Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Autogenerate ChangeLog from NetBSD CVS. Put sourceforge.net changes to 

ChangeLog.old.
This commit is contained in:
tteras 2009-01-20 14:36:07 +00:00
parent 5792116078
commit 2b68c3a06a
4 changed files with 3321 additions and 812 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

811
crypto/dist/ipsec-tools/ChangeLog → crypto/dist/ipsec-tools/ChangeLog.old vendored
View File

@ -1,814 +1,3 @@
2009-01-10 Timo Teras <timo.teras@iki.fi>
From Cyrus Rahman <crahman@gmail.com>:
* src/racoon/{crypto_openssl.c|racoon.conf.5}: accept RFC2253
compliant escaped special characters for asn1dn identifier
2009-01-09 Timo Teras <timo.teras@iki.fi>
* configure.ac: fix a CPPLAGS typo
2009-01-05 Timo Teras <timo.teras@iki.fi>
* src/racoon/session.c: do not use counting in signal handling
as it was unsafe by not using atomic functions (post increment
is not necessarily atomic). instead reap all children on
SIGCHLD as that was the only signal needing signal counting.
* src/racoon/{cfparse.y|cftoken.l|racoon.conf.5}: remove obsolete
configuration options, fix radius configuration block and
add GRE as recognized protocol
2008-12-30 Timo Teras <timo.teras@iki.fi>
* src/racoon/session.c: reset working copy of select mask after
call to schedular() as it can change file descriptor mask
(this was broken by my commit on 2008-12-23)
2008-12-23 Timo Teras <timo.teras@iki.fi>
* src/racoon/{admin.c|admin_var.h|cfparse.y|debug.h|evt.c|evt.h|
grabmyaddr.c|grabmyaddr.h|handler.h|isakmp.c|isakmp_inf.c|
isakmp_var.h|localconf.c|localconf.h|main.c|nattraversal.c|
pfkey.c|pfkey.h|privsep.c|session.c|session.h}: rewrite
local address detection, make some functions static that are
not needed global, rework how fd_set is construction for the
main loop select()
* src/racoon/{cfparse.y|cftoken.l|localconf.h|localconf.c|
ipsec_doi.c|racoon.conf.5}: remove the obsoleted global identity
configuration option
2008-12-18 Timo Teras <timo.teras@iki.fi>
From Arnaud Ebalard <arno@natisbad.org>:
* src/racoon/pfkey.c: delete larval ph2handles when expire
with hard lifetime received
2008-12-16 Timo Teras <timo.teras@iki.fi>
* src/racoon/pfkey.c: Fix transport mode address selection
in acquire handling (broke on 2008-12-05 commit)
* README: Update maintainers, links and add links to CVS and trac
2008-12-08 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp.c: Fixed compilation when DPD support is
disabled.
* src/racoon/grabmyaddr.c: Fixed compilation on FreeBSD
(RTM_IFINFO and RTM_OIFINFO stuff).
2008-12-08 Timo Teras <timo.teras@iki.fi>
* src/racoon/{pfkey.c|privsep.c|privsep.h}: do not cache pfkey
sockets for SA dumps: it might cause some notifications to
not be handled when select() has triggered pfkey, but timer
event calls pfkey_dump_sadb() before reading pfkey socket
2008-12-05 Timo Teras <timo.teras@iki.fi>
From Arnaud Ebalard <arno@natisbad.org>:
* src/libipsec/{key_debug.c|libpfkey.h|pfkey.c}: library functions
for SADB_X_EXT_KMADDRESS and updated SADB_X_MIGRATE support
* src/racoon/{handler.c|handler.h|ipsec_doi.c|isakmp.c|
isakmp_quick.c|pfkey.c|policy.c|policy.h}: support Mobile IPv6
per draft-ebalard-mext-pfkey-enhanced-migrate (minor fixes to
the patch by me)
2008-12-04 Christoph Badura <bad@netbsd.org>
* src/racoon/privsep.c: use SIG_IGN to ignore SIGPIPE as I intended
to.
2008-12-02 Timo Teras <timo.teras@iki.fi>
* src/racoon/session.c: Default action for SIGPIPE in Linux is
terminate; explicitly ignore it.
2008-11-27 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp_cfg.c: Fixed pool resizing.
* src/racoon/main.c: Set up a default value for Mode Config Pool
size if pool address specified but pool size not specified.
2008-11-27 Timo Teras <timo.teras@iki.fi>
From Matthew Krenzer <krenzer@wayport.net>:
* libipsec/{libpfkey.h|pfkey.c}, racoon/{cfparse.y,cftoken.l,
localconf.c,localconf.h,pfkey.c,racoon.conf.5}: ability to set
pfkey buffer size via a configuration directive (indentation and
other minor fixes by Timo)
From Arnaud Ebalard <arno@natisbad.org>:
* src/racoon/pfkey.c: remove the unused MAXNESTEDSA
2008-11-25 Christoph Badura <bad@netbsd.org>
* src/racoon/isakmp.c:
Keep myaddr.sock at -1 when no socket is opened.
