forked from libreswan/libreswan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
1769 lines (1727 loc) · 111 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
See also https://libreswan.org/
v4.6 (unreleased)
* IKEv2: agressively check incoming fragments [Andrew]
* packaging: replace old SUSE packaging with pointer to upstream [Andrew]
* IKEv2: when rekeying and PFS, only propose/allow original crypt-suite [Andrew]
* IKEv2: when PFS, don't repeatedly log all proposals
* pluto: Change default replay-window from 32 to 128 [Paul]
* pluto: Change default esn= to "either" and prefer "yes" [Paul]
v4.5 (August 20, 2021)
* IKEv1: multiple subnets could lead to crossed wires, failures [Paul/Andrew]
* IKEv2: don't tear down IKE SA on TS_UNACCEPTABLE [Paul]
* IKEv2: unpend/delete Child SA when rejected by IKE_AUTH response [Andrew]
* IKEv2: mobike: resolve_defaultroute_one() updates [Andrew]
* IKEv2: mobike: prevent sending duplicate mobike response [Andrew]
* IKEv2: Support for Childless IKE SA [Andrew]
* IKEv2: redirect: make peer redirecting in IKE_AUTH childless [Vukasin]
* IKEv2: Labeled IPsec --up causes Childless IKE SA [Andrew/Paul]
* IKEv2: Labeled IPsec conns share SPD policies (as IKEv1) [Andrew/Paul/Kavinda]
* IKEv2: Performance; eliminate more O(#CONNECTIONS) code [Andrew]
* IKEv2: Immediately delete replaced Child from new (IC) IKE SA [Andrew/Paul]
* pluto: mismatched subnets= could take down all conns [Paul]
* pluto: Don't delete existing IKE SA of connection instance [Paul]
* pluto: fail better on parse errors in subnet= clause [Paul]
* libswan: use getaddrinfo(3) instead of gethostbyname2(3) [Hugh]
* libipsecconf: fail to load conn if no right= or left= set [Paul]
* libipsecconf: change default of initial-contact= to yes [Paul]
* X509: directly append new CRL requests to the fetch queue [Andrew]
* whack: implement --impair trigger:<global-event> [Andrew]
* ipsec.service: remove reload which did not work as expected [Tuomo]
* portexcludes: update to use python3 [Kim]
* building: fix NetBSD build [Andrew]
* building: fix arm / aarch64 build [kekePower@github]
* building: Remove support for RHEL6 USE_OLD_SELINUX [Paul]
* packaging: handle properly rpm sysctl config [Tuomo]
* packaging: rhel7: fix python2 shebang [Tuomo]
v4.4 (April 22, 2021)
* IKEv2: Fixes for TCP encap in Transport Mode and host-to-host [Paul/Sabrina]
* IKEv2: Fixes to Labeled IPsec policies [Kavinda Wewegama/Paul]
* IKEv2: Add redirect statistics to whack --globalstatus [Clive Zagno]
* IKEv2: Connections would not always switch when needed [Andrew/Paul]
* pluto: Fix for host-to-host connections use non-standard IKE ports [Paul]
* pluto: Use peer ID (IKEv2 IDr, IKEv1 Aggr) to select best initial conn [Paul]
* pluto: Disable interface-ip= as the feature is not yet implemented [Paul]
* pluto: Fix PLUTO_PEER_CLIENT* in updown for NAT + Transport Mode [Paul]
* pluto: Remove never updated PLUTO_VERSION for updown scripts [Paul]
* pluto: Actually set PLUTO_CONNECTION_TYPE= to transport or tunnel [Paul]
* pluto: Allow non-templated wildcard ID connections to match [Paul]
* pluto: Reduce and merge various logging messages [Andrew]
* libipsecconf: Do not allow vhost/vnet in IKEv2 connections [Paul]
* XFRM: Restarting pluto when using ipsec-interface= could fail [Paul]
* contrib/munin: Update plugin to use python3 and update doc header [Tuomo]
* testing: Enable OpenBSD interop tests [Paul/Ravi]
* testing: Make tests more reliable on KVM [Andrew]
v4.3 (February 21, 2021)
* pluto: Restore range checking on Labeled IPsec [Paul/Andrew]
* pluto: Higher state serialno does not imply newest state [Paul]
* pluto: Cleanup ip_address vs ip_endpoint (protoport dropping) [Andrew]
* pluto: Revival of code could accidentally fallback to IKEv1 [Andrew]
* newhostkey: Add support for generating ECDSA keys [Daiki Ueno]
* libipsecconf: Ignore empty option at end of config (rhbz#1685653) [Andrew]
* whack: Add --global-redirect and --global-redirect-to options [Pietro Monteiro]
v4.2 (February 2, 2021)
* IKEv2: Support for IKEv2 Labeled IPsec [Hugh, Sahana, Paul, Kavinda Wewegama]
* IKEv2: MOBIKE could cause assertion failure due to eroute ownership [Paul]
* IKEv2: MOBIKE and NAT port update code interfered with each other [Andrew]
* IKEv1: Re-enable questionable Microsoft proposals to fix L2TP/IPsec [Paul]
* IKEv1: Do not load IKEv1 conns when IKEv1 support not compiled in [Paul]
* IKEv1: Fix XAUTH: re-transmit when sending CFG request [Andrew]
* pluto: New config setup option ikev1-policy=<accept|drop|reject> [Paul]
* pluto: Change default ikelifetime from 1h to 8h [Paul]
* pluto: Add ignore-peer-dns=yes|no and whack --ignore-peer-dns [Paul]
* pluto: Startup could take long time closing fd's (github#373) [Andrew]
* pluto: IKEv2 connection could accidentally retry as IKEv1 [Andrew]
* pluto: change default IKE SA lifetime from 1h to 8h [Paul]
Resolves: github#362, github#405, hwdsl2/setup-ipsec-vpn#912
* pluto: Revived conns can try to quickly re-use existing NAT mapping.
Can be used with new auto=keep [Paul, Andrew]
* pluto: Don't complain about DNS names starting with number [Paul]
* pluto: Re-implement Labeled IPsec for IKEv1 [Paul, Sahana]
* pluto: Support for --shutdown --leave-state [Paul]
* whack: add very raw --processstatus [Andrew]
* whack: no longer require --ipv6 when specifying raw IPv6 host addresses
* libswan: Re-introduce xauthusername/remote_peer_type for NM-libreswan [Paul]
* initsystem: fix docker/podman startup with sysvinit [Paul]
* initsystem: ensure non-testing namespaces work with systemd [Paul]
* initsystem: systemd support for ipsec whack --shutdown --leave-state [Paul]
* pluto: prefer IPv4 over IPv6 when performing DNS lookups [Andrew]
* building: Support for compiling without IKEv1 via USE_IKEv1=false [Paul]
* building: Various clang compiler related fixes [Timm Baeder]
* building: fix NetBSD arm64 build [Andrew]
* testing: many updates [Andrew, Paul]
v4.1 (October 18, 2020)
* IKEv2: Fix Notify protocol ID interop with Cisco introduced in 4.0 [Antony]
* addconn: Fix resolving with %defaultroute plus peer with A + AAAA [Antony]
* building: minor cleanups [Andrew/Tuomo]
v4.0 (October 14, 2020)
* KLIPS: Support for KLIPS completely removed [Paul]
* pluto: Removed support for deprecated algos: serpent, twofish, cast [Paul]
* IKEv2: EXPERIMENTAL: Support for RFC 8229 IKE/ESP over TCP [Andrew/Mayank Totale]
New per-conn keywords: listen-tcp=yes|no, tcponly=yes|no, tcp-remoteport=
Requires: Linux kernel >= 5.8
* IKEv2: Support for leftikeport= / rightikeport= [Andrew/Paul]
* IKEv2: EXPERIMENTAL: Support for INTERMEDIATE Exchange [Yulia Kuzovkova/GSoC]
New keyword: intermediate=yes
* FIPS: Remove DH 23/24 from FIPS allowed list as per SP 800 56A Rev 3 [Paul]
* pluto: Support for rereading configured certificates from NSS [Myungjin Lee]
* pluto: plutodebug= keywords are now: base,cpu-usage,crypt,tmi,private [Andrew]
* pluto: find_pluto_xfrmi_interface() would only check first interface [Paul]
* pluto: ddos cookies-threshold and max-halfopen output was swapped [John Mah]
* pluto: Fix leased IP address leak [Andrew/Paul]
* pluto: Fix displaying PLUTO_BYTES_ counters [Paul]
* pluto: Replace/remove deprecated libselinux functions [Eduardo Barretto]
* pluto: Update selinux calls for Labeled IPsec support [Richard Haines]
* pluto: Memory leak fixes [Hugh]
* pluto: Remove unused per peer logging [Andrew]
* pluto: Cleanup logging code for minimal logging support [Andrew]
* pluto: Cleanup netlink / XFRM code [Hugh]
* pluto: xfrmi used mark-out for XFRMA_SET_MARK [Antony/Wolfgang]
* pluto: Support for ipsec0 interface to help migrate from KLIPS to XFRM [Paul]
* pluto: Fix logging some IKE messages to proper IKE SA state [Andrew]
* pluto: Remove global ikeport/nat-ikeport, add listen-udp/listen-tcp [Paul]
* pluto: Connections now have serial numbers which are logged [Paul/Andrew]
* pluto: No longer require :RSA sections in ipsec.secrets [Andrew]
* pluto: pluto chooses wrong raw RSA key (github#352) [Andrew]
* seccomp: Update syscall allowlist for pluto and addconn [Paul]
* whack: Support for ipsec whack --rereadcerts [Paul]
