See also https://libreswan.org/ v5.1 (Oct 8, 2024) * IKEv2: - fix race when initiator-responder cross rekey requests [Andrew] - don't ignore Delete IKE SA request while waiting for Delete IKE SA response [Andrew] - log arrival of first IKE_AUTH request that triggers DH [Andrew] - rate limit logging of packets with invalid payloads * IKEv1: - fix Quick mode installing 0.0.0.0/0 when no MSG_CONFIG exchange [Andrew, Tuomo] - fix iOS Quick mode request needing to re-recover lease [Andrew, Tuomo] - fix regression where deleting ISAKMP deleted IPsec [Andrew, Tuomo] - add config options of ah=sha2{256,512} [Andrew] - add DH29,DH31 to default proposals [Andrew] - reject ESP AEAD combined with non-NULL integrity [Andrew] * Crypto: - update IKE to use NSS's FIPS compliant PK11_AEADOp() [Andrew, Robert Relyea] - support ESP with CHACHA20POLY1305 on FreeBSD and OpenBSD [Andrew] * IPsec Interface: - fix check for an existing IPsec Interface address (Linux) [Wolfgang] - add IPsec Interface address when connection establishes [Wolfgang] - fix adding IPv6 address to IPsec interface [Wolfgang] - delete Ipsec Interface address when connection unroutes [Wolfgang] - fix setting metric on IPsec Interface [Wolfgang] - add IPsec Interface device when connection orients [Andrew] - support existing IPsec interface on FreeBSD and OpenBSD [Andrew] - log addition of IPsec Interface or Address [Andrew] - don't delete existing ipsec1 interface (Linux) [Andrew] - handle repeated connection adds [Wolfgang] * Linux: - handle NLMSG_DONE at end of response for > 6.9.0 kernels [Andrew] - fix hang because of unhandled NLMSG_DONE at end of response (6.9.0-rc1) [Andrew, Ilya, github/1675] - fix hang when initiating an on-demand TCP connection [Daiki, github/1156] * updown: - restore 4.x behaviour of running "updown unroute|down" when initiate fails [Wolfgang, Andrew] - add test demonstrating redundant tunnels [Wolfgang] - add plutodebug=updown for debugging updown scripts [Andrew] * config: - verbosely ignore x-* style comments in ipsec.conf [Andrew, github/1725] * whack: - ignore older whack as could trigger core dump [Andrew, github/1709] - add --narrowing {yes,no}, retain undocumented --allow-narrowing [Andrew] * building: - replace calloc(size,nr) with alloc_things(), fixing compile error [Daiki] - remove USE_NSS_AVA_COPY and copy of nss source, remove license exception [Tuomo] - fix syntax error in ckaid.c allowed by GCC [yuncang123] v5.0 (Apr 24, 2024) * IKEv1: - globally disabled by default (ikev1-policy=drop); see RFC9395 [Daniel] - limit default cryptosuite [Andrew, Paul, Tuomo] IKE={AES_CBC,3DES_CBC}-{HMAC_SHA2_256,HMAC_SHA2_512HMAC_SHA1}-{MODP2048,MODP1536,DH19,DH31} ESP={AES_CBC,3DES_CBC}-{HMAC_SHA1_96,HMAC_SHA2_512_256,HMAC_SHA2_256_128}-{AES_GCM_16_128,AES_GCM_16_256} AH=HMAC_SHA1_96+HMAC_SHA2_512_256+HMAC_SHA2_256_128 - remove support for Labeled IPsec [Andrew] - properly ignore dpdaction= [Andrew] - see also IKEv2 routing/revival changes * IKEv2: - warn that fragmentation=force is ignored [Andrew] - avoid post-authentication crash on corrupt TS payload [Andrew] - support addresspool=v4/mask,v6/mask [Andrew] - support subnet=SELECTOR,... using a single Child SA [Andrew] - when non-MOBIKE never update NATed endpoint [#1492/Wofferl/Andrew] - fix revival of IKE_AUTH (first) Child SA [Andrew] - properly ignore dpdaction=, keyingtries= [Andrew] - when reviving, install trap then block [Andrew] - for auto=keep only retry once [Andrew] - when redirect fails, fall back to revival [Andrew] * Linux: - HW packet offload support [Raed Salem ,Paul] - XFRM interface IP management with ref-counting [Brady Johnson] - fix IPcomp with XFRM interfaces [Wolfgang] * BSD: - fix esp=aes_gcm [github/1220, Igor V. Gubenko, Andrew] * whack: - review ipsec-whack.8 [Tuomo, Andrew, Paul] - change defaults to match addconn [Andrew] - add --{rekey,delete,down}-{ike,child} --name [Andrew] - match whack and addconn option names [Andrew] - drop NNN_ prefix from all output [Andrew] * config (ipsec.conf, addconn): - update ipsec.conf.5 [Tuomo, Andrew, Paul] - log ipsec.conf errors and warnings in Pluto [Andrew] - <> no longer supported [Andrew] - fix keyexchange={ikev1,ikev2}; deprecate ikev2= [Andrew] - remove nic-offload=auto option, only accept packet,crypto,yes [Paul] - warn when converting legacy ",," to "\," in {left,right}id= [Andrew] - change also= to expand inline (more like C's #include) [Andrew] - fix KEYWORD= sometimes causing Pluto to exit [Andrew] - parse <> as <>, i.e., empty [Andrew] - warn when, within a conn, there are duplicate keys [Andrew] - add encap-dscp= [Wolfgang] - implement interface-ip= [Brady] - implement subnet=SELECTOR,SELECTOR,... [Andrew] - default ikev1-policy to drop [Daniel] - add ppk-ids= [Vukasin] - add experimental per-connection debug= [Andrew] - drop obsolete forceencaps= [Andrew] - add groundhog= [Andrew] - reject non-numeric sourceip=
[Andrew] - fix crash when dpdtimeout= missing [Andrew] * building: - remove dependency on libxz via libsystemd [Tuomo Andrew] - use INSTALL_INITSYSTEM=false to prevent update of /etc/ [Andrew] - use INSTALL_CONFIGS=false prevents update of /etc/ipsec.d et.al. [Andrew] - drop FINAL* make variables; see mk/config.mk for alternatives [Andrew] - remove old copy of unbound headers [Andrew] - use DESTDIR instead of FINAL* env vars [Andrew] - fix "make git-rpm" [Paul/Tuomo] - check return values of libcap-ng functions [Paul] - don't call ischar(signed char) [Andrew] * packaging: - fix Debian systemd service install [Antonio Silva] * testing: - fix namespace tests for super long dir names [Paul] - add Alpine, Debian, NetBSD and FreeBSD KVMs [Andrew] - add Alpine, Debian, NetBSD, FreeBSD and OpenBSD to nightly builds [Andrew] - add man pages to nightly build [Andrew] * initsystem: - use documented ipsec sub-commands [Tuomo] - stop using _stackmanager [Tuomo] * documentation: - update to docbook xml 4.5 [Tuomo] - re-org pages adding libreswan.5 [Andrew] * ipsec utilities: - ipsec auto sub-command: deprecate [Tuomo] - ipsec auto --{cmd} connection -> ipsec {cmd} connection [Tuomo] - ipsec look: script moved to contrib/; use ip xfrm et.al. [Andrew] - ipsec portexcludes: script moved to contrib/ [Andrew] - ipsec barf: script moved to contrib/ [Andrew] - ipsec _secretsensor: script moved to contrib/ [Andrew] - ipsec show: drop ipsec subcommand (old, incomplete) [Paul] - ipsec verify: drop ipsec subcommand (old, incomplete) [Paul] v4.15 (April 15, 2024) * Security: Fixes http://libreswan.org/security/CVE-2024-3652 * Linux: remove dependency on libxz via libsystemd [Tuomo Andrew] * IKEv1: set default proposals to ESP aes-sha1 and AH sha1 [Andrew] * IKEv1: reject ESP proposal combining AEAD and non-empty INTEG [Andrew] * IKEv1: reject exchange when connection has no proposals [Andrew] * IKEv1: limit default cryptosuite [Andrew, Paul, Tuomo] IKE={AES_CBC,3DES_CBC}-{HMAC_SHA2_256,HMAC_SHA2_512HMAC_SHA1}-{MODP2048,MODP1536,DH19,DH31} ESP={AES_CBC,3DES_CBC}-{HMAC_SHA1_96,HMAC_SHA2_512_256,HMAC_SHA2_256_128}-{AES_GCM_16_128,AES_GCM_16_256} AH=HMAC_SHA1_96+HMAC_SHA2_512_256+HMAC_SHA2_256_128 v4.14 (March 11, 2024) * Fix compile error in 4.13 in gntoid() [Andrew] * testing: fixup ikev2-tfc-03 for padded packets [Andrew/Paul] v4.13 (March 11, 2024) * Security: Fixes http://libreswan.org/security/CVE-2024-2357 * Linux: make libcap-ng failures non-fatal [Andrew] * BSD: fix esp=aes_gcm [Andrew] * NetBSD: fix compiler warning in lib/libswan/x509.c [Andrew] * x509: unpack IPv6 general names based on length [Andrew] * pluto: TFC padding was not set for AEAD algorithms [SaiKumarCholleti@github] v4.12 (Aug 8, 2023) * SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-38710 * SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38711 * SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38712 * pluto: Do not crash on ipcomp expiry msg [Andrew] v4.11 (May 3, 2023) * SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-30570 v4.10 (February 28, 2023) * SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-23009 * IKEv1: only clean up a connection when it isn't deleted [Andrew] v4.9 (October 13, 2022) * IKEv1: fix crasher (introduced in 4.8) when USE_NSS_KDF=false or MD5 [Andrew] * IKEv2: fix RFC 8229 IKE/ESP over IPv6 TCP [Andrew] v4.8 (October 2, 2022) * release: remove SHA1 bindings from LIBRESWAN OpenPGP key [dkg/Paul] * pluto: ignore obsoleted unused interfaces= / --iface [Paul/Andrew] * pluto: various internal crypto struct changes [Andrew] * pluto: fix traffic counters for AH and IPCOMP [Andrew] * pluto: improve logging of duplicate serial cert error [Andrew] * pluto: support for maxbytes/maxpacket counters [Antony/Paul] * pluto: handle HW tokens using strange CKAIDs; github/815 [Andrew] * pluto: added --ipsec-max-bytes / --ipsec-max-packets support [Antony] * libipsecconf: added ipsec-max-bytes= and ipsec-max-packets= options [Paul] * IKEv2: emit one CERTREQ payload with all the hashes [Andrew] * addconn/whack: add support for {left,right}pubkey= [Andrew] * showhostkey: add support for ECDSA pubkeys [Andrew] * Crypto: add KDF self tests [Daiki Ueno] * IPv6: open IPv6 IKE port 4500; github/800 [Andrew] * showhostkey: add --pem option to print PEM encoded public key [Andrew] * unbound: _unbound-hook converted from python to shell [Andrew] * BSD: delete old BSDKAME code replaced by PFKEYV2 code [Andrew] * BSD: fix replay window byte vs bit math [Andrew] * BSD: fix code finding interfaces; github/728 [Andrew] * FreeBSD: support large replay window; github/756 [Andrew] * FreeBSD: support ESN; github/721 [Andrew] * linux: update copy of xfrm.h header [Paul] * packaging: update fedora spec file [Paul/Tuomo] * building: on BSD, always use GCC; freebsd/264288 llvm/55963 [Andrew] * building: enable LTO when USE_LTO=true; github/836 github/834 [Andrew] * building: dropped default build and packaging support for: Fedora 22, 28, 29, 30 Debian stretch Ubuntu cosmic, xenial RHEL6 was removed in v4.5 Add SUSE, Arch, Mint v4.7 (May 24, 2022) * IKEv2: EAPTLS support [Timo Teräs / Andrew] * IKEv2: EAPONLY support [Andrew] * IKEv2: fix interop when IPCOMP+transport-mode [Andrew] * IKEv2: fix race between new IKE SA and liveness [Andrew] * IKEv2: fix interop with Android 12 + certificates [Andrew] * IKEv1: reject IKEv2 only authby=secret+rsasig [Andrew] * kernel: fix double delete of kernel policy when tearing down SA [Andrew] * kernel: fix deleting policy when an XFRMi FD ID; github/618 [Andrew] * kernel: general cleanups [Andrew] * _stackmanager / pluto: support Ubuntu 18.04 LTS kernels [Paul] * FreeBSD: libreswan builds out-of-the-box [Andrew] * BSD: Add IPv6 support (tested on NetBSD) * building: fix build on fedora rawhide [Paul] * internals: initiate IKEv2 CREATE_CHILD_SA exchange using IKE SA [Andrew] * internals: _updown.bsdkame renamed to _updown.bsd v4.6 (January 11, 2022) * SECURITY: Fixes CVE-2022-23094 https://libreswan.org/security/CVE-2022-23094 * IKEv2: aggressively check incoming fragments [Andrew] * IKEv2: when rekeying and PFS, only propose/allow original crypt-suite [Andrew] * IKEv2: when PFS, don't repeatedly log all proposals [Andrew] * IKEv2: Labeled IPsec improvements [Andrew] * IKEv1: support for ISAKMP_N_CISCO_LOAD_BALANCE removed [Andrew] * pluto: Revamp the host connection lookup mechanism [Andrew] * pluto: Change default replay-window from 32 to 128 [Paul] * pluto: Change default esn= to "either" and prefer "yes" [Paul] * pluto: Disable esn when replay-window=0 [Paul] * pluto: Drop obsolete debug options such as crypto-low [Andrew] * seccomp: Updated syscall allow-list [Paul] * packaging: replace old SUSE packaging with pointer to downstream [Andrew] * NetBSD: Don't use ESN - not supported by kernel [Andrew] * letsencrypt: Fix bashisms in letsencrypt script [dkg] * libipsecconf: allow leftauth=ecdsa|rsa (match authby= values) [Paul] * testing: significantly improved testing [Andrew, Paul] v4.5 (August 20, 2021) * IKEv1: multiple subnets could lead to crossed wires, failures [Paul/Andrew] * IKEv2: don't tear down IKE SA on TS_UNACCEPTABLE [Paul] * IKEv2: unpend/delete Child SA when rejected by IKE_AUTH response [Andrew] * IKEv2: mobike: resolve_defaultroute_one() updates [Andrew] * IKEv2: mobike: prevent sending duplicate mobike response [Andrew] * IKEv2: Support for Childless IKE SA [Andrew] * IKEv2: redirect: make peer redirecting in IKE_AUTH childless [Vukasin] * IKEv2: Labeled IPsec --up causes Childless IKE SA [Andrew/Paul] * IKEv2: Labeled IPsec conns share SPD policies (as IKEv1) [Andrew/Paul/Kavinda] * IKEv2: Performance; eliminate more O(#CONNECTIONS) code [Andrew] * IKEv2: Immediately delete replaced Child from new (IC) IKE SA [Andrew/Paul] * pluto: mismatched subnets= could take down all conns [Paul] * pluto: Don't delete existing IKE SA of connection instance [Paul] * pluto: fail better on parse errors in subnet= clause [Paul] * libswan: use getaddrinfo(3) instead of gethostbyname2(3) [Hugh] * libipsecconf: fail to load conn if no right= or left= set [Paul] * libipsecconf: change default of initial-contact= to yes [Paul] * X509: directly append new CRL requests to the fetch queue [Andrew] * whack: implement --impair trigger: [Andrew] * ipsec.service: remove reload which did not work as expected [Tuomo] * portexcludes: update to use python3 [Kim] * building: fix NetBSD build [Andrew] * building: fix arm / aarch64 build [kekePower@github] * building: Remove support for RHEL6 USE_OLD_SELINUX [Paul] * packaging: handle properly rpm sysctl config [Tuomo] * packaging: rhel7: fix python2 shebang [Tuomo] v4.4 (April 22, 2021) * IKEv2: Fixes for TCP encap in Transport Mode and host-to-host [Paul/Sabrina] * IKEv2: Fixes to Labeled IPsec policies [Kavinda Wewegama/Paul] * IKEv2: Add redirect statistics to whack --globalstatus [Clive Zagno] * IKEv2: Connections would not always switch when needed [Andrew/Paul] * pluto: Fix for host-to-host connections use non-standard IKE ports [Paul] * pluto: Use peer ID (IKEv2 IDr, IKEv1 Aggr) to select best initial conn [Paul] * pluto: Disable interface-ip= as the feature is not yet implemented [Paul] * pluto: Fix PLUTO_PEER_CLIENT* in updown for NAT + Transport Mode [Paul] * pluto: Remove never updated PLUTO_VERSION for updown scripts [Paul] * pluto: Actually set PLUTO_CONNECTION_TYPE= to transport or tunnel [Paul] * pluto: Allow non-templated wildcard ID connections to match [Paul] * pluto: Reduce and merge various logging messages [Andrew] * libipsecconf: Do not allow vhost/vnet in IKEv2 connections [Paul] * XFRM: Restarting pluto when using ipsec-interface= could fail [Paul] * contrib/munin: Update plugin to use python3 and update doc header [Tuomo] * testing: Enable OpenBSD interop tests [Paul/Ravi] * testing: Make tests more reliable on KVM [Andrew] v4.3 (February 21, 2021) * pluto: Restore range checking on Labeled IPsec [Paul/Andrew] * pluto: Higher state serialno does not imply newest state [Paul] * pluto: Cleanup ip_address vs ip_endpoint (protoport dropping) [Andrew] * pluto: Revival of code could accidentally fallback to IKEv1 [Andrew] * newhostkey: Add support for generating ECDSA keys [Daiki Ueno] * libipsecconf: Ignore empty option at end of config (rhbz#1685653) [Andrew] * whack: Add --global-redirect and --global-redirect-to options [Pietro Monteiro] v4.2 (February 2, 2021) * IKEv2: Support for IKEv2 Labeled IPsec [Hugh, Sahana, Paul, Kavinda Wewegama] * IKEv2: MOBIKE could cause assertion failure due to eroute ownership [Paul] * IKEv2: MOBIKE and NAT port update code interfered with each other [Andrew] * IKEv1: Re-enable questionable Microsoft proposals to fix L2TP/IPsec [Paul] * IKEv1: Do not load IKEv1 conns when IKEv1 support not compiled in [Paul] * IKEv1: Fix XAUTH: re-transmit when sending CFG request [Andrew] * pluto: New config setup option ikev1-policy= [Paul] * pluto: Change default ikelifetime from 1h to 8h [Paul] * pluto: Add ignore-peer-dns=yes|no and whack --ignore-peer-dns [Paul] * pluto: Startup could take long time closing fd's (github#373) [Andrew] * pluto: IKEv2 connection could accidentally retry as IKEv1 [Andrew] * pluto: change default IKE SA lifetime from 1h to 8h [Paul] Resolves: github#362, github#405, hwdsl2/setup-ipsec-vpn#912 * pluto: Revived conns can try to quickly re-use existing NAT mapping. Can be used with new auto=keep [Paul, Andrew] * pluto: Don't complain about DNS names starting with number [Paul] * pluto: Re-implement Labeled IPsec for IKEv1 [Paul, Sahana] * pluto: Support for --shutdown --leave-state [Paul] * whack: add very raw --processstatus [Andrew] * whack: no longer require --ipv6 when specifying raw IPv6 host addresses * libswan: Re-introduce xauthusername/remote_peer_type for NM-libreswan [Paul] * initsystem: fix docker/podman startup with sysvinit [Paul] * initsystem: ensure non-testing namespaces work with systemd [Paul] * initsystem: systemd support for ipsec whack --shutdown --leave-state [Paul] * pluto: prefer IPv4 over IPv6 when performing DNS lookups [Andrew] * building: Support for compiling without IKEv1 via USE_IKEv1=false [Paul] * building: Various clang compiler related fixes [Timm Baeder] * building: fix NetBSD arm64 build [Andrew] * testing: many updates [Andrew, Paul] v4.1 (October 18, 2020) * IKEv2: Fix Notify protocol ID interop with Cisco introduced in 4.0 [Antony] * addconn: Fix resolving with %defaultroute plus peer with A + AAAA [Antony] * building: minor cleanups [Andrew/Tuomo] v4.0 (October 14, 2020) * KLIPS: Support for KLIPS completely removed [Paul] * pluto: Removed support for deprecated algos: serpent, twofish, cast [Paul] * IKEv2: EXPERIMENTAL: Support for RFC 8229 IKE/ESP over TCP [Andrew/Mayank Totale] New per-conn keywords: listen-tcp=yes|no, tcponly=yes|no, tcp-remoteport= Requires: Linux kernel >= 5.8 * IKEv2: Support for leftikeport= / rightikeport= [Andrew/Paul] * IKEv2: EXPERIMENTAL: Support for INTERMEDIATE Exchange [Yulia Kuzovkova/GSoC] New keyword: intermediate=yes * FIPS: Remove DH 23/24 from FIPS allowed list as per SP 800 56A Rev 3 [Paul] * pluto: Support for rereading configured certificates from NSS [Myungjin Lee] * pluto: plutodebug= keywords are now: base,cpu-usage,crypt,tmi,private [Andrew] * pluto: find_pluto_xfrmi_interface() would only check first interface [Paul] * pluto: ddos cookies-threshold and max-halfopen output was swapped [John Mah] * pluto: Fix leased IP address leak [Andrew/Paul] * pluto: Fix displaying PLUTO_BYTES_ counters [Paul] * pluto: Replace/remove deprecated libselinux functions [Eduardo Barretto] * pluto: Update selinux calls for Labeled IPsec support [Richard Haines] * pluto: Memory leak fixes [Hugh] * pluto: Remove unused per peer logging [Andrew] * pluto: Cleanup logging code for minimal logging support [Andrew] * pluto: Cleanup netlink / XFRM code [Hugh] * pluto: xfrmi used mark-out for XFRMA_SET_MARK [Antony/Wolfgang] * pluto: Support for ipsec0 interface to help migrate from KLIPS to XFRM [Paul] * pluto: Fix logging some IKE messages to proper IKE SA state [Andrew] * pluto: Remove global ikeport/nat-ikeport, add listen-udp/listen-tcp [Paul] * pluto: Connections now have serial numbers which are logged [Paul/Andrew] * pluto: No longer require :RSA sections in ipsec.secrets [Andrew] * pluto: pluto chooses wrong raw RSA key (github#352) [Andrew] * seccomp: Update syscall allowlist for pluto and addconn [Paul] * whack: Support for ipsec whack --rereadcerts [Paul] * whack: Rename --ikev1-allow and --ikev2-allow to --ikev1 and --ikev2 [Paul] * whack: Clear inherited defaults for IKEv2 from IKEv1 connections [Paul] * show: Fixup for python3 version of ipaddress module [Paul] * IKEv2: Fix Windows 10 rekey being rejected [Antony/Paul] * IKEv2: Remove duplicaes from proposals using "+" [Andrew] * IKEv2: CERTREQ payload was not sent for authby=ecdsa [Paul] * IKEv2: Decode notify payloads into the message digest [Andrew] * IKEv2: Don't use NAT-T port when no NAT DETECTION payloads received [Andrew] * IKEv2: Add load-balance support (multiple targets) to redirect [Vukasin] * IKEv2: Only sent REDIRECTs to established IKE SA's (not IPsec SAs) [Paul] * IKEv2: Fix AUTH failure if ID payload reserved fields != 0 [Paul/Andrew/Hugh] * IKEv2: A delete(IKE SA) request should not trigger a delete request [Andrew] * IKEv2: Ignore, not abort when receiving unknown type transforms [Andrew] * IKEv2: Don't switch NAT port on receiving non-NAT notify payloads [Andrew] * IKEv1: Prevent crashing in Quick Mode on unused NAT payload [Daniel Wendler] * libipsecconf: Fix config handling of policy-label [bauen1] * libipsecconf: Promote ah= / esp= as desired keywords over phase2alg= [Paul] * libipsecconf: Remove most obsoleted option names with undersscore(_) [Paul] * rsasigkey/newhostkey: Remove obsoleted --output option [Paul] * building: Add NetBSD support [Andrew] * building: Remove support for SINGLE_CONF_DIR, EMIT_ISAKMP_SPI, [Paul] USE_KEYRR and TEST_INDECENT_PROPOSAL * building: Merge userland.mk into config.mk to simplify makefiles [Tuomo] * building: Deprecate INC_ variables [Tuomo] * building: Remove all support for SERPENT, TWOFISH, CAST and RIPEMD [Paul] * building: Remove -DALLOW_MICROSOFT_BAD_PROPOSAL [Tuomo] * building: The define USE_NSS_PRF was renamed to USE_NSS_KDF [Tuomo] * building: Rename master branch to main branch [Paul] * building: Fix finding ipsec command in non-standard bin dirs [Tuomo] * building: Introduce USE_OLD_SELINUX to support libselinux < 2.1.9 [Paul] * building: NETKEY options changed to XFRM options [Paul] * building: NSS database (*.db) are now expected in /var/lib/ipsec/nss [Tuomo] ipsec checknss called in initsystem will migrate files Use FINALNSSDIR=/etc/ipsec.d to use the pre-4.0 location * packaging: Debian: remove runtime dependency on systemd [Stephen Kitt] * packaging: Fedora: add missing build dependency for certutil [Stephen Kitt] * packaging: Debian switched to using /usr/libexec/ [dkg] * testing: Support Fedora32, Ubuntu, improved namespaces support [Paul/Others] * testing: Work around kernel ICMP Acquire bug [Paul] * testing: Added interop testing with OpenBSD iked [Ravi Teja] * documentation: friendler ipsec cmd output [Paul] v3.32 (May 11, 2020) * SECURITY: Fixes CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763 * IKEv2: Support non-narrowed child rekey for narrowing (regression in 3.31) * FIPS: ECDSA keys were mistakenly rejected as "too weak" [Paul] * FIPS: Minimum RSA key size is 2048, not 3072 [Paul] * FIPS: Use NSS to check FIPS mode instead of manually checking fips=1 [Paul] * IKEv2: Do not use fragments if not appropriate (regression from v3.30) [Paul] * IKEv1: Add NSS KDF support for the Quick Mode KDF [Andrew/Paul] * libipsecconf: support old-style ",," to mean "\," in specifying id [Paul] * libipsecconf: left/rightinterface-ip= are not kt_obsolete [Paul] * whack: Add missing ecdsa/sha2 and compat rsa policy options to whack [Paul] * Fix left=%iface syntax due to string length miscalculation [Antony] * X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN [Paul] * packaging: debian fixes [Tuomo] * building: USE_NSS_KDF=true now uses NSS for all KDF functions Using this option, libreswan no longer needs FIPS certification v3.31 (March 3, 2020) * IKEv2: Opportunistic conns specifying keyingtries=0 are changed to 1 [Paul] * IKEv2: Fix ikev2 rekey failures due to bad Traffic Selector proposa [Antony] * IKEv2: Verify (not ignore) expected TSi/TSr payloads for IPsec rekeys [Paul] * IKEv1: Support for XFRMi interfaces [Paul] * X509: When IDr payload is type ID_DER_ASN1_DN, don't check for SAN [Paul] * pluto: Disable log_to_audit if kernel does not support audit [Paul] * pluto: Increase max IKEv2 fragments to 32 to support Windows [John Mah] * addconn: Do not assert on ipsec-interface=no [Paul] * nat_traversal: Fix not to send nat-t keepalives when there is no nat [Tuomo] * KLIPS: Fix _updown.klips (regression introduced in 3.30) [Wolfgang] v3.30 (February 13, 2020) * WARNING: This is the last release that supports the KLIPS stack, use the new ipsec-interface= virtual interfaces instead. * XFRM: Fix detection on kernels without xfrm_stat (debian et all) [Paul] * XFRM: XFRMi interface support using ipsec-interface= and iface-ip= [Antony] * IKEv2: Message ID handling: remove a O(#STATES) lookup [Andrew] * IKEv2: OE previous half-open state overwrites IPsec policy [Paul/Stepan] * IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul] * IKEv2: Prevent leak in ikev2_send_certreq() on sending error [Paul] * IKEv2: Remove SHA1 from default proposal list [Paul] * IKEv2: On PPK failure with insist, return AUTHENTICATION_FAILED [Vukasin] * IKEv2: Do not try to delete (replaced) bare shunts [Paul] * IKEv2: Delete pending outgoing bare shunts if incoming IPsec happened [Paul] * IKEv2: Allow CP payload in CREATE_CHILD_SA (RFC 7296 Appendix C.4) [Paul] * IKEv2: calculate_sa_prio() now allows OE shunt to override priority [Paul] * IKEv2: calculate_sa_prio() support for /32 template vs instance [Hugh/Paul] * IKEv2: IPv6 support for addresspool= option [Antony] * IKEv2: Updated support for MOBIKE triggered events [Antony] * IKEv2: Support reconnecting authnull clients [Paul] * IKEv2: New whack commands --rekey-ike and --rekey-ipsec [Antony] * IKEv2: Prefer RFC 7427 Digital Signatures for default authby=rsasig [Sahana] * IKEv2: Refuse SHA1 for RFC 7427 Digital Signatures as per RFC 8247 [Sahana] * IKEv2: Use IKEv2 fragment size values (not IKEv1) [Andrew] * IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul] * IKEv1: Re-implement CVE-2019-10155 fix to prevent future occurrences [Andrew] * IKEv1: do not assert on bad virtual private entry [Paul] * pluto: Simplify plutodebug= options to: base, cpu-usage, crypt, private and tmi (maps old values to new ones for compatibility) [Andrew] * pluto: non-default ipsec.conf did not load auto=add connections [Paul] * pluto: fix %defaultroute for link-local and non-link-local gateway [Antony] * pluto: Improve whackfd handling (prevent console hangs/omissions) [Andrew] * pluto: Support to disable SAN checks (require-id-on-certificate=no) [Paul] * pluto: Audit log IKE SA and IPsec SA failures for Common Criteria (CC) [Paul] * pluto: Disable support for DH2/modp1024 at compile time [Paul] * pluto: Add audit-log=yes|no (default yes) [Paul] * pluto: DDNS event should not cause connection initialization [Paul] * pluto: Various O(STATE) optimializations [Andrew] * pluto: Fixup reporting of esp-hw-offload capabilities in kernel/nic [Paul] * pluto: Add chacha20_poly1305 and curve25519 to default proposals [Paul] * pluto: Updated SECCOMP syscall whitelist [Paul] * pluto: With non-default config file, connections loading was skipped [Paul] * pluto: Fix Opportunistic Encryption with Transport Mode policies [Paul] * pluto: Fix various memory leaks in IKE and X.509 code [Andrew] * pluto: netlink: increase the additional bufferspace to 32KiB [Antony] * pluto: pluto --selftest no longer logs to stderr with timestamps [Paul] * pluto: fix for redirect-to type when it is FQDN [John Mah] * pluto: addresspool: give new lease to different (xauth)usernames [Paul] * pluto: addresspool: reduce complexity from O(#LEASES) to O(1) [Andrew] * whack: Remove obsoleted --whackrecord and --whackstoprecord options [Andrew] * whack: Added whack --ddns to trigger DNS refresh event manually [Paul] * X509: Offload most code to helpers for significant performance boost [Andrew] * X509: Simplify code, cut redundant calculations, speed improvements [Andrew] * X509: SAN checks should confirm IKE peer ID on responder too [Paul] * letsencrypt: new command "ipsec letsencrypt" [Rishabh] * _updown.netkey: PLUTO_VIRT_INTERFACE replaces PLUTO_INTERFACE [Antony] * _updown.netkey: add IPv6 routing support [Tuomo] * _updown.netkey: don't remove old resolv.conf, just update it [Tuomo] * _updown.netkey: fix for iproute2 >= 5.1 which no longer ignores /mask [Paul] * libswan: Don't leak ECDSA pubkey on form_ckaid_ecdsa() failure [Paul] * libswan: Close netlink socket on send error in netlink_query() [Paul] * libipsecconf: don't throw error for not finding a wildcarded include [Paul] * verify: improve support for python2 and python3 [Anand Bibhuti/Paul] * KLIPS: Support for kernels >= 4.20 with SYNC_SKCIPHER_REQUEST_ON_STACK [Paul] * KLIPS: Userland tools compile fixes [Hugh/Paul] * building: No longer build with DH2(modp1024) support (see RFC 8247) [Paul] * building: Add config for PYTHON_BINARY, default being /usr/bin/python3 [Tuomo] * building: Add new USE_NSS_PRF, to use KDF from NSS [Robert Relyea/Andrew] * building: Add USE_PRF_AES_XCBC, replaces USE_XCBC [Paul] * building: Fixes for NetBSD build [Andrew] * building: Fixes for gcc10 [Paul] * packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul] * packaging: Add Debian stretch specific configs and more cleanup [Antony] * packaging: make deb jessie and xenial config detection [Antony] * packaging: update python she-bang handling [Tuomo] * testing: Added a new namespaces based testrun method [Antony] * testing: setup: namespace based ipsec stop needs ip xfrm flush state [Paul] * testing: setup: namespace based ipsec skips initsystem [Paul] v3.29 (June 10, 2019) * SECURITY: Fixes CVE-2019-10155 https://libreswan.org/security/CVE-2019-10155 * programs: Change to /proc/sys/net/core/xfrm_acq_expires to detect XFRM [Paul] * barf: Fix shell script parse error and small cleanup [Tuomo/Hugh] * packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul] * packaging: rhel6 doesn't need USE_AVA_COPY=true or WERROR_CFLAGS= [Tuomo] * packaging/rhel6: remove -lrt, not needed any more [Tuomo] * systemd: change Restart default to on-failure [Tuomo] * building: Makefiles: Use RT_LDFLAGS for glibc < 2.17 support [Tuomo] * building: userland-cflags.mk: add RT_LDFLAGS= for older glibc [Tuomo] v3.28 (May 20, 2019) * SECURITY: Fixes CVE-2019-12312 https://libreswan.org/security/CVE-2019-12312 * KLIPS: Disable KLIPS userland support per default [Paul] WARNING: Support for KLIPS will be removed in 2019 * MAST: Removed support for MAST variant of KLIPS stack [Paul] * IKE: Change default connection from IKEv1 to IKEv2 [Paul] * IKEv2: Don't try to encrypt notify response without SKEYSEED [Andrew/Paul/Hugh] * IKEv2: ikev2= keyword changed to only accept "yes" or "no" [Paul] * IKEv2: Support for REDIRECT (RFC 5685) [Vukasin Karadzic/GSoC] (new keywords redirect-to, accept-redirect, global-redirect= global-redirect-to and new ipsec whack --redirect command * IKEv2: Initialize daily secret used for DCOOKIES [Paul/Andrew] * IKEv2: Extend narrowing code to support protoports [Andrew/Paul] * IKEv2: Fix bug that prevented AH from rekeying [Andrew] * IKEv2: IKE SA rekey could lead to losing track of Child SA [Andrew/Antony] * IKEv2: A spurious DH calculation was performed and discarded [Andrew] * IKEv2: Support for IPCOMP (compress=yes) [Paul] * IKEv2: Initialize NAT keepalives check on IKE SA establishment [Paul] * IKEv2: Only sent