Fix error handling when setting IPV6_USE_MIN_MTU socket option.
* src/racoon/grabmyaddr.c:
Keep myaddr.sock at -1 when no socket is opened.
Use insmyaddr() instead of open coding it.
Log ignored addresses at informational level.
Make log message for ignored route messages more explicit.
Ignore RTM_DELETE and RTM_IFINFO as they aren't pertinant.
Ignore unspecified and looback addresses assigned to interfaces.
* src/racoon/{evt.c|session.c|privsep.c}:
Avoid using non-portable MSG_NOSIGNAL. Ignore SIGPIPE instead.
2008-11-08 Christoph Badura <bad@netbsd.org>
* src/racoon/samples/roadwarrior/client/{phase1-down.sh|phase1-up.sh}:
Prevent the scripts from becoming confused by IPv6 default routes.
Delete the VPN address after deleting the VPN routes on NetBSD, too.
Make the handling of NAT-T SPD entries automatic.
Print and check INTERNAL_NETMASK4.
Preserve owner and permissions of original /etc/resolv.conf.
Ensure that new /etc/resolv.conf isn't group or world writable.
2008-11-06 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/sainfo.c: fixed delsainfo() to avoid a crash when
iddst's value is SAINFO_CLIENTADDR.
2008-10-29 S.P.Zeidler <spz@serpens.de>
* src/racoon/ipsec_doi.c: Use sockaddr_storage to prevent
stack overflow. Initialize scope id for non-linklocal addresses.
2008-10-27 Timo Teras <timo.teras@iki.fi>
From Arnaud Ebalard <arno@natisbad.org>:
* src/racoon/isakmp_var.h: remove duplicate declaration
* src/racoon/session.c: initfds() needs to be called only if
monitored file descriptor numbers have changed
* src/racoon/grabmyaddr.c: fix indentation issues for readability
* src/racoon/pfkey.c: add missing return to error path
From Francis Dupont (sent by Arnaud Ebalard):
* src/racoon/grabmyaddr.c: recognize RTM_IFANNOUNCE
2008-10-23 Timo Teras <timo.teras@iki.fi>
From Krzysztof Piotr Oledzki <olel@ans.pl>:
* src/racoon/{privsep.c|session.c|session.h}: revert parts of
2008-08-06 commit; the problem those changes address are already
handled in a sensible way by Cyrus Rahman's patch from 2008-03-06
2008-10-09 Timo Teras <timo.teras@iki.fi>
From Arnaud Ebalard <arno@natisbad.org>:
* src/racoon/isakmp_quick.c: remove unbindph12() call that is
now done also in remph2()
2008-09-25 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp.c: Fixed resending mechanism to have non-ESP
marker for retransmitted packets.
2008-09-19 Timo Teras <timo.teras@iki.fi>
* src/racoon/{schedule.c|schedule.h|session.c|isakmp.c|
isakmp_var.h|handler.c|handler.h|isakmp_quick.c|pfkey.c|pfkey.h|
isakmp_inf.c|isakmp_xauth.c|isakmp_xauth.h|nattraversal.c}:
Change struct sched to be allocated be the caller and optimize
scheduler to be faster.
* src/racoon/{isakmp.c|isakmp_quick.c|handler.c|handler.h|proposal.c|
admin.c|isakmp_cfg.c|isakmp_inf.c|isakmp_var.h|pfkey.c|
isakmp_xauth.c|cfparse.y|cfparse.l|racoon.conf.5|remoteconf.c|
remoteconf.h}: Implement ISAKMP SA rekeying configurable with
rekey {on|off|force} option in remote conf.
2008-09-17 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp_inf.c: Fixed port match in purge_ipsec_spi()
when NAT-T enabled and trying to purge non NAT-T SAs.
2008-09-09 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/pfkey.c: Some calls to set_port() were not correctly
updated in the previous commit.
2008-09-03 Yvan Vanhullebus <vanhu@netasq.com>
From Tomas Mraz <tmraz@redhat.com>:
* src/racoon/pfkey.c: Duplicate addresses in pk_sendxxx functions, as
they may be altered for NAT-T stuff.
2008-09-03 Timo Teras <timo.teras@iki.fi>
* src/libipsec/pfkey.c: no satype check for Linux spdflush messages
* src/racoon/pfkey.c: handle SPD dump responses in pfkey_reload()
to make configuration reloading work better
* src/racoon/sockmisc.c: it is not an error to call extract_port()
with AF_UNSPEC address (happens with anonymous config blocks)
2008-08-12 Yvan Vanhullebus <vanhu@netasq.com>
From Krzysztof Oledzki <olel@ans.pl>:
* src/racoon/isakmp.c: Remove ph1handler if we received an invalid
first exchange from initiator.