* whack: Rename --ikev1-allow and --ikev2-allow to --ikev1 and --ikev2 [Paul]
* whack: Clear inherited defaults for IKEv2 from IKEv1 connections [Paul]
* show: Fixup for python3 version of ipaddress module [Paul]
* IKEv2: Fix Windows 10 rekey being rejected [Antony/Paul]
* IKEv2: Remove duplicaes from proposals using "+" [Andrew]
* IKEv2: CERTREQ payload was not sent for authby=ecdsa [Paul]
* IKEv2: Decode notify payloads into the message digest [Andrew]
* IKEv2: Don't use NAT-T port when no NAT DETECTION payloads received [Andrew]
* IKEv2: Add load-balance support (multiple targets) to redirect [Vukasin]
* IKEv2: Only sent REDIRECTs to established IKE SA's (not IPsec SAs) [Paul]
* IKEv2: Fix AUTH failure if ID payload reserved fields != 0 [Paul/Andrew/Hugh]
* IKEv2: A delete(IKE SA) request should not trigger a delete request [Andrew]
* IKEv2: Ignore, not abort when receiving unknown type transforms [Andrew]
* IKEv2: Don't switch NAT port on receiving non-NAT notify payloads [Andrew]
* IKEv1: Prevent crashing in Quick Mode on unused NAT payload [Daniel Wendler]
* libipsecconf: Fix config handling of policy-label [bauen1]
* libipsecconf: Promote ah= / esp= as desired keywords over phase2alg= [Paul]
* libipsecconf: Remove most obsoleted option names with undersscore(_) [Paul]
* rsasigkey/newhostkey: Remove obsoleted --output option [Paul]
* building: Add NetBSD support [Andrew]
* building: Remove support for SINGLE_CONF_DIR, EMIT_ISAKMP_SPI, [Paul]
USE_KEYRR and TEST_INDECENT_PROPOSAL
* building: Merge userland.mk into config.mk to simplify makefiles [Tuomo]
* building: Deprecate INC_ variables [Tuomo]
* building: Remove all support for SERPENT, TWOFISH, CAST and RIPEMD [Paul]
* building: Remove -DALLOW_MICROSOFT_BAD_PROPOSAL [Tuomo]
* building: The define USE_NSS_PRF was renamed to USE_NSS_KDF [Tuomo]
* building: Rename master branch to main branch [Paul]
* building: Fix finding ipsec command in non-standard bin dirs [Tuomo]
* building: Introduce USE_OLD_SELINUX to support libselinux < 2.1.9 [Paul]
* building: NETKEY options changed to XFRM options [Paul]
* building: NSS database (*.db) are now expected in /var/lib/ipsec/nss [Tuomo]
ipsec checknss called in initsystem will migrate files
Use FINALNSSDIR=/etc/ipsec.d to use the pre-4.0 location
* packaging: Debian: remove runtime dependency on systemd [Stephen Kitt]
* packaging: Fedora: add missing build dependency for certutil [Stephen Kitt]
* packaging: Debian switched to using /usr/libexec/ [dkg]
* testing: Support Fedora32, Ubuntu, improved namespaces support [Paul/Others]
* testing: Work around kernel ICMP Acquire bug [Paul]
* testing: Added interop testing with OpenBSD iked [Ravi Teja]
* documentation: friendler ipsec cmd output [Paul]
v3.32 (May 11, 2020)
* SECURITY: Fixes CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763
* IKEv2: Support non-narrowed child rekey for narrowing (regression in 3.31)
* FIPS: ECDSA keys were mistakenly rejected as "too weak" [Paul]
* FIPS: Minimum RSA key size is 2048, not 3072 [Paul]
* FIPS: Use NSS to check FIPS mode instead of manually checking fips=1 [Paul]
* IKEv2: Do not use fragments if not appropriate (regression from v3.30) [Paul]
* IKEv1: Add NSS KDF support for the Quick Mode KDF [Andrew/Paul]
* libipsecconf: support old-style ",," to mean "\," in specifying id [Paul]
* libipsecconf: left/rightinterface-ip= are not kt_obsolete [Paul]
* whack: Add missing ecdsa/sha2 and compat rsa policy options to whack [Paul]
* Fix left=%iface syntax due to string length miscalculation [Antony]
* X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN [Paul]
* packaging: debian fixes [Tuomo]
* building: USE_NSS_KDF=true now uses NSS for all KDF functions
Using this option, libreswan no longer needs FIPS certification
v3.31 (March 3, 2020)
* IKEv2: Opportunistic conns specifying keyingtries=0 are changed to 1 [Paul]
* IKEv2: Fix ikev2 rekey failures due to bad Traffic Selector proposa [Antony]
* IKEv2: Verify (not ignore) expected TSi/TSr payloads for IPsec rekeys [Paul]
* IKEv1: Support for XFRMi interfaces [Paul]
* X509: When IDr payload is type ID_DER_ASN1_DN, don't check for SAN [Paul]
* pluto: Disable log_to_audit if kernel does not support audit [Paul]
* pluto: Increase max IKEv2 fragments to 32 to support Windows [John Mah]
* addconn: Do not assert on ipsec-interface=no [Paul]
* nat_traversal: Fix not to send nat-t keepalives when there is no nat [Tuomo]
* KLIPS: Fix _updown.klips (regression introduced in 3.30) [Wolfgang]
v3.30 (February 13, 2020)
* WARNING: This is the last release that supports the KLIPS stack,
use the new ipsec-interface= virtual interfaces instead.
* XFRM: Fix detection on kernels without xfrm_stat (debian et all) [Paul]
* XFRM: XFRMi interface support using ipsec-interface= and iface-ip= [Antony]
* IKEv2: Message ID handling: remove a O(#STATES) lookup [Andrew]
* IKEv2: OE previous half-open state overwrites IPsec policy [Paul/Stepan]
* IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul]
* IKEv2: Prevent leak in ikev2_send_certreq() on sending error [Paul]
* IKEv2: Remove SHA1 from default proposal list [Paul]
* IKEv2: On PPK failure with insist, return AUTHENTICATION_FAILED [Vukasin]
* IKEv2: Do not try to delete (replaced) bare shunts [Paul]
* IKEv2: Delete pending outgoing bare shunts if incoming IPsec happened [Paul]
* IKEv2: Allow CP payload in CREATE_CHILD_SA (RFC 7296 Appendix C.4) [Paul]
* IKEv2: calculate_sa_prio() now allows OE shunt to override priority [Paul]
* IKEv2: calculate_sa_prio() support for /32 template vs instance [Hugh/Paul]
* IKEv2: IPv6 support for addresspool= option [Antony]
* IKEv2: Updated support for MOBIKE triggered events [Antony]
* IKEv2: Support reconnecting authnull clients [Paul]
* IKEv2: New whack commands --rekey-ike and --rekey-ipsec [Antony]
* IKEv2: Prefer RFC 7427 Digital Signatures for default authby=rsasig [Sahana]
* IKEv2: Refuse SHA1 for RFC 7427 Digital Signatures as per RFC 8247 [Sahana]
* IKEv2: Use IKEv2 fragment size values (not IKEv1) [Andrew]
* IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul]
* IKEv1: Re-implement CVE-2019-10155 fix to prevent future occurrences [Andrew]
* IKEv1: do not assert on bad virtual private entry [Paul]
* pluto: Simplify plutodebug= options to: base, cpu-usage, crypt, private and tmi
(maps old values to new ones for compatibility) [Andrew]
* pluto: non-default ipsec.conf did not load auto=add connections [Paul]
* pluto: fix %defaultroute for link-local and non-link-local gateway [Antony]
* pluto: Improve whackfd handling (prevent console hangs/omissions) [Andrew]
* pluto: Support to disable SAN checks (require-id-on-certificate=no) [Paul]
* pluto: Audit log IKE SA and IPsec SA failures for Common Criteria (CC) [Paul]
* pluto: Disable support for DH2/modp1024 at compile time [Paul]
* pluto: Add audit-log=yes|no (default yes) [Paul]
* pluto: DDNS event should not cause connection initialization [Paul]
* pluto: Various O(STATE) optimializations [Andrew]
* pluto: Fixup reporting of esp-hw-offload capabilities in kernel/nic [Paul]
* pluto: Add chacha20_poly1305 and curve25519 to default proposals [Paul]
* pluto: Updated SECCOMP syscall whitelist [Paul]
* pluto: With non-default config file, connections loading was skipped [Paul]
* pluto: Fix Opportunistic Encryption with Transport Mode policies [Paul]
* pluto: Fix various memory leaks in IKE and X.509 code [Andrew]
* pluto: netlink: increase the additional bufferspace to 32KiB [Antony]
* pluto: pluto --selftest no longer logs to stderr with timestamps [Paul]
* pluto: fix for redirect-to type when it is FQDN [John Mah]
* pluto: addresspool: give new lease to different (xauth)usernames [Paul]
* pluto: addresspool: reduce complexity from O(#LEASES) to O(1) [Andrew]
* whack: Remove obsoleted --whackrecord and --whackstoprecord options [Andrew]
* whack: Added whack --ddns to trigger DNS refresh event manually [Paul]
* X509: Offload most code to helpers for significant performance boost [Andrew]
* X509: Simplify code, cut redundant calculations, speed improvements [Andrew]