NAT keepalives for IKE states (suppresses IPsec dups) [Paul] * IKEv2: Timeout in receiving IKE_AUTH reply would abort connection [Paul] * IKEv2: Add ECP384, ECP521 and CURVE25519 to default IKEv2 proposal [Paul] * IKEv2: Remove SHA1 from default IKEv2 proposal [Paul] * IKEv2: Delete on auto=start conn would not restart (introduced in 3.23) [Paul] * IKEv2: Compact proposals to prevent fragmentation of IKE_INIT [Andrew] * IKEv2: Fix opportunistic group policy on /32 groupinstances on delete [Paul] * IKEv2: Fix opportunistic /32 on non-defaultroute interface [Paul] * IKEv2: Do not send two requests for IKEv2_INTERNAL_IP4_ADDRESS [Paul] * IKEv2: Show payload structure of received packet in RFC notation [Andrew] * IKEv2: Release whack when peer ID is wrong [Paul] * IKEv2: Hardened PPK code and fixed memory leaks [Hugh] * IKEv2: Use less resources under DDoS attack to send/process COOKIES [Andrew] * IKEv2: Delete partial Child SA states that can never establish [Paul] * IKEv2: Remove SHA1 from default proposals [Paul] * IKEv2: Add ECP groups and Curve25519 to default proposal [Paul] * IKEv2: Fix AH rekeying (handle not having encrypter [Paul] * IKEv2: NAT-T keepalives did not start if only IKEv2 conns were in use [Paul] * IKEv2: Drop IKE_SA_INIT requests with non-zero SPIr [Andrew] * IKEv2: On rekey, sometimes a CHILD SA was lost (wrong hash slot) [Andrew] * IKEv1: Don't leave a dangling pointer after IKE SA delete [Paul/Hugh] * IKEv1: Only sent NAT keepalives for IPsec states (suppresses 1 dup) [Paul] * IKEv1: Do not activate DPD when peer does not support it [Paul] * IKEv1: Reject key sizes <= 0 properly instead of crashing [Paul] * IKEv1: Fix Aggressive Mode interop with Volans Technology [wuwei29] * IKEv1: Remove bogus "duplicate Delete" check causing Windows 1m outage [Paul] * IKEv1: If whack socket not there for passwd input, return STF_FATAL [Paul] * IKEv1: Remove Win98 workaround ignoring IPsec SA deletes in first 60s [Paul] * X509: Do not keep received CERTs beyond the connection lifetime [Andrew] * X509: Support for NSS IPsec profiles mbz#1252891 [Kai Engbert/Paul] * X509: Don't fail validation on critical flag in Key Usage payloads [Paul] * X509: Fix ocsp-method=get|post to actually skip get when asked) [Stepan Broz] * X509: Fix various leaks [Hugh, Andrew] * X509: Cache contents read from NSS database for performance [Andrew] * pluto: Re-initialize (w backoff) conns that should remain "up" [Paul/Hugh] * pluto: Use any sent IKE message to reset the DPD/liveness counter [Paul] * pluto: Add timing information to packet processing [Andrew] * pluto: Significant performance improvements for conns and certs [Andrew] * pluto: Simplify state lookups and SPI passing [Andrew] * pluto: Speed up state lookups by only looking at proper hash chain [Andrew] * pluto: metric= value should accept values > 255 [Tuomo] * pluto: New "cpu-usage" plutodebug option displaying timing info [Andrew/Paul] * pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul] * pluto: Fix memory leak in CERTREQ sending [Hugh] * pluto: Revive (with back-off) auto=start conns that receive Delete/Notify [Paul] * pluto: Show all activated impairments in ipsec status [Andrew] * pluto: Do not load a connection if its certificate has a problem [Andrew] * pluto: Handle case when external use deletes certificate from NSS [Andrew] * pluto: Fix resource leaks [Andrew/Hugh] * pluto: Improve and extend pluto statistics [Paul] * pluto: Deleting a connection should bring it down first to run _updown [Paul] * pluto: Revive auto=start conns that receive Delete/Notify [Paul/Hugh/Andrew] * pluto: Refuse to load connections with unsupported type=transport [Paul] * pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul] * addconn: Fix crash on startup with dnssec-enable=no [Stepan Broz] * libswan: Only use valid ephemeral ports for libunbound context [Stepan Broz] * libswan: Do not process DNSSEC root key or trust anchors when disabled [Paul] * libipsecconf: conn %default content could get overwritten rhbz#1704085 [Hugh] * libipsecconf: Allow IKEv2 style ike/esp proposals using '+' symbol [Andrew] (example: ike=aes_gcm+chacha20_poly1305,aes-sha2+sha1) * libipsecconf: Updated defaults for filling in proposal elements [Andrew] (drop sha1, sha2_512 before sha2_256 for esp, lots of new DH groups) * libipsecconf: Be more tolerant of duplicate proposals and 'none' DH [Andrew] * confreadwrite: Fix double host printing, line and bad ikev2=UNKNOWN [Paul] * ipsec: Add "ipsec traffic" as shorthand for "ipsec trafficstatus" [Paul] * ipsec: Add "ipsec brief" as shorthand for "ipsec briefcstatus" [Paul] * _stackmanager: Do not attempt to load PF_KEY (af_key.ko) module [Paul] * whack: Fix option name to and documentation of ms-dh-downgrade [Tuomo] * whack: Two new impairments: del-with-notify and bad-ikev2-xchg [Andrew/Paul] * whack: Fix non operational connection flags / arguments [Daniel Kautz] * whack: Add new --briefstatus which skips showing all states [Paul] * auto: Fix replace operation for when changing from subnet= to subnets= [wuwei29] * verify: Removed broken IP forwarding check [Paul] * FIPS: X.509 minimum public key size check was rejecting valid keys [Paul] * FIPS: Disallow AES-XCBC from PRF/INTEG, Allow AES-GMAC [Paul] * FIPS: Fixup FIPS_IKE_SA_LIFETIME_MAXIMUM to 24h as per NIST SP 800-77 [Paul] * FIPS: Force IKE maximum lifetime of 24h (default is 1h) [Paul/Vukasin] * XFRM: Use netlink for last remaining obsolete PF_KEY API API calls [Antony] * XFRM: Clean up and add logging to IPsec SA for nic-offload= [Hugh/Paul] * XFRM: Set default XFRM_LIFETIME_DEFAULT to 30 (was 300) [Paul] * libswan: Fix leaks in badly formed secrets/ppk_id [Vukasin Karadzic] * libswan: Don't crash on mangled PSK or PPK secrets [Vukasin Karadzic] * initsystems/systemd: Install tmpfiles config when installing unitfile [Tuomo] * barf: No longer look for netstat, ifconfig and mii-tool [Paul] * building: Sort all wildcarded object files for build reproducibility [dkg] * building: Update NSS includes to not use obsoleted header files [Paul/Andrew] * building: USE_NSS_AVA_COPY ?= false, only needed with NSS < 3.30 [Tuomo] * building: USE_UNBOUND_EVENT_H_COPY ?= false, enable only for [Tuomo] unbound <= 1.7.3 without unbound-event.h * building: Fix UNBOUND_VERSION testing so result compiles on Fedora 29 [Hugh] * building: USE_NSS_IPSEC_PROFILE ?= true, Requires nss >= 3.41 [Tuomo] * building: Support for unbound > 1.8.0 [Antony] * building: Update XFRM headers [Antony] * building: Add 'make install-rpm-dep' and 'make install-deb-dep' [Antony] * testing: Lots of new and improved test cases [lots of people] * packaging: Add a spec file for RHEL8/CentOS8 [Paul] * packaging: debian: explicitly set ARCH for reproducibility [dkg] * packaging: debian updates [Antony/Paul] v3.27 (October 7, 2018) * XFRM: SA marks must be included for delete operation [Tijs Van Buggenhout] * pluto: Resolve a crasher in ECDSA freeing code [Hugh/Sahana] * pluto: Resolve a hang when recursively loading same config file [Hugh] * pluto: Refuse to load conns with different subnet address families [Paul] * IKEv2: Fix regression on ID_NULL causing a new conn instance [Paul] * IKEv1: Drop duplicates when not a reply [Andrew] * IKEv1: Don't respond with errors to invalid encrypted packets [Andrew] * IKEv1: Don't print empty informational warning on delete payload [Paul] * IKEv1: Don't add spurious ESP-NULL proposal to AH proposals [Andrew] * whack: Release whack socket on IKE_AUTH errors [Andrew] * libswan: fix buffer size to getnameinfo() call in resolve_ppp_peer() [Hugh] * libipsecconf: Don't accidentally clear modecfgdomains= entries [Andrew] * building: Fixup NSS includes and links (fixes Debian builds) [Andrew/Paul] * documentation: Update (L)GPL license links and http -> https links [dkg] * Bugtracker bugs fixed: #177 left=%defaultroute not working when "src" in the default route [Kim] #80 VTI interface vanishes when peer goes down and up [yu-shiba] v3.26 (September 16, 2018) * IKEv2: Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 [Sahana Prasad] * IKEv2: Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 [Sahana Prasad] * IKEv2: Use DER handling code of NSS instead of our custom code [Andrew] * IKEv2: Fix core dump when impaired and proposing esp=null-none [Andrew] * IKEv2: Fix traffic selector lookup for asymmetric conns [Andrew/Paul] * IKEv2: Add IKE and ESP support for chacha20poly1305 (RFC 7634) [Andrew] * IKEv2: Fix leaks in ikev2_calculate_rsa_hash [Hugh] * IKEv2: Simplify proposal generating [Hugh] * IKEv1: Fix handling XAUTH empty passwords [Andrew] * IKEv1: Various code cleanup, next payload handling [Hugh] * IKEv1: fix optional key-length regression (in v3.25) with ESP prop [Andrew] * IKEv1: Don't delete replaced IKE SA, it confuses third party clients [Paul] * pluto: Relax strictness of DH in ESP/AH proposals [Andrew] * pluto: Fix for two roadwarriors using ID_IPv4 behind same NAT [Paul] * pluto: Do not hand out old lease address for authby=secret conns [Paul] * pluto: new --selftest option that exits pluto after startup tests [Paul] * pluto: Updated known Vendor ID table [Paul] * XFRM: Don't call init_pfkey() on boot so Linux upstream can kill it [Andrew] *_unbound-hook: Fixup adding IPv4 pubkey, unbound now quotes arg as 1 [Paul] * building: Fix listed patches for debian build [Paul] * building: enable DH31 (curve25519) per default [Paul] * building: disable DH23,DH24 per default [Paul] * testing: prepare to migrate from f22 to f28 [Andrew, Antony, Paul] * Bugtracker bugs fixed: #166 IPsec/XAuth reusing lease for multiple clients behind same NAT [Paul] v3.25 (June 27, 2018) * IKEv2: MOBIKE Initiator support (RFC 4555) [Antony] * IKEv2: Support for IKE SA rekeying RFC7296 1.3.2, initiator [Antony] * IKEv2: Support for IPsec SA rekeying RFC7296 1.3.3, initiator [Antony] * IKEv2: Support for IKE SA reauth=yes|no RFC7296 2.8.3 [Antony] * IKEv2: Temporarily disable Liveness/DPD when MOBIKE kick in [Antony] * IKEv2: No longer allow contradicting esp= and pfs= options [Andrew] * IKEv2: PPK support for authby=rsasig [Vukasin Karadzic] * IKEv2: Support for CURVE25519 (RFC 8031) [Andrew] * IKEv2: IANA INTERNAL_DNSSEC_TA allocation added [Paul] * IKEv2: Add PPK support to authby=rsasig [Vukasin] * IKEv2: Don't calculate NO_PPK_AUTH when the POLICY is INSIST [Vukasin] * IKEv2: fix PPK when responder is ppk=no but has a valid PPKID [Paul/Vukasin] * IKEv2: Support for protoport based Opportunistic IPsec [Paul] * IKEv2: Support multiple authby values (eg authby=rsasig,null) [Paul] * IKEv2: Support for AUTHNULL fallback via private use Notify [Vukasin] * IKEv2: Fix v3.23 regression causing liveness check to always fail [Tuomo] * IKEv2: Support for Microsoft rekey bug: ms-dh-downgrade=yes|no [Andrew/Paul] * IKEv2: Allow switching between OE instances with different protoports [Paul] * IKEv2: process INITIAL_CONTACT and delete old states from a connection [Paul] * IKEv2: Only retransmit fragments on receiving first fragment [Andrew] * IKEv2: When sending fragments, also update st_msgid_lastreplied [Paul] * IKEv2: Encrypt IKE_AUTH reply when authenticaion failed [Andrew] * IKEv2: Fix handling of corrupt encrypted packets [Andrew] * IKEv2: Do not call ISAKMP_SA_established() during CREATE_CHILD_SA [Paul] * IKEv2: When receiving Initial Contact, delete old IPsec SA's [Paul] * IKEv2: Harden IP triggered OE with new dns-match-id=yes|no [AntonyPaul] * IKEv2: Add PRF/INTEG support for AES_XCBC / AES_CMAC [Andrew] * IKEv2: permit DH=none (as in esp=aes;none,aes;dh22) [Andrew] * IKEv1: Prevent crashes with IKEv1 mistakenly allowing narrowing=yes [Paul] * IKEv1: DPD was not getting scheduled (bug introduced in 3.23) [Paul] * IKEv1: modecfg_send_set() must not ignore failure of modecfg_resp() [Hugh] * X509: Extend support for wildcard certs matching remote peer ID [Paul/Hugh] * X509: Support PKCS7 for Microsoft interop with intermediate certs [Andrew] * X509: Handle CRL fetching in separate thread [Andrew] * pluto: Obsoleted connaddrfamily= (fixes 6in4 and 4in6) [Paul] * pluto: New hostaddrfamily= and clientaddrfamily= (only needed w DNS) [Paul] * pluto: Cleanup of state/md passing code [Andrew] * pluto: Allow switching back from wrong instance to template conn [Paul] * pluto: disentangle IKEv1 and IKEv2 packet sending code [Andrew] * pluto: Allow rightsubnets= without leftsubnet(s)= [Paul] * pluto: don't share IP leases for authby=secret (in case of group ID) [Paul] * pluto: Parser bug prevented 4in6 config [mhuntxu at github, Daniel M. Weeks] * pluto: Find and delete old connection/states with same ID [Paul/Hugh] * pluto: traffic log (and updown) line had in/out bytes swapped [Paul/Tuomo] * pluto: Fix memory/fd leaks found by Coverity and in cert code [Hugh/Andrew] * pluto: Improve SPD longest prefix to priority calculation [Andrew/Paul/Hugh] * addconn: Fix auto=route and auto=start processing [Paul] * whack/auto: Ensure all status and list commands return no error code [Paul] * KLIPS: Replace deprecated blkcipher with skcipher crypto API [Tijs Van Buggenhout] * FIPS: Support new NIST ACVP protocol with cavp tool cmdline args [Andrew] * FIPS: Don't attempt HMAC integrity test on rsasigkey (rhbz#1544143) [Paul] * FIPS: Don't allow RSA keys < 3072 [Matt/Paul] * FIPS: Enable our PRF aes_xcbc wrapper on NSS hash code in FIPS mode [Andrew] * FIPS: Raise minimum RSA key length allowed to 3072 [Paul] * CAVP: Add - and -json(output) options to CAVP [Andrew] * portexcludes: new command ipsec portexcludes (see portexcludes.conf) [Paul] * _updown.netkey: fix deleting routes when half routes are used [Tuomo] * _updown.netkey: don't delete VTI interfaces until we can refcount [Tuomo] * _updown.netkey: fix unroute: "need at least a destination address" [Tuomo] * _updown.netkey: don't do proxyarp for direct host-host tunnels [Tuomo] * _updown.netkey: force routing if we don't have route to remote network [Tuomo] * _unbound-hook: Pass all IPSECKEY's to pluto, not just the first [Paul] * contrib/python-swan: module to check if traffic get be encrypted [Kim] * contrib/c-swan: example code to check if traffic get be encrypted [Kim] * building: added USE_GLIBC_KERN_FLIP_HEADERS (default off) [Paul] * building: when ElectricFence enabled, add extra system calls to seccomp [Andrew] * ipsec: add checknss option --settrusts to reset CA trusts in nss db [Tuomo] * _updown.netkey: force routing when necessary for IPsec to work [Tuomo] * _updown.netkey: do not proxyarp for host-host tunnels [Tuomo] * look: sort XFRM output by priority [Andrew] * Bugtracker bugs fixed: #311: segfault in crl fetching git master f5b17dc [Andrew, Tuomo] #314: IPv6 default route is deleted by mistake #318: vti interface gets down on previous initiator if roles switch [Tuomo] #320: nsspassword file location is half implemented #328: Addcon crash on duplicit "left" or "leftid" keys in conn config [Stepan Broz] v3.24 (June 26, 2018) * This release was never published v3.23 (January 25, 2018) * IKEv2: MOBIKE Responder support (RFC 4555) [Antony/Paul] * IKEv2: Add support for modecfgdns= and modecfgdomains= like for IKEv1 [Paul] * IKEv2: EXPERIMENTAL: Support for Postquantim Preshared Keys [Vukasin Karadzic] based on draft-ietf-ipsecme-qr-ikev2-01 (using private use numbers) new option: ppk=yes|no|insist (default no) * pluto: Fix DEFAULT_RUNDIR to be set so it is really configurable [Tuomo] * pluto: Add support IDr payload (You Tarzan, me