2008-08-06 Timo Teras <timo.teras@iki.fi>
From Krzysztof Piotr Oledzki <olel@ans.pl>:
* src/racoon/{privsep.c|session.c|session.h}: make privileged
process exit if unprivileged process is terminated, spelling fixes
2008-07-23 Matthew Grooms
* src/racoon/cfparse.y
src/racoon/session.c : add missing ifdefs for non-radius builds
2008-07-23 Timo Teras <timo.teras@iki.fi>
* src/libipsec/Makefile.am
src/racoon/Makefile.am
src/setkey/Makefile.am : do not remove flex/bison generated files
in distclean, also add the generated header file as BUILT_SOURCES
and use the standard autotools rule for generating them
* src/racoon/Makefile.am : do not use GNU make specific extension
2008-07-22 Yvan Vanhullebus <vanhu@netasq.com>
From Kohki Ohhira <ohhira@src.ricoh.co.jp>:
* src/racoon/proposal.c: fixed some memory leaks, when malloc
fails or when peer sends invalid proposals.
2008-07-21 Matthew Grooms
* src/racoon/cfparse.y
src/racoon/cftoken.l
src/racoon/isakmp_cfg.c
src/racoon/isakmp_xauth.c
src/racoon/isakmp_xauth.h
src/racoon/main.c
src/racoon/racoon.conf.5
src/racoon/session.c : add radius config options for racoon.conf
* src/racoon/isakmp_cfg.c : fix hybrid enabled builds
2008-07-21 Timo Teras <timo.teras@iki.fi>
* src/racoon/cfparse.y : do not set default gss id if xauth is used
* src/racoon/isakmp_agg.c
src/racoon/isakmp_base.c
src/racoon/isakmp_ident.c
src/racoon/vendorid.c
src/racoon/vendorid.h : separate generic vendor id handling to
a new function and use it
2008-07-14 Matthew Grooms
* src/racoon/isakmp_cfg.c : fix hybrid enabled builds
2008-07-14 Matthew Grooms
* src/racoon/crypto_openssl.c
src/racoon/eaytest.c
src/racoon/misc.c
src/racoon/misc.h
src/racoon/racoonctl.c : fix conflict with freebsd8 hexdump()
2008-07-14 Timo Teras <timo.teras@iki.fi>
* src/racoon/handler.h
src/racoon/isakmp.c
src/racoon/isakmp_agg.c
src/racoon/isakmp_ident.c
src/racoon/isakmp_inf.c
src/racoon/isakmp_inf.h
src/racoon/isakmp_quick.c
src/racoon/strnames.c : clean ups to notification payload handling,
and handle INITIAL-CONTACT notification in last main mode exchange
(delayed) and during quick mode exchanges (Track:264)
* src/racoon/handler.h
src/racoon/ipsec_doi.c
src/racoon/ipsec_doi.h
src/racoon/isakmp_quick.c
src/racoon/pfkey.c : handle RESPONDER-LIFETIME notification
according to proposal check level (Track:265)
2008-07-11 Timo Teras <timo.teras@iki.fi>
Track:259, original patch from Atis Elsts <the.kfx@gmail.com>:
* src/racoon/isakmp.c, src/racoon/isakmp_inf.c: fix double memfree
by changing copy_ph1addresses() to not free ph1 on failure
and remove misplaced remph1() calls causing memory corruption
2008-07-09 Timo Teras <timo.teras@iki.fi>
Track:269, from Chong Peng <chongpeng@gmail.com>:
* src/racoon/cfparse.y: remove parser initialization causing
fd leak from cfreparse() since cfparse() initializes it anyway
2008-07-02 Yvan Vanhullebus <vanhu@netasq.com>
Track:266, from Timo Teras <timo.teras@iki.fi>:
* src/racoon/isakmp_inf.c: fixed some %d to %zu (size_t values)
2008-06-18 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/admin.h
src/racoon/admin.c
src/racoon/racoonctl.c
src/racoon/racoonctl.8 : acquire peer certificate via admin port
2008-06-18 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/misc.c
src/racoon/misc.h
src/racoon/admin.c
src/racoon/grabmyaddr.c
src/racoon/isakmp.c : avoid inherited file descriptor issues
2008-06-18 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/grabmyaddr.c
src/racoon/ipsec_doi.c
src/racoon/isakmp.c
src/racoon/isakmp_cfg.c
src/racoon/isakmp_inf.c
src/racoon/privsep.c
src/racoon/remoteconf.c
src/racoon/admin.c : network port value manipulation cleanup
2008-06-18 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/admin.c
src/racoon/racoonctl.c : admin port code cleanup
2008-06-18 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/pfkey.c : correct a phase2 status event
2008-05-08 Emmanuel Dreyfus <manu@netbsd.org>
From Christian Hohnstaedt <christian@hohnstaedt.de>:
* configure.ac: allow out of tree building
2008-04-25 Yvan Vanhullebus <vanhu@netasq.com>
Track:4, from Timo Teras <timo.teras@iki.fi>:
* src/racoon/isakmp_inf.c: extract ports information from
SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_spi()
2008-04-02 Emmanuel Dreyfus <manu@netbsd.org>
From Timo Teras <timo.teras@iki.fi>
* src/racoon/{sockmisc.h|sockmisc.c|Makefile.am}: fix Linux build
after 2008-03-28's change
2008-03-28 Emmanuel Dreyfus <manu@netbsd.org>
From Cyrus Rahman <crahman@gmail.com>
* src/racoon/{sockmisc.c|isakmp.c|isakmp_inf.c|privsep.c|privsep.h}
src/racoon/Makefile.am: allow interface reconfiguration when
running in privilege séparation mode
src/racoon/doc/README.privsep: new file on privilege separation
2008-03-06 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/oakley.c: Generates a log if cert validation has been
disabled by configuration.
