summaryrefslogtreecommitdiff
path: root/keyexchange/isakmpd-20041012/debian/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'keyexchange/isakmpd-20041012/debian/ChangeLog')
-rw-r--r--keyexchange/isakmpd-20041012/debian/ChangeLog1668
1 files changed, 0 insertions, 1668 deletions
diff --git a/keyexchange/isakmpd-20041012/debian/ChangeLog b/keyexchange/isakmpd-20041012/debian/ChangeLog
deleted file mode 100644
index bae602d..0000000
--- a/keyexchange/isakmpd-20041012/debian/ChangeLog
+++ /dev/null
@@ -1,1668 +0,0 @@
-End of changelog debian package isakmpd.20041012-1
---------------------------------------------------
-
-2004-10-08 17:18 hshoexer
-
- * sysdep/common/libsysdep/arc4random.c: pull in some changes from
- libc arc4random (only relevant for non-OpenBSD systems): ansify,
- discard first 256 output bytes, make key schedule more arc4
- stream ciper like.
-
- ok djm ho
-
-2004-10-01 06:08 jsg
-
- * monitor_fdpass.c: add some missing $, ok djm@ 'That looks fine to
- me' millert@
-
-2004-09-24 15:31 ho
-
- * udp_encap.c: Don't process NAT-T keepalives. Noted by Kamel
- Messaoudi. hshoexer@ ok
-
-2004-09-20 23:36 hshoexer
-
- * virtual.c: compile cleanly with -Wsign-compare ok ho
-
-2004-09-20 23:35 hshoexer
-
- * monitor_fdpass.c: Remove __func__ ok ho deraadt
-
-2004-09-17 16:54 hshoexer
-
- * isakmpd.c: avoid signal race.
-
- ok ho@ otto@
-
-2004-09-17 15:53 ho
-
- * exchange.c, ike_quick_mode.c, ipsec.c, key.c, pf_key_v2.c:
- Missing #ifdefs.
-
-2004-09-17 15:46 ho
-
- * init.c: #include <stdlib.h> for srandom().
-
-2004-09-17 15:45 ho
-
- * message.c: Permit next payload type NAT-OA. Noted by Kamel
- Messaoudi.
-
-2004-08-23 13:53 ho
-
- * exchange.c: We need to set sa->initiator before checking if the
- newly created SA replaces an old one, or the id_i/id_r check will
- mismatch. Previous behaviour was mostly harmless, but wasted some
- resources (until normal SA expiration). hshoexer@ "haven't tried,
- but think it's ok"
-
-2004-08-23 13:16 ho
-
- * Makefile: Default enable DPD (Dead Peer Detection) support.
- hshoexer@ ok
-
-2004-08-23 13:13 ho
-
- * exchange.h: Indent nit.
-
-2004-08-17 16:48 hshoexer
-
- * message.c: check for msg->isakmpg_sa being NULL before
- referencing ok ho@
-
-2004-08-14 15:29 hshoexer
-
- * ike_quick_mode.c: When using -K (keynote disabled), check peers'
- proposal against isakmpd.conf.
-
- ok ho@ henning@
-
-2004-08-13 04:51 djm
-
- * monitor_fdpass.c: extra check for no message case; ok markus,
- deraadt, hshoexer, henning
-
-2004-08-12 13:21 hshoexer
-
- * monitor.c: Fix compiler warning on alpha. Noted by and ok ho@
-
-2004-08-12 13:08 ho
-
- * pf_key_v2.c: Avoid memleak on error (Linux/KAME). Found by
- Benjamin Pineau.
-
-2004-08-10 21:21 deraadt
-
- * virtual.c, x509.c: spacing
-
-2004-08-10 17:59 ho
-
- * dpd.c, dpd.h, exchange.c, ipsec.c, isakmp_num.cst,
- isakmpd.conf.5, message.c, message.h, pf_key_v2.c, pf_key_v2.h,
- sa.c, sa.h, sysdep.h, udp_encap.c, sysdep/bsdi/sysdep.c,
- sysdep/darwin/sysdep.c, sysdep/freebsd/sysdep.c,
- sysdep/freeswan/sysdep.c, sysdep/linux/sysdep.c,
- sysdep/netbsd/sysdep.c, sysdep/openbsd/sysdep.c: Better
- implementation of the Dead Peer Detection protocol, RFC 3706.
- hshoexer@ ok.
-
-2004-08-10 11:49 ho
-
- * sysdep/linux/GNUmakefile.sysdep: Linux has AES (and DES). From
- Benjamin Pineau.
-
-2004-08-10 11:47 ho
-
- * sysdep/common/libsysdep/arc4random.c: If opening /dev/arandom
- fails, try /dev/random. Suggested by Benjamin Pineau.
-
-2004-08-08 21:11 deraadt
-
- * GNUmakefile, conf.c, dpd.c, exchange.c, ike_auth.c,
- ike_phase_1.c, ike_quick_mode.c, ipsec.c, isakmp_cfg.c, log.c,
- message.c, monitor.c, nat_traversal.c, pf_key_v2.c, policy.c,
- sa.c, sysdep.h, transport.c, udp.c, udp_encap.c, ui.c, util.c,
- virtual.c, x509.c: spacing
-
-2004-08-03 12:54 ho
-
- * nat_traversal.c, transport.c, udp.c, udp.h, udp_encap.c,
- virtual.c: Rewrite the transport reference count code to avoid
- leaks. hshoexer@ ok.
-
-2004-08-02 17:48 hshoexer
-
- * sa.c: Do not expire unestablished phase 2 SAs on SIGHUP.
-
- ok ho@
-
-2004-08-02 17:30 ho
-
- * GNUmakefile: Missed to add virtual.c here. Noted by Benjamin
- Pineau.
-
-2004-07-30 12:45 ho
-
- * Makefile, sysdep.h, util.c: Style.
-
-2004-07-29 22:02 ho
-
- * conf.c: Less noise while debugging.
-
-2004-07-29 10:54 ho
-
- * ike_aggressive.c, ike_phase_1.c, nat_traversal.c: Repair NAT-T
- using Aggressive mode, NAT-D checks were in the wrong place.
- Noted by Yvan VANHULLEBUS.
-
-2004-07-09 18:06 deraadt
-
- * doi.c, exchange.c: ansi
-
-2004-07-08 21:53 hshoexer
-
- * virtual.c: free() and close() in error path.
-
- ok ho@
-
-2004-07-08 12:37 jmc
-
- * isakmpd.8, isakmpd.conf.5: typo, and line adjustment;
-
-2004-07-08 00:25 hshoexer
-
- * isakmpd.8, isakmpd.conf.5: document -a/-K and
- "Acquire-Only"/"Use-Keynote".
-
- ok markus@ henning@ ho@ english polish and mdoc help and ok jmc@
-
-2004-07-07 11:16 hshoexer
-
- * message.c: plug memleak when receiving an
- INVALID_HASH_INFORMATION notify. Found by Patrick Latifi,
- thanks!
-
- ok ho@
-
-2004-07-07 11:13 hshoexer
-
- * udp_encap.c: compile cleanly with -Wsign-compare; while around,
- kill a space
-
- ok ho@
-
-2004-07-05 19:33 pvalchev
-
- * ike_phase_1.c: %lu and cast to unsigned long to print a size_t;
- ok ho
-
-2004-06-30 12:07 hshoexer
-
- * nat_traversal.c: Compile cleanly with gcc3.3.2.
-
- ok ho@
-
-2004-06-26 13:32 jmc
-
- * isakmpd.conf.5: new sentence, new line;
-
-2004-06-26 08:07 hshoexer
-
- * monitor.c, monitor.h, pf_key_v2.c, pf_key_v2.h,
- sysdep/openbsd/sysdep.c: Narrow down privsep interface. Move
- pf_key_v2_open() to monitor.
