12009-08-13  tag ipsec-tools-0_7_3
2
32009-08-13  Yvan Vanhullebus <vanhu@netasq.com>
4
5	* NEWS, configure.ac: 0.7.3 release
6
7	* src/racoon/oakley.c: fixed a potential DoS in
8	  oakley_do_decrypt(), reported by Orange Labs
9
102009-08-06  Timo Teras <timo.teras@iki.fi>
11
12	* src/setkey/setkey.c: From Paul Wenau: Check fgets return value in
13	  setkey to make gcc happy.
14
152009-06-19  Timo Teras <timo.teras@iki.fi>
16
17	* src/racoon/ipsec_doi.c: Backport S.P.Zeidler's fix to IPv6
18	  address related stack smashing in ipsecdoi_id2str() from CVS HEAD.
19
202009-05-18  Timo Teras <timo.teras@iki.fi>
21
22	* src/racoon/isakmp_inf.c: From Tomas Mraz: Remove variable that is
23	  not really used; only referenced while uninitialized causing
24	  valgrind error.
25
26	* src/racoon/nattraversal.c: From Tomas Mraz: Fix natt_flags check.
27
282009-04-29  Timo Teras <timo.teras@iki.fi>
29
30	* src/racoon/crypto_openssl.c: From Ross Meng: Fix a memory leak in
31	  X509 certificate validation.
32
332009-04-22  tag ipsec-tools-0_7_2
34
352009-04-22  Timo Teras <timo.teras@iki.fi>
36
37	* NEWS, configure.ac: Updates for 0.7.2 release
38
39	* src/racoon/isakmp_frag.c: From Neil Kettle: Fix a possible null
40	  pointer dereference in fragmentation code.
41
422009-04-20  Timo Teras <timo.teras@iki.fi>
43
44	* src/racoon/: isakmp_inf.c, isakmp_xauth.c, plog.c: Orignally from
45	  Bin Li: Fix possible memory corruption in binsanitize().
46
47	* src/racoon/crypto_openssl.c: From Stephen Bevan: Fix a x509
48	  signature verification memory leak.
49
50	* src/racoon/: admin.c, racoonctl.c: Originally from Bin Li: Fix a
51	  crash with racoonctl logout user.
52
53	* src/racoon/nattraversal.c: Fix a memory leak in nat-t keepalive
54	  code.
55
56	* src/racoon/handler.c: From Paul Moore: Phase2 message id's should
57	  be unique wrt phase1, not globally.
58
592009-02-16  Timo Teras <timo.teras@iki.fi>
60
61	* src/libipsec/policy_parse.y: From Paul Moore: Fix a heap
62	  corruption bug (yacc return non-null terminated buffer and sprintf
63	  writes over bounds).
64
652009-01-20  Timo Teras <timo.teras@iki.fi>
66
67	* configure.ac: Fix a CPPLAGS typo to CPPFLAGS which was intended
68
69	* misc/cvs2cl.pl, misc/cvsusermap, Makefile.am: Autogenerate
70	  ChangeLog from NetBSD CVS. Put sourceforge.net changes to
71	  ChangeLog.old.
72
73	* misc/cvs2cl.pl: file cvs2cl.pl was added on branch
74	  ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000
75
76	* misc/cvsusermap: file cvsusermap was added on branch
77	  ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000
78
792008-11-27  Yvan Vanhullebus <vanhu@netasq.com>
80
81	* src/racoon/main.c: Set up a default value for Mode Config Pool
82	  size if pool address specified but pool size not specified
83
84	* src/racoon/isakmp_cfg.c: Fixed pool resizing
85
862008-09-25  Yvan Vanhullebus <vanhu@netasq.com>
87
88	* src/racoon/isakmp.c: Fixed resending mechanism to have non-ESP
89	  marker for retransmitted packets
90
912008-09-17  Yvan Vanhullebus <vanhu@netasq.com>
92
93	* src/racoon/isakmp_inf.c: Fixed port match in purge_ipsec_spi()
94	  when NAT-T enabled and trying to purge non NAT-T SAs
95
962008-08-12  Yvan Vanhullebus <vanhu@netasq.com>
97
98	* src/racoon/isakmp.c: From Krzysztof Oledzki: Remove ph1handler if
99	  we received an invalid first exchange from initiator.