2008-03-06 Emmanuel Dreyfus <manu@netbsd.org>
From Cyrus Rahman <crahman@gmail.com>
* src/racoon/{privsep.c|session.c}: privilegied instance exit when
unprivilegied one terminates. Save PID in real root, not in chroot
2008-03-05 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/admin.c
src/racoon/isakmp.c
src/racoon/isakmp_var.h
src/racoon/pfkey.c
src/racoon/racoonctl.c
src/racoon/racoonctl.8: establish IPsec SAs using the admin socket
2008-03-05 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/admin.c
src/racoon/admin.h
src/racoon/evt.c
src/racoon/evt.h
src/racoon/handler.c
src/racoon/handler.h
src/racoon/isakmp.c
src/racoon/isakmp_agg.c
src/racoon/isakmp_base.c
src/racoon/isakmp_cfg.c
src/racoon/isakmp_ident.c
src/racoon/isakmp_inf.c
src/racoon/isakmp_var.h
src/racoon/isakmp_xauth.c
src/racoon/racoonctl.8
src/racoon/racoonctl.c
src/racoon/session.c: refactor admin socket event protocol to be
less error prone.
2008-03-05 Matthew Grooms
* src/racoon/cfparse.y: properly initialize the unity network struct
2008-03-05 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/pfkey.c
src/racoon/pfkey.h
src/racoon/session.c: reload SPD on SIGHUP or adminport reload
* src/racoon/pfkey.c: better handling for pfkey socket read errors
2008-02-25 Emmanuel Dreyfus <manu@netbsd.org>
From Brian Haley <brian.haley@hp.com>
* src/racoon/ipsec_doi.c: Do check SPI size (it was not due to a typo)
2008-02-22 Emmanuel Dreyfus <manu@netbsd.org>
From Brian Haley <brian.haley@hp.com>
* src/racoon/isakmp.c: Fix address length
2008-02-10 S.P.Zeidler <spz@netbsd.org>
* src/racoon/ipsec_doi.c: fix NetBSD PR bin/37644
2008-01-11 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/handler.[ch]: added an 'established' arg to getph1byaddr()
From Krzysztof Oledzki <olel@ans.pl>:
* src/racoon/isakmp.c: Only search for established ph1 handles in
DPD (also reported new getph1byaddr() arg)
* src/racoon/isakmp_inf.c: added some details to some logs (also
reported new getph1byaddr() arg)
* src/racoon/crypto_openssl.c: fixed compilation with idea and
recent gcc
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/isakmp_inf.c: reset iph1->dpd_r_u in the scheduler's
callback, to avoid some access to freed memory
2007-12-30 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/racoonctl.8
src/racoon/racoonctl.c: add GRE protocol number to racoonctl
* src/racoon/policy.c: correct id wildcard matching for transport mode
* src/racoon/isakmp_inf.c: reset iph1->dpd_r_u in the scheduler's
callback, to avoid some access to freed memory
2007-12-11 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/handler.c
src/racoon/handler.h
src/racoon/isakmp_quick.c
src/racoon/pfkey.c: add support for nat-t oa payload handling.
2007-12-04 Matthew Grooms
From Timo Teras <timo.teras@iki.fi>:
* src/racoon/ipsec_doi.c
src/racoon/ipsec_doi.h
src/racoon/isakmp_quick.c: modify ipsecdoi_sockaddr2id to obtain host
address without specific prefix legth.
src/racoon/isakmp_quick.c: correct a memory leak in phase2.
2007-11-29 Yvan Vanhullebus <vanhu@netasq.com>
From Natanael Copa <natanael.copa@gmail.com>:
* src/racoon/Makefile.am: fixed a race condition when building
yacc stuff.
2007-11-09 Yvan Vanhullebus <vanhu@netasq.com>
From Arnaud Ebalard <arno@natisbad.org>:
* src/racoon/pfkey.c: Some sanity check in pk_recv()
* src/racoon/policy.c: better matching of SPD entries in
getsp_r().
* src/racoon/isakmp_quick.c: added some debug in get_proposal_r().