-
- Work in progress.
-
- ok ho@
-
-2004-06-26 05:40 mcbride
-
- * sysdep/: bsdi/Makefile.sysdep, darwin/GNUmakefile.sysdep,
- darwin/Makefile.sysdep, freebsd/GNUmakefile.sysdep,
- freebsd/Makefile.sysdep, linux/GNUmakefile.sysdep,
- netbsd/GNUmakefile.sysdep, netbsd/Makefile.sysdep,
- openbsd/GNUmakefile.sysdep, openbsd/Makefile.sysdep: Remove
- -DHAVE_GETNAMEINFO frome makefiles.
-
- Pointed out by ho@
-
-2004-06-25 22:25 hshoexer
-
- * conf.c, conf.h, ike_quick_mode.c, isakmpd.c, policy.c, policy.h:
- Keynote policy checking can now be disabled by "-K" switch and
- config tag "Use-Keynote". Default is to use keynote.
-
- ok henning@ ho@
-
-2004-06-25 21:42 mcbride
-
- * udp.c, util.c: Remove HAVE_GETNAMEINFO alternate code. Compiled
- binary is unchanged.
-
- ok msf@ hshoexer@ itojun@ ho@
-
-2004-06-25 02:58 hshoexer
-
- * init.c, log.c, monitor.c, monitor.h, ui.c: Narrow down privsep
- interface. Remove ui_init to monitor. So we can get rid of
- monitor_mkfifo.
-
- Work in progress.
-
- ok ho@
-
-2004-06-24 19:02 hshoexer
-
- * monitor.c: Remove some unused code. Fix handling of sigchild.
- Now it's possible to sigstop/sigcont isakmpd correclty.
-
- ok ho@
-
-2004-06-24 17:58 hshoexer
-
- * policy.c: Also handle keys from x509-certificates embedded in
- keynote credentials.
-
- with msf@ ok ho@
-
-2004-06-24 01:36 ho
-
- * pf_key_v2.c: Print corrent prefix. Found and tested by alex at
- vbone.net.
-
-2004-06-23 05:01 hshoexer
-
- * ike_auth.c, util.c, util.h: Avoid stat before open. Do open and
- fstat instead. Remove check_file_secrecy() as it is obsoleted be
- check_file_secrecy_fd().
-
- ok ho@
-
-2004-06-23 03:17 ho
-
- * Makefile, sysdep.h, util.c: Make compiling with Boehm's gc
- possible again.
-
-2004-06-23 02:56 ho
-
- * ike_phase_1.c: Support IPV{4,6}_ADDR_SUBNET IDs in Phase 1, just
- like the man page says we do. Noted and tested by alex at
- vbone.net. Also avoid a potential SEGV here. hshoexer@ok
-
-2004-06-23 02:55 hshoexer
-
- * ipsec.c, isakmpd.c: Add commandline switch -a / config tag
- "Acquire-Only" to tell isakmpd to not touch flows.
-
- initial work by markus ok markus@ ho@ henning@
-
-2004-06-22 20:22 hshoexer
-
- * ike_auth.c: kn_get_string() may return NULL on failure. Handle
- this corrctly.
-
- with msf@, ok ho@ markus@
-
-2004-06-22 05:44 ho
-
- * virtual.c: The NAT-T drafts suggest we should drop incoming
- messages arriving on the old port (500) after we've switched to
- the new one.
-
-2004-06-22 01:42 ho
-
- * isakmpd.conf.5: Describe the [Default]:NAT-T-Keepalive
- configuration parameter.
-
-2004-06-22 01:28 ho
-
- * Makefile: Enable NAT-T support.
-
-2004-06-22 01:27 ho
-
- * ipsec.c, nat_traversal.c, nat_traversal.h, sa.c, sa.h,
- udp_encap.c: Implement NAT-T keepalive messages.
-
-2004-06-21 20:41 ho
-
- * pf_key_v2.c: udpencap_port should be taken from dst transport
-
-2004-06-21 20:40 ho
-
- * virtual.c: When switching from main to encap transport, copy dst
- port if translated (NAT).
-
-2004-06-21 20:34 ho
-
- * monitor.c: Strip away umask bits in monitor_fopen(). hshoexer@
- ok.
-
-2004-06-21 20:29 ho
-
- * ipsec.c: style nit
-
-2004-06-21 19:02 markus
-
- * features/nat_traversal: undo double-patch; Dries Schellekens
-
-2004-06-21 18:37 ho
-
- * log.c: Don't write too much IKE data in packet capture
-
-2004-06-21 18:01 ho
-
- * log.c, message.c: Packet capture should add the ESP-marker when
- NAT-T is active.
-
-2004-06-21 17:15 ho
-
- * pf_key_v2.c: Tell the kernel to enable ESP-in-UDP encapsulation
- when we have SAs negotiated with NAT-T.
-
-2004-06-21 15:09 ho
-
- * exchange.c, sa.h, transport.c, udp.c, udp_encap.c, virtual.c:
- Port floating (500->4500) for p1 and p2 exchanges.
-
-2004-06-20 19:44 ho
-
- * message.c: message_parse_payloads should accept payloads in the
- private range. While here, also cleanup some messages.
-
-2004-06-20 19:17 ho
-
- * dpd.c, exchange.c, ike_auth.c, ike_phase_1.c, ike_quick_mode.c,
- init.c, ipsec.c, isakmp_cfg.c, isakmp_doi.c, message.c,
- message.h, nat_traversal.c: Make the payload array in struct
- message dynamic, since we need to handle payloads in the private
- range, such as the pre-RFC NAT-D/NAT-OA. Replace
- TAILQ_FIRST(&msg->payload[i]) instances with function calls.
-
-2004-06-20 17:24 ho
-
- * Makefile, exchange.h, ike_phase_1.c, init.c, ipsec.c, isakmp.h,
- isakmp_fld.fld, message.c, nat_traversal.c, nat_traversal.h,
- policy.c, transport.c, transport.h, udp.c, udp.h, udp_encap.c,
- udp_encap.h, util.c, util.h, virtual.c, virtual.h,
- features/nat_traversal: NAT-Traversal for isakmpd. Work in
- progress... hshoexer@ ok.
-
-2004-06-20 17:20 ho
-
- * dpd.c, dpd.h, exchange.c, isakmp_num.cst, sa.h, features/dpd: A
- start towards Dead Peer Detection (DPD) support, as specified in
- RFC 3706
-
-2004-06-20 17:11 ho
-
- * message.c: Some vendors send the last Aggressive Mode message
- unencrypted, which we should accept. Problem noted by alex at
- vbone.net. hshoexer@ ok.
-
-2004-06-20 17:03 ho
-
- * isakmpd.c, monitor.c, monitor.h: To make debugging the
- unprivileged child process easier, make 'isakmpd -dd' pause just
- after privsep; print the PIDs and wait for SIGCONT. hshoexer@ ok
-
-2004-06-17 21:39 hshoexer
-
- * ipsec.c: Yet another bunch of memleask found and fixed by Patrick
- Latifi. Thanks!
-
- ok ho@
-
-2004-06-17 21:36 hshoexer
-
- * udp.c: Plug a memleak. Found and fixed (and some cleanup) by
- Patrick Latifi. Thanks!
-
- ok ho@
-
-2004-06-17 21:32 hshoexer
-
- * x509.c: Evaluate result of X509_verify_cert() more carefully.