Jane) [Paul] * pluto: pass state to send_crypto_helper_request() [Andrew] * pluto: Internal time/scheduling changes, micro-seconds logging [Andrew] * pluto: make counts of states consistently "unsigned" [Hugh] * pluto/lib: Remove obsoleted/unused %myid support [Paul] * pluto: add --impair replay-forward,replay-backward [Andrew] * pluto: add --impair dup-incoming-packets [Andrew] * pluto: Rework nic offload detection code [Aviv Heller] * pluto: Retry send on -EAGAIN in check_msg_errqueue() (up to 32x) [Paul/Hugh] * pluto: Pull latest kernel traffic counters before logging/deleting SA [Paul] * pluto: STF_INLINE, STF_TOOMUCHCRYPTO no longer needed in helpers [Andrew] * pluto: Replace socket queues with a simple queue and mutex+cont [Andrew] * pluto: Do not send DPD/liveness probes for replaced inactive IPsec SAs [Paul] * pluto: crypto processing cleanup [Andrew] * XFRM: XFRM_MIGRATE support, used for MOBIKE [Antony] * XFRM: Listen to NETLINK_ROUTE messages from kernel for MOBIKE [Antony] * XFRM: Fix unique marks accidentally setting -1 instead of random [Paul] * XFRM: Only install IPv6 holes when system has configured IPv6 [Antony] * XFRM: Add support for decap-dscp=yes|no (default no) [Paul] * XFRM: Add support for nopmtudisc=yes|no (default no) [Paul] * KLIPS: Support kernels 4.14+ with renamed dev->priv_destructor [Paul] * KLIPS: updown fixes for IPv6 default route and metric/mtu settings [Wolfgang] * SECCOMP: Update syscall whitelist for use of libunbound [Paul] * IKEv1: better handle ESP with no integrity vs unknown integrity [Andrew] * IKEv1: Fix packet retransmit code wrf timeouts vs duplucates [Andrew] * IKEv1: Prevent duplicate responder states on retransmision [Andrew] * IKEv1: Don't linger R1 states for 1h but use configured timeouts [Paul] * IKEv2: nat_traversal_change_port_lookup() code moved [Antony] * IKEv2: Macros could misinterpret some IKE/IPsec states [Paul/Antony] * IKEv2: Updated Group transforms to comply with RFC 8247 [Paul] * PAM: Don't cancel pam threads (unsupported!) but drop results instead [Andrew] * _updown: Fix resolv.conf handling (github #130) [Tuomo] * _updown: Fix POINTPOINT interfaces not to use nexthop [Tuomo] * _updown.netkey: Add source ip to dev lo by default [Tuomo] * Makefiles: Fix INC_MANDIR to be share/man and add FINALMANDIR [Tuomo] * packaging: Move debian/ to packaging ('make deb' still works) [Antony] * contrib: Added ipsec-dyndns to demonstrante how push an IPSECKEY [Paul] * Bugtracker bugs fixed: #313: changesource in updown_klips doesn't respect PLUTO_METRIC [Wolfgang] #314: IPv6 default route is deleted by mistake [Wolfgang] v3.22 (October 22, 2017) * IKEv2: EXPERIMENTAL: unbound DNS server ipsecmod support [Opportunistic IPsec] * IKEv2: Initial support for RFC 7427 Digital Signature [Sahana Prasad/GSoC] * IKEv2: Do not include INTEG=NONE in AEAD IKE proposals [Andrew] * IKEv2: Accept both ESP=AEAD+NONE and ESP=AEAD in proposals [Andrew] (See also: https://www.rfc-editor.org/errata/eid5109) * IKEV2: Fix interop with old pluto that rejected esp=aead+none [Andrew] * IKEv2: Add support for GMAC via esp=null_auth_aes_gcm [Andrew] * IKEv2: Fragmentation code cleanup and memory leak fixes [Andrew] * IKEv1: Fix XAUTH retransmits and packet storage [Antony] * IKEv1: Perform custom state change for XAUTH without ModeCFG [Paul] * IKEv1: Add support for nat-ikev1-method=none [Paul] * IKEv1: XAUTH password length wasn't consistent at 128 [Stepan Broz] * pluto: Natively install ICMPv6 neighbour discovery holes [Mayank Totale/GSoC] * pluto: Fixup XAUTH/PAM thread cancellation handling [Andrew/Antony] * pluto: Change default rundir from /var/run/pluto to /run/pluto [Paul] * pluto: Various ike_alg parsing updates [Andrew] * pluto: Various cleanups in addresspool and XAUTH code [Hugh] * pluto: Fix missing ntohl() on the SPI numbers in ipsec status [Paul] * pluto: Various memory leak fixes [Antony,Paul,Hugh] * pluto: Make ioctl(SIOCGIFFLAGS) failure for labeled devices non-fatal [Paul] * pluto: Give IKE traffic preference via SO_PRIO [Paul] * pluto: New setup options: ike-socket-errqueue= , ike-socket-bufsiza=e [Paul] * pluto: Improve whack --listevents with libevent [Antony] * pluto: Fixup NIC offload support [Antony, Hugh] * pluto: Track and try the number of EAGAIN errors on IKE socket [Hugh/Paul] * pluto: Prevent spurious initiating states on responder-only conn [Antony] * pluto: don't call sanitize_string() in fmt_log() as it is expensive [Paul] * pluto: No longer need to specify null for AEAD, can use esp=aes_gcm [Andrew] * pluto: Increase default nhelpers for 1 CPU (2) and 2 CPUs (4) [Paul] * pluto: New option logip= (default yes) to disable log of incoming IPs [Paul] * pluto: signal handling cleanup [Andrew/Hugh] * pluto: Don't try to retransmit unsent packet [Paul/Hugh] * pluto: state hashing improvements [Andrew] * pluto: Fix erranious connecting switching (bug in v3.21) [Paul] * pluto: when deleting parent, don't deschedule DH for wrong child [Andrew] * pluto: dpdaction=restart fixup when using %any [Antony] * pluto: Don't die on labeled interfaces without SIOCGIFFLAGS support [Paul] * addconn: left=%defaultroute would fail if >500 host routes [Kim] * showhostkey/rsasigkey: Fixup mismatch of public key display [Andrew] * FIPS: Some selftests did not run properly under FIPS mode [Andrew] * KLIPS: Removed old premade patches, use make targets instead [paul] * updown Don't remove source ip if it's still used (rhbz#1492501) [Tuomo] * updown: Allow disabling via leftupdown="" or leftupdown="%disabled" [Paul] * updown: SPI numbers were missing ntohl() conversion [Paul] * various: phase out --ctlbase for --ctlsocket and --rundir [Paul] * libipsecconf: reject unavailable kernel algorithms in parser [Andrew] * libswan/pluto: throw a clearer error for broken libunbound [Paul] * libswan/pluto: Cleanup logging and tighten logging lock [Andrew] * libswan/pluto: Greatly optimize logging code [Andrew] * libswan/pluto: Some logging algorithm renames for more consistency [Andrew] * building: remove -fexceptions; breaks pthread_cleanup_push [Andrew] * packaging: Update debian/ and move to packaging/debian [Antony] * packaging: Update fedora/rhel spec files [Tuomo] * testing: --impair-foo changed to --impair foo [Andrew] * testing: Some new impair options for testing [Andrew,Sahana,Paul] * testing: Allow null encryption with null auth for testing [Andrew] * Bugtracker bugs fixed: #294: Bug in public key reported by rsasigkey [Tijs Van Buggenhout/Andrew] #299: Fix overlapping addresspool and static lease from passwd file [Antony] #300: Fix bug in v3.21 that rejected hardcodes certs without a CA [Paul] #302: IKEv1-only and IKEv2-only must not share IKE SA [Paul] #303: xauth password length limited to 64 bytes [Stepan Broz] v3.21 (August 9, 2017) * FIPS: Don't crash on too weak PSK's in FIPS mode, warn for non-FIPS [Andrew] * FIPS: rsasigkey: Use modulus F4, not 3 (FIPS 186-4, section B.3.1) [Paul] * pluto: Support for "idXXX" esp/ike transform IDs removed [Andrew,Paul] * pluto: Do not return whack error when termining an alias connection [Paul] * pluto: Remove IKE policy bits on passthrough conns [Paul] * pluto: Minor memory leak fixes [Paul] * pluto: Fix memory leak due to addresspool reference count error [Antony] * pluto: Re-add support for ipsec whack --listevents [Antony] * pluto: Cleanup listed events on shutdown to please leak-detective [Antony] * pluto: Perform stricter SubjectAltName checks on configured ID's [Paul] * pluto: Handle *subnets in --route and --unroute via whack [Mika/Tuomo] * pluto: Unify IKEv1 XAUTH and IKEv2 PAM threading code [Andrew] * pluto: Use pthread_cancel() (not SIGINT, conflicts with debuggers) [Andrew] * pluto: Fix memory corruption with XAUTH/PAM threads [Andrew/Hugh] * pluto: Fix resource leak processing XAUTH password authentication [Andrew] * pluto: Fix warnings generated by gcc 7.1 [Lubomir Rintel] * pluto: NIC offload support nic-offload=auto|yes|no (eg mellanox) [Ilan Tayari] * pluto: Use common function in ikev1 / ikev2 for dpd/liveness actions [Antony] * NSS: Try harder finding private keys that reside on hardware tokens [Andrew] * IKEv2: Opportunistic IPsec support for IPSECKEY records [Antony] * IKEv2: New dnssec-enable=yes|no, dnssec-rootkey-file=, dnssec-anchors= [Paul] * IKEv2: If CREATE_CHILD_SA superseded retransmit, drop it [Antony] * IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.1) [Antony] * IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.2 responder) [Antony] * IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.3 responder) [Antony] * IKEv2: Flush ESP/AH proposals on the initiator. It could be stale [Antony] * IKEv2: State Machine (svm) updates to simplify CREATE_CHILD_SA [Antony] * IKEv2: DH role is based on message role not Original Initiator role [Antony] * IKEv2: Return CHILD_SA_NOT_FOUND when appropriate [Antony] * IKEv2: After an IKE rekey, rehash inherited Child SA to new parent [Antony] * IKEv2: Rekeying must update SPIs when inheriting a Child SA [Antony] * IKEv2: Decrypt and verify the paylods before calling processor [Andrew] * IKEv2: Fragmentation code cleanup [Andrew] * IKEv2: Drop CREATE_CHILD_SA message when no IKE state found [Antony] * IKEv2: Do not send a new delete request for the same Child SA [Antony] * IKEv2: During Child SA rekey, abort when ESP proposals mismatch [Antony] * IKEv2: OE client check should take responders behind NAT into account [Paul] * IKEv2: Improved dpdaction=hold processing [Antony] * IKEv1: Only initiate and create IKE SA for appropriate dpdaction [Antony] * IKEv1: Re-add SHA2_256 (preferred) and SHA2_512 to IKEv1 defaults [Andrew] * IKEv1: Aggressive Mode fixes for sending CERT / CERTREQ payloads [Paul] * IKEv1: Multiple CISCO_SPLIT_INC's cause duplicate spd_routes [Oleg Rosowiecki] * X509: Improve some failure logging [Paul] * XFRM: Use proper alignment for IPv4 AH as per RFC4302 Section 3.3.3.2.1 [Paul] * XFRM: Update including system or local copy of xfrm.h [Paul/Antony] * XFRM: Remove no longer needed {rt}netlink.h copies [Paul] * KLIPS: cryptoapi: switch from hash to ahash [Richard] * KLIPS: Add traffic accounting support [Richard/Paul] * KLIPS: Support for linux 4.11 [Paul] * lib: Move the alg_info lookup-by-name code to libswan [Andrew] * lib: Move all conditionally compiled ike_alg*.c files to libswan.a [Andrew] * addconn: Replace ttoaddr() with calls supporting DNSSEC [Paul/Antony] * libswan: Algo code cleanup [Andrew] * libipsecconf: Load specified RSA keys irrespective of policy [Paul] * libipsecconf/pluto: Be more strict in authby= & type= combinations [Paul] * libipsecconf: Fail to load connections with unsatisfied auto= clause [Hugh] * parser: Numerous algorithm parser fixes, eg. esp=aes_ccm_8_128-null [Andrew] * algparse: (Experimental) modified to run algorithm parser stand-alone [Andrew] * newhostkey: Actually append to secrets as the warning claims it will [Paul] * _updown.netkey: Fix syntax failure when PLUTO_MY_SOURCEIP is not set [Tuomo] * _updown.netkey,klips: Fix use of printf when updating resolv.conf [Tuomo] * _updown.netkey: Remove wrong use of PLUTO_PEER_CLIENT netmask [Tuomo] * _updown: Add MAX_CIDR variable for host netmask [Tuomo] * ipsec import: Trust bits correction did not always trigger [Tuomo] * building: Convert lib/ to use mk/library.mk [Andrew] * building: Work around rhel-6 gcc [Andrew] * building: Add copy unbound-event.h work around broken unbound installs [Paul] * packaging: Better split rpm and make variables [Paul] * packaging: Updates for new requirements for ldns, unbound-devel [Paul] * testing: Add DNSSEC, Opportunistic IPsec testcases, fixups [Multiple people] * contrib: Munin plugin for libreswan [Kim/Paul] v3.20 (March 14, 2017) * pluto: Add ECP dh19(secp256r1), dh20(secp384r1) and dh21(secp521r1) [Andrew] * pluto: Add dh= aliases for all modp= groups (eg "dh2" for "modp1024") [Paul] * pluto: Add statistics support to ipsec whack --globalstatus [Paul] * pluto: Add statistics clearing support using ipsec whack --clearstats [Paul] * pluto: Fix use-after-free in whack event handler (since v3.19) [Andrew] * pluto: Cleanup kernel_netlink.c [Hugh] * pluto: Print AH= algorithm and ESN when established [Paul/Andrew] * pluto: strip file path from abort messages [Andrew] * pluto: Support initiating template conn with --remote-host [Paul] * pluto/libswan: Change most ttoaddr() to ttoaddr_num() to prevent DNS [Paul] * pluto: fix use-after-free with EVENT_v2_RELEASE_WHACK [Andrew] * pluto: orient() asserted on SPLIT_INC without remote-peer-type=cisco [Paul] (reported by Oleg Rosowiecki) * pluto: accurately size a buffer for the decimal representation [Hugh] (debian bug 853507) * pluto: avoid gcc unused variable warnings when USE_KLIPS=false [dkg] * pluto: Support for Linux systems without IFA_F_TENTATIVE (CentOS5) [Paul] * pluto: Ignore uniqueids= for roadwarrior PSK and assume non-unique [Paul] * IKEv2: CREATE_CHILD support for Parent SA and Child SA rekeying [Antony] * IKEv2: Various refactoring for CREATE_CHILD support [Antony] * IKEV2: OE/CAT: Don't send CP request when responder is behind NAT [Antony] * IKEv2: log first notify payload when we receive an Notify Error [Paul] * IKEv2: Fix memory leak in DH secret calculation (since v3.9) [Andrew] (reported by Eric Andersson) * IKEv2: If re-entering ikev2_crypto_start(), reset msgid [Paul] * IKEv2: prevent copying bogus peer id when ID kind is IPv4/IPv6 [Paul] (rhbz#1392191) * IKEv2: suppress DELETE notifies for connections being replaced [Paul] * IKEv2: re-instate ISAKMP_SA_established() [Paul] * IKEv1: For IKE (phase 1), prefer 256-bit bit encryption [Andrew] * IKEv1: Print conn algo's when using XAUTH [Andrew] * IKEv1: Simplify ike= defaults (drop MODP1024, MD5, add MODP2048) [Andrew] * IKEv1: Prefer 256-bit keys over 128-bit keys for IKE [Andrew] * IKEv1: Also call ISAKMP_SA_established() in Aggressive Mode [Paul] * newhostkey: Convert remaining --configdir for --nssdir [Tuomo] * barf: Ensure proper macros are used. Add certutil/crlutil output [Paul] * misc: Fix various spelling errors in code/comments/man pages [dkg] * packaging: spec files should use 0 and 1, not true and false [David Arnold] * building: NSS_REQ_AVA_COPY?