2007-10-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_unity.[ch]|isakmp_cfg.c|racoon.conf.5}:
Add SPLITNET_{INCLUDR_LOCAL}_CIDR to hook scripts
2007-10-15 Yvan Vanhullebus <vanhu@netasq.com>
* src/libipsec/pfkey.c: Try to increase the buffer size of the
pfkey socket, this may help things when we have a huge SPD.
2007-10-02 Yvan Vanhullebus <vanhu@netasq.com>
From Scott Lamb <slamb@slamb.org>
* src/racoon/plog.[ch]: new plog macro
* src/racoon/kmpstat.c: plog changed to _plog to work with new plog macro
* src/racoon/crypto_openssl.c: includes plog.h to work with the
new plog macro
2007-09-19 Matthew Grooms <mgrooms@shrew.net>
From Gabriel Somlo <somlo@cmu.edu>
* src/racoon/isakmp.c: Set REUSE option on sockets to prevent failures
associated with closing and immediately re-opening.
2007-09-19 Matthew Grooms <mgrooms@shrew.net>
From Gabriel Somlo <somlo@cmu.edu>
* src/racoon/isakmp_unity.c: Prevent duplicate entries in splitnet list.
2007-09-12 Matthew Grooms <mgrooms@shrew.net>
From Joy Latten <latten@austin.ibm.com>
* configure.ac: Fix autoconf check for selinux support.
2007-09-12 Matthew Grooms <mgrooms@shrew.net>
* src/racoon/cfparse.y
src/racoon/cftoken.l
src/racoon/handler.c
src/racoon/isakmp_quick.c
src/racoon/pfkey.c
src/racoon/sainfo.c
src/racoon/sainfo.h
src/racoon/racoon.conf.5 : Implement clientaddr sainfo remote id option
and cleanup sainfo syntax in the man page.
2007-09-05 Matthew Grooms <mgrooms@shrew.net>
* src/racoon/sainfo.c: Sort sainfos on insert and improve matching logic.
2007-09-03 Matthew Grooms <mgrooms@shrew.net>
* src/racoon/racoon.conf.5: Correct wins4 and nbns4 modecfg option syntax.
* src/racoon/cftoken.l: Add nbns4 as an alias for wins4.
2007-08-07 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/isakmp_xauth.c: Don't mix up RADIUS authentication and
authorization ports. Allow interoperability with freeradius
2007-07-18 Matthew Grooms <mgrooms@shrew.net>
* src/racoon/racoon.conf.5: various man page updates
2007-07-18 Yvan Vanhullebus <vanhu@netasq.com>
* configure.ac
src/libipsec/ipsec_dump_policy.c
src/libipsec/ipsec_get_policylen.c
src/libipsec/ipsec_strerror.c
src/libipsec/key_debug.c
src/libipsec/libpfkey.h
src/libipsec/pfkey.c
src/libipsec/pfkey_dump.c
src/libipsec/policy_parse.y
src/libipsec/policy_token.l
src/libipsec/test-policy-priority.c
src/racoon/admin.c
src/racoon/backupsa.c
src/racoon/cfparse.y
src/racoon/cftoken.l
src/racoon/ipsec_doi.c
src/racoon/isakmp.c
src/racoon/isakmp_inf.c
src/racoon/isakmp_quick.c
src/racoon/pfkey.c
src/racoon/policy.c
src/racoon/proposal.c
src/racoon/remoteconf.c
src/racoon/sainfo.c
src/racoon/session.c
src/racoon/sockmisc.c
src/racoon/strnames.c
src/setkey/parse.y
src/setkey/setkey.c
src/setkey/token.l:
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues.
2007-07-16 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/proposal.c: indentation
* src/racoon/grabmyaddr.c: fixed a socket leak.
2007-06-07 Emmanuel Dreyfus <manu@netbsd.org>
From Paul Winder <Paul.Winder@tadpole.com>:
* src/racoon/isakmp_cfg.c: Fix ignored INTERNAL_DNS4_LIST
2007-06-06 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/handler.c: ignore obsolete lifebyte when validating
reloaded configuration.
From Jianli Liu <jlliu@nortel.com>:
* src/racoon/session.c: speeds up interfaces update when they changed.
From Rong-En Fan <rafan@freebsd.org>
* src/racoon/{var.h|eaytest.c}: fixed compilation with gcc 4.2
2007-05-31 Emmanuel Dreyfus <manu@netbsd.org>
From Joy Latten <latten@austin.ibm.com>
* src/racoon/{main.c|policy.h|security.c}: Fix file descriptor
shortage when using labeled IPsec.
2007-05-30 Emmanuel Dreyfus <manu@netbsd.org>
From Jianli Liu <jlliu@nortel.com>:
* src/racoon/kmpstat.c: Use the specified socket path instead of
the default location
2007-05-04 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/pfkey.c: Force the update of ph2 in pk_recvupdate()
if NAT_T support, to solve some port match problems with the
first IPSec SAs negociated as initiator.
* src/racoon/isakmp_inf.c: added some debug for DELETE_SA process.