-
- ok cloder@
-
-2004-06-16 17:08 hshoexer
-
- * util.c: Fix wrong pointer dereference and plug memleak. Found
- and patch by Patrick Latifi. Thanks!
-
- ok ho@
-
-2004-06-16 17:05 hshoexer
-
- * ipsec.c: fix ipv6-address and ipv6-address-mask mixup. Found by
- Patrick Latifi. Thanks!
-
- ok ho@
-
-2004-06-15 17:53 hshoexer
-
- * ike_quick_mode.c, isakmp_cfg.c: also use MSG_AUTHENTICATED flag.
-
- ok ho@
-
-2004-06-14 15:53 hshoexer
-
- * conf.c, ike_auth.c, x509.c: avoid stat before open
-
- ok ho@
-
-2004-06-14 12:04 hshoexer
-
- * message.c: added a missing message_free().
-
- ok ho@
-
-2004-06-14 11:55 ho
-
- * cert.c, conf.c, connection.c, crypto.c, dnssec.c, exchange.c,
- field.c, hash.c, if.c, ike_auth.c, ike_main_mode.c,
- ike_phase_1.c, ike_quick_mode.c, ipsec.c, isakmp_cfg.c,
- isakmp_doi.c, isakmpd.c, key.c, log.c, math_2n.c, math_group.c,
- message.c, monitor.c, pf_key_v2.c, policy.c, timer.c,
- transport.c, udp.c, util.c, x509.c: KNF, style, 80c, etc.
- hshoexer@ ok
-
-2004-06-11 12:17 brad
-
- * message.c: typo in comment
-
-2004-06-11 05:08 brad
-
- * ike_phase_1.c, ike_quick_mode.c, ipsec.c, message.c, message.h:
- MFC: Fix by hshoexer@
-
- Mark authenticated messages explicitly. Better check for
- authentication before deleteing SAs.
-
- This fix is needed to solve the problems reported by Thomas
- Walpuski, previous diff was not sufficient. Pointed out by
- Thomas. Thanks!
-
-2004-06-11 04:34 brad
-
- * ike_phase_1.c, ike_quick_mode.c, ipsec.c, message.c, message.h:
- MFC: Fix by hshoexer@
-
- Mark authenticated messages explicitly. Better check for
- authentication before deleteing SAs.
-
- This fix is needed to solve the problems reported by Thomas
- Walpuski, previous diff was not sufficient. Pointed out by
- Thomas. Thanks!
-
-2004-06-10 14:54 hshoexer
-
- * ike_phase_1.c, ike_quick_mode.c, ipsec.c, message.c, message.h:
- Mark authenticated messages explicitly. Better check for
- authentication before deleteing SAs.
-
- This fix is needed to solve the problems reported by Thomas
- Walpuski, previous diff was not sufficient. Pointed out by
- Thomas. Thanks!
-
- ok ho@ niklas@, testing and spellcheck by todd@ msf@
-
-2004-06-09 23:15 brad
-
- * message.c: MFC: Fix by hshoexer@
-
- only accept DELETEs during an authenticated INFORMATIONAL
- exchange. Fix for recent problem disclosed by Thomas Walpuski.
-
-2004-06-09 22:48 brad
-
- * message.c: MFC: Fix by hshoexer@
-
- only accept DELETEs during an authenticated INFORMATIONAL
- exchange. Fix for recent problem disclosed by Thomas Walpuski.
-
-2004-06-09 16:02 ho
-
- * conf.c, exchange.c, ike_phase_1.c, ike_quick_mode.c, ipsec.c,
- isakmp_cfg.c, message.c, pf_key_v2.c, transport.c, udp.c: Style
- nits. hshoexer@ ok
-
-2004-06-09 14:59 hshoexer
-
- * message.c: only accept DELETEs during an authenticated
- INFORMATIONAL exchange. Fix for recent problem disclosed by
- Thomas Walpuski.
-
- ok ho@
-
-2004-06-06 15:05 ho
-
- * ike_phase_1.c: Style (KNF, 80c). No binary change.
-
-2004-06-02 18:19 hshoexer
-
- * ike_auth.c, x509.c: remove unused BIO-functions.
-
- ok markus@ ho@
-
-2004-05-27 00:17 hshoexer
-
- * ike_auth.c: do not leak fd on error path.
-
- ok ho@
-
-2004-05-24 16:54 hshoexer
-
- * util.c: Use correct function names in log messages. Kill some
- spaces.
-
- ok deraadt@ ho@
-
-2004-05-23 20:17 hshoexer
-
- * field.c, field.h, hash.c, if.c, ike_aggressive.c,
- ike_aggressive.h, ike_auth.c, ike_main_mode.c, ike_main_mode.h,
- ipsec.c, ipsec.h, isakmp_cfg.c, isakmp_cfg.h, isakmp_doi.c,
- isakmpd.c, key.c, log.c, log.h, math_2n.c, math_ec2n.c,
- math_ec2n.h, math_group.c, message.c, message.h, monitor.c,
- monitor_fdpass.c, pf_key_v2.h, policy.c, prf.c, sa.c, sa.h,
- timer.c, timer.h, udp.c, ui.c, util.c, x509.c, x509.h: More KNF.
- Mainly spaces and line-wraps, no binary change.
-
- ok ho@
-
-2004-05-23 18:14 deraadt
-
- * if.c, udp.c: remove excessive monitor_ prefixes
-
-2004-05-23 18:14 deraadt
-
- * policy.c, util.c, util.h: stat before open is flawed
-
-2004-05-23 18:13 deraadt
-
- * key.c: greater care with arguments
-
-2004-05-19 16:30 ho
-
- * ipsec.c, isakmpd.c: Permit symbolic protocol and service names,
- such as "Protocol= tcp", in the <IPsec-ID> sections. hshoexer@ ok
-
-2004-05-14 10:42 hshoexer
-
- * attribute.c, attribute.h, cert.c, cert.h, conf.c, conf.h,
- connection.c, cookie.c, cookie.h, crypto.c, crypto.h, dh.h,
- dnssec.c, dnssec.h, doi.c, doi.h: Some more KNF, no binary
- change.
-
- ok ho@
-
-2004-05-13 08:56 ho
-
- * connection.c, isakmpd.8, sa.c, sa.h, ui.c, ui.h: Extensions to
- the FIFO interface: "C get [section]:tag" fetches a configuration
- value. "C add [section]:tag=value" adds 'value' to a list,
- typically for the [Phase 2]:Connections tag. FIFO "S" command
- destination file changed. Various KNF cleanups. hshoexer@ ok.
-
-2004-05-10 20:34 deraadt
-
- * monitor.c: 64bit gcc saw missing cast
-
-2004-05-06 12:40 ho
-
- * exchange.c: KNF cleanup. hshoexer@ ok
-
-2004-05-03 23:23 hshoexer
-
- * exchange.c, exchange.h: KNF. ok ho@
-
-2004-04-30 00:36 hshoexer
-
- * message.c: Better checking of minimum payload lengths. Drop out
- safely when an unknown payload type is encountered. While
- around, do some KNF.
-
- ok ho@
-
-2004-04-28 22:20 hshoexer
-
- * ike_quick_mode.c, policy.c, policy.h: remove unused variable and
- shorten names of two other. Removed some spaces while around.
-
- ok ho@ markus@
-
-2004-04-28 16:40 ho
-
- * ipsec_num.cst, isakmp_num.cst: Reserve some payload numbers for
- RFC 3547 and the earlier NAT-T drafts. hshoexer@ ok.
-
-2004-04-23 16:15 ho
-
- * conf.c, conf.h: Make sure KEY_LENGTH attribute is present when
- checking AES proposals, required when acting as responder to
- SafeNet peers. Also make conf_load_defaults() readable again
- (KNF). hshoexer@ ok.