=true to support new NSS lib export fix [Paul] * building: Remove no longer needed NSSCERT_CheckCrlTimes() copy [Paul] * building: fetch: remove support for ancient LDAP version 2 [Tuomo] * building: move whack to separate programs/whack/ directory [Andrew] * building: Various Makefile variable cleanups and double link fixes [Andrew] * building: Don't check runtime for SElinux/systemd with DESTDIR [Paul] * documentation: added oe-letsencrypt-* example configs [Paul] v3.19 (January 15, 2017) * NSS: Support for configurable nss dir via IPSEC_NSSDIR [dkg/Tuomo] * FIPS: Only pluto needs a .hmac file, reducing crypto boundary [Paul] * FIPS: do not allow DBG_PRIVATE to be set when running in FIPS mode [Paul] * FIPS: Ignore failureshunt=passthrough and negotiationshunt=passthrough [Paul] * FIPS: Filter default proposals of non-FIPS allowed proposals [Andrew] * FIPS: Added CAVP test for pluto GCM code [Andrew] * FIPS: More cleanup of crypto related structs and functions [Andrew] * FIPS: Implement SHA based PRFs directly in NSS [Andrew] * FIPS: Support for CAVP testing 'HMAC construct' based SHA PRF code [Andrew] * IKEv2: Don't crash on bogus mixed protocol Delete Payloads [Hugh/Paul] * IKEv2: Add asymmetric AUTH support (leftauth= and rightauth=) [Antony/Paul] * IKEv2: refactored AUTH handling payload into v2_check_auth() [Paul] * IKEv2: support CERT chain sending [Paul] * IKEv2: Allow CERT and CERTREQ payloads multiple times [Paul] * IKEv2: do not attempt to send notify in reply to IKE_AUTH reply [Paul] * IKEv2: When receiving DELETE, ensure expire+restart when needed [Antony] * IKEv1: If a queued up DPD probe finds no IKE SA, create a new one [Paul] * IKEv1: accept_delete() check if IKE SA is shared before deleting [Paul] * IKEv1: Remove ADNS, DNS continuations and IKEv1 OE code [Paul/Antony] * IKEv1: Schedule IPsec SA REPLACE immediately when receiving DELETE [Antony] * IKEv1: Some IKE SA failure on initiator could lead to hanging whack [Paul] * KLIPS: fix for unregister_netdevice() for Linux 3.6.11 and up [Richard/Paul] * XFRM: EXPERIMENTAL Support for configuring IP address on the VTI device [Paul] keyword: leftvti=address/mask * XFRM: Fix NAT-T support when userland compiled without KLIPS support [Paul] * X509: Obsolete /etc/ipsec.d/crls (load_crls()) and whack --rereadcrls [Paul] * X509: New whack --fetchcrls (alias ipsec crls) to trigger a fetch [Paul] * X509: Iterate all X.509 certs and try to fetch their crls [Kim] * X509: Start a fetch for CRLs 5 seconds after startup [Kim] * X509: --rereadcrls no longer overwrites newer CRLs with older ones [Paul] * X509: log the NSS error when CERT_ImportCerts() fails [Paul] * X509: Don't attempt to fetch crl->uri when not present [Paul/Matt] * X509: Additional OCSP options to tweak the cache and fetch method [Paul] (new keywords: ocsp-method ocsp-cache-size ocsp-cache-min-age ocsp-cache-max-age) * X509: Fix memory leak in certificate handling (lsbz#278) [William Rios] * X509: Fix memory leak in certificate chain handling [Matt] * pluto: close whack socket in add_pending when dup pending is skipped [Hugh] * pluto: Avoid adding duplicate bare shunts causing lockup [Paul] * pluto: drop modp1024 (DH2) from IKEv1 "ike=" default list [Andrew] * pluto: send_packet() now refuses to send a packet to 0.0.0.0 [Paul] * pluto: find_hostpair ignore CK_INSTANCES that are ID_NULL [Antony] * pluto: Fix ca name and generalName leak lsbz#276 [Bill Rios] * pluto: EXPERIMENTAL SECCOMP support (seccomp=enabled|tolerant|disabled) [Paul] * pluto: connection instances need their own reqid [Antony] (this resolves multiple clients behind same NAT router issue) * pluto: Use a global reqid counter instead of looping every time [Paul] * pluto: use sets instead of nested loops for transform processing [Andrew] * pluto: Prefer not switching connections when possible [Paul/Hugh] * pluto: Move unique mark from rw_instantiate() to instantiate() for OE [Paul] * pluto: log more information when a bare shunt is missing [Hugh] * pluto: redo process_encrypted_informational_ikev2 [Hugh] * pluto: Add new config option encapsulation=auto|yes|no [Paul/Patrick Kerpan] replacing forceencaps=yes|no * pluto: No longer log bogus reapchildren warning [Paul] * libipsecconf: libipsecconf: remove last remnants of manual keying [Paul] * libipsecconf: remove auth= alias for phase2= [Paul] * _updown.netkey: Move addcat call from route-host to up-client [Paul] * ipsec: initnss|import use --nssdir for nssdb directory option [Tuomo] * newhostkey: use --nssdir for nssdb directory option [Tuomo] * showhostkey: use --nssdir for nssdb directory option [Tuomo] * barf: minor improvements with systemd/journalctl [Paul] * verify: fix "with FIPS" output to print OK [Paul] * _stackmanager: add cmac and chacha20poly1305 to modprobe list [Paul] * building: libreswan assumes -std=gnu99 when building [Andrew] * building: USE_EXTRACRYPTO replaced by USE_SERPENT and USE_TWOFISH [Paul] * building: Disable DH22 by default. To re-enable use USE_DH22=true [Paul] * building: work around flex 2.5.4 (CentOS 5); use: -o/output/file [Andrew] * sysvinit: remove unnecessary warnings about already stopped pluto [Tuomo] * initsystems: Enable "systemctl help ipsec" [dkg] * testing: various web output fixes (see testing.libreswan.org) [Andrew] * testing: various test updates / additions [Paul/Antony] * documentation: fixup changes in GPL 2.0 / LGPL like FSF address [dkg] * Bugtracker bugs fixed: #270 newhostkey: text output produces 1 character bug in pubkey [Andew] #272 Option --leak-detective causes assertion failure [Bill / Paul] #277 pluto: fix pluto events leak in timer_event_cb [Bill Rios] #152: ipsec whack --initiate for xauth does not release whack [Paul/Hugh] v3.18 (July 27, 2016) * SECURITY: CVE-2016-5391: IKEv2 proposal lacking DH causes restart [Andrew] * XFRM: EXPERIMENTAL Support for NAT OE Client Address Translation [Antony] keyword: leftcat=yes|no * XFRM: EXPERIMENTAL Support for routed-VPNs using VTI [Paul/Tuomo] keywords: vti-interface= vti-routing=yes|no vti-shared=yes|no * XFRM: EXPERIMENTAL Support for Traffic Flow Confidentiality tfc=XXX [Paul] * KLIPS: Fix for /proc/net/pf_key oops on < 4.4 [Erik Andersson] * KLIPS: Fix overwriting the sk pointer in 4.4 kernels [Ofer Heifetz] * FIPS: Only the pluto binary needs a fipscheck .hmac file for self-test [Paul] * FIPS: Change SA_LIFE_DURATION_MAXIMUM from 1 day to 8h [Paul] * FIPS: Do not allow Linux-style sha2 truncation for ESP in FIPS mode [Paul] * FIPS: Allow PSK in FIPS mode. This was erroneously not allowed [Paul] * FIPS: Added new ipsec whack --fipsstatus [Paul] * IKEv2: For default proposals, prefer MODP2048 over MODP1536 [Andrew] * IKEv2: For proposals like ike=aes-sha2, prefer AES_256 over AES_128 [Andrew] * IKEv2: For default ESP proposals, include and prefer AES_GCM [Andrew] * IKEv2: For default ESP/AH proposals, do not propose MD5 integrity [Andrew] * IKEv2: Add MODP3072 to defaults to ease interop with strongswan [Andrew] * IKEv2: Prefer sha2-512 over sha2-256 for ESP to avoid linux bug [Andrew] * IKEv2: fix use of ikev2_cert_req_fields [Lubomir Rintel] * IKEv2: Extend and improve notify handling [Paul] * IKEv2: Update ike endpoint as per rfc7296#section-2.23 [Antony/Paul] * IKEv2: If first liveness probe failed, we never noticed liveness failure [Paul] * pluto: Extend mark= support for mark-in= and mark-out= [Paul] * pluto: implement unique marks by using mark=-1 [Paul] * pluto: Add systemd watchdog support via USE_SYSTEMD_WATCHDOG [Matt/Paul] * pluto: Follow connaddrfamily when resolving hostnames [Daniel M. Weeks] * pluto: Check enum names consistency on startup [Hugh] * pluto: Log mismatched DH group (KE payload) to log (not debug) [Andrew] * pluto: Don't try to delete non-existing ipsec sa's (github #50) [Paul] * pluto: Prevent double free of id data [Hugh] * pluto: Avoid crashing on gaining remote ip locally (rhbz#1229766) [Paul] * pluto: ESN could use uninitialised values and fail [Paul/Andrew] * X509: Try subsequent crl distribution points when first one fails [Kim] * whack: Display IPv4 lease address in --trafficstatus [Andrew] * libipsecconf: New keyword left/rightckaid=XXX [Andrew] * libipsecconf: Remove legacy keyword subnetwithin= [Hugh] * libipsecconf: Clean out kv_auto / kv_manual attributes [Hugh] * updown: Add SPI_IN= and SPI_OUT= to updown scripts [Paul] * programs: Removed obsoleted ikeping and livetest [Paul] * newhostkey: No longer touch any secret files [Andrew] * showhostkey: Only look at NSS - don't require ipsec.secrets [Andrew] * libswan: Fix unbound dnsctx handling [Hugh/Paul] * libswan/libipsecconf: Clean up SECRETS code [Andrew] * libswan: Delete getNSSPassword; replaced by lsw_nss_get_password [Andrew] * addconn: Find peer IP address when resolving default route [Daniel M. Weeks] * barf: If systemd detected, use journalctl to get logs [Paul] * building: The make variable NSSLIBS was renamed to NSS_LDFLAGS [Andrew] * building: Fix building without DNSSEC support [Hugh/Paul] * packaging: Updates for debian packaging [dkg] * initsystem: Add docker support using 'make INITSYSTEM=docker' [Kim] * ipsec import: Add --configdir|--ipsecdir option for nss db location [Tuomo] * _import_crl: Fix to work with nsspasswd [Andrew] * _stackmanager: Remove loading of hardware random modules [Tuomo] * _stackmanager: hide error if /proc/sys/net is read-only (i.e. docker) [Kim] * ipsec: remove run by root check for Neutron/VPNaaS [Tuomo] * ipsec: add option [--configdir|--ipsecdir /etc/ipsec.d] [Tuomo] * testing: Various improvements for running tests, include web tree [Andrew] * testing: New makefile targets, see 'make kvm-help' [Andrew] * testing: pluto support for --expire-bare-shunt [Paul] v3.17 (April 4, 2016) * SECURITY: CVE-2016-3071: IKEv2 aes_xcbc transform causes restart [Andrew] * pluto: replace make variable HAVE_NO_FORK with USE_FORK, USE_DAEMON, and USE_VFORK [Andrew] * pluto: add make variable USE_PTHREAD_SETSCHEDPRIO used by Darwin [Andrew] * IKEv2: Add Vendor ID support and VID_OPPORTUNISTIC [Paul] * IKEv2: Send VID_OPPORTUNISTIC when doing AUTH-NULL Opportunistic IPsec [Paul] * IKEv2: New keyword drop-oppo-null=no|yes (default no) [Paul] * IKEv2: ikev2_out_generic{_raw}() functions [Paul] * IKEv2: Raise minimum nonce size from 8 to 16 bytes as per RFC-7296 [Paul] * IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes [Paul] * IKEv2: Fix memory leak of dcookies [Paul] * IKEv2: Switch pluto to native IKEv2 SA code, disentangle from IKEv1 [Andrew] * IKEv2: Log local and remote IKE and ESP/AH proposal sets [Andrew] * IKEv2: ESN support (XFRM linux 2.6.39+) via esn=yes|no(default)|either [Paul] * IKEv2: Do not include aes_xcbc in proposal list until NSS supports it [Paul] * IKEv2: Prefer sha2_512 over sha2_256 over sha1 [Paul] * IKEv2: Use SHA2-256 instead of SHA1 as hash algorithm for dcookies [Paul] * IKEv2: Validate unexpected dcookies to limit TRANSCRIPT attack [Paul] * IKEv2: Don't duplicate failed IKE SA every pending cycle of 120s [Paul] * IKEv2: add --impair-send-bogus-dcookie for testing [Paul] * IKEv1: Packet retransmit fixes for Main/Aggr/Xauth modes [Paul] * IKEv1: Minor logging changes for DPD/NAT-T/AGGR [Paul] * IKEv1: Prefix a few functions with ikev1_* where not obvious [Paul] * IKEv1: Always send modecfg banner and domain if they are set [Lubomir Rintel] * pluto: fetch crls from middleCA/endcert AIA distribution points [Kim/Mika] * pluto: crls must be refreshed periodically, not only near expiry [Kim/Mika] * pluto: Raise IKEv1 and IKEv2 default nonce size from 16 to 32 bytes [Paul] * pluto: Don't delete IKE SA when shared with multiple connections [Paul] * pluto: connection restart failed for dynamic dns conns [Wolfgang] * pluto: Ignore tentative and failed IPv6 addresses [Lubomir Rintel] * pluto: Fix various coverity warnings and corner cases [Hugh, Paul] * pluto: Rename *xauthusername= to *username= (keep compat alias) [Paul] * pluto: accept/verify the KE contents before creating the state [Andrew] * pluto: Parse the IKE SA proposals before creating the state [Andrew] * pluto/rsasigkey: libgmp functions obsoleted by native NSS [Andrew] * pluto: Be more careful handling realloc() failure [Hugh] * pluto: Fix leaks in NSS/certificate handling code [William Rios] * pluto: Refuse to load conns with protoport=XX/%any on both sides [Paul] * pluto: Ignore unsupported keys from the NSS database [Andrew] * pluto: orphan_hold() can encounter connection in delete phase [Antony] * rsasigkey: Only print the comment line, pubkey and CKAID [Paul] * secrets: Remove wrapper for "ipsec secrets" and make it inline [Paul] * libipsecconf: Make handling of policy bits more systematic [Hugh] * barf: Only sysvinit printed the string "subsystem" [Paul] * FIPS: Code cleanup and misc. fixes [Andrew / Paul] * FIPS: Add _import_crl to the FIPS file list [Paul] * KLIPS: Support for Linux 4.4.x kernel (lsw#256) [Wolfgang] * KLIPS: IPv6 can't determine routing device (lsw#237) [Wolfgang] * KLIPS: Fix pluto compile for USE_KLIPS=false [Paul] * barf: Does not show pluto log correctly in the output (rhbz#1309764) [Paul] * packaging: debian/ fixes [Marc-Christian Petersen / Tuomo] * sysvinit: Fix displaying number of tunnels in status command [Paul] * Bugtracker bugs fixed: #258 DPD with dynamic dns can't reconnect a host connection [Wolfgang] v3.16 (December 18, 2015) * auto: add new option --start which is like auto=start [Tuomo] * libipsecconf: allow time with no unit suffix (openswan compat) [Hugh] * libipsecconf: cleanup parser.y to work on old/new GCC and 32/64bit [Hugh] * libipsecconf: re-introduce strictcrlpolicy= as alias for crl-strict= [Paul] * libipsecconf: Allow time specification for dpdtimeout= / dpddelay= [Paul] * libipsecconf: aliases curl_timeout / curl_iface for openswan migration [Paul] * libswan: Fix memory leak in match_rdn() [Valeriu Goldberger] * PAM: Fix some IKEv1 XAUTH methods always returning "denied" [Antony] * PAM: stacked pam modules (eg pam_ssss) need CAP_DAC_READ_SEARCH [Matt] * newhostkey: fix seeddev device [Paul] * pluto: terminate_connection() when we become unoriented (rhbz#609343) [Paul] * pluto: find_client_connection() must ignore unoriented c (rhbz#1166146) [Paul] * pluto: Fix trafficstatus byte counter output [Antony] * pluto: accept racoon's over-sized padding (got rejected in 3.14) [Andrew] * pluto: obsolete plutofork= and ignore the keyword on startup [Paul] * pluto: send_crl_to_import: use waitpid(2) to wait for correct child [Hugh] * pluto: cleanup struct spd_route and related tidying [Hugh] * pluto: fix eclipsed to iterate over connection's spd_routes [Hugh] * pluto: accept delete payload with wrong side's SPI (CISCO bug) [Paul+Hugh] * pluto: initialise phase2 our_lastused/peer_lastused on creation [Paul+Hugh] * pluto: pluto: OE: add shunts.total count to ipsec whack --globalstatus [Paul] * pluto: Add keyword replay-window= (default 32, 0 means disable) [Paul] * pluto: Add fake-strongswan=yes|no (default no) to send strongswan VID [Paul] * pluto: Add support for XFRM marking cia mark=val/mask [Amir Naftali] * pluto: Use selinux dynamic class/perm discovery, not old API [Lubomir Rintel] * pluto: Fix for uniqueids killing second tunnel between hosts [Tuomo] * pluto: Don't refuse to load passthrough conn with ike= / esp= settings [Paul] * pluto: Free the event struct initialized in main loop and tidy [Antony] * pluto: Add event for child handling of addconn [Wolfgang/Antony] * pluto: release_fragments() cannot try both IKEv1 and IKEv2 fragments [Paul] * X509: load_end_nss_certificate() cleanup [Matt] * X509: Add on-demand loading of NSS certificate private keys [Matt] * X509: Fix possible NSS cert leaks in trusted_ca_nss() [Matt] * IKEv2: delete_state() should only handle shunt of real parent SA [Paul] * IKEv2: retransmit_v2_msg() should delete parent and child SA on failure [Paul] * IKEv2: mixup in parent/child SA caused keyingtries to be lost [Paul] * IKEv2: Remove two bogus state machine entries for INFORMATIONAL [Paul] * IKEv2: Remove duplicate SEND_V2_NOTIFICATION() [Paul] * IKEv2: Only let passthrough conn win if it has longer prefix [Paul] * OE: Deleting opportunistic Parent with no Child SA [Paul] * OE: Send authentication failed for OE child fail [Paul] * OE: Don't reject IPv6 family for OE foodgroups [Antony] * OE: Move orphan_holdpass() call into delete_state() [Paul] * OE: Call orphan_holdpass() for opportunistic conns for EVENT_SA_EXPIRE [Paul] * OE: Do not answer IKE request if we matched authby=never conn [Paul] * OE: Fix memory leaks in nullgw and bs->why [Antony] * OE: At IKE rekey time, delete the IKE/IPsec SA when idle [Antony] * FIPS: fips.h should only require compiled libexec/ components [Paul] * XAUTH: Fix for connection going up->down->up causing passert [Hugh] * XAUTH: Do not interpret padding as incomplete attribute [Lubomir Rintel] * XAUTH: Improve failure logging [Paul] * XFRM: Workaround bug in Linux kernel NLMSG_OK's definition [Hugh] * KLIPS: kernels 4.1.x+ always use the same interface to uids [Roel van Meer] * KLIPS: Various changes to support 4.1.x kernels [Wolfgang] * ipsec: custom directory not recognized, github issue #44 [Tuomo] * updown.*: Fix NetworkManager callback [Lubomir Rintel] * addconn: tidy [Hugh] * building: obsolete USE_ADNS and disable building adns helpers [Paul] * building: Do not link all binaries with nss,nspr and gmp [Paul] * building install "ipsec_initnss.8" and "ipsec_import.8" man pages [Andrew] * packaging: debian/ directory update [Paul/Daniel] * testing: Various testing updates and improvements [Antony/Paul/Andrew] * documentation: added CODE_OF_CONDUCT.d [Paul] * Bugtracker bugs fixed: #216 No longer require :RSA entries for X.509 certs in ipsec.secrets [Matt] #233 pluto sends delete SAs in wrong order and reconnection issues [Wolfgang] #247 KLIPS: fix pluto can't add ipv6 addresses to ipsec devices [Wolfgang] #248 keyingtries=%forever doesn't work anymore [Wolfgang] v3.15 (August 24, 2015) * SECURITY: CVE-2015-3240 IKE daemon restart when receiving a bad DH gx [Hugh] * KLIPS: fix use of *iovec() functions for linux 4.x kernels [Greg Ungerer] * IKEv1: Remove old IPsec SA's when newest IPsec SA is removed [CHEN, JIANFU] * IKEv1: Fix Labeled IPsec SECCTX parsing - bug introduced in 3.14 [Matt] * NETKEY: workaround for NLMSG_OK() macro causing build failure on i686 [Hugh] * NETKEY: Fix IPsec SA priority on type=passthrough conns [Antony] * NETKEY: Fix nflog= on type=passthrough conns [Paul] * pluto: Use PORT_ErrorToString() to translate NSS errors [Matt] * pluto/whack: add --impair-send-zero-gx to test CVE-2015-3240 [Paul] * ipsec: checknss/initnss must both convert old database if it exists [Tuomo] * packaging: debian fixes for userland package [Antony] v3.14 (August 11, 2015) * NSS: Major rewrite of PRF / PRFPLUS / integrity functions for FIPS [Andrew] * FIPS: Added programs/pluto/cavp for NIST CVAS testing [Andrew] * IKEv2: RFC 7383 IKEv2 Fragmentation support [Herbert/Hugh] * IKEv2: RFC 7619 Auth Null support (authby=null) [Paul/Antony/Hugh] * IKEv2: RFC 7619 ID Null support (leftid=%null) [Paul/Antony/Hugh] * IKEv2: whack and smc related time out fixes [Antony] * IKEv2: rekey, expire, delete refactoring and fixes [Antony] * IKEv2: do not pad IKE messages (fix interop w. InsideSecure) [Paul] * IKEv2: Fix esp=camellia to use the IKEv2 IANA registry number for ESP [Paul] * IKEv2: Fix memory leaks in addresspool and child exchange sadb [Antony] * IKEv2: Support for INVALID_KE DH group re-transmits [Paul/Hugh] * IKEv2: if applicable, add CERTREQ payload to IKE_SA_INIT response [Antony] * IKEv2: Various memory leak fixes [Hugh] * IKEv2: Delete parent/child SA when IPsec SA expires due inactivity [Antony] * IKEv2: Added pam-authorize= (default no) for userid verification [Antony] * IKEv2: Informational exchange did not always update msgid counters [Paul] * IKEv2: Don't send v2N_INVALID_MSGID in response to duplicate IKE_INIT packet * IKEv2: Time all crypto operations, not just DH IKEv2 [Antony] * IKEv2: reduce leaks involving sa_v2_convert [Hugh] * IKEv2: eliminate leaks of st_tpacket [Hugh] * IKEv2: fix send certreq [Antony] * IKEv2: find_host_connection now checks RSA, PSK and NULL one by one [Antony] * IKEv1: Don't copy isakmp_sa from received packet [Paul] * IKEv1: Do not retransmit forever [Antony/Herbert] * FIPS: Enforce crypto restrictions in FIPS mode (no md5,twofish, etc) [Paul] * XAUTH: retransmit user/password request in 10s (instead of 30s) [Wolfgang] * X509: Re-added CRL and OCSP support using NSS [Matt] * X509: Expired certificate could crash pluto [Wolfgang] * x509: New options: ocsp_enable= ocsp_strict= ocsp_timeout= [Matt] ocsp_uri= and ocsp_trust_name= * pluto: Converted select() loop to use libevent and subsecond timers [Antony] * pluto: unroute IPSEC SA instead of hold, if oppo and CK_INSTANCE [Antony] * pluto: Added --impair-send-no-ikev2-auth and --impair-force-fips [Paul] * pluto: Added retransmit-timeout= (default 60s) [Antony] * pluto: Added retransmit-interval= in ms (default 500) [Antony] * pluto: Greatly reduce time to retransmit from 20s to 0.5s [Antony] * pluto: Support for IKEv2 AES_CTR (ike=aes_ctr) [Andrew Cagney] * pluto: Support for CBC/CTR test vectors using NSS [Andrew Cagney] * pluto: Remove last weary old FreeS/WAN X.509 code and use NSS instead [Matt] * pluto: Static IP support using passwd file with addresspool= [Wolfgang] * pluto: major tidy of labeled ipsec code [Hugh] * pluto: fixes for uninitialized fields in output struct [Hugh/Paul] * pluto: audit format and log item update as per audit spec [Paul] * pluto: simplify and clarify sa_copy_sa and friends [Hugh] * pluto: small steps improving crypto helpers [Hugh] * pluto: plutostderrlog= renamed to logfile= [Paul] * pluto: plutostderrlogtime= renamed to logtime= [Paul] * pluto: New option logappend=yes|no (default yes) [Paul] * pluto: Removed obsoleted loopback= support [Paul] * pluto: advanced state counting (anon,auth,halfopen,child) [Paul/Andrew/Hugh] (see ipsec whack --globalstatus) * pluto/rsasigkey: added --seedbits option (and seedbits= option) [Paul] * pluto: do not terminate_connection() in-flight [Hugh] * pluto: don't use an expired reserved kernel SPI as fallback [Herbert Xu] * pluto: Use "third best" monotime() on mismatched kernel/glibc headers [Paul] * pluto: removed bool inbound_only from delete_ipsec_sa() [Paul/Herbert] * pluto: fix modecfg client/server status display (was swapped) [Herbert] * pluto: Global NFLOG support via nflog-all= keyword (default off) [Paul] * pluto: Per-conn NFLOG support via nflog= keyword (default off) [Paul] * pluto: Reduce default logging for unknown/halfopen/opportunistic SA's [Paul] * pluto: Fix bogus "no RSA public key known for '%fromcert'" [Herbert Xu] * pluto: exclude ike/esp options from %default for never-negotiate conns [Paul] * pluto: added xfrmlifetime= (default 300) to customise NETKEY acquires [Paul] * pluto: added shuntlifetime= (default 15m) for bare shunts [Paul] * pluto: added negotiationshunt= (default hold) [Paul] * pluto: Obsoleted force-busy= for ddos-mode= [Paul] * pluto: Added config setup keyword ddos-mode= (default auto) [Paul] * pluto: Added config setup keyword ddos-ike-threshold= (default 25000) [Paul] * pluto: Added config setup keyword max-halfopen-ike= (default 50000) [Paul] * pluto: route_owner() don't passert on changed interface [Paul] * pluto: Remove DNSSEC DLV support (DLV is decommissioned) [paul] * pluto: Support for unbound < 1.4.21 [Tony Whyman] * libipsecconf: Improve parser for pipe case (with NM) [Hugh/Lubomir Rintel] * libcrypto/twofish: Fix CALC_SB_* macros [Lubomir Rintel] * readwriteconf: improve error handling [Hugh] * ipsec: ipsec --import does not need to run restorecon [Paul] * ipsec: --checknss option automatically updates NSS DB to SQL [Matt] * ipsec: --checknflog option installs nflog-group= iptables rules [Paul] * rsasigkey: Rename --random to --seeddev [Paul] * packaging: Various SPEC file fixes and Buildrequires: updates [Tuomo/Kim] * packaging: Add v6neighbour-hole.conf for Neighbour Discovery hole [Paul] * initsystems: run ipsec --checknss before start [Tuomo] * building: overhaul of build system Makefiles (see mk/) [Andrew] * testing: docker test type support [Antony] * testing: test case updates/additions [Antony/Paul/Andrew/Matt] * testing: more FIPS support and --impair-force-fips option added [Paul] * NETKEY: Fix bare shunt management code to work properly for NETKEY [Paul/Hugh/Antony] * NETKEY: Increase netlink message buffer for larger SElinux labels [Paul] * NETKEY: kernel netlink decode and log policy expire message [Antony] * KLIPS: move udp_encap_enable() to not be within spinlock [Wolfgang] * KLIPS: ipsec_rcv_decap_ipip broken for IPv6 lsb#227 [Frank Schmirler] * KLIPS: Support for SHA2 via CryptoAPI [Wolfgang] * KLIPS: Support for sha2_truncbug [Wolfgang] * whack: New ipsec whack --purgeocsp [Matt] * whack: New ipsec whack --ddos-busy | --ddos-auto | --ddos-unlimited [Paul] * whack: New ipsec whack --globalstatus [Paul] * whack: New ipsec whack --shuntstatus [Paul] * whack: New ipsec whack --deleteid --name [Antony] * whack: cleanup help text [Tuomo] * _stackmanager: Don't load blacklisted modules (rhbz#1207689) [Paul/Tuomo] * _stackmanager: Support for xfrmlifetime= ipsec.conf option [Paul] * _updown: add proxy arp for cases where routing won't work [Tuomo/Wolfgang] * Bugtracker bugs fixed: #260: libswan: extra safety around same_id() when ID_FROMCERT is used [Paul] v3.13 (June 1, 2015) * SECURITY: CVE-2015-3204 malicious payload causing restart [Javantea/Hugh] v3.12 (November 6, 2014) * IKEv2: CP payload now installs internal address and dns [Antony] * IKEv2: Don't try to decrypt if DH is incomplete [Antony] * IKEv2: If applicable, add a CERTREQ payload in IKE_SA_INIT response [Antony] * IKEv2: Fix parent I2 replace event delay [Antony] * IKEv2: Liveness fix for restarting instantiated connection [Antony] * IKEv2: Schedule expire instead of replace when rekey=no [Antony] * IKEv2: Zero out CP payload before sending [Antony] * IKEv2: Fix message id in create child sa response [Antony] * IKEv2: Don't try to instantiate unoriented connections [Antony] * XAUTH: Fix 2 missing breaks when deciding on sending ModeCFG payloads [Paul] * X509: Ensure that root CA does not end up in the ca_path list [Matt] * pluto: Cleanup DYNDNS code and other clang warnings [Hugh] * pluto: lswconf.c: getNSSPassword: fix bugs and tidy [Hugh] * pluto: check return value of ike_alg_register_enc for twofish/serpent [Paul] * pluto: fix various uninitialised variables in out_struct() calls [Paul/Hugh] * KLIPS: Fix missing breaks in spi command algo type parsing [Paul] * KLIPS: Support for kernel 3.17 [David/Paul] * building: disable libcap-ng and NM support for OSX [Paul] v3.11 (October 22, 2014) * x509: IKEv1 CA cert chain support with sendca option [Matt] * pluto: Fix mtu= option mangling introduced in 3.10 [Kim] * pluto: Fixes auto=start and auto=route with %defaultroute [Kim/Tuomo/Paul] (troubled in 3.9 and 3.10) * pluto: Don't register ESP_BLOWFISH [Paul] * pluto: ESP support for aes_xcbc [Paul] * pluto: ESP support for aes_ctr [Paul] * pluto: ESP support for camellia on NETKEY [Paul] * pluto: IKE support for aes_xcbc (pending NSS update) [Paul] * IKEv1: Default to DH Group 2 and 5 for initiating Aggressive Mode [Paul] (3.9 included DH 14 which was preferred, causing interop issues) * pluto: Force ESP_CAST to only allow 128 bit key sizes [Paul] * pluto: Log_crypto_workers threads did not use static bool first_time [Coverity] * pluto: Warn (not fail) on empty NSS private key passwords [Oskari Saarenmaa] - rhbz#1145231 (rhel7) and rhbz#1144941 (fedora) * pluto: Added PLUTO_IN_BYTES= / PLUTO_OUT_BYTES= for updown [Antony] * pluto: Handle list of certs from parse_pkcs7_cert [Hugh] * pluto: Fix --impair-retransmits IMPAIR code [Hugh] * pluto: separate SEND_V2_NOTIFICATION from SEND_NOTIFICATION [Hugh] * pluto: Various fixes/cleanups in algo registration functions [Paul/Hugh] * pluto: ah=null as a valid phase2alg for a connection [Paul] * pluto: Clean up complete_v*_state_transitions and related things [Hugh] * pluto: More crypto helper cleanup [Hugh] * NETKEY: Don't trust PF_KEY API to tell us about IPCOMP support [Paul] * KLIPS: ip_select_ident was backported to 3.2.63 [Bram] * IKEv2: Don't copy reserved ISAKMP flags in reply msg (rhbz#1052811) [Paul] * IKEv2: ISAKMP_FLAGS_v2_IKE_I was not always set on Original Initiator [Paul] * IKEv2: CP payload support for responder [Antony] * IKEv2: CREATE_CHILD_SA support for responder [Antony] (NON_ADDITIONAL_SAS stub removed) * systemd: Use After=network-online.target instead of network.target [Kim] - rhbz#1145245 (rhel7) and rhbz#1144832 (fedora) * systemd: Add Wants=network-online.target [Lukas Wunner] * addconn: Route before and after listen (bug introduced in 3.10) [Paul/Hugh] * rsasigkey: Use a version of jam_str instead of strcpy() for hostname [Paul] * IKEv2: CERTREQ payload should use SHA1 hash of DN instead of IKEv1 DN [Matt] * updown: Pluto should give CAP_NET_RAW to updown for iptables -t mangle [Paul] * _stackmanager: Fixed to work again with mawk [Marc-Christian Petersen/Tuomo] * testing: Many test case updates [Paul/Antony/Hugh/Matt] * Bugtracker bugs fixed: #206: Libreswan v3.10 on 32-bit does not work [Kim] v3.10 (September 1, 2014) * XAUTH: New option: ipsec whack --trafficstatus [Antony] * XAUTH: New option: ipsec --deleteuser --name xauth-username [Antony] * XAUTH: Do not strip "-" from XAUTH usernames [Paul] * _updown.netkey: New environment variable PLUTO_ADDTIME for IPsec SA's [Paul] * _updown.netkey: Don't skip routing if mtu= option is used [Tuomo] * NETKEY: protoport= installed broken swapped src/dst passthrough SA's [Antony] * NETKEY: fix names for RIPEMD160 and AES_CTR [Paul] * KLIPS: support 3.16+ kernels with update __ip_select_ident() [Thomas Geulig] * _stackmanager: KLIPS support for alias devices [Marc-Christian Petersen] * pluto: Simplify/tidy alg_info [Hugh] * pluto: Simplify find_host_connection() and terminate_connection() [Hugh] * pluto: Fix a leaking socket in whack [Hugh] * pluto: Combine same_dn() and match_dn() to avoid deduplicate logic [Hugh] * pluto: Add strneq(); get rid of most remaining strncmp calls [Hugh] * pluto: Get rid of or document strcat, strncat, strcpy, etc [Hugh] * pluto: malloc/calloc/realloc/free tidying, including a few bug fixes [Hugh] * pluto: Fix memory allocation/free errors (especially in ike_frag) [Hugh/Paul] (triggered as of 3.9 when --leak-detective was used) * pluto: Various warning fixes from LLVM/Coverity [Hugh] * pluto: Don't listen before all connections are loaded [Paul] (this sub-optimal behaviour was introduced in 3.1) * cryptohelpers: cleanup and improved error logging [Hugh] * IKEv2: esp=/phase2alg= should be strict (bug introduced in 3.9) [Paul] * IKEv2: Don't abort all proposals when encountering unknown PRF [Hugh] * IKEv2: ikev2_parse_*_sa_body: stop matching after first success [Hugh] * IKEv2: Reject responder SA with multiple proposals [Hugh] * IKEv2: Enforce proposal numbering rules [Hugh] * IKEv2: first initiating XCHG of Original Responder is not a retransmit [Paul] * IKEv2: Don't respond to reply messages when parent SA was not found [Paul] * IKEv2: clarify O_responder/O_initiator and Request/Reply code [Paul] * IKEv2: Check received msgid is larger then previous before storing [Paul] * IKEv1: parse_ipsec_sa_body() did not allow newer AH transforms [Paul] * IKEv1: Add sha2 and aes_xcbc support for AH/ESP auth algorithm [Paul] * IKEv1: cap IKE lifetimes > 1d to 1d, instead of rejecting SA [Paul] * IKEv1: cisco-unity=yes now also sends VID when acting as VPN server * whack: Don't change exit status for RC_INFORMATIONAL* [Mike Gilbert] * rsasigkey: a logic error limited the randomness of the key size [Paul] * ipsec: create NSS DB on startup when missing [Paul] * ipsec: Added "ipsec --checknss" that creates-when-missing NSS DB [Paul] * verify: Make verify python3 compatible [Slavek Kabrda] * readwriteconf: Fix writing kt_invertbool's (like aggrmode=) [Paul] * testing: Obsoleted dotest.sh with dotest.py, speed increase [Antony] * testing: Added more test cases and general cleanup [Antony/Paul] * compiling: Fix ADNS without USE_DNSSEC compile [Tuomo] v3.9 (July 9, 2014) * Documentation: cleanup of README.