* src/racoon/isakmp.c: added some debug in isakmp_chkph1there() to
track some port matching problems with NAT-T.
* src/racoon/handler.c: added some debug in getph1byaddr() to
track some port matching problems with NAT-T.
* src/racoon/handler.c: search a ph1 by address if iph2->ph1 is
NULL when validating the new config.
2007-04-04 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/oakley.c: dumps peer's ID and peer's certificate
subject /subjectaltname if they don't match.
* src/racoon/ipsec_doi.c: checks proto_id in ipsecdoi_chkcmpids().
2007-03-26 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp_inf.c: Store the DPD main scheduler in ph1
handler, to be able to cancel it when removing the handler, and
some minor cleanups in DPD code.
2007-03-23 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/{oakley.c|racoon.conf.5}: give more details about
what is checked when using certificates to authenticate. Patch
by Cyrus Rahman.
* src/racoon/handler.c: expire zombie handlers in getph2byid(), to
avoid situations where we'll never negociate a phase2
again. Would be better to find out why do we have such zombies !!
* src/racoon/{ipsec_doi.c|security.c}: fixed a segfault when using
security labels between a 32bit and a 64bit host. Patch by
Joy Latten.
2007-03-22 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/{ipsec_doi.c|cfparse.y}: fixed subnet check to
generate IPV4_ADDRESS when needed in sockaddr2id().
2007-03-21 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/schedule.h: checks if arg is NULL in SCHED_KILL.
* src/racoon/{handler.c|isakmp.c|isakmp_inf.c|pfkey.c}: NULL sched
check is now done in SCHED_KILL.
2007-03-15 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp.c: Consider a negociation timeout when
retry_counter is <=0 instead of < 0.
* src/racoon/grabmyaddr.c: enable monitoring of ipv6 addresse
changes on linux. Patch by Yves-Alexis Perez.
2007-02-27 Matthew Grooms <mgrooms@shrew.net>
* src/racoon/ipsec_doi.c: add logic to match ip address ids to
ip subnet ids when appropriate. reported by Yvan.
2007-02-21 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/ipsec_doi.c: block variable declaration before code
in ipsecdoi_id2str().
2007-02-20 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/{handler.c|isakmp_var.h}: updated delete_spd() calls.
* src/racoon/isakmp.c: Only delete a generated SPD if it's
creation date matches the creation date of the SA we are
currently deleting.
* src/racoon/{pfkey.c|isakmp_inf.c}: fills creation date of
generated SPDs.
* src/racoon/policy.h: added 'created' var.
* src/racoon/isakmp_inf.c: Removed a debug printf....
2007-02-19 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp.c: Removed a debug printf....
2007-02-16 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/ipsec_doi.c: Fixed a %zu in a printf. Reported by
Olivier Warin.
2007-02-15 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: fix typo in SELinux option
* src/racoon/security.c: missing file from Joy Latten
2007-02-15 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp.c: Fixed the way phase1/2 messages are
sent/resent, to avoid zombie handles and acces to freed memory.
* src/racoon/isakmp_inf.c: Just expire a ph1 handle when receiving
a DELETE-SA instead of calling purge_remote(). Reported by
"Uncle Pedro" on Sourceforge's bugtracker.
2007-02-02 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/cfparse.y: Fixed a check of NAT-T support in libipsec.
2007-02-01 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/isakmp_inf.c: When receiving an Isakmp DELETE_SA,
gets the cookie of the SA to be deleted from payload instead of
just deleting the Isakmp SA used to protect the informational.
Problem reported by "unclepedro" on Sourceforge's bugtracker.
2006-12-18 Yvan Vanhullebus <vanhu@netasq.com>
From Joy Latten <latten@austin.ibm.com>
* src/racoon/crypto_openssl.c: fixed a memory leak
---------------------------------------------
Branch for 0.7 created (ipsec-tools-0_7-branch)
2006-12-11 Emmanuel Dreyfus <manu@netbsd.org>
* src/libipsec/{Makefile.am|libpfkey.h|pfkey.c}
src/racoon/{backupsa.c|pfkey.c}: Bring back API and ABI backward
compatibility with previous libipsec interface change. Bump
libipsec minor version. Remove ifdefs in struct pfkey_send_sa_args
to avoid ABI compatibility lossage.
* src/libipsec/{libpfkey.h|pfkey.c} src/racoon/cfparse.y: add
capability flags to detect missing optional feature in libipsec
2006-12-10 Emmanuel Dreyfus <manu@netbsd.org>
From Joy Latten <latten@austin.ibm.com>
* src/racoon/Makefile.am
src/racoon/doc/README.plainrsa: new file documenting plain RSA auth
2006-12-09 Emmanuel Dreyfus <manu@netbsd.org>
From Joy Latten <latten@austin.ibm.com>
* configure.ac src/libipsec/{libpfkey.h|pfkey.c}
src/racoon/{Makefile.am|backupsa.c|backupsa.h|cftoken.l|ipsec_doi.c}
src/racoon/{ipsec_doi.h|isakmp_inf.c|isakmp_quick.c|pfkey.c|policy.c}
src/racoon/{policy.h|proposal.c|proposal.h|remoteconf.c}: Add
support for SELinux security contexts. Also cleanup the libipsec
interface for adding and updating security associations.