-
-2004-04-15 22:20 deraadt
-
- * conf.c: more knf; ok hshoexer
-
-2004-04-15 20:53 deraadt
-
- * conf.c: knf
-
-2004-04-15 20:39 deraadt
-
- * app.c, app.h, attribute.c, attribute.h, cert.c, cert.h, conf.c,
- conf.h, connection.c, connection.h, constants.c, constants.h,
- cookie.c, cookie.h, crypto.c, crypto.h, dh.c, dh.h, dnssec.c,
- dnssec.h, doi.c, doi.h, exchange.h, field.c, field.h,
- genconstants.sh, genfields.sh, gmp_util.c, gmp_util.h, hash.c,
- hash.h, if.c, if.h, ike_aggressive.c, ike_aggressive.h,
- ike_auth.c, ike_auth.h, ike_main_mode.c, ike_main_mode.h,
- ike_phase_1.c, ike_phase_1.h, ike_quick_mode.c, ike_quick_mode.h,
- init.c, init.h, ipsec.c, ipsec.h, ipsec_doi.h, isakmp.h,
- isakmp_cfg.c, isakmp_cfg.h, isakmp_doi.c, isakmp_doi.h,
- isakmpd.c, key.c, key.h, libcrypto.c, libcrypto.h, log.c, log.h,
- math_2n.c, math_2n.h, math_ec2n.c, math_ec2n.h, math_group.c,
- math_group.h, math_mp.h, message.c, message.h, monitor.c,
- monitor.h, monitor_fdpass.c, pf_key_v2.c, pf_key_v2.h, policy.c,
- policy.h, prf.c, prf.h, sa.c, sa.h, sysdep.h, timer.c, timer.h,
- transport.c, transport.h, udp.c, udp.h, ui.c, ui.h, util.c,
- util.h, x509.c, x509.h, sysdep/openbsd/keynote_compat.c,
- sysdep/openbsd/sysdep.c: partial move to KNF. More to come.
- This has happened because there are a raft of source code
- auditors who are willing to help improve this code only if this
- is done, and hey, isakmpd does need our standard auditing
- process. ok ho hshoexer
-
-2004-04-15 02:27 deraadt
-
- * isakmpd.8: spaces
-
-2004-04-13 23:48 hshoexer
-
- * if.c: Add missing #include. Found by Stefan Paletta.
-
- ok henning@ ho@
-
-2004-04-08 18:08 henning
-
- * sysdep/linux/sys/queue.h: swap the last two parameters to
- TAILQ_FOREACH_REVERSE. matches what FreeBSD and NetBSD do. ok
- millert@ mcbride@ markus@ ho@, checked to not affect ports by
- naddy@
-
-2004-04-08 12:05 hshoexer
-
- * init.c, isakmpd.c: Set timezone before privsep, child uses now
- correct timezone. Noticed by david@
-
- ok ho@ david@
-
-2004-04-08 00:45 ho
-
- * conf.h, exchange.h, ike_auth.c, ike_phase_1.c, ike_quick_mode.c,
- ipsec.c, log.c, math_2n.c, math_group.c, math_group.h, message.c,
- monitor.c, pf_key_v2.c, policy.c, sa.c, udp.c, ui.c, util.c,
- x509.c, regress/crypto/cryptotest.c: -Wsign-compare nits.
- hshoexer@ ok.
-
-2004-04-08 00:45 ho
-
- * key.c: Reset *data in case of unknown key types
-
-2004-04-08 00:43 ho
-
- * Makefile: -Wmissing-declarations
-
-2004-04-07 22:04 ho
-
- * sa.c: More careful when walking LIST queues. hshoexer@, david@
- ok.
-
-2004-03-31 12:54 ho
-
- * cert.c, crypto.c, exchange.c, hash.c, ike_auth.c: -Wsign-compare
- nits. hshoexer@ ok.
-
-2004-03-31 12:53 ho
-
- * monitor.c: Use sysdep_sa_len() instead of sa->sa_len, also
- correct a log_fatal() message. hshoexer@ ok.
-
-2004-03-31 12:47 ho
-
- * isakmpd.c, sysdep/openbsd/Makefile.sysdep: Don't assume
- closefrom(2) exists everywhere. hshoexer@, markus@ ok.
-
-2004-03-29 19:07 deraadt
-
- * monitor.c: use malloc (oops)
-
-2004-03-29 18:32 deraadt
-
- * monitor.c: wrong FD_ZERO(); from ho, hshoexer, markus
-
-2004-03-29 18:32 deraadt
-
- * udp.c: memory mishandling; from ho
-
-2004-03-24 17:44 hshoexer
-
- * isakmpd.8: Add some notes about privsep to manpage.
-
- ok ho@ jmc@ deraadt@
-
-2004-03-23 19:20 hshoexer
-
- * monitor.c: Remove erroneous null termination.
-
- ok ho@ deraadt@
-
-2004-03-19 15:04 hshoexer
-
- * Makefile, conf.c, conf.h, if.c, ike_auth.c, isakmpd.c, log.c,
- monitor.c, monitor.h, policy.c, sa.c, udp.c, ui.c, x509.c: Add
- missing bits to make already present privsep code work. Enable
- privsep.
-
- ok ho@ deraadt@ markus@
-
-2004-03-17 16:05 brad
-
- * doi.h, ike_quick_mode.c, ipsec.c, isakmp_cfg.c, isakmp_doi.c,
- message.c, util.h: MFC: Fix by hshoexer@
-
- Fix payload handling flaws found by cloder@. Based on initial
- patch by cloder@.
-
- ok deraadt@ hshoexer@
-
-2004-03-17 15:59 brad
-
- * doi.h, ike_quick_mode.c, ipsec.c, isakmp_cfg.c, isakmp_doi.c,
- message.c, util.h: MFC: Fix by hshoexer@
-
- Fix payload handling flaws found by cloder@. Based on initial
- patch by cloder@.
-
- ok deraadt@ hshoexer@
-
-2004-03-17 12:10 ho
-
- * ike_auth.c: For consistency and to avoid a rare memory leak, the
- result from ike_auth_get_key() should always be released after
- use. Found and ok hshoexer@.
-
-2004-03-15 17:34 hshoexer
-
- * monitor.c: Properly check succes of chroot().
-
- ok ho@
-
-2004-03-15 17:29 hshoexer
-
- * monitor.c, monitor.h: Remove unused code.
-
- ok ho@
-
-2004-03-11 17:56 hshoexer
-
- * isakmp_cfg.c: Fix a memleak.
-
- ok ho@
-
-2004-03-11 00:08 hshoexer
-
- * doi.h, ipsec.c, isakmp_doi.c, message.c, util.h: Fix payload
- handling flaws found by cloder@. Based on initial patch by
- cloder@. Testing by markus@ cloder@ hshoexer@.
-
- ok ho@
-
-2004-03-10 17:10 hshoexer
-
- * message.c: Plug up memory leak.
-
- ok ho@
-
-2004-03-10 12:17 hshoexer
-
- * message.c: Reduce some noise on receipt of an invalid spi.
-
- ok ho@
-
-2004-03-10 10:28 ho
-
- * pf_key_v2.c: Fix for PR2429, from Clemens Wittinger.
-
-2004-03-09 22:42 hshoexer
-
- * message.c: Plug memleaks, found by cloder@.
-
- ok ho@
-
-2004-02-27 20:14 hshoexer
-
- * ipsec.c: Remove dead code.
-
- ok ho@
-
-2004-02-27 20:07 hshoexer
-
- * conf.c, isakmpd.conf.5: Add group 14 (modp2048) to predefined
- suites. Manpage also updated. ok ho@
-
-2004-02-27 11:16 ho
-
- * ike_phase_1.c, ike_quick_mode.c, sa.c, sa.h: (C)-2004
-
-2004-02-27 10:01 ho
-
- * ike_phase_1.c, ike_quick_mode.c, sa.c, sa.h: Follow RFC 2408 more
- closely regarding how to better check the proposal returned by
- the other peer (the responder). Some implementations (notably the
- Cisco PIX) does not follow a SHOULD in section 4.2 of the RFC.
- With certain proposal combinations this caused us to setup the
- wrong SA resulting in us being unable to process incoming IPsec
- traffic (over this tunnel).
-
- Tested against a number of different IKE implementations.
- hshoexer@ ok.
-
-2004-02-26 16:27 hshoexer
-
- * regress/rsakeygen/rsakeygen.c: remove unused code. noticed by
- ho@ ok ho@
-
-2004-02-26 06:52 jmc
-
- * isakmpd.conf.5: tweak; ok hshoexer@
-
-2004-02-25 17:01 hshoexer
-
- * init.c, isakmpd.conf.5, log.c, log.h, regress/b2n/Makefile,
- regress/crypto/Makefile, regress/crypto/cryptotest.c,
- regress/dh/Makefile, regress/ec2n/Makefile,
- regress/group/Makefile, regress/prf/Makefile,
- regress/rsakeygen/Makefile, regress/rsakeygen/rsakeygen.c,
- regress/util/Makefile: Add and document configuration options
- Logverbose and Loglevel. As log.c now depends on conf.c and some
- regression tests use log.c, add conf.c to Makefiles where
- necessary.
-
- ok ho@
-
-2004-02-20 12:31 hshoexer
-
- * ike_quick_mode.c: More small adjustments of log messages.
-
-2004-02-20 10:46 hshoexer
-
- * ike_quick_mode.c: Fix some double free errors. While around,
- adjust a log message. ok ho@
-
-2004-02-19 16:35 hshoexer
-
- * isakmpd.c: small cleanup of log messages. ok ho@
-
-2004-02-19 10:54 ho
-
- * isakmpd.c, log.c, log.h: With -d, SIGINT should do a clean
- shutdown. Without -d, logs should be sent to syslog, level
- LOG_INFO.
-
-2004-02-19 10:46 ho
-
- * isakmpd.c: Cleanup.
-
-2004-02-16 21:40 markus
-
- * exchange.c: check for isakmp_sa->transport != NULL; noticed by
- bluhm at genua.de ok hshoexer@
-
-2004-02-11 09:55 jmc
-
- * samples/VPN-3way-template.conf: typo; from Olivier Cherrier;
-
-2004-02-05 12:01 hshoexer
-
- * exchange.c: small logging cleanup and improvement requested by
- markus ok ho@ markus@
-
-2004-01-26 15:56 niklas
-
- * regress/exchange/run.pl: Added 2-clause license
-
-2004-01-24 00:08 jmc
-
- * isakmpd.8: `Ns' implies `No', so `Ns No' -> `Ns'; (even simpler
- in adduser(8)) discussed with todd@
-
-2004-01-16 11:51 hshoexer
-
- * exchange.c, ike_quick_mode.c, isakmpd.8, isakmpd.c, log.c, log.h:
- Added -v option. Enables logging of successful exchange
- completion. ok ho@
-
-2004-01-16 01:00 brad
-
- * exchange.c, ipsec.c, message.c: Fixes a few message handling
- flaws in isakmpd as reported by Thomas Walpuski.
-
- ok deraadt@ hshoexer@
-
-2004-01-13 23:50 brad
-
- * crypto.c, crypto.h, exchange.c, ipsec.c, message.c: Fixes a few
- message handling flaws in isakmpd as reported by Thomas Walpuski.
-
- ok deraadt@ hshoexer@
-
-2004-01-09 11:03 hshoexer
-
- * regress/exchange/run.sh: call nc correctly (nc has changed a
- while ago). ok markus@
-
-2004-01-06 01:22 hshoexer
-
- * conf.c, sa.c: small typos fixed.
-
- ok markus@
-
-2004-01-06 01:09 hshoexer
-
- * x509.c: Remove redundant test for file types. Noted by Stefan
- Paletta. While around, fix typos in log messages.
-
- Both ok markus@
-
-2004-01-03 17:38 ho
-
- * ipsec.c: Be more careful with INITIAL-CONTACT and do not delete
- SPIs when getting an INVALID-SPI notification. Issues noted by
- Thomas Walpuski. markus@ ok.
-
-2003-12-22 19:13 markus
-
- * crypto.h: use AES_BLOCK_SIZE only for USE_AES; report
- martti.kuparinen@iki.fi; ok ho@
-
-2003-12-18 03:03 ho
-
- * transport.c: Mention the exchange name when giving up on a
- message. Suggested by Michael Coulter.
-
-2003-12-15 11:06 hshoexer
-
- * ipsec.c, ipsec_num.cst, math_group.c, math_group.h: Support for
- groups modp2048, modp3072, modp4096, modp6144 and modp8192 (IDs
- 14 to 18).
-
- ok ho@
-
-2003-12-14 15:50 ho
-
- * log.c, util.c, util.h: Log the actual port for src and dst, don't
- assume it's always 500.
-
-2003-12-14 15:34 ho
-
- * sysdep/linux/sysdep.c: Make isakmpd work on big endian linux
- machines. From Sebastian Klemke. Also, a few style nits and a
- better error message text.
-
-2003-12-05 14:17 ho
-
- * message.c: Style nits
-
-2003-12-04 23:44 hshoexer
-
- * message.c: Validate SPIs presented in DELETE messages of the
- informational exchange. ok markus@
-
-2003-12-04 22:13 miod
-
- * ike_phase_1.c, isakmp_cfg.c: Typos
-
-2003-11-20 12:23 jmc
-
- * isakmpd.8: use .Dv for AF_INET and AF_INET6 (kills ugly line
- break); spotted by Alexey E. Suslikov;
-
- also kill some .Pp's before displays/lists for better PostScript
- output;
-
-2003-11-08 20:17 jmc
-
- * init.c: typos from Jonathon Gray;
-
-2003-11-07 11:16 jmc
-
- * x509.c, samples/VPN-3way-template.conf: adress -> address, and a
- few more; all from Jonathon Gray;
-
- (mvme68k/mvme88k) vs.c and (vax) if_le.c ok miod@ isakmpd ones ok
- ho@
-End of changelog debian package isakmpd.20031107-1
---------------------------------------------------
-
-2003-11-06 17:12 ho
-
- * dnssec.c, exchange.c, field.c, if.c, ike_auth.c, ipsec.c, key.c,
- log.c, message.c, message.h, monitor_fdpass.c, pf_key_v2.c,
- policy.c, ui.c, x509.c, x509.h: Style nits.
-
-2003-11-06 16:55 ho
-
- * exchange.c, message.c: Require encrypted messages are soon as we
- have the keystate for it. Require DELETE payloads to be
- accompanied by HASHes, and add validation for HASH payloads
- without active exchanges. From Hans-Joerg Hoexer with various
- modifications and suggestions from me and markus@. Ok markus@.
-
-2003-11-06 16:50 ho
-
- * ipsec.c: spis[] type tweak. From Hans-Joerg Hoexer.
-
-2003-11-05 13:55 jmc
-
- * isakmpd.conf.5: PFS: Perfect Forward Secrecy (RFC 2409); from
- misc@ and ok markus@
-
-2003-11-05 13:31 jmc
-
- * QUESTIONS: updated URL from Jared Yanovich;
-
-2003-10-25 22:47 mcbride
-
- * isakmpd.policy.5: OpenSSL generates DNs with emailAddress, not
- Email.