* and docs/* [Paul] * libswan: Cleanup allocation and certificate handling functions [Hugh] * libswan: Introduce add_str() to replace abused strncat() [Hugh] * libswan: Complain when loading connection with expired certificate [Paul] * libswan: Some error messages did not make it to the whack log (user) [Paul] * pluto: STF_TOOMUCHCRYPTO handling should not delete the state [Paul/Hugh] * pluto: Default cipher keysizes is now RFC compliant 128 (not 256) [Paul] * pluto: Allow sha2 as an alias for sha2_256 [Paul/Matt] * pluto: Allow more DBG_* and IMPAIR options [Hugh] * pluto: Some enc transforms did not send KEY LENGTH for default key size [Paul] * pluto: Ensure required KEY_LENGTH attributes for some ciphers are sent [Paul] * pluto: Default ESP key size was "max" instead of "default" [Paul/Hugh] * pluto: Bogus keysizes (eg 3des666) was not rejected at IKE level [Paul/Hugh] * pluto: esp=aes now accepts both aes128 and aes256 [Paul/Hugh] * pluto: ipsec status did not display "000" for ESP default size [Paul] * pluto: ipsec status did not print IKE algo separator (",") [Paul] * pluto: ipsec status no longer prints remote nexthop when oriented [Paul] * pluto: sa_copy_sa_first() memory leak fixed [Hugh] * pluto: Improved exponential backoff in message retransmission [Hugh] * pluto: timer.c simplifications and improvements for monotonic time [Hugh] * pluto: Cleanup and document wire_chunk crypto helper code [Hugh] * pluto: rename program files using proper ikev[12]_* prefixes [Paul] * pluto: Don't load certs via load_acerts() from /etc/ipsec.d/acerts/ [Paul] * pluto: Drop CAP_DAC_OVERRIDE privs later to support non-root dirs [Paul] * pluto: Remove unused libaes/libdes/liblswcrypto [Paul] * pluto: Print proper cipher/algo/modp groups in phase1/parent SA [Paul] * pluto: Various IANA updates to ipsec/ike/ikev2 registries [Paul] * pluto: STF_TOOMUCHCRYPTO could cause double delete of state [Hugh] * pluto: Alias "sha" to "sha1" for ike= and esp= [Matt] * pluto: Simplify/cleanup NSS and cryptohelper code [Hugh] * pluto: pluto_crypt.c used non-thread-safe strerror() [Hugh] * pluto: ensure addconn thread uses the same ctlbase as pluto did [Paul] * pluto: LEAK_DETECTIVE is now a runtime --leak-detective pluto option [Paul] * pluto: Add modp2048 to default proposal list [Paul] * pluto: oakley_alg_makedb() algo preference picking fixed [Paul/Hugh] * pluto: Added --impair-send-key-size-check for testing [Paul] * pluto: Make timer.c code IKE version independent [Antony] * addconn: Default gateway finding logic fixes [Wolfgang] * addconn: Only resolve %defaultroute using the main routing table [Wolfgang] * addconn: ensure expired certificates show clearly over whack * NATT: Added nat-ikev1-method=drafts|rfc|both to workaround buggy Ciscos [Paul] * NATT: non port-floating (4500) NATT draft support removed [Paul] * NATT: Change order of NATT payloads to accommodate racoon sensitivity [Paul] * NATT: ignore incoming ISAKMP_NEXT_SAK (AKA ISAKMP_NEXT_NATD_BADDRAFTS) [Paul] * NATT: Added IKEv2 NAT-Traversal support [Antony] * XAUTH: Cleanup code [Hugh] * XAUTH: Workaround for Android bug sending trailing NULL with password [Hugh] * XAUTH: Improved logging and output for automated processing (eg for NM) [Paul] * XAUTH: Hand out previously given IP lease to same client on reconnect [Antony] * DPD: openbsd isakmpd bug workaround for duplicate DPD seqno [Paul] * IKEv1: aggr mode: print names of ignored proposals part [Paul] * IKEv1: rename init_am_st_oakley() to init_aggr_st_oakley() [Paul] * IKEv2: Rekey / Delete event scheduling fixes [Antony] * IKEv2: liveness (DPD) fix msgid handling for Informational XCHG [Matt] * IKEv2: Improved RESPONDER_TIMEOUT logic [Antony] * IKEv2: Extend smc with SMF2_CONTINUE_MATCH for cookie state matching [Hugh] * IKEv2: handle DDOS cookie without creating state and using memory [Hugh] * IKEv2: Fix IS_IPSEC_SA_ESTABLISHED macro to include IKEv2 [Antony] * IKEv2: CREATE_CHILD_SA exchange can return NO_ADDITIONAL_SAS [Antony] * IKEv2: Lingering states were never cleaned up [Antony] * IKEv2: Support Authenticated Header ("AH") [Hugh] * IKEv2: don't call dpd_active_locally() on an undefined state [Paul] * IKEv2: Return proper message to the user when our RSA/PSK is missing [Paul] * IKEv2: Always add SAi TSi TSr in I2 to allow IKE SA Reauthentication [Antony] * IKEv2: When deleting CHILD_SA without a IKE SA don't try to send v2D [Antony] * IKEv2: Fix process_informational_ikev2() for Delete payloads [Paul/Hugh] * IKEv2: Improved logging of IKEv2 transform IDs [Hugh] * pluto/whack: Allow shutdown command for different MAGIC [Paul] * NSS: Changed PR_ASSERT() calls to passert() calls [Paul] * NSS: ipsec initnss can now take a non-default location [Paul] * newhostkey: Return proper error codes, no longer allow stdin [Paul] * OCF: ipsec_ocf_cbimm KLIPS option was always ignored by mistake [Hugh] * OCF: Remove obsoleted HAVE_OCF support for IKE acceleration [Paul] (kernel OCF support is still available and supported) * NETKEY: esp=cast failed due to wrong crypto identifier [Paul] * KLIPS: SAref patches for Ubuntu kernel 3.11.0-15.25 [Simon Deziel] * KLIPS: Improved support for various 3.x Linux kernels [various] * KLIPS: support for CONFIG_USER_NS [Matt] * _stackmanager: only unload stack when switching (rhbz#1025687) [Paul/Tuomo] * building: remove LIBDIR as we install all programs in LIBEXECDIR [Tuomo] * packaging: NSS fixups for deb packaging [mountaincat] * testing: a LOT of test case updates [many people] * Bugfixes for better C-library compatibility with "musl" [Hugh/Paul] * Bugtracker bugs fixed: #67: uniqueids: don't compare ipv4 and ipv6 addresses [Tuomo] #86: left=%defaultroute does not work in a conn [Hugh/Paul] v3.8 (January 15, 2014) * SECURITY: CVE-2013-6467 missing IKEv2 payloads causes restart [Iustina/Hugh] * building: Remove #ifdef DEBUG - always compile into userland [Paul] * IKEv2: Updated AUTH names to latest IANA registry entries [Paul] * pluto/whack: Added --impair-send-ikev2-ke test option [Paul] * pluto: allow shutdown command even with bad WHACK_BASIC_MAGIC [Paul] * addconn: ignore obsoleted --defaultroute and --defaultroutenexthop [Paul] * Various code cleanup [Hugh] * initscripts: sysv should try harder to kill pluto without ctl file [Tuomo] * gentoo: fixes to build and init system on Gentoo [Mike Gilbert] * KLIPS: fix NAT-T status in eroute output [Paul] * pluto: updated ietf_constants.h with IANA entries [Paul] * IKE: Make sure sha2 is an alias for sha2_256 for ike= and esp= [Hugh/Paul] * Bugtracker bugs fixed: #171: showhostkey.c:322: bad switch statement v3.7 (December 10, 2013) * SECURITY: CVE-2013-4564 Denial of service via unauth packet [Paul/Hugh] * SECURITY: fix insecure tmp file in rpm %post - introduced in 3.6 [Tuomo] * SECURITY: Properly handle IKEv2 I1 notification without KE payload [Paul] * IKE: aes_gcm and aes_ccm now specify key size without salt [Paul/Hugh] * NETKEY: Added twofish and serpent as valid ESP algorithms [Paul] * KLIPS: Fix for crashes in ipsec_xmit_ipip() [Thomas/Roel/David] * KLIPS: Fix NAT-T (NEED_UDP_ENCAP_ENABLE) for 3.4 kernel [Roel] * KLIPS: Fix compiling for 3.9 kernels (PDE_DATA fix) [Paul] * KLIPS: Claim we do namespaces - makes it work on simple host case [Paul] * IKEv2: Add support for AES-GCM, AES-CCM [Paul/Hugh] * IKEv2: Check for inbound traffic before sending liveness exchange [Matt] * IKEv2: Fix some error codes that mistakenly used IKEv1 versions [Paul] * IKEv2: in R1 don't copy their IKEv2 minor for our reply packet [Paul] * IKEv2: Don't kill unrelated states on same hash chain in IKE DEL [Hugh] * pluto: change ipsec_notification_names to ikev[12]_notify_names [Paul] * pluto: Various cleanup and reducing scope of variables [Hugh] * building: support for slackware version/init system detection [Roel] * rsasigkey: Remove spurious debug line confusing ipsec showhostkey [Paul] (rhbz#1039655) * initsystems: fix typo in openrc script [Natanael Copa] * testing: KVM test system updates [Paul] * secrets: Log glob failing for secrets parser as warning, not error [Paul] * setup: fix systemd init detection [Tuomo] * labeled ipsec: Set default value of secctx_attr_value to 32001 [Paul] (rhbz#923250) * barf: don't load l2tp kernel modules and use new syntax (rhbz#1033191) [Paul] * Bugtracker bugs fixed: #116: Don't load connections when leftcert= cert not found in NSS DB [Matt] v3.6 (October 30, 2013) * IKEv2: Fix interoperability bug in SKEYSEED generation [Paul/Hugh/Antony] * IKEv2: Add liveness checks (a.k.a DPD for IKEv2) [Matt Rogers] * IKEv2: ikev2=insist allowed ikev1 when acting as responder [Matt Rogers] * IKEv2: Fix fallback to ikev1 when remote has ikev2=no [Paul] * IKEv1: Cleanup AGGR Mode VendorID - also send fragmentation vid [Paul] * IKEv1: Added cisco_unity= (default no) option which sends VID [Paul] * IKEv1: Fix compatibility with NAT-T and remote_peer_type=cisco [Paul] * IKEv1: dpdaction=restart_by_peer is now called dpdaction=restart [Paul] * IKEv1: Added support for modecfgbanner= and modecfgdomain= [Paul] * IKE: introduce ikepad=yes|no (default yes) for Checkpoint interop [David] * pluto: work around for Cisco VPN clients sending extraneous bytes [Paul/Hugh] * pluto: Support for google-authenticator OTP via pam [Paul] * pluto: fix kernel.c typo in word outgoing [Tuomo] * pluto: remove dsa/elgamal stubs from gnupg that were unused [Paul] * pluto: Added per conn priority= to specify kernel IPsec SA priority [Paul] * keyword: auto=route and ipsec auto --route renamed to "ondemand" [Paul] * NETKEY/BSD: Added per conn reqid= to specify kernel IPsec SA [Paul] (based on idea by Panagiotis Tamtamis) * pluto: %fromcert now works for local certs and those received via IKE [Matt] * pluto: Allow \\ masking in RDNs similar to ,, [Matt Rogers] * pluto: merge updateresolvconf/restoreresolv.conf in client-up|down [Paul] * building: Removed USE_MODP_RFC5114 flag. Support is always added [Paul] * building: Removed USE_AGGRESSIVE flag. Support is always added [Paul] * building: Removed USE_XAUTH flag, Support is always added [Paul] * building: Removed MODECFG* flags, Support is always added [Paul] * building: Remove blowfish (use twofish instead) [Paul] * building: Generate Makefile depend files automatically [Tuomo] * building: Add support for openrc initsystem on Alpine Linux [Paul] * packaging: spec files now initialise NSS DB when not found [Paul] * NETKEY: Take protoport= into account when setting IPsec SA priority [Paul] * NETKEY: Change Update SA to Add SA when existing SA is not found [Mattias] * NETKEY: Fix Labeled IPsec (broken in openswan 2.6.33) [Paul] * KLIPS: Support for 3.10+ kernels (/proc use via seq_* functions) [David] * Changed HAVE_STATSD compile option to statsbin= runtime option [Paul] * sysvinit: status function used incorrect variable for pid file [Tuomo] * _stackmanager: coding style cleanup - fixes bashism [Tuomo] * testing: Various interop test case updates [Paul] * FIPS: Support versioned hmac files, fips test in non-fips mode [Paul] * rsasigkey/newhostkey: Keysize for new RSA keys keysize increased from 2192 to randomised 3072-4096 (in blocks of 16) to fight keysize monoculture [Paul] * Removed unused and unmaintained USE_TAPROOM functionality [Paul] * NAT-T: Added 100.64.0.0/10 from RFC 6598 to virtual_private [Paul] * NSS: pluto should not open NSS files in readwrite, just read [Paul] * Bugtracker bugs fixed: #130: debian debuild creates a deb with /usr/libexec contents [Marc-Christian Petersen] #145: support old location of /selinux/enforce still in use by CentOS6 [Paul] v3.5 (July 13, 2013) * NETKEY: _stackmanager: Clear disable_xfm/disable_policy /proc files for labeled IPsec [Paul] * KLIPS: Added support for kernel 3.9.x [Paul/David] * KLIPS: NATT support for kernel 3.5+ needs udp_encap_enable() [David] * KLIPS: pointer can look valid during free process [Unknown/David] * KLIPS: change default for hidetos (quality of service) to yes [Paul] * KLIPS: preliminary SHA2 family support via OCF/CryptoAPI [David] * MAST: _stackmanager: bring mast0 up even if module was loaded [neoXite] * MAST: Add support for IPv6 iptables mangle table in updown.mast [Paul] * _stackmanager: Move iptables mangle rules to MAST only section [Paul] * _stackmanager: re-add support for hidetos=, overridemtu= and fragicmp= [Paul] * _stackmanager: Clear disable_xfm/disable_policy for labeled IPsec [Paul] * pluto: Fix reading ipsec.secrets without trailing newline [Hugh] * pluto: 'ipsec status' output changes, added 'config setup' items [Paul] * pluto: Added config setup, compile paths, runtime info to ipsec status [Paul] * pluto: removed IKE_ALG and KERNEL_ALG defines [Paul] * pluto: Simplify Pluto_IsFIPS(), remove redundant log message [Paul] * pluto: Added Pluto_IsSElinux() to log SElinux runtime status [Paul] * pluto: Removed unused alg_info parameters permitman and permitike [Paul] * pluto: Fix STATE_XAUTH_R0/STATE_XAUTH_R1 state names [Paul] * pluto: out_modify_previous_np() should allow ISAKMP_NEXT_SIG for RSA [Paul] * building: cleanup old vars, and allow more env overrides [Paul] * packaging: Fix systemd script Alias target (rhbz#982166) [Paul] * newhostkey: help the user when nssdb is not initialized yet [Paul] * newhostkey: simplify default nss dir handling [Paul] * lswan_detect: cleanup coding style and fix help for unknown options [Tuomo] * lswan_detect: add gentoo detection [Tuomo] * setup: add rhsysv, openrc, and real sysv init support [Tuomo] * barf: do not cause any iptables modules to get loaded (rhbz#954249) [Paul] * look: Don't cause loading of iptables kernel modules (rhbz#954249) [Paul] * FIPS: Remove hardcoded /usr/libexec/ipsec path, use IPSEC_EXECDIR [Paul] * FIPS: Add warning in ipsec verify for prelink command [Paul] * testing: Add option for "post" scripts during a test run [Matt Rogers] * testing: dist_cert support for commands in different path locations [Matt] * testing: Generate CRL with leading zero byte for testing [Paul] * Bugtracker bugs fixed: #82: Phase out DBG_KLIPS/DBG_NETKEY for DBG_KERNEL [Paul] #96: lswan_detect: Alpine linux compatibility [Tuomo] #99: NETKEY: Segfault on acquire_netlink with labeled_ipsec [Kim/Tuomo] #101: restore port when ipsec policy is generated for nat-t [Kim/Tuomo] #124: pluto: Add usage comment for addresspool.