* X509: SAN checks should confirm IKE peer ID on responder too [Paul]
* letsencrypt: new command "ipsec letsencrypt" [Rishabh]
* _updown.netkey: PLUTO_VIRT_INTERFACE replaces PLUTO_INTERFACE [Antony]
* _updown.netkey: add IPv6 routing support [Tuomo]
* _updown.netkey: don't remove old resolv.conf, just update it [Tuomo]
* _updown.netkey: fix for iproute2 >= 5.1 which no longer ignores /mask [Paul]
* libswan: Don't leak ECDSA pubkey on form_ckaid_ecdsa() failure [Paul]
* libswan: Close netlink socket on send error in netlink_query() [Paul]
* libipsecconf: don't throw error for not finding a wildcarded include [Paul]
* verify: improve support for python2 and python3 [Anand Bibhuti/Paul]
* KLIPS: Support for kernels >= 4.20 with SYNC_SKCIPHER_REQUEST_ON_STACK [Paul]
* KLIPS: Userland tools compile fixes [Hugh/Paul]
* building: No longer build with DH2(modp1024) support (see RFC 8247) [Paul]
* building: Add config for PYTHON_BINARY, default being /usr/bin/python3 [Tuomo]
* building: Add new USE_NSS_PRF, to use KDF from NSS [Robert Relyea/Andrew]
* building: Add USE_PRF_AES_XCBC, replaces USE_XCBC [Paul]
* building: Fixes for NetBSD build [Andrew]
* building: Fixes for gcc10 [Paul]
* packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul]
* packaging: Add Debian stretch specific configs and more cleanup [Antony]
* packaging: make deb jessie and xenial config detection [Antony]
* packaging: update python she-bang handling [Tuomo]
* testing: Added a new namespaces based testrun method [Antony]
* testing: setup: namespace based ipsec stop needs ip xfrm flush state [Paul]
* testing: setup: namespace based ipsec skips initsystem [Paul]
v3.29 (June 10, 2019)
* SECURITY: Fixes CVE-2019-10155 https://libreswan.org/security/CVE-2019-10155
* programs: Change to /proc/sys/net/core/xfrm_acq_expires to detect XFRM [Paul]
* barf: Fix shell script parse error and small cleanup [Tuomo/Hugh]
* packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul]
* packaging: rhel6 doesn't need USE_AVA_COPY=true or WERROR_CFLAGS= [Tuomo]
* packaging/rhel6: remove -lrt, not needed any more [Tuomo]
* systemd: change Restart default to on-failure [Tuomo]
* building: Makefiles: Use RT_LDFLAGS for glibc < 2.17 support [Tuomo]
* building: userland-cflags.mk: add RT_LDFLAGS= for older glibc [Tuomo]
v3.28 (May 20, 2019)
* SECURITY: Fixes CVE-2019-12312 https://libreswan.org/security/CVE-2019-12312
* KLIPS: Disable KLIPS userland support per default [Paul]
WARNING: Support for KLIPS will be removed in 2019
* MAST: Removed support for MAST variant of KLIPS stack [Paul]
* IKE: Change default connection from IKEv1 to IKEv2 [Paul]
* IKEv2: Don't try to encrypt notify response without SKEYSEED [Andrew/Paul/Hugh]
* IKEv2: ikev2= keyword changed to only accept "yes" or "no" [Paul]
* IKEv2: Support for REDIRECT (RFC 5685) [Vukasin Karadzic/GSoC]
(new keywords redirect-to, accept-redirect, global-redirect=
global-redirect-to and new ipsec whack --redirect command
* IKEv2: Initialize daily secret used for DCOOKIES [Paul/Andrew]
* IKEv2: Extend narrowing code to support protoports [Andrew/Paul]
* IKEv2: Fix bug that prevented AH from rekeying [Andrew]
* IKEv2: IKE SA rekey could lead to losing track of Child SA [Andrew/Antony]
* IKEv2: A spurious DH calculation was performed and discarded [Andrew]
* IKEv2: Support for IPCOMP (compress=yes) [Paul]
* IKEv2: Initialize NAT keepalives check on IKE SA establishment [Paul]
* IKEv2: Only sent NAT keepalives for IKE states (suppresses IPsec dups) [Paul]
* IKEv2: Timeout in receiving IKE_AUTH reply would abort connection [Paul]
* IKEv2: Add ECP384, ECP521 and CURVE25519 to default IKEv2 proposal [Paul]
* IKEv2: Remove SHA1 from default IKEv2 proposal [Paul]
* IKEv2: Delete on auto=start conn would not restart (introduced in 3.23) [Paul]
* IKEv2: Compact proposals to prevent fragmentation of IKE_INIT [Andrew]
* IKEv2: Fix opportunistic group policy on /32 groupinstances on delete [Paul]
* IKEv2: Fix opportunistic /32 on non-defaultroute interface [Paul]
* IKEv2: Do not send two requests for IKEv2_INTERNAL_IP4_ADDRESS [Paul]
* IKEv2: Show payload structure of received packet in RFC notation [Andrew]
* IKEv2: Release whack when peer ID is wrong [Paul]
* IKEv2: Hardened PPK code and fixed memory leaks [Hugh]
* IKEv2: Use less resources under DDoS attack to send/process COOKIES [Andrew]
* IKEv2: Delete partial Child SA states that can never establish [Paul]
* IKEv2: Remove SHA1 from default proposals [Paul]
* IKEv2: Add ECP groups and Curve25519 to default proposal [Paul]
* IKEv2: Fix AH rekeying (handle not having encrypter [Paul]
* IKEv2: NAT-T keepalives did not start if only IKEv2 conns were in use [Paul]
* IKEv2: Drop IKE_SA_INIT requests with non-zero SPIr [Andrew]
* IKEv2: On rekey, sometimes a CHILD SA was lost (wrong hash slot) [Andrew]
* IKEv1: Don't leave a dangling pointer after IKE SA delete [Paul/Hugh]
* IKEv1: Only sent NAT keepalives for IPsec states (suppresses 1 dup) [Paul]
* IKEv1: Do not activate DPD when peer does not support it [Paul]
* IKEv1: Reject key sizes <= 0 properly instead of crashing [Paul]
* IKEv1: Fix Aggressive Mode interop with Volans Technology [wuwei29]
* IKEv1: Remove bogus "duplicate Delete" check causing Windows 1m outage [Paul]
* IKEv1: If whack socket not there for passwd input, return STF_FATAL [Paul]
* IKEv1: Remove Win98 workaround ignoring IPsec SA deletes in first 60s [Paul]
* X509: Do not keep received CERTs beyond the connection lifetime [Andrew]
* X509: Support for NSS IPsec profiles mbz#1252891 [Kai Engbert/Paul]
* X509: Don't fail validation on critical flag in Key Usage payloads [Paul]
* X509: Fix ocsp-method=get|post to actually skip get when asked) [Stepan Broz]
* X509: Fix various leaks [Hugh, Andrew]
* X509: Cache contents read from NSS database for performance [Andrew]
* pluto: Re-initialize (w backoff) conns that should remain "up" [Paul/Hugh]
* pluto: Use any sent IKE message to reset the DPD/liveness counter [Paul]
* pluto: Add timing information to packet processing [Andrew]
* pluto: Significant performance improvements for conns and certs [Andrew]
* pluto: Simplify state lookups and SPI passing [Andrew]
* pluto: Speed up state lookups by only looking at proper hash chain [Andrew]
* pluto: metric= value should accept values > 255 [Tuomo]
* pluto: New "cpu-usage" plutodebug option displaying timing info [Andrew/Paul]
* pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul]
* pluto: Fix memory leak in CERTREQ sending [Hugh]
* pluto: Revive (with back-off) auto=start conns that receive Delete/Notify [Paul]
* pluto: Show all activated impairments in ipsec status [Andrew]
* pluto: Do not load a connection if its certificate has a problem [Andrew]
* pluto: Handle case when external use deletes certificate from NSS [Andrew]
* pluto: Fix resource leaks [Andrew/Hugh]
* pluto: Improve and extend pluto statistics [Paul]
* pluto: Deleting a connection should bring it down first to run _updown [Paul]
* pluto: Revive auto=start conns that receive Delete/Notify [Paul/Hugh/Andrew]
* pluto: Refuse to load connections with unsupported type=transport [Paul]
* pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul]
* addconn: Fix crash on startup with dnssec-enable=no [Stepan Broz]
* libswan: Only use valid ephemeral ports for libunbound context [Stepan Broz]
* libswan: Do not process DNSSEC root key or trust anchors when disabled [Paul]
* libipsecconf: conn %default content could get overwritten rhbz#1704085 [Hugh]
* libipsecconf: Allow IKEv2 style ike/esp proposals using '+' symbol [Andrew]
(example: ike=aes_gcm+chacha20_poly1305,aes-sha2+sha1)
* libipsecconf: Updated defaults for filling in proposal elements [Andrew]
(drop sha1, sha2_512 before sha2_256 for esp, lots of new DH groups)
* libipsecconf: Be more tolerant of duplicate proposals and 'none' DH [Andrew]
* confreadwrite: Fix double host printing, line and bad ikev2=UNKNOWN [Paul]
* ipsec: Add "ipsec traffic" as shorthand for "ipsec trafficstatus" [Paul]
* ipsec: Add "ipsec brief" as shorthand for "ipsec briefcstatus" [Paul]
* _stackmanager: Do not attempt to load PF_KEY (af_key.ko) module [Paul]