From Simon Chang <simonychang@gmail.com>
* src/racoon/racoon.conf.5: More hints about plain RSA authentication
2006-12-05 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/proposal.[ch]: Check keys length regarding
pcheck_level in cmpsatrns().
* src/racoon/racoon.conf.5: updated man page about what is
impacted by proposal_check level.
2006-11-12 Matthew Grooms <mgrooms@shrew.net>
* src/racoon/sainfo.c: fix anonymous sainfo selection.
2006-10-22 Yvan Vanhullebus <vanhu@netasq.com>
From Michal Ruzicka <michal.ruzicka@comstar.cz>:
* src/racoon/{backupsa.c|cfparse.y}: fixed typos.
2006-10-19 Yvan Vanhullebus <vanhu@netasq.com>
From Matthew Grooms:
* src/racoon/ipsec_doi.[ch]: Added ipsecdoi_chkcmpids() function
* src/racoon/sainfo.c: uses ipsecdoi_chkcmpids() and changed
src/dst to loc/rmt in getsainfo().
2006-10-09 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/isakmp_unity.c: correctly check read() return (Coverity)
* src/racoon/proposal.c: Fix memory leak (Coverity)
2006-10-06 Emmanuel Dreyfus <manu@netbsd.org>
From Tomoyuki Okazaki <okazaki@kick.gr.jp>
* configure.ac src/libipsec/pfkey_dump.c
src/racoon/{algorithm.c|algorithm.h|cftoken.l|crypto_openssl.c}
src/racoon/{crypto_openssl.h|eaytest.c|ipsec_doi.c|ipsec_doi.h}
src/racoon/{oakley.h|pfkey.c|racoon.conf.5|strnames.c}
src/setkey/{setkey.8|test-pfkey.c|token.l}: Camelia cipher
support (RFC 4312)
2006-10-03 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/admin.c: fix endianness issue introduced yesterday
2006-10-03 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/{remoteconf.h|sainfo.h}: Added remoteid/ph1id values.
* src/racoon/{handler.c|isakmp_quick.c|pfkey.c|sainfo.c}: Uses
remoteid/ph1id values.
* src/racoon/{cfparse.y|cftoken.l}: Parses remoteid/ph1id values.
* src/racoon/racoon.conf.5: Added remoteid/ph1id syntax.
2006-10-02 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/socketmisc.c: don't use NULL pointer (Coverity)
* src/racoon/racoonctl.c: don't use NULL pointer (Coverity)
* src/racoon/proposal.c: don't use NULL pointer (Coverity)
* src/racoon/pfkey.c: don't use NULL pointer (Coverity)
* src/racoon/ipsec_doi.c: don't use NULL pointer (Coverity)
* src/racoon/isakmp.c: don't use NULL pointer (Coverity)
* src/racoon/oakley.c: don't use NULL pointer (Coverity)
* src/racoon/admin.c: avoid reusing free'd pointer (Coverity)
* src/racoon/{admin.c|sockmisc.c}: Fix memory leak (Coverity), refactor
the code to use port get/set function
* src/racoon/admin.c: fix memory leak (Coverity)
* src/racoon/algorithm.c: fix array overrun (Coverity)
* src/racoon/isakmp_ident.c: Remove dead code (Coverity)
* src/racoon/isakmp_inf.c: Check for NULL pointer (Coverity)
* src/racoon/isakmp_base.c: avoid reusing free'd pointer (Coverity)
2006-10-01 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/isakmp.c: Avoid using NULL pointer (Coverity)
* src/racoon/ipsec_doi.c: FIx memory leak (Coverity)
2006-09-30 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/isakmp_agg.c: Remove dead code (Coverity)
* src/racoon/isakmp_cfg.c: Fix memory leak (Coverity)
* src/racoon/samples/roadwarrior/client/{phase1-up.sh|phase1-down.sh}:
update the scripts for wrorking around routing problems on NetBSD
* src/racoon/admin.c: Do not free id and key, as they are used later
* src/racoon/session.c: Reuse existing code for closing IKE sockets,
and avoid screwing things by setting p->sock = -1, which is not
expected (Coverity).