100
1012008-07-23  tag ipsec-tools-0_7_1
102
1032008-07-23  Yvan Vanhullebus <vanhu@netasq.com>
104
105	* NEWS: NEWS for 0.7.1 release
106
1072008-07-23  Timo Teras <timo.teras@iki.fi>
108
109	* src/racoon/Makefile.am: Do not use GNU make specific extension.
110
111	* src/: libipsec/Makefile.am, racoon/Makefile.am,
112	  setkey/Makefile.am: Do flex/bison invocation in a more standard
113	  way, and keep the generated files in the dist tarball.
114
1152008-07-22  Yvan Vanhullebus <vanhu@netasq.com>
116
117	* configure.ac: 0.7.1 coming !
118
119	* src/racoon/proposal.c: From Kohki Ohhira: fix some memory leaks,
120	  when malloc fails or when peer sends invalid proposal.
121
1222008-07-21  Timo Teras <timo.teras@iki.fi>
123
124	* src/racoon/cfparse.y: Correct typo to fix the build.
125
126	* src/racoon/cfparse.y: Do not set default gss id if xauth is used.
127
1282008-07-15  Matthew Grooms <mgrooms@shrew.net>
129
130	* src/racoon/isakmp_cfg.c: Fix an a typo that prevented racoon from
131	  building with hybrid enabled.
132
133	* src/racoon/: crypto_openssl.c, eaytest.c, misc.c, misc.h,
134	  racoonctl.c: Fix a conflict with the FreeBSD 8 system hexdump
135	  function.
136
1372008-07-11  Timo Teras <timo.teras@iki.fi>
138
139	* src/racoon/: isakmp.c, isakmp_inf.c: Original patch from Atis
140	  Elsts: Fix a double memory free and a memory corruption
141	  (LIST_REMOVE() on an uninserted node) in some error handling paths.
142
1432008-07-09  Timo Teras <timo.teras@iki.fi>
144
145	* src/racoon/cfparse.y: From Chong Peng: fix a file descriptor and
146	  memory leak on configuration file reread
147
1482008-07-02  Yvan Vanhullebus <vanhu@netasq.com>
149
150	* src/racoon/isakmp_inf.c: From Timo Teras: fixed some %d to %zu
151	  (size_t values).
152
1532008-06-18  Matthew Grooms <mgrooms@shrew.net>
154
155	* src/racoon/: grabmyaddr.c, admin.c, ipsec_doi.c, isakmp.c,
156	  isakmp_cfg.c, isakmp_inf.c, remoteconf.c: Use utility functions
157	  to evaluate and manipulate network port values. No functional
158	  changes. Submitted by Timo Teras.
159
1602008-04-25  Yvan Vanhullebus <vanhu@netasq.com>
161
162	* src/racoon/isakmp_inf.c: From Timo Teras: extract port numbers
163	  from SADB_X_EXT_NAT_T[SD]PORT if present in purge_ipsec_spi().
164
1652008-03-06  Yvan Vanhullebus <vanhu@netasq.com>
166
167	* src/racoon/oakley.c: Generates a log if cert validation has been
168	  disabled by configuration
169
1702008-03-05  Matthew Grooms <mgrooms@shrew.net>
171
172	* src/racoon/cfparse.y: Properly initialize the unity network
173	  struct to prevent erroneous protocol and port info from being
174	  transmitted.
175
176	* src/racoon/pfkey.c: Provide better handling for pfkey socket read
177	  errors. Submitted by Timo Teras.
178
1792008-02-25  Emmanuel Dreyfus <manu@netbsd.org>
180
181	* src/racoon/ipsec_doi.c: From Brian Haley <brian.haley@hp.com>:
182	  There's a cut/paste error in cmp_aproppair_i(), it's supposed to be
183	  checking spi_size but it's not.  I'm not sure this patch is correct,
184	  but what's there isn't either.