* whack: Fix option name to and documentation of ms-dh-downgrade [Tuomo]
* whack: Two new impairments: del-with-notify and bad-ikev2-xchg [Andrew/Paul]
* whack: Fix non operational connection flags / arguments [Daniel Kautz]
* whack: Add new --briefstatus which skips showing all states [Paul]
* auto: Fix replace operation for when changing from subnet= to subnets= [wuwei29]
* verify: Removed broken IP forwarding check [Paul]
* FIPS: X.509 minimum public key size check was rejecting valid keys [Paul]
* FIPS: Disallow AES-XCBC from PRF/INTEG, Allow AES-GMAC [Paul]
* FIPS: Fixup FIPS_IKE_SA_LIFETIME_MAXIMUM to 24h as per NIST SP 800-77 [Paul]
* FIPS: Force IKE maximum lifetime of 24h (default is 1h) [Paul/Vukasin]
* XFRM: Use netlink for last remaining obsolete PF_KEY API API calls [Antony]
* XFRM: Clean up and add logging to IPsec SA for nic-offload= [Hugh/Paul]
* XFRM: Set default XFRM_LIFETIME_DEFAULT to 30 (was 300) [Paul]
* libswan: Fix leaks in badly formed secrets/ppk_id [Vukasin Karadzic]
* libswan: Don't crash on mangled PSK or PPK secrets [Vukasin Karadzic]
* initsystems/systemd: Install tmpfiles config when installing unitfile [Tuomo]
* barf: No longer look for netstat, ifconfig and mii-tool [Paul]
* building: Sort all wildcarded object files for build reproducibility [dkg]
* building: Update NSS includes to not use obsoleted header files [Paul/Andrew]
* building: USE_NSS_AVA_COPY ?= false, only needed with NSS < 3.30 [Tuomo]
* building: USE_UNBOUND_EVENT_H_COPY ?= false, enable only for [Tuomo]
unbound <= 1.7.3 without unbound-event.h
* building: Fix UNBOUND_VERSION testing so result compiles on Fedora 29 [Hugh]
* building: USE_NSS_IPSEC_PROFILE ?= true, Requires nss >= 3.41 [Tuomo]
* building: Support for unbound > 1.8.0 [Antony]
* building: Update XFRM headers [Antony]
* building: Add 'make install-rpm-dep' and 'make install-deb-dep' [Antony]
* testing: Lots of new and improved test cases [lots of people]
* packaging: Add a spec file for RHEL8/CentOS8 [Paul]
* packaging: debian: explicitly set ARCH for reproducibility [dkg]
* packaging: debian updates [Antony/Paul]
v3.27 (October 7, 2018)
* XFRM: SA marks must be included for delete operation [Tijs Van Buggenhout]
* pluto: Resolve a crasher in ECDSA freeing code [Hugh/Sahana]
* pluto: Resolve a hang when recursively loading same config file [Hugh]
* pluto: Refuse to load conns with different subnet address families [Paul]
* IKEv2: Fix regression on ID_NULL causing a new conn instance [Paul]
* IKEv1: Drop duplicates when not a reply [Andrew]
* IKEv1: Don't respond with errors to invalid encrypted packets [Andrew]
* IKEv1: Don't print empty informational warning on delete payload [Paul]
* IKEv1: Don't add spurious ESP-NULL proposal to AH proposals [Andrew]
* whack: Release whack socket on IKE_AUTH errors [Andrew]
* libswan: fix buffer size to getnameinfo() call in resolve_ppp_peer() [Hugh]
* libipsecconf: Don't accidentally clear modecfgdomains= entries [Andrew]
* building: Fixup NSS includes and links (fixes Debian builds) [Andrew/Paul]
* documentation: Update (L)GPL license links and http -> https links [dkg]
* Bugtracker bugs fixed:
#177 left=%defaultroute not working when "src" in the default route [Kim]
#80 VTI interface vanishes when peer goes down and up [yu-shiba]
v3.26 (September 16, 2018)
* IKEv2: Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 [Sahana Prasad]
* IKEv2: Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 [Sahana Prasad]
* IKEv2: Use DER handling code of NSS instead of our custom code [Andrew]
* IKEv2: Fix core dump when impaired and proposing esp=null-none [Andrew]
* IKEv2: Fix traffic selector lookup for asymmetric conns [Andrew/Paul]
* IKEv2: Add IKE and ESP support for chacha20poly1305 (RFC 7634) [Andrew]
* IKEv2: Fix leaks in ikev2_calculate_rsa_hash [Hugh]
* IKEv2: Simplify proposal generating [Hugh]
* IKEv1: Fix handling XAUTH empty passwords [Andrew]
* IKEv1: Various code cleanup, next payload handling [Hugh]
* IKEv1: fix optional key-length regression (in v3.25) with ESP prop [Andrew]
* IKEv1: Don't delete replaced IKE SA, it confuses third party clients [Paul]
* pluto: Relax strictness of DH in ESP/AH proposals [Andrew]
* pluto: Fix for two roadwarriors using ID_IPv4 behind same NAT [Paul]
* pluto: Do not hand out old lease address for authby=secret conns [Paul]
* pluto: new --selftest option that exits pluto after startup tests [Paul]
* pluto: Updated known Vendor ID table [Paul]
* XFRM: Don't call init_pfkey() on boot so Linux upstream can kill it [Andrew]
*_unbound-hook: Fixup adding IPv4 pubkey, unbound now quotes arg as 1 [Paul]
* building: Fix listed patches for debian build [Paul]
* building: enable DH31 (curve25519) per default [Paul]
* building: disable DH23,DH24 per default [Paul]
* testing: prepare to migrate from f22 to f28 [Andrew, Antony, Paul]
* Bugtracker bugs fixed:
#166 IPsec/XAuth reusing lease for multiple clients behind same NAT [Paul]
v3.25 (June 27, 2018)
* IKEv2: MOBIKE Initiator support (RFC 4555) [Antony]
* IKEv2: Support for IKE SA rekeying RFC7296 1.3.2, initiator [Antony]
* IKEv2: Support for IPsec SA rekeying RFC7296 1.3.3, initiator [Antony]
* IKEv2: Support for IKE SA reauth=yes|no RFC7296 2.8.3 [Antony]
* IKEv2: Temporarily disable Liveness/DPD when MOBIKE kick in [Antony]
* IKEv2: No longer allow contradicting esp= and pfs= options [Andrew]
* IKEv2: PPK support for authby=rsasig [Vukasin Karadzic]
* IKEv2: Support for CURVE25519 (RFC 8031) [Andrew]
* IKEv2: IANA INTERNAL_DNSSEC_TA allocation added [Paul]
* IKEv2: Add PPK support to authby=rsasig [Vukasin]
* IKEv2: Don't calculate NO_PPK_AUTH when the POLICY is INSIST [Vukasin]
* IKEv2: fix PPK when responder is ppk=no but has a valid PPKID [Paul/Vukasin]
* IKEv2: Support for protoport based Opportunistic IPsec [Paul]
* IKEv2: Support multiple authby values (eg authby=rsasig,null) [Paul]
* IKEv2: Support for AUTHNULL fallback via private use Notify [Vukasin]
* IKEv2: Fix v3.23 regression causing liveness check to always fail [Tuomo]
* IKEv2: Support for Microsoft rekey bug: ms-dh-downgrade=yes|no [Andrew/Paul]
* IKEv2: Allow switching between OE instances with different protoports [Paul]
* IKEv2: process INITIAL_CONTACT and delete old states from a connection [Paul]
* IKEv2: Only retransmit fragments on receiving first fragment [Andrew]
* IKEv2: When sending fragments, also update st_msgid_lastreplied [Paul]
* IKEv2: Encrypt IKE_AUTH reply when authenticaion failed [Andrew]
* IKEv2: Fix handling of corrupt encrypted packets [Andrew]
* IKEv2: Do not call ISAKMP_SA_established() during CREATE_CHILD_SA [Paul]
* IKEv2: When receiving Initial Contact, delete old IPsec SA's [Paul]
* IKEv2: Harden IP triggered OE with new dns-match-id=yes|no [AntonyPaul]
* IKEv2: Add PRF/INTEG support for AES_XCBC / AES_CMAC [Andrew]
* IKEv2: permit DH=none (as in esp=aes;none,aes;dh22) [Andrew]
* IKEv1: Prevent crashes with IKEv1 mistakenly allowing narrowing=yes [Paul]
* IKEv1: DPD was not getting scheduled (bug introduced in 3.23) [Paul]
* IKEv1: modecfg_send_set() must not ignore failure of modecfg_resp() [Hugh]
* X509: Extend support for wildcard certs matching remote peer ID [Paul/Hugh]
* X509: Support PKCS7 for Microsoft interop with intermediate certs [Andrew]
* X509: Handle CRL fetching in separate thread [Andrew]
* pluto: Obsoleted connaddrfamily= (fixes 6in4 and 4in6) [Paul]
* pluto: New hostaddrfamily= and clientaddrfamily= (only needed w DNS) [Paul]
* pluto: Cleanup of state/md passing code [Andrew]
* pluto: Allow switching back from wrong instance to template conn [Paul]
* pluto: disentangle IKEv1 and IKEv2 packet sending code [Andrew]
* pluto: Allow rightsubnets= without leftsubnet(s)= [Paul]
* pluto: don't share IP leases for authby=secret (in case of group ID) [Paul]
* pluto: Parser bug prevented 4in6 config [mhuntxu at github, Daniel M. Weeks]
* pluto: Find and delete old connection/states with same ID [Paul/Hugh]
* pluto: traffic log (and updown) line had in/out bytes swapped [Paul/Tuomo]
* pluto: Fix memory/fd leaks found by Coverity and in cert code [Hugh/Andrew]
* pluto: Improve SPD longest prefix to priority calculation [Andrew/Paul/Hugh]
* addconn: Fix auto=route and auto=start processing [Paul]
* whack/auto: Ensure all status and list commands return no error code [Paul]
* KLIPS: Replace deprecated blkcipher with skcipher crypto API [Tijs Van Buggenhout]
* FIPS: Support new NIST ACVP protocol with cavp tool cmdline args [Andrew]
* FIPS: Don't attempt HMAC integrity test on rsasigkey (rhbz#1544143) [Paul]
* FIPS: Don't allow RSA keys < 3072 [Matt/Paul]
* FIPS: Enable our PRF aes_xcbc wrapper on NSS hash code in FIPS mode [Andrew]
* FIPS: Raise minimum RSA key length allowed to 3072 [Paul]
* CAVP: Add -<acvp-key> <acvp-value> and -json(output) options to CAVP [Andrew]
* portexcludes: new command ipsec portexcludes (see portexcludes.conf) [Paul]
* _updown.netkey: fix deleting routes when half routes are used [Tuomo]
* _updown.netkey: don't delete VTI interfaces until we can refcount [Tuomo]
* _updown.netkey: fix unroute: "need at least a destination address" [Tuomo]
* _updown.netkey: don't do proxyarp for direct host-host tunnels [Tuomo]
* _updown.netkey: force routing if we don't have route to remote network [Tuomo]
* _unbound-hook: Pass all IPSECKEY's to pluto, not just the first [Paul]
* contrib/python-swan: module to check if traffic get be encrypted [Kim]
* contrib/c-swan: example code to check if traffic get be encrypted [Kim]
* building: added USE_GLIBC_KERN_FLIP_HEADERS (default off) [Paul]
* building: when ElectricFence enabled, add extra system calls to seccomp [Andrew]
* ipsec: add checknss option --settrusts to reset CA trusts in nss db [Tuomo]
* _updown.netkey: force routing when necessary for IPsec to work [Tuomo]
* _updown.netkey: do not proxyarp for host-host tunnels [Tuomo]
* look: sort XFRM output by priority [Andrew]
* Bugtracker bugs fixed:
#311: segfault in crl fetching git master f5b17dc [Andrew, Tuomo]
#314: IPv6 default route is deleted by mistake
#318: vti interface gets down on previous initiator if roles switch [Tuomo]
#320: nsspassword file location is half implemented
#328: Addcon crash on duplicit "left" or "leftid" keys in conn config [Stepan Broz]
v3.24 (June 26, 2018)
* This release was never published
v3.23 (January 25, 2018)
* IKEv2: MOBIKE Responder support (RFC 4555) [Antony/Paul]
* IKEv2: Add support for modecfgdns= and modecfgdomains= like for IKEv1 [Paul]
* IKEv2: EXPERIMENTAL: Support for Postquantim Preshared Keys [Vukasin Karadzic]
based on draft-ietf-ipsecme-qr-ikev2-01 (using private use numbers)
new option: ppk=yes|no|insist (default no)
* pluto: Fix DEFAULT_RUNDIR to be set so it is really configurable [Tuomo]
* pluto: Add support IDr payload (You Tarzan, me Jane) [Paul]
* pluto: pass state to send_crypto_helper_request() [Andrew]
* pluto: Internal time/scheduling changes, micro-seconds logging [Andrew]
* pluto: make counts of states consistently "unsigned" [Hugh]
* pluto/lib: Remove obsoleted/unused %myid support [Paul]
* pluto: add --impair replay-forward,replay-backward [Andrew]
* pluto: add --impair dup-incoming-packets [Andrew]
* pluto: Rework nic offload detection code [Aviv Heller]
* pluto: Retry send on -EAGAIN in check_msg_errqueue() (up to 32x) [Paul/Hugh]
* pluto: Pull latest kernel traffic counters before logging/deleting SA [Paul]
* pluto: STF_INLINE, STF_TOOMUCHCRYPTO no longer needed in helpers [Andrew]
* pluto: Replace socket queues with a simple queue and mutex+cont [Andrew]
* pluto: Do not send DPD/liveness probes for replaced inactive IPsec SAs [Paul]
* pluto: crypto processing cleanup [Andrew]
* XFRM: XFRM_MIGRATE support, used for MOBIKE [Antony]
* XFRM: Listen to NETLINK_ROUTE messages from kernel for MOBIKE [Antony]
* XFRM: Fix unique marks accidentally setting -1 instead of random [Paul]
* XFRM: Only install IPv6 holes when system has configured IPv6 [Antony]
* XFRM: Add support for decap-dscp=yes|no (default no) [Paul]
* XFRM: Add support for nopmtudisc=yes|no (default no) [Paul]
* KLIPS: Support kernels 4.14+ with renamed dev->priv_destructor [Paul]
* KLIPS: updown fixes for IPv6 default route and metric/mtu settings [Wolfgang]
* SECCOMP: Update syscall whitelist for use of libunbound [Paul]
* IKEv1: better handle ESP with no integrity vs unknown integrity [Andrew]
* IKEv1: Fix packet retransmit code wrf timeouts vs duplucates [Andrew]
* IKEv1: Prevent duplicate responder states on retransmision [Andrew]
* IKEv1: Don't linger R1 states for 1h but use configured timeouts [Paul]
* IKEv2: nat_traversal_change_port_lookup() code moved [Antony]
* IKEv2: Macros could misinterpret some IKE/IPsec states [Paul/Antony]
* IKEv2: Updated Group transforms to comply with RFC 8247 [Paul]
* PAM: Don't cancel pam threads (unsupported!) but drop results instead [Andrew]
* _updown: Fix resolv.conf handling (github #130) [Tuomo]
* _updown: Fix POINTPOINT interfaces not to use nexthop [Tuomo]
* _updown.netkey: Add source ip to dev lo by default [Tuomo]
* Makefiles: Fix INC_MANDIR to be share/man and add FINALMANDIR [Tuomo]
* packaging: Move debian/ to packaging ('make deb' still works) [Antony]
* contrib: Added ipsec-dyndns to demonstrante how push an IPSECKEY [Paul]
* Bugtracker bugs fixed:
#313: changesource in updown_klips doesn't respect PLUTO_METRIC [Wolfgang]
#314: IPv6 default route is deleted by mistake [Wolfgang]
v3.22 (October 22, 2017)
* IKEv2: EXPERIMENTAL: unbound DNS server ipsecmod support [Opportunistic IPsec]
* IKEv2: Initial support for RFC 7427 Digital Signature [Sahana Prasad/GSoC]
* IKEv2: Do not include INTEG=NONE in AEAD IKE proposals [Andrew]
* IKEv2: Accept both ESP=AEAD+NONE and ESP=AEAD in proposals [Andrew]
(See also: https://www.rfc-editor.org/errata/eid5109)
* IKEV2: Fix interop with old pluto that rejected esp=aead+none [Andrew]
* IKEv2: Add support for GMAC via esp=null_auth_aes_gcm [Andrew]
* IKEv2: Fragmentation code cleanup and memory leak fixes [Andrew]
* IKEv1: Fix XAUTH retransmits and packet storage [Antony]
* IKEv1: Perform custom state change for XAUTH without ModeCFG [Paul]
* IKEv1: Add support for nat-ikev1-method=none [Paul]
* IKEv1: XAUTH password length wasn't consistent at 128 [Stepan Broz]
* pluto: Natively install ICMPv6 neighbour discovery holes [Mayank Totale/GSoC]
* pluto: Fixup XAUTH/PAM thread cancellation handling [Andrew/Antony]
* pluto: Change default rundir from /var/run/pluto to /run/pluto [Paul]
* pluto: Various ike_alg parsing updates [Andrew]
* pluto: Various cleanups in addresspool and XAUTH code [Hugh]
* pluto: Fix missing ntohl() on the SPI numbers in ipsec status [Paul]
* pluto: Various memory leak fixes [Antony,Paul,Hugh]
* pluto: Make ioctl(SIOCGIFFLAGS) failure for labeled devices non-fatal [Paul]
* pluto: Give IKE traffic preference via SO_PRIO [Paul]
* pluto: New setup options: ike-socket-errqueue= , ike-socket-bufsiza=e [Paul]
* pluto: Improve whack --listevents with libevent [Antony]
* pluto: Fixup NIC offload support [Antony, Hugh]
* pluto: Track and try the number of EAGAIN errors on IKE socket [Hugh/Paul]
* pluto: Prevent spurious initiating states on responder-only conn [Antony]
* pluto: don't call sanitize_string() in fmt_log() as it is expensive [Paul]
* pluto: No longer need to specify null for AEAD, can use esp=aes_gcm [Andrew]
* pluto: Increase default nhelpers for 1 CPU (2) and 2 CPUs (4) [Paul]
* pluto: New option logip= (default yes) to disable log of incoming IPs [Paul]
* pluto: signal handling cleanup [Andrew/Hugh]
* pluto: Don't try to retransmit unsent packet [Paul/Hugh]
* pluto: state hashing improvements [Andrew]
* pluto: Fix erranious connecting switching (bug in v3.21) [Paul]
* pluto: when deleting parent, don't deschedule DH for wrong child [Andrew]
* pluto: dpdaction=restart fixup when using %any [Antony]
* pluto: Don't die on labeled interfaces without SIOCGIFFLAGS support [Paul]
* addconn: left=%defaultroute would fail if >500 host routes [Kim]
* showhostkey/rsasigkey: Fixup mismatch of public key display [Andrew]
* FIPS: Some selftests did not run properly under FIPS mode [Andrew]
* KLIPS: Removed old premade patches, use make targets instead [paul]
* updown Don't remove source ip if it's still used (rhbz#1492501) [Tuomo]