-
-2003-10-25 09:47 jmc
-
- * isakmpd.8: receiveing -> receiving; from Jared Yanovich;
-
-2003-10-14 16:29 ho
-
- * exchange.c, ike_auth.c, ike_phase_1.c, ipsec.c, isakmp_doi.c:
- constant_lookup() to constant_name() cleanup. markus@ ok.
-
-2003-10-13 15:57 ho
-
- * isakmpd.8, log.h, ui.c: Add a UI FIFO debug class. ok markus@
- plus I think henning@
-
-2003-10-04 19:29 cloder
-
- * ike_phase_1.c: Avoid crash on invalid config file (missing value
- for LIFE_DURATION). OK ho@
-
-2003-09-26 17:59 aaron
-
- * sysdep/freeswan/klips.c: Fix off-by-ones in format string for 's'
- specifier; millert@, deraadt@ ok
-
-2003-09-26 13:29 cedric
-
- * udp.c: don't listen to INADDR_ANY if Listen-on is specified.
- patch from markus@, ok ho@
-
-2003-09-26 00:28 aaron
-
- * monitor.c: Fix off-by-one out-of-bounds write; millert@ ok
-
-2003-09-25 16:15 cloder
-
- * exchange.c, if.c: Fix one case of set length before realloc. Fix
- another case of foo = realloc(foo...) and avoid possible memory
- leaks. Avoid leaving things pointing to freed memory on failure.
-
-2003-09-24 13:12 markus
-
- * crypto.c, crypto.h, regress/crypto/cryptotest.c: re-add AES, but
- without using EVP; patch from Hans-Joerg.Hoexer at
- yerbouti.franken.de; ok ho@ (interops with isakmpd+AES in OpenBSD
- 3.4)
-
-2003-09-24 12:13 markus
-
- * crypto.c, crypto.h, regress/crypto/cryptotest.c: back out EVP
- change; causes fd leaks; ok cedric@
-
-End of changelog debian package isakmpd.20030907-1
---------------------------------------------------
-
-2003-09-05 09:50 tedu
-
- * monitor.c: socket leak on error paths. from Patrick Latifi. ok
- deraadt@ ho@
-
-2003-09-02 20:15 ho
-
- * conf.c, ipsec.c: A couple of nits. deraadt@ ok.
-
-2003-09-02 20:14 ho
-
- * message.c: Require ISAKMP_FLAGS_ENC on phase 2 messages. ok
- markus@, deraadt@.
-
-2003-09-02 20:11 ho
-
- * sysdep/linux/: bitstring.h, sys/queue.h: For easier compilation
- on linux systems. Requested by Thomas Walpuski.
-
-2003-08-28 16:43 markus
-
- * Makefile, TO-DO, conf.c, crypto.c, crypto.h, isakmpd.conf.5,
- regress/crypto/Makefile, regress/crypto/cryptotest.c: support AES
- in phase 1, too. switch to OpenSSL EVP interface; with
- Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@
-
-2003-08-20 16:43 ho
-
- * samples/singlehost-west.conf: Zap an old "Identification" tag in
- this sample config. I have no idea what it was supposed to do and
- in any case there is no reference to this tag in current code.
- Pointed out by Fridtjof Busse.
-
-2003-08-20 14:25 ho
-
- * isakmpd.8: certpatch(8) can be used to create FQDN X509v3
- extensions too. From Fridtjof Busse, via henning@. Thanks.
-
-
-End of changelog debian package isakmpd.20030820-1
---------------------------------------------------
-
-2003-07-09 10:16 jmc
-
- * isakmpd.conf.5, isakmpd.policy.5: - remove some .Ss's that worked
- around the old blank line bug - remove some unnecessary .Pp's -
- mdoc a list
-
- ok ho@
-
-2003-06-20 11:14 ho
-
- * transport.c: Be a bit more verbose when we give up on ever seeing
- a response to the last message we sent out. In case we initiated
- the exchange, one possible and common reason is a network level
- problem (pf, routing, whatnot), if we're the responder, there is
- also the possibility we were scanned by something like ike-scan.
- markus@ ok.
-
-2003-06-17 23:56 millert
-
- * sysdep/common/libsysdep/: strlcat.c, strlcpy.c: Sync with
- share/misc/license.template and add missing DARPA credit where
- applicable.
-
-2003-06-15 12:32 ho
-
- * exchange.c: ID copying should happen earlier in exchange_finalize
- so that we won't lose data during rekeying. From Jean-Francois
- Dive.
-
-2003-06-14 13:47 ho
-
- * message.c: allocate payload_node with calloc instead of malloc
-
-2003-06-13 05:50 brad
-
- * ipsec.c: MFC: Fix from ho@
-
- Do not crash on unsupported IPSec ID types, as noted by Eric
- Boudrand.
-
- deraadt@ millert@ ok
-
-2003-06-13 05:34 brad
-
- * ipsec.c: MFC: Fix from ho@
-
- Do not crash on unsupported IPSec ID types, as noted by Eric
- Boudrand.
-
- deraadt@ millert@ ok
-
-2003-06-10 18:41 deraadt
-
- * conf.c, exchange.c, ike_auth.c, ike_phase_1.c, ike_quick_mode.c,
- isakmp_cfg.c, log.c, monitor.c, monitor.h, pf_key_v2.c, policy.c,
- transport.c, udp.c, x509.c: boring cleanups
-
-2003-06-10 14:21 ho
-
- * ipsec.c: Do not crash on unsupported IPSec ID types, as noted by
- Eric Boudrand.
-
-2003-06-04 09:31 ho
-
- * exchange.c, ike_aggressive.c, ike_auth.c, ike_phase_1.c,
- ike_quick_mode.c, init.c, ipsec.c, ipsec.h, isakmpd.8, isakmpd.c,
- isakmpd.policy.5, libcrypto.c, libcrypto.h, message.c, message.h,
- pf_key_v2.c, policy.c, policy.h, sa.c, sa.h, udp.c, x509.c,
- x509.h, apps/certpatch/certpatch.8, apps/certpatch/certpatch.c,
- regress/ec2n/ec2ntest.c, regress/hmac/hmactest.c: Remove the rest
- of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos D.
- Keromytis and Niels Provos.
-
-2003-06-04 09:27 ho
-
- * DESIGN-NOTES: Remove 3 and 4 from the "license to use"
-
-2003-06-03 17:20 ho
-
- * sysdep/linux/: GNUmakefile.sysdep, sysdep-os.h, sysdep.c: Remove
- clause 3. Approved by niklas@ and Thomas Walpuski.
-
-2003-06-03 17:02 ho
-
- * sysdep/linux/README: Obsolete.
-
-2003-06-03 16:53 ho
-
- * sysdep/: bsdi/GNUmakefile.sysdep, bsdi/Makefile.sysdep,
- bsdi/sysdep-os.h, bsdi/sysdep.c, darwin/GNUmakefile.sysdep,
- darwin/Makefile.sysdep, darwin/sysdep-os.h, darwin/sysdep.c,
- freebsd/GNUmakefile.sysdep, freebsd/Makefile.sysdep,
- freebsd/sysdep-os.h, freebsd/sysdep.c,
- freeswan/GNUmakefile.sysdep, freeswan/Makefile.sysdep,
- freeswan/klips.c, freeswan/klips.h, freeswan/sysdep-os.h,
- freeswan/sysdep.c, netbsd/GNUmakefile.sysdep,
- netbsd/Makefile.sysdep, netbsd/sysdep-os.h, netbsd/sysdep.c,
- openbsd/GNUmakefile.sysdep, openbsd/Makefile.sysdep,
- openbsd/keynote_compat.c, openbsd/sysdep-os.h, openbsd/sysdep.c:
- Remove clauses 3 and 4. Approved by markus@ and niklas@.
