235
|
strongswan-4.0.3 / R:1235
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ echo " strongswan-4.x.x / R:$current " > ChangeLog.tmp
|
||||||
echo "===========================" >> ChangeLog.tmp
|
echo "===========================" >> ChangeLog.tmp
|
||||||
echo "" >> ChangeLog.tmp
|
echo "" >> ChangeLog.tmp
|
||||||
|
|
||||||
svn log -r $current:$last | grep -v "| mwilli |" | grep -v "| andreas | " | grep -v ^$ | grep -v ^------ >> ChangeLog.tmp
|
svn log -r $current:$last | grep -v "| martin |" | grep -v "| andreas | " | grep -v ^$ | grep -v ^------ >> ChangeLog.tmp
|
||||||
|
|
||||||
echo "" >> ChangeLog.tmp
|
echo "" >> ChangeLog.tmp
|
||||||
echo "" >> ChangeLog.tmp
|
echo "" >> ChangeLog.tmp
|
||||||
|
|
32
NEWS
32
NEWS
|
@ -1,3 +1,35 @@
|
||||||
|
strongswan-4.0.4
|
||||||
|
----------------
|
||||||
|
|
||||||
|
- Implemented full support for IPv6-in-IPv6 tunnels.
|
||||||
|
|
||||||
|
- Added configuration options for dead peer detection in IKEv2. dpd_action
|
||||||
|
types "clear", "hold" and "restart" are supported. The dpd_timeout
|
||||||
|
value is not used, as the normal retransmission policy applies to
|
||||||
|
detect dead peers. The dpd_delay parameter enables sending of empty
|
||||||
|
informational message to detect dead peers in case of inactivity.
|
||||||
|
|
||||||
|
- Added support for preshared keys in IKEv2. PSK keys configured in
|
||||||
|
ipsec.secrets are loaded. The authby parameter specifies the authentication
|
||||||
|
method to authentificate ourself, the other peer may use PSK or RSA.
|
||||||
|
|
||||||
|
- Changed retransmission policy to respect the keyingtries parameter.
|
||||||
|
|
||||||
|
- Added private key decryption. PEM keys encrypted with AES or DES/3DES are
|
||||||
|
supported.
|
||||||
|
|
||||||
|
- Implemented DES/3DES algorithms in libstrongswan. 3DES can be used to
|
||||||
|
encrypt IKE traffic.
|
||||||
|
|
||||||
|
- Implemented SHA-256/384/512 in libstrongswan, allows usage of certificates
|
||||||
|
signed with such a hash algorithm.
|
||||||
|
|
||||||
|
- Added initial support for updown scripts. The actions up-host/client and
|
||||||
|
down-host/client are executed. The leftfirewall=yes parameter
|
||||||
|
uses the default updown script to insert dynamic firewall rules, a custom
|
||||||
|
updown script may be specified with the leftupdown parameter.
|
||||||
|
|
||||||
|
|
||||||
strongswan-4.0.3
|
strongswan-4.0.3
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue