12009-04-22 tag ipsec-tools-0_7_2 2 32009-04-22 Timo Teras <timo.teras@iki.fi> 4 5 * NEWS, configure.ac: Updates for 0.7.2 release 6 7 * src/racoon/isakmp_frag.c: From Neil Kettle: Fix a possible null 8 pointer dereference in fragmentation code. 9 102009-04-20 Timo Teras <timo.teras@iki.fi> 11 12 * src/racoon/: isakmp_inf.c, isakmp_xauth.c, plog.c: Orignally from 13 Bin Li: Fix possible memory corruption in binsanitize(). 14 15 * src/racoon/crypto_openssl.c: From Stephen Bevan: Fix a x509 16 signature verification memory leak. 17 18 * src/racoon/: admin.c, racoonctl.c: Originally from Bin Li: Fix a 19 crash with racoonctl logout user. 20 21 * src/racoon/nattraversal.c: Fix a memory leak in nat-t keepalive 22 code. 23 24 * src/racoon/handler.c: From Paul Moore: Phase2 message id's should 25 be unique wrt phase1, not globally. 26 272009-02-16 Timo Teras <timo.teras@iki.fi> 28 29 * src/libipsec/policy_parse.y: From Paul Moore: Fix a heap 30 corruption bug (yacc return non-null terminated buffer and sprintf 31 writes over bounds). 32 332009-01-20 Timo Teras <timo.teras@iki.fi> 34 35 * configure.ac: Fix a CPPLAGS typo to CPPFLAGS which was intended 36 37 * misc/cvs2cl.pl, misc/cvsusermap, Makefile.am: Autogenerate 38 ChangeLog from NetBSD CVS. Put sourceforge.net changes to 39 ChangeLog.old. 40 41 * misc/cvs2cl.pl: file cvs2cl.pl was added on branch 42 ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000 43 44 * misc/cvsusermap: file cvsusermap was added on branch 45 ipsec-tools-0_7-branch on 2009-01-20 14:36:32 +0000 46 472008-11-27 Yvan Vanhullebus <vanhu@netasq.com> 48 49 * src/racoon/main.c: Set up a default value for Mode Config Pool 50 size if pool address specified but pool size not specified 51 52 * src/racoon/isakmp_cfg.c: Fixed pool resizing 53 542008-09-25 Yvan Vanhullebus <vanhu@netasq.com> 55 56 * src/racoon/isakmp.c: Fixed resending mechanism to have non-ESP 57 marker for retransmitted packets 58 592008-09-17 Yvan Vanhullebus <vanhu@netasq.com> 60 61 * src/racoon/isakmp_inf.c: Fixed port match in purge_ipsec_spi() 62 when NAT-T enabled and trying to purge non NAT-T SAs 63 642008-08-12 Yvan Vanhullebus <vanhu@netasq.com> 65 66 * src/racoon/isakmp.c: From Krzysztof Oledzki: Remove ph1handler if 67 we received an invalid first exchange from initiator. 68 692008-07-23 tag ipsec-tools-0_7_1 70 712008-07-23 Yvan Vanhullebus <vanhu@netasq.com> 72 73 * NEWS: NEWS for 0.7.1 release 74 752008-07-23 Timo Teras <timo.teras@iki.fi> 76 77 * src/racoon/Makefile.am: Do not use GNU make specific extension. 78 79 * src/: libipsec/Makefile.am, racoon/Makefile.am, 80 setkey/Makefile.am: Do flex/bison invocation in a more standard 81 way, and keep the generated files in the dist tarball. 82 832008-07-22 Yvan Vanhullebus <vanhu@netasq.com> 84 85 * configure.ac: 0.7.1 coming ! 86 87 * src/racoon/proposal.c: From Kohki Ohhira: fix some memory leaks, 88 when malloc fails or when peer sends invalid proposal. 89 902008-07-21 Timo Teras <timo.teras@iki.fi> 91 92 * src/racoon/cfparse.y: Correct typo to fix the build. 