2006-09-29 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/racoonctl.c: Fix the previous fix
2006-09-28 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/racoonctl.c: Fix access after free (Coverity)
* src/racoon/isakmp_xauth.c: Fix unchecked mallocs (Coverity)
2006-09-26 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/admin.c: Fix memory leaks in racoonctl (Coverity)
* src/racoon/admin.c: Remove dead code (Coverity)
* src/racoon/backupsa.c: Fix memory leak (Coverity)
* src/racoon/cfparse.y: Fix memory leak (Coverity)
From Jeff Bailey:
* src/racoon/{pfkey.c|proposal.c}: fix SA bundle (e.g.: ESP+IPcomp)
From Matthew Grooms:
* src/racoon/ipsec_doi.c: fix buffer overflow
2006-09-25 Yvan Vanhullebus <vanhu@NetBSD.org>
Reported by Yves-Alexis Perez:
* src/racoon/isakmp.c: struct ip -> struct iphdr for Linux.
2006-09-15 Emmanuel Dreyfus <manu@netbsd.org>
From Matthew Grooms:
* src/racoon/ipsec_doi.c: fix double free
2006-09-21 Yvan Vanhullebus <vanhu@NetBSD.org>
Reported by Yves-Alexis Perez:
* src/libipsec/pfkey.c: use sysdep_sa_len to make it compile on
Linux.
2006-09-19 Yvan Vanhullebus <vanhu@NetBSD.org>
* src/racoon/isakmp.c: always include some headers, as they are
required even without NAT-T.
From Larry Baird:
* src/libipsec/pfkey_dump.c, src/setkey/token.l: define
SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed.
* src/racoon/crypto_openssl.c: some printf() -> plog().
From Yves-Alexis Perez:
* src/racoon/proposal.c: fixed default value for encmodesv in
set_proposal_from_policy().
2006-09-18 Emmanuel Dreyfus <manu@netbsd.org>
From Matthew Grooms:
* src/racoon/{cfparse.y|cftoken.l|isakmp.c|isakmp_frag.h}
src/racoon/{racoon.conf.5|remoteconf.c}: ike_frag force option to
force the use of IKE on first packet exchange (prior to peer consent)
2006-09-18 Yvan Vanhullebus <vanhu@NetBSD.org>
* src/racoon/{cfparse.c|cftoken.c|prsa_par.c|prsa_tok.c}
rpm/suse/ipsec-tools.spec: removed those files from the CVS,
as they are generated during the build.
2006-09-18 Emmanuel Dreyfus <manu@netbsd.org>
From Matthew Grooms:
* src/racoon/isakmp.c: handle IKE frag used in the first packet.
2006-09-16 Emmanuel Dreyfus <manu@netbsd.org>
From Matthew Grooms:
* src/racoon/ipsec_doi.c: Trivial bugfix in RFC2407 4.6.2 conformance
2006-09-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/ipsec_doi.c: fix build on Linux
---------------------------------------------
Migration to cvs.netbsd.org
2006-08-22 Emmanuel Dreyfus <manu@netbsd.org>

15
crypto/dist/ipsec-tools/Makefile.am vendored
View File

@ -2,4 +2,17 @@ SUBDIRS = src @RPM@
DIST_SUBDIRS = src rpm
EXTRA_DIST = bootstrap README NEWS depcomp
EXTRA_DIST = bootstrap README NEWS depcomp ChangeLog ChangeLog.old
MAINTAINERCLEANFILES = ChangeLog
$(srcdir)/ChangeLog:
@if test -d "$(srcdir)/CVS"; then \
$(srcdir)/misc/cvs2cl.pl --follow-only TRUNK -I ChangeLog --utc -U $(srcdir)/misc/cvsusermap --group-by-author --fsf -T -l "-d2006-09-10<now" --tag-regexp "^ipsec-tools" --stdout > $@ ; \
echo "For older changes see ChangeLog.old" >> $@ ; \
else \
echo "A CVS checkout and perl is required to generate ChangeLog" ; \
exit 1 ; \
fi
.PHONY: $(srcdir)/ChangeLog

3292
crypto/dist/ipsec-tools/misc/cvs2cl.pl vendored Executable file
View File

File diff suppressed because it is too large Load Diff

15
crypto/dist/ipsec-tools/misc/cvsusermap vendored Normal file
View File

@ -0,0 +1,15 @@
alc:'Arnaud Lacombe <alc@netbsd.org>'
cbiere:'Christian Biere <cbiere@netbsd.org>'
bad:'Christoph Badura <bad@netbsd.org>'
christos:'Christos Zoulas <christos@netbsd.org>'
manu:'Emmanuel Dreyfus <manu@netbsd.org>'
gmcgarry:'Gregory McGarry <gmcgarry@netbsd.org>'
martin:'Martin Husemann <martin@netbsd.org>'
mgrooms:'Matthew Grooms <mgrooms@shrew.net>'
tron:'Matthias Scheler <tron@netbsd.org>'
mlelstv:'Michael van Elst <mlelstv@netbsd.org>'
spz:'S.P.Zeidler <spz@netbsd.org>'
wiz:'Thomas Klausner <wiz@netbsd.org>'
tteras:'Timo Teras <timo.teras@iki.fi>'
dogcow:'Tom Spindler <dogcow@netbsd.org>'
vanhu:'Yvan Vanhullebus <vanhu@netasq.com>'