* updown: Allow disabling via leftupdown="" or leftupdown="%disabled" [Paul]
* updown: SPI numbers were missing ntohl() conversion [Paul]
* various: phase out --ctlbase for --ctlsocket and --rundir [Paul]
* libipsecconf: reject unavailable kernel algorithms in parser [Andrew]
* libswan/pluto: throw a clearer error for broken libunbound [Paul]
* libswan/pluto: Cleanup logging and tighten logging lock [Andrew]
* libswan/pluto: Greatly optimize logging code [Andrew]
* libswan/pluto: Some logging algorithm renames for more consistency [Andrew]
* building: remove -fexceptions; breaks pthread_cleanup_push [Andrew]
* packaging: Update debian/ and move to packaging/debian [Antony]
* packaging: Update fedora/rhel spec files [Tuomo]
* testing: --impair-foo changed to --impair foo [Andrew]
* testing: Some new impair options for testing [Andrew,Sahana,Paul]
* testing: Allow null encryption with null auth for testing [Andrew]
* Bugtracker bugs fixed:
#294: Bug in public key reported by rsasigkey [Tijs Van Buggenhout/Andrew]
#299: Fix overlapping addresspool and static lease from passwd file [Antony]
#300: Fix bug in v3.21 that rejected hardcodes certs without a CA [Paul]
#302: IKEv1-only and IKEv2-only must not share IKE SA [Paul]
#303: xauth password length limited to 64 bytes [Stepan Broz]
v3.21 (August 9, 2017)
* FIPS: Don't crash on too weak PSK's in FIPS mode, warn for non-FIPS [Andrew]
* FIPS: rsasigkey: Use modulus F4, not 3 (FIPS 186-4, section B.3.1) [Paul]
* pluto: Support for "idXXX" esp/ike transform IDs removed [Andrew,Paul]
* pluto: Do not return whack error when termining an alias connection [Paul]
* pluto: Remove IKE policy bits on passthrough conns [Paul]
* pluto: Minor memory leak fixes [Paul]
* pluto: Fix memory leak due to addresspool reference count error [Antony]
* pluto: Re-add support for ipsec whack --listevents [Antony]
* pluto: Cleanup listed events on shutdown to please leak-detective [Antony]
* pluto: Perform stricter SubjectAltName checks on configured ID's [Paul]
* pluto: Handle *subnets in --route and --unroute via whack [Mika/Tuomo]
* pluto: Unify IKEv1 XAUTH and IKEv2 PAM threading code [Andrew]
* pluto: Use pthread_cancel() (not SIGINT, conflicts with debuggers) [Andrew]
* pluto: Fix memory corruption with XAUTH/PAM threads [Andrew/Hugh]
* pluto: Fix resource leak processing XAUTH password authentication [Andrew]
* pluto: Fix warnings generated by gcc 7.1 [Lubomir Rintel]
* pluto: NIC offload support nic-offload=auto|yes|no (eg mellanox) [Ilan Tayari]
* pluto: Use common function in ikev1 / ikev2 for dpd/liveness actions [Antony]
* NSS: Try harder finding private keys that reside on hardware tokens [Andrew]
* IKEv2: Opportunistic IPsec support for IPSECKEY records [Antony]
* IKEv2: New dnssec-enable=yes|no, dnssec-rootkey-file=, dnssec-anchors= [Paul]
* IKEv2: If CREATE_CHILD_SA superseded retransmit, drop it [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.1) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.2 responder) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.3 responder) [Antony]
* IKEv2: Flush ESP/AH proposals on the initiator. It could be stale [Antony]
* IKEv2: State Machine (svm) updates to simplify CREATE_CHILD_SA [Antony]
* IKEv2: DH role is based on message role not Original Initiator role [Antony]
* IKEv2: Return CHILD_SA_NOT_FOUND when appropriate [Antony]
* IKEv2: After an IKE rekey, rehash inherited Child SA to new parent [Antony]
* IKEv2: Rekeying must update SPIs when inheriting a Child SA [Antony]
* IKEv2: Decrypt and verify the paylods before calling processor [Andrew]
* IKEv2: Fragmentation code cleanup [Andrew]
* IKEv2: Drop CREATE_CHILD_SA message when no IKE state found [Antony]
* IKEv2: Do not send a new delete request for the same Child SA [Antony]
* IKEv2: During Child SA rekey, abort when ESP proposals mismatch [Antony]
* IKEv2: OE client check should take responders behind NAT into account [Paul]
* IKEv2: Improved dpdaction=hold processing [Antony]
* IKEv1: Only initiate and create IKE SA for appropriate dpdaction [Antony]
* IKEv1: Re-add SHA2_256 (preferred) and SHA2_512 to IKEv1 defaults [Andrew]
* IKEv1: Aggressive Mode fixes for sending CERT / CERTREQ payloads [Paul]
* IKEv1: Multiple CISCO_SPLIT_INC's cause duplicate spd_routes [Oleg Rosowiecki]
* X509: Improve some failure logging [Paul]
* XFRM: Use proper alignment for IPv4 AH as per RFC4302 Section 3.3.3.2.1 [Paul]
* XFRM: Update including system or local copy of xfrm.h [Paul/Antony]
* XFRM: Remove no longer needed {rt}netlink.h copies [Paul]
* KLIPS: cryptoapi: switch from hash to ahash [Richard]
* KLIPS: Add traffic accounting support [Richard/Paul]
* KLIPS: Support for linux 4.11 [Paul]
* lib: Move the alg_info lookup-by-name code to libswan [Andrew]
* lib: Move all conditionally compiled ike_alg*.c files to libswan.a [Andrew]
* addconn: Replace ttoaddr() with calls supporting DNSSEC [Paul/Antony]
* libswan: Algo code cleanup [Andrew]
* libipsecconf: Load specified RSA keys irrespective of policy [Paul]
* libipsecconf/pluto: Be more strict in authby= & type= combinations [Paul]
* libipsecconf: Fail to load connections with unsatisfied auto= clause [Hugh]
* parser: Numerous algorithm parser fixes, eg. esp=aes_ccm_8_128-null [Andrew]
* algparse: (Experimental) modified to run algorithm parser stand-alone [Andrew]
* newhostkey: Actually append to secrets as the warning claims it will [Paul]
* _updown.netkey: Fix syntax failure when PLUTO_MY_SOURCEIP is not set [Tuomo]
* _updown.netkey,klips: Fix use of printf when updating resolv.conf [Tuomo]
* _updown.netkey: Remove wrong use of PLUTO_PEER_CLIENT netmask [Tuomo]
* _updown: Add MAX_CIDR variable for host netmask [Tuomo]
* ipsec import: Trust bits correction did not always trigger [Tuomo]
* building: Convert lib/ to use mk/library.mk [Andrew]
* building: Work around rhel-6 gcc [Andrew]
* building: Add copy unbound-event.h work around broken unbound installs [Paul]
* packaging: Better split rpm and make variables [Paul]
* packaging: Updates for new requirements for ldns, unbound-devel [Paul]
* testing: Add DNSSEC, Opportunistic IPsec testcases, fixups [Multiple people]
* contrib: Munin plugin for libreswan [Kim/Paul]
v3.20 (March 14, 2017)
* pluto: Add ECP dh19(secp256r1), dh20(secp384r1) and dh21(secp521r1) [Andrew]
* pluto: Add dh= aliases for all modp= groups (eg "dh2" for "modp1024") [Paul]
* pluto: Add statistics support to ipsec whack --globalstatus [Paul]
* pluto: Add statistics clearing support using ipsec whack --clearstats [Paul]
* pluto: Fix use-after-free in whack event handler (since v3.19) [Andrew]
* pluto: Cleanup kernel_netlink.c [Hugh]
* pluto: Print AH= algorithm and ESN when established [Paul/Andrew]
* pluto: strip file path from abort messages [Andrew]
* pluto: Support initiating template conn with --remote-host <ipaddr> [Paul]
* pluto/libswan: Change most ttoaddr() to ttoaddr_num() to prevent DNS [Paul]
* pluto: fix use-after-free with EVENT_v2_RELEASE_WHACK [Andrew]
* pluto: orient() asserted on SPLIT_INC without remote-peer-type=cisco [Paul]
(reported by Oleg Rosowiecki)
* pluto: accurately size a buffer for the decimal representation [Hugh]
(debian bug 853507)
* pluto: avoid gcc unused variable warnings when USE_KLIPS=false [dkg]
* pluto: Support for Linux systems without IFA_F_TENTATIVE (CentOS5) [Paul]
* pluto: Ignore uniqueids= for roadwarrior PSK and assume non-unique [Paul]
* IKEv2: CREATE_CHILD support for Parent SA and Child SA rekeying [Antony]
* IKEv2: Various refactoring for CREATE_CHILD support [Antony]
* IKEV2: OE/CAT: Don't send CP request when responder is behind NAT [Antony]
* IKEv2: log first notify payload when we receive an Notify Error [Paul]
* IKEv2: Fix memory leak in DH secret calculation (since v3.9) [Andrew]
(reported by Eric Andersson)
* IKEv2: If re-entering ikev2_crypto_start(), reset msgid [Paul]
* IKEv2: prevent copying bogus peer id when ID kind is IPv4/IPv6 [Paul]
(rhbz#1392191)
* IKEv2: suppress DELETE notifies for connections being replaced [Paul]
* IKEv2: re-instate ISAKMP_SA_established() [Paul]