93 94 * src/racoon/cfparse.y: Do not set default gss id if xauth is used. 95 962008-07-15 Matthew Grooms <mgrooms@shrew.net> 97 98 * src/racoon/isakmp_cfg.c: Fix an a typo that prevented racoon from 99 building with hybrid enabled. 100 101 * src/racoon/: crypto_openssl.c, eaytest.c, misc.c, misc.h, 102 racoonctl.c: Fix a conflict with the FreeBSD 8 system hexdump 103 function. 104 1052008-07-11 Timo Teras <timo.teras@iki.fi> 106 107 * src/racoon/: isakmp.c, isakmp_inf.c: Original patch from Atis 108 Elsts: Fix a double memory free and a memory corruption 109 (LIST_REMOVE() on an uninserted node) in some error handling paths. 110 1112008-07-09 Timo Teras <timo.teras@iki.fi> 112 113 * src/racoon/cfparse.y: From Chong Peng: fix a file descriptor and 114 memory leak on configuration file reread 115 1162008-07-02 Yvan Vanhullebus <vanhu@netasq.com> 117 118 * src/racoon/isakmp_inf.c: From Timo Teras: fixed some %d to %zu 119 (size_t values). 120 1212008-06-18 Matthew Grooms <mgrooms@shrew.net> 122 123 * src/racoon/: grabmyaddr.c, admin.c, ipsec_doi.c, isakmp.c, 124 isakmp_cfg.c, isakmp_inf.c, remoteconf.c: Use utility functions 125 to evaluate and manipulate network port values. No functional 126 changes. Submitted by Timo Teras. 127 1282008-04-25 Yvan Vanhullebus <vanhu@netasq.com> 129 130 * src/racoon/isakmp_inf.c: From Timo Teras: extract port numbers 131 from SADB_X_EXT_NAT_T[SD]PORT if present in purge_ipsec_spi(). 132 1332008-03-06 Yvan Vanhullebus <vanhu@netasq.com> 134 135 * src/racoon/oakley.c: Generates a log if cert validation has been 136 disabled by configuration 137 1382008-03-05 Matthew Grooms <mgrooms@shrew.net> 139 140 * src/racoon/cfparse.y: Properly initialize the unity network 141 struct to prevent erroneous protocol and port info from being 142 transmitted. 143 144 * src/racoon/pfkey.c: Provide better handling for pfkey socket read 145 errors. Submitted by Timo Teras. 146 1472008-02-25 Emmanuel Dreyfus <manu@netbsd.org> 148 149 * src/racoon/ipsec_doi.c: From Brian Haley <brian.haley@hp.com>: 150 There's a cut/paste error in cmp_aproppair_i(), it's supposed to be 151 checking spi_size but it's not. I'm not sure this patch is correct, 152 but what's there isn't either. 153 154 Add fogotten entry in ChangeLog 155 1562008-02-22 Emmanuel Dreyfus <manu@netbsd.org> 157 158 * src/racoon/isakmp.c: Fix bad address length computation, from 159 Brian Haley. 160 1612008-01-11 Yvan Vanhullebus <vanhu@netasq.com> 162 163 * src/racoon/isakmp_inf.c: From Timo Teras: reset iph1->dpd_r_u in 164 the scheduler's callback, to avoid access to freed memory. 165 166 * src/racoon/crypto_openssl.c: From Krzysztof Oledzki: Fix 167 compilation with IDEA and recent gcc. 168 169 * src/racoon/isakmp_inf.c: From Krzysztof Oledzki: added some 170 details to some logs (also reported new getph1byaddr() arg). 171 172 * src/racoon/isakmp.c: From Krzysztof Oledzki: Only search for 173 established ph1 handles in DPD (also reported new getph1byaddr() 174 arg). 175 176 * src/racoon/: handler.c, handler.h: added an 'established' arg to 177 getph1byaddr() 178 1792007-11-29 Yvan Vanhullebus <vanhu@netasq.com> 180 181 * src/racoon/Makefile.am: From Natanael Copa: fixed a race 182 condition when building yacc stuff. 183 1842007-11-06 Yvan Vanhullebus <vanhu@netasq.com> 185 186 * src/racoon/crypto_openssl.c: From Scott Lamb: include plog.h to 187 work with the new plog macro. 188 189 * src/racoon/kmpstat.c: From Scott Lamb: plog changed to _plog to 190 work with new plog macro 191 192 * src/racoon/: plog.c, plog.h: From Scott Lamb: new plog macro. 193 1942007-10-15 Yvan Vanhullebus <vanhu@netasq.com> 195 196 * src/libipsec/pfkey.c: Try to increase the buffer size of the 197 pfkey socket, this may help things when we have a huge SPD 198 1992007-09-19 Matthew Grooms <mgrooms@shrew.net> 200 201 * configure.ac: Fix autoconf check for selinux support. Submitted 202 by Joy Latten. 203 2042007-09-03 Matthew Grooms <mgrooms@shrew.net> 205 206 * src/racoon/: cftoken.l, racoon.conf.5: Correct the syntax for 207 wins4 in the man page and add nbns4 as an alias. Pointed out by 208 Claas Langbehn. 209 2102007-08-09 tag ipsec-tools-0_7 211 2122007-08-09 Matthew Grooms <mgrooms@shrew.net> 213 214 * NEWS, configure.ac: Prepare for 0.7 release tag. 215 2162007-08-07 Emmanuel Dreyfus <manu@netbsd.org> 217 218 * src/racoon/isakmp_xauth.c: Don't mix up RADIUS authentication and 219 authorization ports. Allow interoperability with freeradius 220 2212007-08-01 Yvan Vanhullebus <vanhu@netasq.com> 222 223 * configure.ac, src/libipsec/ipsec_dump_policy.c, 224 src/libipsec/ipsec_get_policylen.c, 225 src/libipsec/ipsec_strerror.c, src/libipsec/key_debug.c, 226 src/libipsec/libpfkey.h, src/libipsec/pfkey.c, 227 src/libipsec/pfkey_dump.c, src/libipsec/policy_parse.y, 228 src/libipsec/policy_token.l, src/libipsec/test-policy-priority.c, 229 src/racoon/admin.c, src/racoon/backupsa.c, src/racoon/cfparse.y, 230 src/racoon/cftoken.l, src/racoon/ipsec_doi.c, 231 src/racoon/isakmp.c, src/racoon/isakmp_inf.c, 232 src/racoon/isakmp_quick.c, src/racoon/pfkey.c, 233 src/racoon/policy.c, src/racoon/proposal.c, 234 src/racoon/remoteconf.c, src/racoon/sainfo.c, 235 src/racoon/session.c, src/racoon/sockmisc.c, 236 src/racoon/strnames.c, src/setkey/parse.y, src/setkey/setkey.c, 237 src/setkey/token.l: use a single PATH_IPSEC_H to fix some 238 path_to_ipsec.h issues 239 2402007-07-24 Matthew Grooms <mgrooms@shrew.net> 241 242 * NEWS: Update NEWS file with additional 0.7 improvements. 243 2442007-07-18 Matthew Grooms <mgrooms@shrew.net> 245 246 * src/racoon/racoon.conf.5: Various racoon configuration manpage 247 updates. 248 2492007-07-16 Yvan Vanhullebus <vanhu@netasq.com> 250 251 * src/racoon/grabmyaddr.c: fixed a socket leak 252 2532007-06-12 tag ipsec-tools-0_7-RC1 254 2552007-06-12 tag ipsec-tools-0_7-rc1 256 2572007-06-12 Emmanuel Dreyfus <manu@netbsd.org> 258 259 * configure.ac: ipsec-tools used to use tags in lower case 260 2612007-06-12 Yvan Vanhullebus <vanhu@netasq.com> 262 263 * configure.ac: 0.7-RC1 264 2652007-06-07 Emmanuel Dreyfus <manu@netbsd.org> 266 267 * src/racoon/: main.c, policy.h, security.c: From Joy Latten 268 <latten@austin.ibm.com> Fix file descriptor shortage when using 269 labeled IPsec. 270 271 * src/racoon/isakmp_cfg.c: From Paul Winder 272 <Paul.Winder@tadpole.com> Fix ignored INTERNAL_DNS4_LIST 273 2742007-06-06 Yvan Vanhullebus <vanhu@netasq.com> 275 276 * src/racoon/: eaytest.c, var.h: From Rong-En Fan: fix compilation 277 with gcc 4.2 278 2792007-06-06 Emmanuel Dreyfus <manu@netbsd.org> 280 281 * src/racoon/kmpstat.c: From Jianli Liu <jlliu@nortel.com>: Use the 282 specified socket path instead of the default location 283 2842007-06-06 Yvan Vanhullebus <vanhu@netasq.com> 285 286 * src/racoon/session.c: From Jianli Liu: speed up interfaces update 287 when they change. 288 289 * src/racoon/handler.c: ignore obsolete lifebyte when validating 290 reloaded configuration 291 2922007-05-04 Yvan Vanhullebus <vanhu@netasq.com> 293 294 * src/racoon/handler.c: search a ph1 by address if iph2->ph1 is 295 NULL when validating the new config 296 297 * src/racoon/handler.c: added some debug in getph1byaddr() to track 298 some port matching problems with NAT-T 299 300 * src/racoon/isakmp.c: added some debug in isakmp_chkph1there() to 301 track some port matching problems with NAT-T 302 303 * src/racoon/isakmp_inf.c: added some debug for DELETE_SA process 304 305 * src/racoon/pfkey.c: Force the update of ph2 in pk_recvupdate() if 306 NAT_T support, to solve some port match problems with the first 307 IPSec SAs negociated as initiator 308 3092007-04-04 Yvan Vanhullebus <vanhu@netasq.com> 310 311 * src/racoon/ipsec_doi.c: checks proto_id in ipsecdoi_chkcmpids() 312 313 * src/racoon/oakley.c: dumps peer's ID and peer's certificate 314 subject /subjectaltname if they don't match 315 3162007-03-29 tag ipsec-tools-0_7-beta3 317 3182007-03-29 Emmanuel Dreyfus <manu@netbsd.org> 319 320 * configure.ac: Bump to 0.7beta3 321 3222007-03-26 Yvan Vanhullebus <vanhu@netasq.com> 323 324 * src/racoon/isakmp_inf.c: Store the DPD main scheduler in ph1 325 handler, to be able to cancel it when removing the handler, and some 326 minor cleanups in DPD code 327 3282007-03-23 Yvan Vanhullebus <vanhu@netasq.com> 329 330 * src/racoon/: ipsec_doi.c, security.c: From Joy Latten: fix a 331 segfault when using security labels between 32bit and 64bit host. 332 333 * src/racoon/handler.c: expire zombie handlers in getph2byid(), to 334 avoid situations where we'll never negociate a phase2 again 335 336 * src/racoon/: oakley.c, racoon.conf.5: From Cyrus Rahman: give 337 more details about what is checked when using certificates to 338 authenticate 339 3402007-03-22 Yvan Vanhullebus <vanhu@netasq.com> 341 342 * src/racoon/: cfparse.y, ipsec_doi.c: fixed subnet check to 343 generate IPV4_ADDRESS when needed in sockaddr2id() 344 3452007-03-21 Yvan Vanhullebus <vanhu@netasq.com> 346 347 * src/racoon/: handler.c, isakmp.c, isakmp_inf.c, pfkey.c: NULL 348 sched check is now done in SCHED_KILL 349 350 * src/racoon/schedule.h: checks if arg is NULL in SCHED_KILL 351 3522007-03-15 Yvan Vanhullebus <vanhu@netasq.com> 353 354 * src/racoon/grabmyaddr.c: From Yves-Alexis Perez: enable 355 monitoring of ipv6 address changes on Linux. 356 357 * src/racoon/isakmp.c: Consider a negociation timeout when 358 retry_counter is <=0 instead of < 0 359 3602007-03-06 tag ipsec-tools-0_7-beta2 361 3622007-03-06 Emmanuel Dreyfus <manu@netbsd.org> 363 364 * configure.ac: Bump to 0.7beta2 365 3662007-03-01 Matthew Grooms <mgrooms@shrew.net> 367 368 * src/racoon/ipsec_doi.c: Add logic to allow ip address ids to be 369 matched to ip subnet ids when appropriate. 370 3712007-02-21 Yvan Vanhullebus <vanhu@netasq.com> 372 373 * src/racoon/ipsec_doi.c: block variable declaration before code in 374 ipsecdoi_id2str() 375 3762007-02-20 Yvan Vanhullebus <vanhu@netasq.com> 377 378 * src/racoon/isakmp_inf.c: Removed a debug printf.... 379 380 * src/racoon/isakmp.c: Only delete a generated SPD if it's creation 381 date matches the creation date of the SA we are currently deleting 382 383 * src/racoon/: handler.c, isakmp_var.h: updated delete_spd() calls 384 385 * src/racoon/: isakmp_inf.c, pfkey.c: fills creation date of 386 generated SPDs 387 388 * src/racoon/policy.h: added 'created' var 389 3902007-02-19 Yvan Vanhullebus <vanhu@netasq.com> 391 392 * src/racoon/isakmp.c: Removed a debug printf.... 393 3942007-02-16 tag ipsec-tools-0_7-beta1 395 3962007-02-16 Emmanuel Dreyfus <manu@netbsd.org> 397 398 * configure.ac: Bump to 0.7beta1 399 4002007-02-16 Yvan Vanhullebus <vanhu@netasq.com> 401 402 * src/racoon/ipsec_doi.c: From Olivier Warin: Fix a %zu in a 403 printf. 404 4052007-02-15 Emmanuel Dreyfus <manu@netbsd.org> 406 407 * src/racoon/security.c: Missing file for SELinux 408 409 * configure.ac: Missing stuff for SELinux 410 4112007-02-15 Yvan Vanhullebus <vanhu@netasq.com> 412 413 * src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: Just 414 expire a ph1 handle when receiving a DELETE-SA instead of calling 415 purge_remote(). 416 417 * src/racoon/isakmp.c: Fixed the way phase1/2 messages are 418 sent/resent, to avoid zombie handles and acces to freed memory 419 4202007-02-02 Yvan Vanhullebus <vanhu@netasq.com> 421 422 * src/racoon/cfparse.y: Fixed a check of NAT-T support in libipsec 423 4242007-02-01 Yvan Vanhullebus <vanhu@netasq.com> 425 426 * src/racoon/isakmp_inf.c: From "Uncle Pedro" on sf.net: When 427 receiving an ISAKMP DELETE_SA, get the cookie of the SA to be 428 deleted from payload instead of just deleting the ISAKMP SA used to 429 protect the informational exchange. 430 4312006-12-18 Yvan Vanhullebus <vanhu@netasq.com> 432 433 * src/racoon/crypto_openssl.c: From Joy Latten: fix a memory leak 434 4352006-12-10 tag ipsec-tools-0_7-base 436 4372006-12-10 Emmanuel Dreyfus <manu@netbsd.org> 438 439 * src/: libipsec/Makefile.am, libipsec/libpfkey.h, 440 libipsec/pfkey.c, racoon/backupsa.c, racoon/cfparse.y, 441 racoon/pfkey.c: Bring back API and ABI backward compatibility 442 with previous libipsec before recent interface change. Bump libipsec 443 minor version. Remove ifdefs in struct pfkey_send_sa_args to avoid 444 ABI compatibility lossage. Add a capability flags to detect missing 445 optional feature in libipsec 446 447 * src/racoon/: Makefile.am, doc/README.plainrsa: From Joy Latten: 448 README.plainrsa documenting plain RSA auth 449 4502006-12-09 Emmanuel Dreyfus <manu@netbsd.org> 451 452 * configure.ac, src/libipsec/libpfkey.h, src/libipsec/pfkey.c, 453 src/racoon/Makefile.am, src/racoon/backupsa.c, 454 src/racoon/backupsa.h, src/racoon/cftoken.l, 455 src/racoon/ipsec_doi.c, src/racoon/ipsec_doi.h, 456 src/racoon/isakmp_inf.c, src/racoon/isakmp_quick.c, 457 src/racoon/pfkey.c, src/racoon/policy.c, src/racoon/policy.h, 458 src/racoon/proposal.c, src/racoon/proposal.h, 459 src/racoon/remoteconf.c: From Joy Latten: Add support for SELinux 460 security contexts. Also cleanup the libipsec interface for adding 461 and updating security associations. 462 463 * src/racoon/racoon.conf.5: From Simon Chang: More hints about 464 plain RSA authentication 465 4662006-12-05 Yvan Vanhullebus <vanhu@netasq.com> 467 468 * src/racoon/: proposal.c, proposal.h, racoon.conf.5: Check keys 469 length regarding proposal_check level 470 4712006-11-16 Matthew Grooms <mgrooms@shrew.net> 472 473 * src/racoon/sainfo.c: Correct issues associated with anonymous 474 sainfo selection in racoon. 475 4762006-11-09 Christos Zoulas <christos@netbsd.org> 477 478 * src/racoon/crypto_openssl.c: eliminate the only variable stack 479 array allocation. 480 4812006-10-31 Christian Biere <cbiere@netbsd.org> 482 483 * src/racoon/sockmisc.c: Don't define the deprecated 484 IPV6_RECVDSTADDR if the "advanced IPv6 API" is used because 485 IPV6_RECVPKTINFO and IPV6_PKTINFO are used to prevent potential bugs 486 in the future just in case that the numeric value of the socket 487 option is ever recycled. 488 4892006-10-22 Yvan Vanhullebus <vanhu@netasq.com> 490 491 * src/racoon/: backupsa.c, cfparse.y: From Michal Ruzicka: fix 492 typos 493 4942006-10-19 Yvan Vanhullebus <vanhu@netasq.com> 495 496 * src/racoon/sainfo.c: From Matthew Grooms: use 497 ipsecdoi_chkcmpids() and changed src/dst to loc/rmt in getsainfo(). 498 499 * src/racoon/: ipsec_doi.c, ipsec_doi.h: From Matthew Grooms: Added 500 ipsecdoi_chkcmpids() function. 501 5022006-10-09 Emmanuel Dreyfus <manu@netbsd.org> 503 504 * src/racoon/proposal.c: Fix memory leak (Coverity 3438 and 3437) 505 506 * src/racoon/isakmp_unity.c: Correctly check read() return value: 507 it's signed (Coverity 1251) 508 5092006-10-06 Emmanuel Dreyfus <manu@netbsd.org> 510 511 * configure.ac, src/libipsec/pfkey_dump.c, src/racoon/algorithm.c, 512 src/racoon/algorithm.h, src/racoon/cftoken.l, 513 src/racoon/crypto_openssl.c, src/racoon/crypto_openssl.h, 514 src/racoon/eaytest.c, src/racoon/ipsec_doi.c, 515 src/racoon/ipsec_doi.h, src/racoon/oakley.h, src/racoon/pfkey.c, 516 src/racoon/racoon.conf.5, src/racoon/strnames.c, 517 src/setkey/setkey.8, src/setkey/test-pfkey.c, src/setkey/token.l: 518 Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki 519 <okazaki@kick.gr.jp> 520 5212006-10-03 Emmanuel Dreyfus <manu@netbsd.org> 522 523 * src/racoon/admin.c: fix endianness issue introduced yesterday 524 5252006-10-03 Yvan Vanhullebus <vanhu@netasq.com> 526 527 * src/racoon/racoon.conf.5: Added remoteid/ph1id syntax 528 529 * src/racoon/: cfparse.y, cftoken.l: Parses remoteid/ph1id