185
186	  Add fogotten entry in ChangeLog
187
1882008-02-22  Emmanuel Dreyfus <manu@netbsd.org>
189
190	* src/racoon/isakmp.c: Fix bad address length computation, from
191	  Brian Haley.
192
1932008-01-11  Yvan Vanhullebus <vanhu@netasq.com>
194
195	* src/racoon/isakmp_inf.c: From Timo Teras: reset iph1->dpd_r_u in
196	  the scheduler's callback, to avoid access to freed memory.
197
198	* src/racoon/crypto_openssl.c: From Krzysztof Oledzki: Fix
199	  compilation with IDEA and recent gcc.
200
201	* src/racoon/isakmp_inf.c: From Krzysztof Oledzki: added some
202	  details to some logs (also reported new getph1byaddr() arg).
203
204	* src/racoon/isakmp.c: From Krzysztof Oledzki: Only search for
205	  established ph1 handles in DPD (also reported new getph1byaddr()
206	  arg).
207
208	* src/racoon/: handler.c, handler.h: added an 'established' arg to
209	  getph1byaddr()
210
2112007-11-29  Yvan Vanhullebus <vanhu@netasq.com>
212
213	* src/racoon/Makefile.am: From Natanael Copa: fixed a race
214	  condition when building yacc stuff.
215
2162007-11-06  Yvan Vanhullebus <vanhu@netasq.com>
217
218	* src/racoon/crypto_openssl.c: From Scott Lamb: include plog.h to
219	  work with the new plog macro.
220
221	* src/racoon/kmpstat.c: From Scott Lamb: plog changed to _plog to
222	  work with new plog macro
223
224	* src/racoon/: plog.c, plog.h: From Scott Lamb: new plog macro.
225
2262007-10-15  Yvan Vanhullebus <vanhu@netasq.com>
227
228	* src/libipsec/pfkey.c: Try to increase the buffer size of the
229	  pfkey socket, this may help things when we have a huge SPD
230
2312007-09-19  Matthew Grooms <mgrooms@shrew.net>
232
233	* configure.ac: Fix autoconf check for selinux support. Submitted
234	  by Joy Latten.
235
2362007-09-03  Matthew Grooms <mgrooms@shrew.net>
237
238	* src/racoon/: cftoken.l, racoon.conf.5: Correct the syntax for
239	  wins4 in the man page and add nbns4 as an alias. Pointed out by
240	  Claas Langbehn.
241
2422007-08-09  tag ipsec-tools-0_7
243
2442007-08-09  Matthew Grooms <mgrooms@shrew.net>
245
246	* NEWS, configure.ac: Prepare for 0.7 release tag.
247
2482007-08-07  Emmanuel Dreyfus <manu@netbsd.org>
249
250	* src/racoon/isakmp_xauth.c: Don't mix up RADIUS authentication and
251	  authorization ports. Allow interoperability with freeradius
252
2532007-08-01  Yvan Vanhullebus <vanhu@netasq.com>
254
255	* configure.ac, src/libipsec/ipsec_dump_policy.c,
256	  src/libipsec/ipsec_get_policylen.c,
257	  src/libipsec/ipsec_strerror.c, src/libipsec/key_debug.c,
258	  src/libipsec/libpfkey.h, src/libipsec/pfkey.c,
259	  src/libipsec/pfkey_dump.c, src/libipsec/policy_parse.y,
260	  src/libipsec/policy_token.l, src/libipsec/test-policy-priority.c,
261	  src/racoon/admin.c, src/racoon/backupsa.c, src/racoon/cfparse.y,
262	  src/racoon/cftoken.l, src/racoon/ipsec_doi.c,
263	  src/racoon/isakmp.c, src/racoon/isakmp_inf.c,
264	  src/racoon/isakmp_quick.c, src/racoon/pfkey.c,
265	  src/racoon/policy.c, src/racoon/proposal.c,
266	  src/racoon/remoteconf.c, src/racoon/sainfo.c,
267	  src/racoon/session.c, src/racoon/sockmisc.c,
268	  src/racoon/strnames.c, src/setkey/parse.y, src/setkey/setkey.c,
269	  src/setkey/token.l: use a single PATH_IPSEC_H to fix some
270	  path_to_ipsec.h issues
271
2722007-07-24  Matthew Grooms <mgrooms@shrew.net>
273
274	* NEWS: Update NEWS file with additional 0.7 improvements.