* [Paul] #126: pluto: nhelpers= does not default to -1 [Paul] #128: pluto: prevent libcurl sigalarm from crashing pluto (lsbz#128) [Paul] v3.4 (June 6, 2013) * Change coding style to Linux kernel [Team] * IN MEMORIAM: June 3rd, 2013 Hugh Daniel v3.3 (May 13, 2013) * SECURITY: atodn() buffer overflow with oe=yes [Florian/Hugh/Paul] affected: libreswan 3.0 and 3.1 (CVE-2013-2052) see also: openswan up to 2.6.38 (CVE-2013-2053) see also: strongswan up to 4.3.4 (CVE-2013-2054) * security: dn_parse(), hex_str() write beyond end of the buffer [Florian] * security: get_rnd_bytes: Abort on random number generator failure [Florian] * security: Integer overflow if the leak detective enabled [Florian] * security: Check that origin of netlink message is the kernel [Florian] * security: Abort on crypto failure for 3des/aes to prevent leaks [Florian] * security: Check PK11_CreateContextBySymKey() for NULL and SECFailure [Paul] * security: RSA: Check modulus length against key overall length [Florian] * security: fetch_curl: Set timeout for the entire request [Florian] * security: Multiple hardening fixes from security audit [Florian Weimer] * security: Cleanup buffer usage for traffic logging with XAUTH [Hugh] * security: Cleanup ASN1_BUF_LEN use and remove unused load_host_cert() [Paul] * security: cleanup CFLAGS handling [Paul] * security: IKEv2 crashed when using nhelpers=0 [Paul] * security: Remove stale non-NSS ASN1 handling and pem decryption code [Paul] * security: Initial loading of file CRL fails for NSS CAs [Matt Rogers] (rhbz#960171) * security: Removal of USE_WEAKSTUFF and USE_NOCRYPTO (1DES, modp768) [Paul] * security: Removal of 1DES for KLIPS using CryptoAPI [Paul] * security: * security: Cleanup of ASN1_BUF_LEN/BUF_LEN/PATH_MAX defines [Paul] * pluto: Add support for OID_SHA224_WITH_RSA signatures [Paul] * pluto: Always list section headers --list* calls, even when empty [Paul] * X509: Fix for CRL sig failure if first byte is zero [Dhr/Matt/Paul] (rhbz#958969) * _stackmanager: fix loading of aes-x86_64 module [Tuomo] * Bugtracker bugs fixed: #64: removal of /dev/*random everywhere put feeding nss pools [Paul] #90: NETKEY: Transport mode inbound eroute was from client [Kim/Tuomo] #91: SAREF: Patches updated for 3.4.x (tested on 3.4.42) [Andreas Herz] v3.2 (April 13, 2013) * addresspool: Identify reconnecting client and re-use lease [Antony] * IKEv1: Support for sending initial_contact in Main Mode [Paul] * addconn: improve defaultroute finder [Kim] * compiling: fix use of variables in buildsystem consistent [Tuomo] * ipsec: fix syntax error in --help introduced in 3.1 [Tuomo] * verify: fix wrong confdir location [Tuomo] * pluto: cleanup of XAUTHuser and traffic statistics logging [Paul] * pluto: Obsoleted force_keepalive= and --force_keepalive [Paul] * pluto: Added per-conn nat_keepalive=yes|no (default yes) [Paul] * pluto: Log our own vendorid as "received" instead of "ignored" [Paul] * pluto: Prevent logging from truncating XAUTHuser= [Paul] * pluto: Don't log (0 byte) SA traffic statistics for ISAKMP SA's [Paul] * pluto: Some more changes in the output of ipsec auto --status [Paul] * pluto: wipe old logfile on restart (match previous behaviour) [Antony] * _stackmanager: When unloading NETKEY, unload ip_vti before xfrm*tunnel [Paul] * _stackmanager: Stack was not cleaned up for upstart / non-modular [Paul] * building: Fix warnings when compiling with clang [Florian Weimer] * building: Add -pie to linker flags, ensure relro is not overwritten [Paul] * building: fix "make depend" in programs/pluto [Antony] * packaging: Split RHEL spec file into rhel5/rhel6, add USE_OCF flag [Paul] * initsystem: fixed default sysv init status function [Tuomo] * KLIPS: SAref patches for 3.0.55+ and RHEL 2.6.32-358.2.1 [Pavel Kopchyk] * Bugtracker bugs fixed: #75: Libreswan inserts wrong xfrm policies on some configurations [Tuomo] #76: NSS:: ipsec initnss fails with a @FINALCONFDDIR@ replace and no default configdir [Tuomo] #78: NSS: segfault on libnss functions when using ikev2 [Antony] #85: NETKEY: Pass traffic selectors to the kernel in Transport Mode support was incomplete and broke nat-t transport mode [Kim/Tuomo] v3.1 (March 14, 2013) * XAUTH: Support for leftaddresspool= [Antony] * XAUTH: Added xauthby=alwaysok option [Paul] * XAUTH: Added xauthfail=hard|soft option [Paul] * IKEv1: Support for IKE fragmentation via ike_frag= [Wolfgang/Paul/Hugh] * IKEv1: Support for removing bogus non-ESP markers [Paul/Hugh] * NETKEY: Show traffic stats in ipsec auto --status and teardown [Wes/Paul] * ipsec: Add "ipsec start|stop|restart|status" aliases [Paul] * testing: Many updates to KVM testing infrastructure [Paul/Antony] * starter: auto=route and auto=start only performed auto=add [Wolfgang] * libswan: logging cleanups from openswan 2.5.x era [DHR/Antony/Paul] * pluto: log XAUTHusername in the "established IPsec SA" line [Paul] * pluto: Show labeled IPsec information in ipsec auto --status [Paul] * pluto: Various minor changes to ipsec auto --status output [Paul] * pluto: Debug logs were not written if a file was specified [Paul/Antony] * pluto: fix for additional proposal sizes when enabling 1DES [Paul] * IKEv2: narrowing used a wrong port range in determining bestfit [Coverity] * IKEv1: Better logging of Vendor IDs in [Paul] * KLIPS: enable crytoAPI in packaging/makefiles/module.defs [Paul] * SAREF: patches for Ubuntu kernel 3.2.0-33.52 [Simon] * libipsecconf: Improved fix for osw#1370 (segfault on no EOL) [Philippe] * libipsecconf: Forbid rekey=no plus dpdaction=restart(_by_peer) [Paul] * libipsecconf: crlcheckinterval unit is time, not number [Tuomo] * libipsecconf: Remove bogus key_from_DNS_on_demand policy for PSK [Paul] * libipsecconf: Raise POLICY bits from int (32) to lset_t(64) [Paul] * libipsecconf: sourceip= setting could overwrite nexthop= setting [Paul] * XAUTH: ModeConfig DNS options only worked via whack, not config file [Paul] * XAUTH: modecfg_wins[12]= support removed [Paul] * XAUTH: Use re_entrant versions of localtime_r/gmtime_r [Paul] * XAUTH: Added threading mutex locks for log functions [Philippe/Paul] * XAUTH: Added threading mutex locks for crypt() [Philippe] (crypt_r is not available on all platforms) * XAUTH: Only try to update resolveconf/restoreconf when XAUTH client [Paul] * addconn: If no protostack= is configured, return "netkey" as default [Paul] * addconn: Fix for addconn loading Point-To-Point connections [Kim] * X509: Initialise libcurl for SSL to support CRLs over HTTPS [Paul] * X509: Warn 14 days before certificates expire [Tuomo] * packaging: add /etc/ipsec.d/{crls,cacerts} to rpm spec files [Tuomo] * packaging: Fixes to spec file, added kmod spec file for KLIPS [Paul] * compiling: added -pthread to CFLAGS [Tuomo] * _plutorun: pass all command line options to pluto [Tuomo] * _updown: Various fixes for klips/netkey version [Tuomo/Antony] * X509: Reintroduced lock_certs_and_keys()/unlock_certs_and_keys() [Paul] * initsystem: change sysv initscripts to use new _plutorun interface [Tuomo] * DPD: Don't try to delete non-events [Paul] * Bugtracker bugs fixed: #8 honour compress=no option [Matt Rogers] #50 It is assumed ipsec.conf lives in the same dir as rc.d/init.d [Tuomo] #53 ipsec auto --status does not show phase2 parameters when using (unspecified) defaults? [Matt Rogers] #71 Libreswan pre-3.1 git version breaks on-demand ipv6 tunneling [Tuomo] v3.0 (January 02, 2013) * FORK: Rename from Openswan to Libreswan [Team] (for older CHANGES see docs/CHANGES.openswan) * FORK: Changed our VendorID prefix to "OEN" [Team] * LICENSE: Updated FSF address on the GPLv2 COPYING file [Team] * TRADEMARK: Give everyone unlimitel eternal royalty-free license to use the name "libreswan" to refer to this software and website [Team] * NSS: is now mandatory - custom crypto code removed [Paul] * NSS: Support reading NSS password from file [Avesh] * NSS: Added "ipsec initnss" and "ipsec import" commands [Paul] * NSS: We need to include nsperror.h for PR_GetError() [Paul] * NSS: PK11_DigestFinal() passed sizeof pointer instead of passing sizeof *pointer [Paul] * NSS: use pkg-config to find the right cflags and libs [Paul] * DNS: Removed LWRES code and old static ISC libraries [Paul] * DNS: Don't attempt to resolve numerical sourceip= values [Paul] * DNS: starter and pluto now support USE_DNSSEC using libunbound [Paul] * OE: Removed support for old KEY and TXT DNS records [Paul] * OE: Add support for IPSECKEY in ipsec showhostkey [Paul] * pluto: --config uses libipsecconf to read 'config setup' [Kim B. Heino] * pluto: left=%defaultroute now obtains src ip from routing table [Kim B. Heino] * pluto: Removed support for non-strict ike/esp lines [Paul] * pluto: UDPFROMTO support was not enabled for NETKEY if not also build with KLIPS [Paul] * pluto: Pass traffic selectors to the kernel in Transport Mode [Avesh] (rhbz#831669) * pluto: Fix phase confusion in xauth/modeconfig [Avesh] * pluto: Added new option plutostderrlogtime= (default=no) [Paul] * pluto: Additional safety checks to strncat() calls for addrtot(), inet_addrtot(), sin_addrtot(), alg_info_snprint_esp(), alg_info_snprint_ah(), idtoa() and format_end() [Paul] * pluto: Removed unused OCSP code [Paul] * pluto: Add Linux audit support via USE_LINUX_AUDIT (incomplete) [Paul/Antony] * pluto: crlcheckinterval did not interpret plain numbers as seconds [Philippe] * pluto: Change ft_mbz to ft_zig - Don't error on "must be zero" but instead "zero ignore". This works around an Android ICS/racoon bug [Paul] * pluto: Update known vendorids [Paul] * pluto: phased out HAVE_THREADS, pluto/pam now thread-safe [Philippe/Paul] * pluto: Fixed IPSEC_CONFDDIR handling which broke NSS in tests [Paul] * pluto: obsoleted prepluto= postpluto= plutoopts= config setup options [Paul] * pluto: obsoleted plutowait= and pluto= config setup option [Paul] * pluto: obsoleted nocrsend= option removed (use leftsendcert=) [Paul] * pluto: removed manual keying remnants [Paul] * pluto: remove protostack=auto and --use-auto, netkey is new default [Paul] * pluto: Added perpeerlog=yes|no and perpeerlogdir=/var/log [Paul] * pluto: Added retransmits=yes|no (matches pluto --noretransmits) [Paul] * pluto: Added plutofork=yes|no to match pluto --nofork [Paul] * pluto: added ikeport= and nat_ikeport= options, and --natikeport [Paul] * pluto: support for secretsfile= and ipsecdir= in ipsec.conf [Paul] * pluto: remove old unused USE_IPSECPOLICY code [Paul] * pluto: rhbz#609343: pluto crashes when removing logical interface [Avesh] * pluto: don't stop processing after --coredir argument [Paul] * pluto: perform whack --listen and addconn --autoall on startup [Paul] * pluto: honour plutostderrlog= natively now _plutorun is gone This also adds a new option --logfile to the pluto daemon [Paul] * pluto: if started with --nofork, don't care about existing pid file [Paul] * pluto: incorrect free in scan_proc_shunts() [Roel van Meer] * pluto: eclipsed() was broken since freeswan-2.02 [Philippe] * _plutoload: obsoleted [Kim/Paul] * auto: no longer pass defaultroute/defaultrouteaddr to addconn [Paul] * whack: fix handling --sha2_truncbug and --nm_configured options [Paul] * whack: don't try to write to closed stdout tty [Philippe] * DPD: reduce flood of DPD messages with unexpected seqno [Andrey Alexandrenko] * DPD: We did not send DPD VID in aggressive mode with NAT-T disabled * DPD: dpdaction=restart can cause full phase1 timeout after DPD (rhbz#848132) [Avesh] * PAM: updated contrib/pam.d/pluto (rhbz#815127) [Philippe Vouters] * PAM: move pam out of contrib, and install config when HAVE_XAUTHPAM [Paul] * IKEv1: In aggressive mode: allow ISAKMP_NEXT_CR ISAKMP_NEXT_CERT as payloads [Philippe] * IKEv1: aggressive mode sometimes picked wrong RSA/PSK conn [Philippe] * IKEv1: Simplify outgoing NAT-T proposals, fix logging [Paul] * XAUTH: Support for runtime choice of xauthby= [Philippe] * XAUTH: Support for Mutual RSA + XAuth (interop with Shrew Soft) [Philippe] * XAUTH: Fixed updown to remove ModeCfg (cisco) obtained sourceip [Avesh/Tuomo] * XAUTH: Do not redo xauth/modecfg during rekey to cisco [Avesh] * XAUTH: Use incoming XAUTH VID when picking best connection [Philippe] * XAUTH: pam was failing when built with USE_LIBCAP_NG=true [Philippe Vouters] * XAUTH: Fixup of defines [Paul/Philippe] * XAUTH: Don't use XAUTH VID to put conn in policy XAUTH [Andrey Alexandrenko] * XAUTH: Fix XAUTH TYPE handling and logging [Philippe] * IKEv2: Comply to RFC's for "must be zero" to ignore instead of abort [Paul] (rhbz#831669) * IKEv2: road warrior support [Antony/Paul/Avesh] * IKEv2: narrowing code extended to cover ports,protocol,subnets [Antony/Paul] * Only set MODP768_MODULUS with USE_VERYWEAK_DH1 [Paul] * NETKEY: ignore interfaces= line for NETKEY [Paul] * NETKEY: Fix for three AES-GCM issues with key lengths 128, 192, 256 bits and IV of 8, 12, 16 bytes as per RFC 4106 [Avesh] * NETKEY: Labeled IPsec updates [Avesh] * NETKEY: Support for SHA384/SHA512 and integ(ikev2) in ESP [Avesh] * NETKEY: In _updown.netkey, insert route on correct interface when nexthop is used [Tuomo] * NETKEY: Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY" This caused module unload issues and XFRM_MSG_REPLACE errors [Paul] * KLIPS: Removed support for Linux < 2.4.4 [Paul] * KLIPS: Changed _startklips to use ip route instead of netstat [Harald] * KLIPS: misc. fixes, mostly satot() related [David] * KLIPS: 20% speed gain on transmitting packets [David] * MAST: Fixed _updown.mast missing incomplete if-clause [Harald] * SAREF: kernel patches updated to linux 3.2.0 [Simon Deziel] * addconn: mimic _plutoload, cleanup and fixup of functions [Paul] * scripts: Support /etc/sysconfig/ipsec and /etc/default/ipsec (rhbz#789917) * _stackmanager: new script replacing _startnetkey/_startklips [Paul] * barf: do not grep lastlog, wtmp, tmp (rhbz#771612) [Paul] * verify: ported ipsec verify from perl to python [Paul] * verify: check ipsec.conf, ipsec.secrets syntax [Paul] * verify: warn on newly obsoleted keywords [Paul] * auto: fix --status output for vnet/vhost case [Ani] * copyright: Removed obsoleted/unmaintained "ipsec copyright" command [Paul] * showdefaults: removed ipsec showdefaults [Paul] * _include: Removed obsolete _include program [Paul] * policy: Removed broken 'ipsec policy' [Paul] * mailkey: Removed obsolete command. Was already not build or installed [Paul] * scripts: phased out /var/run/pluto/ipsec.info [Paul] * OSX: Set __APPLE_USE_RFC_3542 required for udpfromto functionality [Paul] * DOCS: Add man page leftid= note on Cisco ID_KEY_ID Group Name [Philippe] * liblibreswan: Remove unused optionsfrom() temp file handling [Paul] * liblibreswan: Support comma's inside OID's by using ",," to mean "," inside the OID (rhbz#868986) [Matt Rogers] * initsystems: Native support for systemd, upstart and sysvinit [Paul/Wes] * testing: Ported broken UML harness to KVM/libvirt/9p [Paul/Antony] (see the wiki on libreswan.org for details on how to use it) * packaging: Updated libreswan.spec to reflect updated options [Paul] * packaging: /usr/lib{64}/ipsec is no longer used [Paul] * manpages: Build during build phase, not during install phase [Wes] * compiling: Update standard compile options to be more hardened [Paul] * Bugtracker bugs fixed: #7 after 'make install' - check if the service is enabled or not and notify the user [Wes] #9 install /etc/pam.d/pluto if USE_XAUTH=true [Wes] #25 addconn behaves differently from whack regarding case [Paul] #33 warn on /usr/local install with selinux enabled [Wes] #40 ensure make install checks and restorecon's SElinux policies [Wes] osw#993 ipsec showhostkey: wrong kind of key PPK_XAUTH [Philippe Vouters] osw#1308 forceencaps= setting does now show up in "ipsec auto --status" [Matt Rogers] osw#1329 IKEv2 core dumps on 2.6.32 with changes backported from the 2.6.38 tree [Steve Lanser] osw#1334 Block rules created by openswan remain even after tunnel establishment or XFRM_MSG_POLEXPIRE [Panagiotis Tamtamis] osw#1349 pluto logging no subjectAltName matches ID '%fromcert', replaced by subject DN [Tuomo] osw#1359 Openswan L2TP and IPhone vpn connection [Paul] osw#1370 Segfault on no new line at the end of ipsec.conf [Wes] osw#1375 ipsec verify uses perl, should use python [Paul] osw#1381 XAuth: the variable PLUTO_XAUTH_USERNAME is empty in the updown script [Bram] osw#1384 confusing output from ipsec auto --status [Bram] For older changes, see docs/CHANGES.openswan