values 530 531 * src/racoon/: handler.c, isakmp_quick.c, pfkey.c, sainfo.c: Uses 532 remoteid/ph1id values 533 534 * src/racoon/: remoteconf.h, sainfo.h: Added remoteid/ph1id values 535 5362006-10-02 Emmanuel Dreyfus <manu@netbsd.org> 537 538 * src/racoon/isakmp_base.c: 539 avoid reusing free'd pointer (Coverity 2613) 540 541 * src/racoon/isakmp_inf.c: Check for NULL pointer (COverity 4175) 542 543 * src/racoon/isakmp_ident.c: Remove dead code (Coverity 3451) 544 545 * src/racoon/algorithm.c: Fix array overrun (Coverity 4172) 546 547 * src/racoon/admin.c: Fix memory leak (Coverity 2002) 548 549 * src/racoon/: admin.c, isakmp.c, sockmisc.c: Fix memory leak 550 (Coverity 2001), refactor the code to use port get/set functions 551 552 * src/racoon/admin.c: Avoid reusing free'd pointer (Coverity 4200) 553 554 * src/racoon/oakley.c: Don't use NULL pointer (Coverity 3443), 555 reformat to 80 char/line 556 5572006-10-02 Tom Spindler <dogcow@netbsd.org> 558 559 * src/racoon/ipsec_doi.c: If you're going to initialize a pointer, 560 you have to init it with a pointer type, not an int. 561 5622006-10-02 Emmanuel Dreyfus <manu@netbsd.org> 563 564 * src/racoon/isakmp.c: Don't use NULL pointer (coverity 3439) 565 566 * src/racoon/ipsec_doi.c: Don't use NULL pointer (Coverity 1334) 567 568 * src/racoon/pfkey.c: Don't use NULL pointer (Coverity 944) 569 570 * src/racoon/proposal.c: Don't use NULL pointer (Coverity 941) 571 572 * src/racoon/racoonctl.c: Don't use NULL pointer (Coverity 942) 573 574 * src/racoon/sockmisc.c: Don't use null pointer (Coverity 863) 575 5762006-10-01 Emmanuel Dreyfus <manu@netbsd.org> 577 578 * src/racoon/ipsec_doi.c: FIx memory leak (Coverity 4181) 579 580 * src/racoon/isakmp.c: Check that iph1->remote is not NULL before 581 using it (Coverity 3436) 582 5832006-09-30 Emmanuel Dreyfus <manu@netbsd.org> 584 585 * src/racoon/isakmp_agg.c: emove dead code (Coverity 4165) 586 587 * src/racoon/isakmp_cfg.c: Fix memory leak (Coverity 4179) 588 589 * src/racoon/samples/roadwarrior/client/: phase1-down.sh, 590 phase1-up.sh: update the scripts for wrorking around routing 591 problems on NetBSD 592 593 * src/racoon/session.c: Reuse existing code for closing IKE 594 sockets, and avoid screwing things by setting p->sock = -1, which is 595 not expected (Coverity 4173). 596 597 * src/racoon/admin.c: Do not free id and key, as they are used 598 later 599 6002006-09-29 Emmanuel Dreyfus <manu@netbsd.org> 601 602 * src/racoon/racoonctl.c: Fix the fix: handle_recv closes the 603 socket, so we must call com_init before sending any data. 604 6052006-09-28 Emmanuel Dreyfus <manu@netbsd.org> 606 607 * src/racoon/isakmp_xauth.c: Fix unchecked mallocs (Coverity 4176, 608 4174) 609 610 * src/racoon/racoonctl.c: Fix access after free (Coverity 4178) 611 6122006-09-26 Emmanuel Dreyfus <manu@netbsd.org> 613 614 * src/racoon/cfparse.y: Fix memory leak (Coverity) 615 616 * src/racoon/backupsa.c: Fix memory leak (Coverity) 617 618 * src/racoon/admin.c: Remove dead code (Coverity) 619 620 * src/racoon/admin.c: Fix memory leak (Coverity) 621 622 * src/racoon/admin.c: One more memory leak 623 624 * src/racoon/admin.c: Fix memory leak in racoonctl (coverity) 625 626 * src/racoon/ipsec_doi.c: Fix buffer overflow Also fix credits: SA 627 bundle fix was contributed by Jeff Bailey, not Matthew Grooms. 