275
2762007-07-18  Matthew Grooms <mgrooms@shrew.net>
277
278	* src/racoon/racoon.conf.5: Various racoon configuration manpage
279	  updates.
280
2812007-07-16  Yvan Vanhullebus <vanhu@netasq.com>
282
283	* src/racoon/grabmyaddr.c: fixed a socket leak
284
2852007-06-12  tag ipsec-tools-0_7-RC1
286
2872007-06-12  tag ipsec-tools-0_7-rc1
288
2892007-06-12  Emmanuel Dreyfus <manu@netbsd.org>
290
291	* configure.ac: ipsec-tools used to use tags in lower case
292
2932007-06-12  Yvan Vanhullebus <vanhu@netasq.com>
294
295	* configure.ac: 0.7-RC1
296
2972007-06-07  Emmanuel Dreyfus <manu@netbsd.org>
298
299	* src/racoon/: main.c, policy.h, security.c: From Joy Latten
300	  <latten@austin.ibm.com> Fix file descriptor shortage when using
301	  labeled IPsec.
302
303	* src/racoon/isakmp_cfg.c: From Paul Winder
304	  <Paul.Winder@tadpole.com> Fix ignored INTERNAL_DNS4_LIST
305
3062007-06-06  Yvan Vanhullebus <vanhu@netasq.com>
307
308	* src/racoon/: eaytest.c, var.h: From Rong-En Fan: fix compilation
309	  with gcc 4.2
310
3112007-06-06  Emmanuel Dreyfus <manu@netbsd.org>
312
313	* src/racoon/kmpstat.c: From Jianli Liu <jlliu@nortel.com>: Use the
314	  specified socket path instead of the default location
315
3162007-06-06  Yvan Vanhullebus <vanhu@netasq.com>
317
318	* src/racoon/session.c: From Jianli Liu: speed up interfaces update
319	  when they change.
320
321	* src/racoon/handler.c: ignore obsolete lifebyte when validating
322	  reloaded configuration
323
3242007-05-04  Yvan Vanhullebus <vanhu@netasq.com>
325
326	* src/racoon/handler.c: search a ph1 by address if iph2->ph1 is
327	  NULL when validating the new config
328
329	* src/racoon/handler.c: added some debug in getph1byaddr() to track
330	  some port matching problems with NAT-T
331
332	* src/racoon/isakmp.c: added some debug in isakmp_chkph1there() to
333	  track some port matching problems with NAT-T
334
335	* src/racoon/isakmp_inf.c: added some debug for DELETE_SA process
336
337	* src/racoon/pfkey.c: Force the update of ph2 in pk_recvupdate() if
338	  NAT_T support, to solve some port match problems with the first
339	  IPSec SAs negociated as initiator
340
3412007-04-04  Yvan Vanhullebus <vanhu@netasq.com>
342
343	* src/racoon/ipsec_doi.c: checks proto_id in ipsecdoi_chkcmpids()
344
345	* src/racoon/oakley.c: dumps peer's ID and peer's certificate
346	  subject /subjectaltname if they don't match
347
3482007-03-29  tag ipsec-tools-0_7-beta3
349
3502007-03-29  Emmanuel Dreyfus <manu@netbsd.org>
351
352	* configure.ac: Bump to 0.7beta3
353
3542007-03-26  Yvan Vanhullebus <vanhu@netasq.com>
355
356	* src/racoon/isakmp_inf.c: Store the DPD main scheduler in ph1
357	  handler, to be able to cancel it when removing the handler, and some
358	  minor cleanups in DPD code
359
3602007-03-23  Yvan Vanhullebus <vanhu@netasq.com>
361
362	* src/racoon/: ipsec_doi.c, security.c: From Joy Latten: fix a
363	  segfault when using security labels between 32bit and 64bit host.