-
-2003-06-03 16:52 ho
-
- * sysdep/common/: blf.h, libsysdep/GNUmakefile, libsysdep/Makefile,
- libsysdep/blowfish.c: Remove clauses 3 and 4. Approved by Niklas
- Hallqvist and Niels Provos.
-
-2003-06-03 16:39 ho
-
- * regress/Makefile, regress/check.sh, regress/b2n/b2ntest.c,
- regress/crypto/cryptotest.c, regress/dh/dhtest.c,
- regress/exchange/Makefile, regress/exchange/run.sh,
- samples/Makefile, regress/group/grouptest.c,
- regress/prf/prftest.c, regress/rsakeygen/Makefile,
- regress/rsakeygen/rsakeygen.c, regress/util/utiltest.c,
- regress/x509/Makefile, regress/x509/x509test.c: Remove clauses 3
- and 4. Approved by Niklas Hallqvist and Niels Provos.
-
-2003-06-03 16:35 ho
-
- * apps/: Makefile, certpatch/Makefile: Remove clauses 3 and 4.
- Approved by Niklas Hallqvist and Niels Provos.
-
-2003-06-03 16:34 ho
-
- * apps/keyconv/: Makefile, keyconv.8, keyconv.c, keyvalues.h:
- Remove clause 3.
-
-2003-06-03 16:29 ho
-
- * features/: aggressive, dnssec, ec, isakmp_cfg, policy, privsep,
- x509: Remove clause 3. Approved by niklas@
-
-2003-06-03 16:28 ho
-
- * GNUmakefile, Makefile, app.c, app.h, attribute.c, attribute.h,
- cert.c, cert.h, conf.c, conf.h, connection.c, connection.h,
- constants.c, constants.h, cookie.c, cookie.h, crypto.c, crypto.h,
- dh.c, dh.h, dnssec.c, dnssec.h, doi.c, doi.h, exchange.h,
- exchange_num.cst, field.c, field.h, genconstants.sh,
- genfields.sh, gmp_util.c, gmp_util.h, hash.c, hash.h, if.c, if.h,
- ike_aggressive.h, ike_auth.c, ike_auth.h, ike_main_mode.c,
- ike_main_mode.h, ike_phase_1.h, ike_quick_mode.h, init.c, init.h,
- ipsec_doi.h, ipsec_fld.fld, ipsec_num.cst, isakmp.h,
- isakmp_cfg.c, isakmp_cfg.h, isakmp_doi.c, isakmp_doi.h,
- isakmp_fld.fld, isakmp_num.cst, isakmpd.conf.5, log.c, log.h,
- math_2n.c, math_2n.h, math_ec2n.c, math_ec2n.h, math_group.c,
- math_group.h, math_mp.h, monitor.c, monitor.h, pf_key_v2.h,
- prf.c, prf.h, sysdep.h, timer.c, timer.h, transport.c,
- transport.h, udp.h, ui.c, ui.h, util.c, util.h: Remove clauses 3
- and 4. With approval from Niklas Hallqvist and Niels Provos.
-
-2003-06-03 15:16 jmc
-
- * isakmpd.8, isakmpd.conf.5, isakmpd.policy.5: - section reorder -
- some mdoc fixes
-
-2003-06-03 14:51 ho
-
- * conf.c, constants.c, dnssec.c, exchange.c, ike_auth.c,
- ike_phase_1.c, ike_quick_mode.c, ipsec.c, log.c, message.c,
- policy.c, sa.c, udp.c, x509.c: Cleanup. Use 'sizeof variable'
- instead of magic constants.
-
-2003-06-03 03:52 millert
-
- * sysdep/common/libsysdep/: strlcat.c, strlcpy.c: Use an ISC-tyle
- license for all my code; it is simpler and more permissive.
-
-2003-06-02 22:06 millert
-
- * sysdep/freeswan/sys/queue.h: Remove the advertising clause in the
- UCB license which Berkeley rescinded 22 July 1999. Proofed by
- myself and Theo.
-
-2003-05-18 23:26 ho
-
- * monitor.c: Add some path sanitation; only permit write operations
- to /tmp, /var/tmp and /var/run. Opens in /etc/isakmpd/ are
- read-only. Any other path is invalid. markus@ ok.
-
-2003-05-18 22:46 ho
-
- * init.c: Style tweak.
-
-2003-05-18 22:39 ho
-
- * sa.c: Add a debug message to sa_reinit() to indicate when we
- renegotiate active connections.
-
-2003-05-18 22:09 ho
-
- * monitor_fdpass.c: Forgot to remove a couple of debug messages
-
-2003-05-18 22:06 ho
-
- * udp.c: struct sockaddr is not large enough in itself to contain
- the address value. Switching to sockaddr_storage makes interface
- rescanning work properly. niklas@ ok.
-
-2003-05-18 21:37 ho
-
- * conf.c, ike_auth.c, isakmpd.c, log.c, monitor.c, monitor.h,
- monitor_fdpass.c, pf_key_v2.c, policy.c: More isakmpd privsep
- work. X509 private keys are now kept in the privileged process
- only. Various cleanup and bugfixes. markus@ ok
-
-2003-05-18 20:16 ho
-
- * GNUmakefile, pf_key_v2.c, udp.c, sysdep/linux/GNUmakefile.sysdep,
- sysdep/linux/sysdep-os.h, sysdep/linux/sysdep.c: Sysdep for
- native Linux IPSec, 2.5 and later. From Thomas Walpuski, with
- various tweaks by me. niklas@ ok.
-
-2003-05-17 19:39 ho
-
- * monitor.h, monitor_fdpass.c: Better return codes from mm_send_fd
- and mm_receive_fd
-
-2003-05-17 19:32 ho
-
- * monitor_fdpass.c: Use log_error(), not log_fatal(). Style.
-
-2003-05-17 19:26 jmc
-
- * isakmpd.conf.5: tweak; ok ho@
-
-2003-05-16 22:31 ho
-
- * init.c, isakmpd.conf.5, sa.c, sa.h: If the "Renegotiate-on-HUP"
- tag is defined in the [General] section, a HUP signal (or "R" to
- the FIFO) will also renegotiate all Phase 2 SAs, i.e all
- connections. ok niklas@, tested and ok kjell@.
-
-2003-05-15 05:20 ho
-
- * ike_auth.c: Correct a two year old typo, which might actually
- make setsockopt(..., IP_IPSEC_LOCAL_AUTH, ...) start working.
-
-2003-05-15 04:28 ho
-
- * exchange.c, ike_auth.c, sa.c, sa.h: Cleanup. Do not store the
- private key in either the exchange or sa structs.
-
-2003-05-15 04:08 ho
-
- * ike_auth.c: Work around some OpenSSL BIO "features" to read the
- key correctly.
-
-2003-05-15 04:04 ho
-
- * monitor.c: Proper exit of the monitor process.
-
-2003-05-15 03:51 ho
-
- * monitor.c: wait() for the child process
-
-2003-05-15 02:28 ho
-
- * Makefile, conf.c, conf.h, ike_auth.c, init.c, isakmpd.c, log.c,
- monitor.c, monitor.h, monitor_fdpass.c, pf_key_v2.c, policy.c,
- udp.c, ui.c, util.c, features/privsep, sysdep/openbsd/sysdep.c:
- Start of privilege separation for isakmpd. There are some kinks
- left, so keep it default disabled for now. markus@ says ok to
- commit.
