NetBSD

Commit Graph

Author	SHA1	Message	Date
manu	982fc9c517	Merge ipsec-tools 0.6.2 import.	2005-10-14 14:01:34 +00:00
manu	a37873eef0	Import ipsec-tools-0.6.2. Here is the ChangeLog since 0.6.1 (most of them have already been pulled up in NetBSD CVS) --------------------------------------------- 0.6.2 released 2005-10-14 Yvan Vanhullebus <vanhu@netasq.com> * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or USER_FQDNs (problem reported by Bernhard Suttner). --------------------------------------------- 0.6.2.beta3 released 2005-09-05 Emmanuel Dreyfus <manu@netbsd.org> From Andreas Hasenack <ahasenack@terra.com.br> * configure.ac: More build fixes for Linux --------------------------------------------- 0.6.2.beta2 released 2005-09-04 Emmanuel Dreyfus <manu@netbsd.org> From Wilfried Weissmann * src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c\|oakley.c} src/racoon/{sockmisc.c\|sockmisc.h}: build fixes --------------------------------------------- 0.6.2.beta1 released 2005-09-03 Emmanuel Dreyfus <manu@netbsd.org> From Francis Dupont <Francis.Dupont@enst-bretagne.fr> * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions 2005-08-26 Emmanuel Dreyfus <manu@netbsd.org> * src/racoon/cfparse.y: handle xauth_login correctly * src/racoon/isakmp.c: catch internal error * src/raccon/isakmp_agg.c: fix racoon as Xauth client * src/raccon/{isakmp_agg.c\|isakmp_base.c}: Proposal safety checks * src/racoon/evt.c: Fix memory leak when event queue overflows 2005-08-23 Emmanuel Dreyfus <manu@netbsd.org> * src/racoon/{isakmp_agg.c\|isakmp_ident.c\|isakmp_base.c}: Correctly initialize NAT-T VID to avoid freeing unallocated stuff. 2005-08-21 Emmanuel Dreyfus <manu@netbsd.org> From Matthias Scheler <matthias.scheler@tadpole.com> * src/racoon/{isakmp_cfg.c\|racoon.conf.5}: enable the use of ISAKMP mode config without Xauth. 2005-09-16 Yvan Vanhullebus <vanhu@free.fr> * src/racoon/policy.c: Do not parse all sptree in inssp() if we don't use Policies priority. 2005-08-15 Emmanuel Dreyfus <manu@netbsd.org> From: Thomas Klausner <wiz@netbsd.org> src/setkey/setkey.8: Drop trailing spaces	2005-10-14 13:21:42 +00:00
gendalia	decff3d730	Add a preprocessor symbol so we can distinguish fixed openssl from the vanilla openssl. Thanks <jlam>.	2005-10-11 21:17:17 +00:00
gendalia	ed304be38e	fix openssl 2.0 rollback, CAN-2005-2969 approved by: agc	2005-10-11 18:07:40 +00:00
rpaulo	e3886d37ea	Add "openssl_" to man page references if they are available. Fixes part of PR security/13953. Fixing the rest of the PR requires adding more man pages.	2005-10-05 23:47:30 +00:00
manu	c557aaf18f	Fix bug when using hybrid auth in client mode make xauth_login work again add safety checks	2005-09-26 16:24:57 +00:00
christos	e83e36d896	fix spelling from Liam Foy.	2005-09-24 22:45:51 +00:00
christos	b9301b48d0	fix typos.	2005-09-24 17:34:17 +00:00
christos	2192079ea8	use get*_r()	2005-09-24 14:40:59 +00:00
christos	54a773e9d7	Can we please stop using caddr_t?	2005-09-24 14:40:39 +00:00
wiz	e904ea2e97	Drop trailing whitespace.	2005-09-23 19:58:28 +00:00
manu	7e2e2c16ff	Correctly initialize NAT-T VID to avoid freeing unallocated space	2005-09-23 14:22:27 +00:00
tron	3cc3e3c7a3	Correct documentation about Mode Config. It now works without XAuth, too. Patch supplied by Emmanuel Dreyfus on the "ipsec-tools" mailing list.	2005-09-21 15:06:22 +00:00
tron	dc5127a31e	Make "Mode Config" work if XAuth is not used.	2005-09-21 12:46:08 +00:00
christos	a6040f634b	PR/13738: Johan Danielsson: ssh doesn't look at $HOME	2005-09-18 18:39:05 +00:00
christos	5391e24af6	Make -D behave like -L (obey GatewayPorts). Before it defaulted to listen to wildcard which is not secure.	2005-09-18 18:27:28 +00:00
christos	218a95c0f2	Document that -D takes bind_address.	2005-09-18 16:22:35 +00:00
wiz	e6f32f6f02	Drop trailing whitespace.	2005-09-15 08:42:09 +00:00
christos	5db1262f0e	PR/31261: Mark Davies: ssh invokes xauth with bogus argument	2005-09-09 12:24:37 +00:00