* IKEv1: For IKE (phase 1), prefer 256-bit bit encryption [Andrew]
* IKEv1: Print conn algo's when using XAUTH [Andrew]
* IKEv1: Simplify ike= defaults (drop MODP1024, MD5, add MODP2048) [Andrew]
* IKEv1: Prefer 256-bit keys over 128-bit keys for IKE [Andrew]
* IKEv1: Also call ISAKMP_SA_established() in Aggressive Mode [Paul]
* newhostkey: Convert remaining --configdir for --nssdir [Tuomo]
* barf: Ensure proper macros are used. Add certutil/crlutil output [Paul]
* misc: Fix various spelling errors in code/comments/man pages [dkg]
* packaging: spec files should use 0 and 1, not true and false [David Arnold]
* building: NSS_REQ_AVA_COPY?=true to support new NSS lib export fix [Paul]
* building: Remove no longer needed NSSCERT_CheckCrlTimes() copy [Paul]
* building: fetch: remove support for ancient LDAP version 2 [Tuomo]
* building: move whack to separate programs/whack/ directory [Andrew]
* building: Various Makefile variable cleanups and double link fixes [Andrew]
* building: Don't check runtime for SElinux/systemd with DESTDIR [Paul]
* documentation: added oe-letsencrypt-* example configs [Paul]
v3.19 (January 15, 2017)
* NSS: Support for configurable nss dir via @IPSEC_NSSDIR@ [dkg/Tuomo]
* FIPS: Only pluto needs a .hmac file, reducing crypto boundary [Paul]
* FIPS: do not allow DBG_PRIVATE to be set when running in FIPS mode [Paul]
* FIPS: Ignore failureshunt=passthrough and negotiationshunt=passthrough [Paul]
* FIPS: Filter default proposals of non-FIPS allowed proposals [Andrew]
* FIPS: Added CAVP test for pluto GCM code [Andrew]
* FIPS: More cleanup of crypto related structs and functions [Andrew]
* FIPS: Implement SHA based PRFs directly in NSS [Andrew]
* FIPS: Support for CAVP testing 'HMAC construct' based SHA PRF code [Andrew]
* IKEv2: Don't crash on bogus mixed protocol Delete Payloads [Hugh/Paul]
* IKEv2: Add asymmetric AUTH support (leftauth= and rightauth=) [Antony/Paul]
* IKEv2: refactored AUTH handling payload into v2_check_auth() [Paul]
* IKEv2: support CERT chain sending [Paul]
* IKEv2: Allow CERT and CERTREQ payloads multiple times [Paul]
* IKEv2: do not attempt to send notify in reply to IKE_AUTH reply [Paul]
* IKEv2: When receiving DELETE, ensure expire+restart when needed [Antony]
* IKEv1: If a queued up DPD probe finds no IKE SA, create a new one [Paul]
* IKEv1: accept_delete() check if IKE SA is shared before deleting [Paul]
* IKEv1: Remove ADNS, DNS continuations and IKEv1 OE code [Paul/Antony]
* IKEv1: Schedule IPsec SA REPLACE immediately when receiving DELETE [Antony]
* IKEv1: Some IKE SA failure on initiator could lead to hanging whack [Paul]
* KLIPS: fix for unregister_netdevice() for Linux 3.6.11 and up [Richard/Paul]
* XFRM: EXPERIMENTAL Support for configuring IP address on the VTI device [Paul]
keyword: leftvti=address/mask
* XFRM: Fix NAT-T support when userland compiled without KLIPS support [Paul]
* X509: Obsolete /etc/ipsec.d/crls (load_crls()) and whack --rereadcrls [Paul]
* X509: New whack --fetchcrls (alias ipsec crls) to trigger a fetch [Paul]
* X509: Iterate all X.509 certs and try to fetch their crls [Kim]
* X509: Start a fetch for CRLs 5 seconds after startup [Kim]
* X509: --rereadcrls no longer overwrites newer CRLs with older ones [Paul]
* X509: log the NSS error when CERT_ImportCerts() fails [Paul]
* X509: Don't attempt to fetch crl->uri when not present [Paul/Matt]
* X509: Additional OCSP options to tweak the cache and fetch method [Paul]
(new keywords: ocsp-method ocsp-cache-size ocsp-cache-min-age
ocsp-cache-max-age)
* X509: Fix memory leak in certificate handling (lsbz#278) [William Rios]
* X509: Fix memory leak in certificate chain handling [Matt]
* pluto: close whack socket in add_pending when dup pending is skipped [Hugh]
* pluto: Avoid adding duplicate bare shunts causing lockup [Paul]
* pluto: drop modp1024 (DH2) from IKEv1 "ike=" default list [Andrew]
* pluto: send_packet() now refuses to send a packet to 0.0.0.0 [Paul]
* pluto: find_hostpair ignore CK_INSTANCES that are ID_NULL [Antony]
* pluto: Fix ca name and generalName leak lsbz#276 [Bill Rios]
* pluto: EXPERIMENTAL SECCOMP support (seccomp=enabled|tolerant|disabled) [Paul]
* pluto: connection instances need their own reqid [Antony]
(this resolves multiple clients behind same NAT router issue)
* pluto: Use a global reqid counter instead of looping every time [Paul]
* pluto: use sets instead of nested loops for transform processing [Andrew]
* pluto: Prefer not switching connections when possible [Paul/Hugh]
* pluto: Move unique mark from rw_instantiate() to instantiate() for OE [Paul]
* pluto: log more information when a bare shunt is missing [Hugh]
* pluto: redo process_encrypted_informational_ikev2 [Hugh]
* pluto: Add new config option encapsulation=auto|yes|no [Paul/Patrick Kerpan]
replacing forceencaps=yes|no
* pluto: No longer log bogus reapchildren warning [Paul]
* libipsecconf: libipsecconf: remove last remnants of manual keying [Paul]
* libipsecconf: remove auth= alias for phase2= [Paul]
* _updown.netkey: Move addcat call from route-host to up-client [Paul]
* ipsec: initnss|import use --nssdir for nssdb directory option [Tuomo]
* newhostkey: use --nssdir for nssdb directory option [Tuomo]
* showhostkey: use --nssdir for nssdb directory option [Tuomo]
* barf: minor improvements with systemd/journalctl [Paul]
* verify: fix "with FIPS" output to print OK [Paul]
* _stackmanager: add cmac and chacha20poly1305 to modprobe list [Paul]
* building: libreswan assumes -std=gnu99 when building [Andrew]
* building: USE_EXTRACRYPTO replaced by USE_SERPENT and USE_TWOFISH [Paul]
* building: Disable DH22 by default. To re-enable use USE_DH22=true [Paul]
* building: work around flex 2.5.4 (CentOS 5); use: -o/output/file [Andrew]
* sysvinit: remove unnecessary warnings about already stopped pluto [Tuomo]
* initsystems: Enable "systemctl help ipsec" [dkg]
* testing: various web output fixes (see testing.libreswan.org) [Andrew]
* testing: various test updates / additions [Paul/Antony]
* documentation: fixup changes in GPL 2.0 / LGPL like FSF address [dkg]
* Bugtracker bugs fixed:
#270 newhostkey: text output produces 1 character bug in pubkey [Andew]
#272 Option --leak-detective causes assertion failure [Bill / Paul]
#277 pluto: fix pluto events leak in timer_event_cb [Bill Rios]
#152: ipsec whack --initiate for xauth does not release whack [Paul/Hugh]
v3.18 (July 27, 2016)
* SECURITY: CVE-2016-5391: IKEv2 proposal lacking DH causes restart [Andrew]
* XFRM: EXPERIMENTAL Support for NAT OE Client Address Translation [Antony]
keyword: leftcat=yes|no
* XFRM: EXPERIMENTAL Support for routed-VPNs using VTI [Paul/Tuomo]
keywords: vti-interface=<name> vti-routing=yes|no vti-shared=yes|no
* XFRM: EXPERIMENTAL Support for Traffic Flow Confidentiality tfc=XXX [Paul]
* KLIPS: Fix for /proc/net/pf_key oops on < 4.4 [Erik Andersson]
* KLIPS: Fix overwriting the sk pointer in 4.4 kernels [Ofer Heifetz]
* FIPS: Only the pluto binary needs a fipscheck .hmac file for self-test [Paul]
* FIPS: Change SA_LIFE_DURATION_MAXIMUM from 1 day to 8h [Paul]
* FIPS: Do not allow Linux-style sha2 truncation for ESP in FIPS mode [Paul]
* FIPS: Allow PSK in FIPS mode. This was erroneously not allowed [Paul]
* FIPS: Added new ipsec whack --fipsstatus [Paul]
* IKEv2: For default proposals, prefer MODP2048 over MODP1536 [Andrew]
* IKEv2: For proposals like ike=aes-sha2, prefer AES_256 over AES_128 [Andrew]
* IKEv2: For default ESP proposals, include and prefer AES_GCM [Andrew]
* IKEv2: For default ESP/AH proposals, do not propose MD5 integrity [Andrew]
* IKEv2: Add MODP3072 to defaults to ease interop with strongswan [Andrew]
* IKEv2: Prefer sha2-512 over sha2-256 for ESP to avoid linux bug [Andrew]
* IKEv2: fix use of ikev2_cert_req_fields [Lubomir Rintel]
* IKEv2: Extend and improve notify handling [Paul]
* IKEv2: Update ike endpoint as per rfc7296#section-2.23 [Antony/Paul]
* IKEv2: If first liveness probe failed, we never noticed liveness failure [Paul]
* pluto: Extend mark= support for mark-in= and mark-out= [Paul]
* pluto: implement unique marks by using mark=-1 [Paul]