-
-2003-05-15 02:24 ho
-
- * log.h: (c)
-
-2003-05-15 01:44 kjell
-
- * pf_key_v2.c: properly terminate debug string (levels >=40) Use
- "%.*s" as suggested by Niklas. ok ho@. Lost by kjell. oked ho@.
- lost by kjell again. oked ho@
-
-2003-05-15 01:29 ho
-
- * features/policy: Remove the .if/.endif stuff that gmake does not
- understand. Replace with a comment about needing keynote for
- policy.
-
-2003-05-14 22:49 ho
-
- * GNUmakefile, Makefile, sysdep/freeswan/GNUmakefile.sysdep,
- sysdep/freeswan/Makefile.sysdep, sysdep/freeswan/README,
- sysdep/freeswan/klips.c, sysdep/freeswan/klips.h,
- sysdep/freeswan/sysdep-os.h, sysdep/freeswan/sysdep.c,
- sysdep/freeswan/sys/queue.h, sysdep/linux/GNUmakefile.sysdep,
- sysdep/linux/Makefile.sysdep, sysdep/linux/README,
- sysdep/linux/klips.c, sysdep/linux/klips.h,
- sysdep/linux/sysdep-os.h, sysdep/linux/sysdep.c: Call the
- FreeS/WAN sysdep 'freeswan'. The 'linux' sysdep will be native
- Linux IPSec.
-
-2003-05-14 20:11 ho
-
- * conf.c, conf.h, ike_auth.c: Default public key directory
- definition sanity.
-
-2003-05-14 20:10 ho
-
- * policy.c, policy.h: Policy file default defined twice, kill the
- local copy.
-
-2003-05-14 20:08 ho
-
- * isakmpd.c: Fix a typo (in unused code).
-
-2003-05-14 19:37 ho
-
- * ipsec.c, ipsec_num.cst, pf_key_v2.c, policy.c, sa.c: I did not
- test this enough. Unbreak.
-
-2003-05-12 23:48 ho
-
- * isakmp_num.cst: Update with some data for NAT-T specific payload
- types, IKEv2 notifications, ISAKMP EAP code and types, plus fix
- an old typo.
-
-2003-05-12 23:43 ho
-
- * ipsec.c, pf_key_v2.c, policy.c, sa.c: AES -> AES_128_CBC
-
-2003-05-12 23:42 ho
-
- * ipsec_num.cst: Add two more encapsulation types (UDP encap,
- potential future NAT-T) Add BLOCK_SIZE attribute Rename
- IPSEC_ESP_AES -> IPSEC_ESP_AES_128_CBC.
-
-2003-05-12 01:17 ho
-
- * genconstants.sh: Slight style fix for .cst files. Permit comments
- also after a definition.
-
-2003-05-11 04:16 markus
-
- * pf_key_v2.c: fix ID-type for ipv6; ok niklas; report fries
-
-2003-05-10 23:13 jmc
-
- * isakmpd.8, isakmpd.conf.5: typos;
-
-2003-04-30 17:15 jason
-
- * conf.c: cast size_t to unsigned long and use %lu;ok ho
-
-2003-04-27 13:17 ho
-
- * isakmpd.8: Describe the 'C set' FIFO command better. (PR#3148,
- also)
-
-2003-04-27 13:16 ho
-
- * ui.c: Make the 'C set' FIFO command work as expected. PR#3148.
-
-2003-04-14 15:08 ho
-
- * isakmpd.c: Unlink FIFO and pid files on clean shutdown. PR#3199
-
-2003-04-14 12:22 ho
-
- * pf_key_v2.c: More snprintf style
-
-2003-04-14 12:14 ho
-
- * pf_key_v2.c: A "%d" is 12 chars, not 10. Use sizeof num instead
- of '10' in snprintf. From Theo.
-
-2003-04-09 17:46 ho
-
- * x509.c: Less noise for missing crl dir, demoted to debug message.
-
-2003-03-21 16:13 markus
-
- * isakmpd.conf.5: document [initiator-id] section;
- richb@timestone.com.au; ok ho@, jmc@
-
-2003-03-20 20:39 margarida
-
- * isakmp_cfg.c: Pull patch from current: Fix by ho@. Proper
- id_string for SET/ACK responder, plus attr payload fixes.
-
- ok millert@ markus@ ho@
-
-2003-03-16 09:13 matthieu
-
- * samples/: VPN-east.conf, VPN-west.conf: secrity -> security. Ok
- ho@
-
-2003-03-14 15:49 ho
-
- * math_group.c, transport.c, sysdep/common/blf.h,
- sysdep/common/libsysdep/blowfish.c: Spelling fixes from david@.
- jmc@ ok.
-
-2003-03-13 14:24 ho
-
- * ike_auth.c: Might as well do blinding here too.
-
-2003-03-13 11:31 ho
-
- * util.c: Avoid "j += snprintf()". niklas@ ok.
-
-2003-03-06 21:29 jmc
-
- * isakmpd.conf.5, isakmpd.policy.5: .Xr typos;
-
- ok deraadt@
-
-2003-03-06 15:22 cedric
-
- * util.c: fix text2sockaddr() when HAVE_GETNAMEINFO is false and
- port is NULL. ok ho@
-
-2003-03-06 14:48 cedric
-
- * field.c: "len" is decremented too early, so the second argument
- of the snprintf call is too small on last run of the loop. ok
- ho@
-
-2003-03-06 14:32 ho
-
- * exchange.c: Bad cut'n'paste msg plus style fixes.
-
-2003-03-06 10:56 ho
-
- * util.c: Less ambiguous l-value usage. Noted by cedric@
-
-2003-03-06 05:07 david
-
- * apps/keyconv/keyconv.8: date should be written formally: .Dd
- Month day, year ok henning@ jmc@
-
-2003-03-03 17:51 ho
-
- * isakmpd.conf.5: Re-add the BUGS section; the RFCs still do not
- permit differing DH groups in the same proposal. This time,
- mention that this also applies to mixing PFS and non-PFS suites.
-
-2003-02-26 23:55 ho
-
- * samples/VPN-west.conf: Typo/pasto. Spotted by Tim Donahue.
-
-2003-02-26 09:17 david
-
- * exchange.c: IPsec is written ``IPsec'', not ``IPSec''. ok ho@
-
-2003-02-24 13:01 markus
-
- * pf_key_v2.c: pf_key_v2_flow: typo in debug msg (KAME)
-
-2003-02-22 07:57 kjell
-
- * README: typo: noneheless->nontheless
-
-2003-02-22 07:56 kjell
-
- * isakmpd.8, isakmpd.conf.5: Clarify some language, grammar. ho@
- okayed this many moons ago, and I forgot all about it.
-
-2003-02-12 16:11 markus
-
- * if.c, if.h, udp.c: better error checking on bind(); from
- Alexander_Bluhm at genua.de; ok ho@
-
-2003-02-05 11:29 jmc
-
- * isakmpd.8: typos; isakmpd(8) ok niklas@, mailwrapper(8) help
- kjell@
-
-2003-02-04 21:02 markus
-
- * conf.c: don't set the Transform for Default-phase-1-configuration
- twice, ok ho@
-
-2003-02-04 21:02 markus
-
- * conf.h: default to 3DES-SHA-RSA_SIG (same as in OpenBSD 3.2); ok
- ho@
-
-2003-01-22 16:13 ho
-
- * ike_auth.c: Typo.
-
-2003-01-20 20:52 deraadt
-
- * isakmpd.policy.5: typos; alan@alanday.com
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-16 10:51:08 +0000