christos	453555bc8b	PR/31243: Mark Davies: sshd uses pipes rather than socketpairs, making bash not execute .bashrc. Since socketpairs work on all NetBSD systems, make it the default.	2005-09-09 12:20:12 +00:00
elad	8f1a245ebd	Use default_md = sha1 in ``req'' section too, so we don't fallback to MD5. Noted by smb@.	2005-09-01 21:35:25 +00:00
elad	98e0d8f19f	SHA1 is a better default than MD5. Discussed with Steven M. Bellovin. Closes PR/30395.	2005-08-27 12:32:15 +00:00
manu	0b97cbeb71	Update to ipsec-tools 0.6.1	2005-08-20 00:57:06 +00:00
manu	96ae7759c9	Import ipsec-tools 0.6.1	2005-08-20 00:40:43 +00:00
wiz	c8f5575b45	End sentence with a dot.	2005-08-14 09:25:08 +00:00
wiz	c91d1d213a	Drop trailing whitespace.	2005-08-07 11:19:35 +00:00
manu	111c13fe24	Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering the newer software. Some useful local change might have been overwritten, we'll take care of this soon.	2005-08-07 09:38:45 +00:00
manu	df08b9e74a	Update ipsec-tools to 0.6.1rc1 Most of the changes since 0.6b4 have already been committed to the NetBSD tree. This upgrade fixes some IPcomp and NAT-T related problems that were left unadressed in the NetBSD tree.	2005-08-07 08:46:11 +00:00
christos	1a191ad79e	PR/29862: Denis Lagno: sshd segfaults with long keys The problem was that the rsa fips validation code did not allocate long enough buffers, so it was trashing the stack.	2005-07-30 00:38:40 +00:00
he	182dc837b5	Move a variable declaration to the variable declaration section of the enclosing block from within the middle of active code, so that this compiles with older gcc. Fixes build problem for vax.	2005-07-14 11:26:57 +00:00
manu	b0602a2f44	Add safety checks for informational messages	2005-07-12 21:33:01 +00:00
tron	50c09443b0	Backout botched patch, approved by Emmanuel Dreyfus.	2005-07-12 19:17:37 +00:00
manu	132d72e25b	Add SHA2 support	2005-07-12 16:49:52 +00:00
manu	7736ad81cf	Add comments on how to use the hook scripts without NAT-T	2005-07-12 16:33:27 +00:00
manu	ecb971f5f8	Don't wipe out IKE ports for SA update as it breaks things: the SA is taken from an existing SA and already has matching IKE ports.	2005-07-12 16:24:29 +00:00
manu	91b9c188b3	Add support for alrogithms with non OpenSSL default key sizes	2005-07-12 14:51:07 +00:00
manu	e0dd78cfbd	Don't use adminport when it is disabled	2005-07-12 14:15:39 +00:00
manu	4c94bccce3	Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems when NAT-T is disabled	2005-07-12 14:14:46 +00:00
manu	929f80643d	Safety checks on informational messages	2005-07-12 14:13:10 +00:00
manu	8bc1e3c0ac	pkcs7 support	2005-07-12 14:12:20 +00:00
tron	d3544c4e45	Document that "aes" can be used for IKE and ESP encryption.	2005-07-07 12:34:17 +00:00
christos	eb8e3b9ad4	Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to u_int, since this is what the author intended.	2005-06-28 16:12:41 +00:00
christos	ca496ece2e	- Add lint comments - Fix bad casts. - Comment out unused variables.	2005-06-28 16:04:54 +00:00
christos	a1625e9ee8	Fix an error I introduced in the previous commit. The length could be 0. Also parenthesize an expression properly.	2005-06-28 16:03:09 +00:00
christos	444efb36db	deal with casting/caddr_t stupidity. It is not 1980 anymore and people should start using void *, instead of caddr_t.	2005-06-27 03:19:45 +00:00
christos	983e538712	Collect externs into one file instead of duplicating them everywhere.	2005-06-26 23:49:31 +00:00
christos	dd8cdde018	Fix compiler warnings.	2005-06-26 23:34:26 +00:00
christos	fba8d9ce60	Fix some of the pointer abuse, and add some const. Not done yet.	2005-06-26 21:14:08 +00:00
manu	dd3259cec0	NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports are used instead. This was done on phase 2 initiation from the kernel (acquire message), but not on phase 2 initiation retries when the phase 2 had been queued for a phase 1.	2005-06-22 21:28:18 +00:00
manu	13ca728372	Consume NAT-T packets that have already been seen through MSG_PEEK	2005-06-15 07:29:20 +00:00

1 2 3 4 5 ...

840 Commits