* pluto: Add systemd watchdog support via USE_SYSTEMD_WATCHDOG [Matt/Paul]
* pluto: Follow connaddrfamily when resolving hostnames [Daniel M. Weeks]
* pluto: Check enum names consistency on startup [Hugh]
* pluto: Log mismatched DH group (KE payload) to log (not debug) [Andrew]
* pluto: Don't try to delete non-existing ipsec sa's (github #50) [Paul]
* pluto: Prevent double free of id data [Hugh]
* pluto: Avoid crashing on gaining remote ip locally (rhbz#1229766) [Paul]
* pluto: ESN could use uninitialised values and fail [Paul/Andrew]
* X509: Try subsequent crl distribution points when first one fails [Kim]
* whack: Display IPv4 lease address in --trafficstatus [Andrew]
* libipsecconf: New keyword left/rightckaid=XXX [Andrew]
* libipsecconf: Remove legacy keyword subnetwithin= [Hugh]
* libipsecconf: Clean out kv_auto / kv_manual attributes [Hugh]
* updown: Add SPI_IN= and SPI_OUT= to updown scripts [Paul]
* programs: Removed obsoleted ikeping and livetest [Paul]
* newhostkey: No longer touch any secret files [Andrew]
* showhostkey: Only look at NSS - don't require ipsec.secrets [Andrew]
* libswan: Fix unbound dnsctx handling [Hugh/Paul]
* libswan/libipsecconf: Clean up SECRETS code [Andrew]
* libswan: Delete getNSSPassword; replaced by lsw_nss_get_password [Andrew]
* addconn: Find peer IP address when resolving default route [Daniel M. Weeks]
* barf: If systemd detected, use journalctl to get logs [Paul]
* building: The make variable NSSLIBS was renamed to NSS_LDFLAGS [Andrew]
* building: Fix building without DNSSEC support [Hugh/Paul]
* packaging: Updates for debian packaging [dkg]
* initsystem: Add docker support using 'make INITSYSTEM=docker' [Kim]
* ipsec import: Add --configdir|--ipsecdir option for nss db location [Tuomo]
* _import_crl: Fix to work with nsspasswd [Andrew]
* _stackmanager: Remove loading of hardware random modules [Tuomo]
* _stackmanager: hide error if /proc/sys/net is read-only (i.e. docker) [Kim]
* ipsec: remove run by root check for Neutron/VPNaaS [Tuomo]
* ipsec: add option [--configdir|--ipsecdir /etc/ipsec.d] [Tuomo]
* testing: Various improvements for running tests, include web tree [Andrew]
* testing: New makefile targets, see 'make kvm-help' [Andrew]
* testing: pluto support for --expire-bare-shunt <interval> [Paul]
v3.17 (April 4, 2016)
* SECURITY: CVE-2016-3071: IKEv2 aes_xcbc transform causes restart [Andrew]
* pluto: replace make variable HAVE_NO_FORK with USE_FORK, USE_DAEMON, and
USE_VFORK [Andrew]
* pluto: add make variable USE_PTHREAD_SETSCHEDPRIO used by Darwin [Andrew]
* IKEv2: Add Vendor ID support and VID_OPPORTUNISTIC [Paul]
* IKEv2: Send VID_OPPORTUNISTIC when doing AUTH-NULL Opportunistic IPsec [Paul]
* IKEv2: New keyword drop-oppo-null=no|yes (default no) [Paul]
* IKEv2: ikev2_out_generic{_raw}() functions [Paul]
* IKEv2: Raise minimum nonce size from 8 to 16 bytes as per RFC-7296 [Paul]
* IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes [Paul]
* IKEv2: Fix memory leak of dcookies [Paul]
* IKEv2: Switch pluto to native IKEv2 SA code, disentangle from IKEv1 [Andrew]
* IKEv2: Log local and remote IKE and ESP/AH proposal sets [Andrew]
* IKEv2: ESN support (XFRM linux 2.6.39+) via esn=yes|no(default)|either [Paul]
* IKEv2: Do not include aes_xcbc in proposal list until NSS supports it [Paul]
* IKEv2: Prefer sha2_512 over sha2_256 over sha1 [Paul]
* IKEv2: Use SHA2-256 instead of SHA1 as hash algorithm for dcookies [Paul]
* IKEv2: Validate unexpected dcookies to limit TRANSCRIPT attack [Paul]
* IKEv2: Don't duplicate failed IKE SA every pending cycle of 120s [Paul]
* IKEv2: add --impair-send-bogus-dcookie for testing [Paul]
* IKEv1: Packet retransmit fixes for Main/Aggr/Xauth modes [Paul]
* IKEv1: Minor logging changes for DPD/NAT-T/AGGR [Paul]
* IKEv1: Prefix a few functions with ikev1_* where not obvious [Paul]
* IKEv1: Always send modecfg banner and domain if they are set [Lubomir Rintel]
* pluto: fetch crls from middleCA/endcert AIA distribution points [Kim/Mika]
* pluto: crls must be refreshed periodically, not only near expiry [Kim/Mika]
* pluto: Raise IKEv1 and IKEv2 default nonce size from 16 to 32 bytes [Paul]
* pluto: Don't delete IKE SA when shared with multiple connections [Paul]
* pluto: connection restart failed for dynamic dns conns [Wolfgang]
* pluto: Ignore tentative and failed IPv6 addresses [Lubomir Rintel]
* pluto: Fix various coverity warnings and corner cases [Hugh, Paul]
* pluto: Rename *xauthusername= to *username= (keep compat alias) [Paul]
* pluto: accept/verify the KE contents before creating the state [Andrew]
* pluto: Parse the IKE SA proposals before creating the state [Andrew]
* pluto/rsasigkey: libgmp functions obsoleted by native NSS [Andrew]
* pluto: Be more careful handling realloc() failure [Hugh]
* pluto: Fix leaks in NSS/certificate handling code [William Rios]
* pluto: Refuse to load conns with protoport=XX/%any on both sides [Paul]
* pluto: Ignore unsupported keys from the NSS database [Andrew]
* pluto: orphan_hold() can encounter connection in delete phase [Antony]
* rsasigkey: Only print the comment line, pubkey and CKAID [Paul]
* secrets: Remove wrapper for "ipsec secrets" and make it inline [Paul]
* libipsecconf: Make handling of policy bits more systematic [Hugh]
* barf: Only sysvinit printed the string "subsystem" [Paul]
* FIPS: Code cleanup and misc. fixes [Andrew / Paul]
* FIPS: Add _import_crl to the FIPS file list [Paul]
* KLIPS: Support for Linux 4.4.x kernel (lsw#256) [Wolfgang]
* KLIPS: IPv6 can't determine routing device (lsw#237) [Wolfgang]
* KLIPS: Fix pluto compile for USE_KLIPS=false [Paul]
* barf: Does not show pluto log correctly in the output (rhbz#1309764) [Paul]
* packaging: debian/ fixes [Marc-Christian Petersen / Tuomo]
* sysvinit: Fix displaying number of tunnels in status command [Paul]
* Bugtracker bugs fixed:
#258 DPD with dynamic dns can't reconnect a host connection [Wolfgang]
v3.16 (December 18, 2015)
* auto: add new option --start which is like auto=start [Tuomo]
* libipsecconf: allow time with no unit suffix (openswan compat) [Hugh]
* libipsecconf: cleanup parser.y to work on old/new GCC and 32/64bit [Hugh]
* libipsecconf: re-introduce strictcrlpolicy= as alias for crl-strict= [Paul]
* libipsecconf: Allow time specification for dpdtimeout= / dpddelay= [Paul]
* libipsecconf: aliases curl_timeout / curl_iface for openswan migration [Paul]
* libswan: Fix memory leak in match_rdn() [Valeriu Goldberger]
* PAM: Fix some IKEv1 XAUTH methods always returning "denied" [Antony]
* PAM: stacked pam modules (eg pam_ssss) need CAP_DAC_READ_SEARCH [Matt]
* newhostkey: fix seeddev device [Paul]
* pluto: terminate_connection() when we become unoriented (rhbz#609343) [Paul]
* pluto: find_client_connection() must ignore unoriented c (rhbz#1166146) [Paul]
* pluto: Fix trafficstatus byte counter output [Antony]
* pluto: accept racoon's over-sized padding (got rejected in 3.14) [Andrew]
* pluto: obsolete plutofork= and ignore the keyword on startup [Paul]
* pluto: send_crl_to_import: use waitpid(2) to wait for correct child [Hugh]
* pluto: cleanup struct spd_route and related tidying [Hugh]
* pluto: fix eclipsed to iterate over connection's spd_routes [Hugh]
* pluto: accept delete payload with wrong side's SPI (CISCO bug) [Paul+Hugh]
* pluto: initialise phase2 our_lastused/peer_lastused on creation [Paul+Hugh]
* pluto: pluto: OE: add shunts.total count to ipsec whack --globalstatus [Paul]
* pluto: Add keyword replay-window= (default 32, 0 means disable) [Paul]
* pluto: Add fake-strongswan=yes|no (default no) to send strongswan VID [Paul]
* pluto: Add support for XFRM marking cia mark=val/mask [Amir Naftali]
* pluto: Use selinux dynamic class/perm discovery, not old API [Lubomir Rintel]
* pluto: Fix for uniqueids killing second tunnel between hosts [Tuomo]
* pluto: Don't refuse to load passthrough conn with ike= / esp= settings [Paul]
* pluto: Free the event struct initialized in main loop and tidy [Antony]
* pluto: Add event for child handling of addconn [Wolfgang/Antony]
* pluto: release_fragments() cannot try both IKEv1 and IKEv2 fragments [Paul]
* X509: load_end_nss_certificate() cleanup [Matt]