364
365	* src/racoon/handler.c: expire zombie handlers in getph2byid(), to
366	  avoid situations where we'll never negociate a phase2 again
367
368	* src/racoon/: oakley.c, racoon.conf.5: From Cyrus Rahman: give
369	  more details about what is checked when using certificates to
370	  authenticate
371
3722007-03-22  Yvan Vanhullebus <vanhu@netasq.com>
373
374	* src/racoon/: cfparse.y, ipsec_doi.c: fixed subnet check to
375	  generate IPV4_ADDRESS when needed in sockaddr2id()
376
3772007-03-21  Yvan Vanhullebus <vanhu@netasq.com>
378
379	* src/racoon/: handler.c, isakmp.c, isakmp_inf.c, pfkey.c: NULL
380	  sched check is now done in SCHED_KILL
381
382	* src/racoon/schedule.h: checks if arg is NULL in SCHED_KILL
383
3842007-03-15  Yvan Vanhullebus <vanhu@netasq.com>
385
386	* src/racoon/grabmyaddr.c: From Yves-Alexis Perez: enable
387	  monitoring of ipv6 address changes on Linux.
388
389	* src/racoon/isakmp.c: Consider a negociation timeout when
390	  retry_counter is <=0 instead of < 0
391
3922007-03-06  tag ipsec-tools-0_7-beta2
393
3942007-03-06  Emmanuel Dreyfus <manu@netbsd.org>
395
396	* configure.ac: Bump to 0.7beta2
397
3982007-03-01  Matthew Grooms <mgrooms@shrew.net>
399
400	* src/racoon/ipsec_doi.c: Add logic to allow ip address ids to be
401	  matched to ip subnet ids when appropriate.
402
4032007-02-21  Yvan Vanhullebus <vanhu@netasq.com>
404
405	* src/racoon/ipsec_doi.c: block variable declaration before code in
406	  ipsecdoi_id2str()
407
4082007-02-20  Yvan Vanhullebus <vanhu@netasq.com>
409
410	* src/racoon/isakmp_inf.c: Removed a debug printf....
411
412	* src/racoon/isakmp.c: Only delete a generated SPD if it's creation
413	  date matches the creation date of the SA we are currently deleting
414
415	* src/racoon/: handler.c, isakmp_var.h: updated delete_spd() calls
416
417	* src/racoon/: isakmp_inf.c, pfkey.c: fills creation date of
418	  generated SPDs
419
420	* src/racoon/policy.h: added 'created' var
421
4222007-02-19  Yvan Vanhullebus <vanhu@netasq.com>
423
424	* src/racoon/isakmp.c: Removed a debug printf....
425
4262007-02-16  tag ipsec-tools-0_7-beta1
427
4282007-02-16  Emmanuel Dreyfus <manu@netbsd.org>
429
430	* configure.ac: Bump to 0.7beta1
431
4322007-02-16  Yvan Vanhullebus <vanhu@netasq.com>
433
434	* src/racoon/ipsec_doi.c: From Olivier Warin: Fix a %zu in a
435	  printf.
436
4372007-02-15  Emmanuel Dreyfus <manu@netbsd.org>
438
439	* src/racoon/security.c: Missing file for SELinux
440
441	* configure.ac: Missing stuff for SELinux
442
4432007-02-15  Yvan Vanhullebus <vanhu@netasq.com>
444
445	* src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: Just
446	  expire a ph1 handle when receiving a DELETE-SA instead of calling
447	  purge_remote().
448
449	* src/racoon/isakmp.c: Fixed the way phase1/2 messages are
450	  sent/resent, to avoid zombie handles and acces to freed memory
451
4522007-02-02  Yvan Vanhullebus <vanhu@netasq.com>
453
454	* src/racoon/cfparse.y: Fixed a check of NAT-T support in libipsec
455
4562007-02-01  Yvan Vanhullebus <vanhu@netasq.com>
457
458	* src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: When
459	  receiving an ISAKMP DELETE_SA, get the cookie of the SA to be
460	  deleted from payload instead of just deleting the ISAKMP SA used to
461	  protect the informational exchange.