628 Matthew updated the patch for current code, though. 629 630 * src/racoon/: pfkey.c, proposal.c: fix SA bundle (e.g.: for 631 negotiating ESP+IPcomp) 632 6332006-09-25 Yvan Vanhullebus <vanhu@netasq.com> 634 635 * src/racoon/isakmp.c: From Yves-Alexis Perez: struct ip -> struct 636 iphdr for Linux 637 6382006-09-25 Emmanuel Dreyfus <manu@netbsd.org> 639 640 * src/racoon/isakmp.c: style (mostly for testing 641 ipsec-tools-commits@netbsd.org) 642 643 * src/racoon/ipsec_doi.c: Fix double free, from Matthew Grooms 644 6452006-09-21 Yvan Vanhullebus <vanhu@netasq.com> 646 647 * src/libipsec/pfkey.c: use sysdep_sa_len to make it compile on 648 Linux 649 6502006-09-19 Thomas Klausner <wiz@netbsd.org> 651 652 * src/racoon/racoon.conf.5: Bump date for ike_frag force. 653 654 * src/racoon/: plainrsa-gen.8, racoon.conf.5: New sentence, new 655 line. 656 657 * src/racoon/: racoon.conf.5, plainrsa-gen.8: Remove trailing 658 whitespace. 659 6602006-09-19 Yvan Vanhullebus <vanhu@netasq.com> 661 662 * src/racoon/proposal.c: From Yves-Alexis Perez: fixes default 663 value for encmodesv in set_proposal_from_policy() 664 665 * src/racoon/isakmp.c: always include some headers, as they are 666 required even without NAT-T 667 668 * src/: libipsec/pfkey_dump.c, setkey/token.l: From Larry Baird: 669 define SADB_X_EALG_AESCBC as SADB_X_EALG_AES if needed 670 671 * src/racoon/crypto_openssl.c: From Larry Baird: some printf() -> 672 plog() 673 6742006-09-18 Emmanuel Dreyfus <manu@netbsd.org> 675 676 * src/racoon/: cfparse.y, cftoken.l, isakmp.c, isakmp_frag.h, 677 isakmp_inf.c, racoon.conf.5, remoteconf.c: From Matthew Grooms: 678 ike_frag force option to force the use of IKE on first packet 679 exchange (prior to peer consent) 680 6812006-09-18 Yvan Vanhullebus <vanhu@netasq.com> 682 683 * rpm/suse/ipsec-tools.spec, src/racoon/prsa_tok.c: removed 684 generated files from the CVS 685 686 * src/racoon/prsa_par.c: removed generated files from the CVS 687 688 * src/racoon/: cfparse.c, cftoken.c: removed generated files from 689 the CVS 690 6912006-09-18 Emmanuel Dreyfus <manu@netbsd.org> 692 693 * src/racoon/isakmp.c: From Matthew Grooms: handle IKE frag used in 694 the first packet. That should not normally happen, as the initiator 695 does not know yet if the responder can handle IKE frag. However, in 696 some setups, the first packet is too big to get through, and 697 assuming the peer supports IKE frag is the only way to go. 698 699 racoon should have a setting in the remote section to do taht 700 (something like ike_frag force) 701 7022006-09-16 Emmanuel Dreyfus <manu@netbsd.org> 703 704 * src/racoon/ipsec_doi.c: Trivial bugfix in RFC2407 4.6.2 705 conformance, from Matthew Grooms 706 7072006-09-15 Emmanuel Dreyfus <manu@netbsd.org> 708 709 * src/racoon/ipsec_doi.c: Fix build on Linux 710 711For older changes see ChangeLog.old 712