462
4632006-12-18  Yvan Vanhullebus <vanhu@netasq.com>
464
465	* src/racoon/crypto_openssl.c: From Joy Latten: fix a memory leak
466
4672006-12-10  tag ipsec-tools-0_7-base
468
4692006-12-10  Emmanuel Dreyfus <manu@netbsd.org>
470
471	* src/: libipsec/Makefile.am, libipsec/libpfkey.h,
472	  libipsec/pfkey.c, racoon/backupsa.c, racoon/cfparse.y,
473	  racoon/pfkey.c: Bring back API and ABI backward compatibility
474	  with previous libipsec before recent interface change. Bump libipsec
475	  minor version. Remove ifdefs in struct pfkey_send_sa_args to avoid
476	  ABI compatibility lossage.  Add a capability flags to detect missing
477	  optional feature in libipsec
478
479	* src/racoon/: Makefile.am, doc/README.plainrsa: From Joy Latten:
480	  README.plainrsa documenting plain RSA auth
481
4822006-12-09  Emmanuel Dreyfus <manu@netbsd.org>
483
484	* configure.ac, src/libipsec/libpfkey.h, src/libipsec/pfkey.c,
485	  src/racoon/Makefile.am, src/racoon/backupsa.c,
486	  src/racoon/backupsa.h, src/racoon/cftoken.l,
487	  src/racoon/ipsec_doi.c, src/racoon/ipsec_doi.h,
488	  src/racoon/isakmp_inf.c, src/racoon/isakmp_quick.c,
489	  src/racoon/pfkey.c, src/racoon/policy.c, src/racoon/policy.h,
490	  src/racoon/proposal.c, src/racoon/proposal.h,
491	  src/racoon/remoteconf.c: From Joy Latten: Add support for SELinux
492	  security contexts. Also cleanup the libipsec interface for adding
493	  and updating security associations.
494
495	* src/racoon/racoon.conf.5: From Simon Chang: More hints about
496	  plain RSA authentication
497
4982006-12-05  Yvan Vanhullebus <vanhu@netasq.com>
499
500	* src/racoon/: proposal.c, proposal.h, racoon.conf.5: Check keys
501	  length regarding proposal_check level
502
5032006-11-16  Matthew Grooms <mgrooms@shrew.net>
504
505	* src/racoon/sainfo.c: Correct issues associated with anonymous
506	  sainfo selection in racoon.
507
5082006-11-09  Christos Zoulas <christos@netbsd.org>
509
510	* src/racoon/crypto_openssl.c: eliminate the only variable stack
511	  array allocation.
512
5132006-10-31  Christian Biere <cbiere@netbsd.org>
514
515	* src/racoon/sockmisc.c: Don't define the deprecated
516	  IPV6_RECVDSTADDR if the "advanced IPv6 API" is used because
517	  IPV6_RECVPKTINFO and IPV6_PKTINFO are used to prevent potential bugs
518	  in the future just in case that the numeric value of the socket
519	  option is ever recycled.
520
5212006-10-22  Yvan Vanhullebus <vanhu@netasq.com>
522
523	* src/racoon/: backupsa.c, cfparse.y: From Michal Ruzicka: fix
524	  typos
525
5262006-10-19  Yvan Vanhullebus <vanhu@netasq.com>
527
528	* src/racoon/sainfo.c: From Matthew Grooms: use
529	  ipsecdoi_chkcmpids() and changed src/dst to loc/rmt in getsainfo().
530
531	* src/racoon/: ipsec_doi.c, ipsec_doi.h: From Matthew Grooms: Added
532	  ipsecdoi_chkcmpids() function.
533
5342006-10-09  Emmanuel Dreyfus <manu@netbsd.org>
535
536	* src/racoon/proposal.c: Fix memory leak (Coverity 3438 and 3437)
537
538	* src/racoon/isakmp_unity.c: Correctly check read() return value:
539	  it's signed (Coverity 1251)
540
5412006-10-06  Emmanuel Dreyfus <manu@netbsd.org>
542
543	* configure.ac, src/libipsec/pfkey_dump.c, src/racoon/algorithm.c,
544	  src/racoon/algorithm.h, src/racoon/cftoken.l,
545	  src/racoon/crypto_openssl.c, src/racoon/crypto_openssl.h,
546	  src/racoon/eaytest.c, src/racoon/ipsec_doi.c,
547	  src/racoon/ipsec_doi.h, src/racoon/oakley.h, src/racoon/pfkey.c,
548	  src/racoon/racoon.conf.5, src/racoon/strnames.c,
549	  src/setkey/setkey.8, src/setkey/test-pfkey.c, src/setkey/token.l:
550	  Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki
551	  <okazaki@kick.gr.jp>
552
5532006-10-03  Emmanuel Dreyfus <manu@netbsd.org>
554
555	* src/racoon/admin.c: fix endianness issue introduced yesterday
556
5572006-10-03  Yvan Vanhullebus <vanhu@netasq.com>
558
559	* src/racoon/racoon.conf.5: Added remoteid/ph1id syntax
560
561	* src/racoon/: cfparse.y, cftoken.l: Parses remoteid/ph1id values
562
563	* src/racoon/: handler.c, isakmp_quick.c, pfkey.c, sainfo.c: Uses
564	  remoteid/ph1id values
565
566	* src/racoon/: remoteconf.h, sainfo.h: Added remoteid/ph1id values
567
5682006-10-02  Emmanuel Dreyfus <manu@netbsd.org>
569
570	* src/racoon/isakmp_base.c:
571	   avoid reusing free'd pointer (Coverity 2613)
572
573	* src/racoon/isakmp_inf.c: Check for NULL pointer (COverity 4175)
574
575	* src/racoon/isakmp_ident.c: Remove dead code (Coverity 3451)
576
577	* src/racoon/algorithm.c: Fix array overrun (Coverity 4172)
578
579	* src/racoon/admin.c: Fix memory leak (Coverity 2002)
580
581	* src/racoon/: admin.c, isakmp.c, sockmisc.c: Fix memory leak
582	  (Coverity 2001), refactor the code to use port get/set functions
583
584	* src/racoon/admin.c: Avoid reusing free'd pointer (Coverity 4200)
585
586	* src/racoon/oakley.c: Don't use NULL pointer (Coverity 3443),
587	  reformat to 80 char/line
588
5892006-10-02  Tom Spindler <dogcow@netbsd.org>
590
591	* src/racoon/ipsec_doi.c: If you're going to initialize a pointer,
592	  you have to init it with a pointer type, not an int.
593
5942006-10-02  Emmanuel Dreyfus <manu@netbsd.org>
595
596	* src/racoon/isakmp.c: Don't use NULL pointer (coverity 3439)
597
598	* src/racoon/ipsec_doi.c: Don't use NULL pointer (Coverity 1334)
599
600	* src/racoon/pfkey.c: Don't use NULL pointer (Coverity 944)
601
602	* src/racoon/proposal.c: Don't use NULL pointer (Coverity 941)
603
604	* src/racoon/racoonctl.c: Don't use NULL pointer (Coverity 942)
605
606	* src/racoon/sockmisc.c: Don't use null pointer (Coverity 863)
607
6082006-10-01  Emmanuel Dreyfus <manu@netbsd.org>
609
610	* src/racoon/ipsec_doi.c: FIx memory leak (Coverity 4181)
611
612	* src/racoon/isakmp.c: Check that iph1->remote is not NULL before
613	  using it (Coverity 3436)
614
6152006-09-30  Emmanuel Dreyfus <manu@netbsd.org>
616
617	* src/racoon/isakmp_agg.c: emove dead code (Coverity 4165)
618
619	* src/racoon/isakmp_cfg.c: Fix memory leak (Coverity 4179)
620
621	* src/racoon/samples/roadwarrior/client/: phase1-down.sh,
622	  phase1-up.sh: update the scripts for wrorking around routing
623	  problems on NetBSD
624
625	* src/racoon/session.c: Reuse existing code for closing IKE
626	  sockets, and avoid screwing things by setting p->sock = -1, which is
627	  not expected (Coverity 4173).
628
629	* src/racoon/admin.c: Do not free id and key, as they are used
630	  later
631
6322006-09-29  Emmanuel Dreyfus <manu@netbsd.org>
633
634	* src/racoon/racoonctl.c: Fix the fix: handle_recv closes the
635	  socket, so we must call com_init before sending any data.
636
6372006-09-28  Emmanuel Dreyfus <manu@netbsd.org>
638
639	* src/racoon/isakmp_xauth.c: Fix unchecked mallocs (Coverity 4176,
640	  4174)
641
642	* src/racoon/racoonctl.c: Fix access after free (Coverity 4178)
643
6442006-09-26  Emmanuel Dreyfus <manu@netbsd.org>
645
646	* src/racoon/cfparse.y: Fix memory leak (Coverity)
647
648	* src/racoon/backupsa.c: Fix memory leak (Coverity)
649
650	* src/racoon/admin.c: Remove dead code (Coverity)
651
652	* src/racoon/admin.c: Fix memory leak (Coverity)
653
654	* src/racoon/admin.c: One more memory leak
655
656	* src/racoon/admin.c: Fix memory leak in racoonctl (coverity)
657
658	* src/racoon/ipsec_doi.c: Fix buffer overflow Also fix credits: SA
659	  bundle fix was contributed by Jeff Bailey, not Matthew Grooms.
660	  Matthew updated the patch for current code, though.
661
662	* src/racoon/: pfkey.c, proposal.c: fix SA bundle (e.g.: for
663	  negotiating ESP+IPcomp)
664
6652006-09-25  Yvan Vanhullebus <vanhu@netasq.com>
666
667	* src/racoon/isakmp.c: From Yves-Alexis Perez: struct ip -> struct
668	  iphdr for Linux
669
6702006-09-25  Emmanuel Dreyfus <manu@netbsd.org>
671
672	* src/racoon/isakmp.c: style (mostly for testing
673	  ipsec-tools-commits@netbsd.org)
674
675	* src/racoon/ipsec_doi.c: Fix double free, from Matthew Grooms
676
6772006-09-21  Yvan Vanhullebus <vanhu@netasq.com>
678
679	* src/libipsec/pfkey.c: use sysdep_sa_len to make it compile on
680	  Linux
681
6822006-09-19  Thomas Klausner <wiz@netbsd.org>
683
684	* src/racoon/racoon.conf.5: Bump date for ike_frag force.
685
686	* src/racoon/: plainrsa-gen.8, racoon.conf.5: New sentence, new
687	  line.
688
689	* src/racoon/: racoon.conf.5, plainrsa-gen.8: Remove trailing
690	  whitespace.
691
6922006-09-19  Yvan Vanhullebus <vanhu@netasq.com>
693
694	* src/racoon/proposal.c: From Yves-Alexis Perez: fixes default
695	  value for encmodesv in set_proposal_from_policy()
696
697	* src/racoon/isakmp.c: always include some headers, as they are
698	  required even without NAT-T
699
700	* src/: libipsec/pfkey_dump.c, setkey/token.l: From Larry Baird:
701	  define SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed
702
703	* src/racoon/crypto_openssl.c: From Larry Baird: some printf() ->
704	  plog()
705
7062006-09-18  Emmanuel Dreyfus <manu@netbsd.org>
707
708	* src/racoon/: cfparse.y, cftoken.l, isakmp.c, isakmp_frag.h,
709	  isakmp_inf.c, racoon.conf.5, remoteconf.c: From Matthew Grooms:
710	  ike_frag force option to force the use of IKE on first packet
711	  exchange (prior to peer consent)
712
7132006-09-18  Yvan Vanhullebus <vanhu@netasq.com>
714
715	* rpm/suse/ipsec-tools.spec, src/racoon/prsa_tok.c: removed
716	  generated files from the CVS
717
718	* src/racoon/prsa_par.c: removed generated files from the CVS
719
720	* src/racoon/: cfparse.c, cftoken.c: removed generated files from
721	  the CVS
722
7232006-09-18  Emmanuel Dreyfus <manu@netbsd.org>
724
725	* src/racoon/isakmp.c: From Matthew Grooms: handle IKE frag used in
726	  the first packet. That should not normally happen, as the initiator
727	  does not know yet if the responder can handle IKE frag.  However, in
728	  some setups, the first packet is too big to get through, and
729	  assuming the peer supports IKE frag is the only way to go.
730
731	  racoon should have a setting in the remote section to do taht
732	  (something like ike_frag force)
733
7342006-09-16  Emmanuel Dreyfus <manu@netbsd.org>
735
736	* src/racoon/ipsec_doi.c: Trivial bugfix in RFC2407 4.6.2
737	  conformance, from Matthew Grooms
738
7392006-09-15  Emmanuel Dreyfus <manu@netbsd.org>
740
741	* src/racoon/ipsec_doi.c: Fix build on Linux
742
743For older changes see ChangeLog.old
744