File: CHANGES

package info (click to toggle)
libreswan 3.27-6
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 56,684 kB
  • sloc: ansic: 137,932; sh: 24,754; xml: 14,989; python: 7,065; asm: 4,026; makefile: 1,766; perl: 1,133; yacc: 689; lex: 667; sed: 469; awk: 94
file content (1360 lines) | stat: -rw-r--r-- 86,894 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360

See also https://libreswan.org/

v3.27 (October 7, 2018)
* XFRM: SA marks must be included for delete operation [Tijs Van Buggenhout]
* pluto: Resolve a crasher in ECDSA freeing code [Hugh/Sahana]
* pluto: Resolve a hang when recursively loading same config file [Hugh]
* pluto: Refuse to load conns with different subnet address families [Paul]
* IKEv2: Fix regression on ID_NULL causing a new conn instance [Paul]
* IKEv1: Drop duplicates when not a reply [Andrew]
* IKEv1: Don't respond with errors to invalid encrypted packets [Andrew]
* IKEv1: Don't print empty informational warning on delete payload [Paul]
* IKEv1: Don't add spurious ESP-NULL proposal to AH proposals [Andrew]
* whack: Release whack socket on IKE_AUTH errors [Andrew]
* libswan: fix buffer size to getnameinfo() call in resolve_ppp_peer() [Hugh]
* libipsecconf: Don't accidentally clear modecfgdomains= entries [Andrew]
* building: Fixup NSS includes and links (fixes Debian builds) [Andrew/Paul]
* documentation: Update (L)GPL license links and http -> https links [dkg]
* Bugtracker bugs fixed:
   #177 left=%defaultroute not working when "src" in the default route [Kim]
   #80 VTI interface vanishes when peer goes down and up [yu-shiba]

v3.26 (September 16, 2018)
* IKEv2: Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 [Sahana Prasad]
* IKEv2: Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 [Sahana Prasad]
* IKEv2: Use DER handling code of NSS instead of our custom code [Andrew]
* IKEv2: Fix core dump when impaired and proposing esp=null-none [Andrew]
* IKEv2: Fix traffic selector lookup for asymmetric conns [Andrew/Paul]
* IKEv2: Add IKE and ESP support for chacha20poly1305 (RFC 7634) [Andrew]
* IKEv2: Fix leaks in ikev2_calculate_rsa_hash [Hugh]
* IKEv2: Simplify proposal generating [Hugh]
* IKEv1: Fix handling XAUTH empty passwords [Andrew]
* IKEv1: Various code cleanup, next payload handling [Hugh]
* IKEv1: fix optional key-length regression (in v3.25) with ESP prop [Andrew]
* IKEv1: Don't delete replaced IKE SA, it confuses third party clients [Paul]
* pluto: Relax strictness of DH in ESP/AH proposals [Andrew]
* pluto: Fix for two roadwarriors using ID_IPv4 behind same NAT [Paul]
* pluto: Do not hand out old lease address for authby=secret conns [Paul]
* pluto: new --selftest option that exits pluto after startup tests [Paul]
* pluto: Updated known Vendor ID table [Paul]
* XFRM:  Don't call init_pfkey() on boot so Linux upstream can kill it [Andrew]
*_unbound-hook: Fixup adding IPv4 pubkey, unbound now quotes arg as 1 [Paul]
* building: Fix listed patches for debian build [Paul]
* building: enable DH31 (curve25519) per default [Paul]
* testing: prepare to migrate from f22 to f28 [Andrew, Antony, Paul]
* Bugtracker bugs fixed:
   #166 IPsec/XAuth reusing lease for multiple clients behind same NAT [Paul]

v3.25 (June 27, 2018)
* IKEv2: MOBIKE Initiator support (RFC 4555) [Antony]
* IKEv2: Support for IKE SA rekeying RFC7296 1.3.2, initiator [Antony]
* IKEv2: Support for IPsec SA rekeying RFC7296 1.3.3, initiator [Antony]
* IKEv2: Support for IKE SA reauth=yes|no RFC7296  2.8.3 [Antony]
* IKEv2: Temporarilly disable Liveness/DPD when MOBIKE kick in [Antony]
* IKEv2: No longer allow contradicting esp= and pfs= options [Andrew]
* IKEv2: PPK support for authby=rsasig [Vukasin Karadzic]
* IKEv2: Support for CURVE25519 (RFC 8031) [Andrew]
* IKEv2: IANA INTERNAL_DNSSEC_TA allocation added [Paul]
* IKEv2: Add PPK support to authby=rsasig [Vukasin]
* IKEv2: Don't calculate NO_PPK_AUTH when the POLICY is INSIST [Vukasin]
* IKEv2: fix PPK when responder is ppk=no but has a valid PPKID [Paul/Vukasin]
* IKEv2: Support for protoport based Opportunistic IPsec [Paul]
* IKEv2: Support multiple authby values (eg authby=rsasig,null) [Paul]
* IKEv2: Support for AUTHNULL fallback via private use Notify [Vukasin]
* IKEv2: Fix v3.23 regression causing liveness check to always fail [Tuomo]
* IKEv2: Support for Microsoft rekey bug: ms-dh-downgrade=yes|no [Andrew/Paul]
* IKEv2: Allow switching between OE instances with different protoports [Paul]
* IKEv2: process INITIAL_CONTACT and delete old states from a connection [Paul]
* IKEv2: Only retransmit fragments on receiving first fragment [Andrew]
* IKEv2: When sending fragments, also update st_msgid_lastreplied [Paul]
* IKEv2: Encrypt IKE_AUTH reply when authenticaion failed [Andrew]
* IKEv2: Fix handling of corrupt encrypted packets [Andrew]
* IKEv2: Do not call ISAKMP_SA_established() during CREATE_CHILD_SA [Paul]
* IKEv2: When receiving Initial Contact, delete old IPsec SA's [Paul]
* IKEv2: Harden IP triggered OE with new dns-match-id=yes|no [AntonyPaul]
* IKEv2: Add PRF/INTEG support for AES_XCBC / AES_CMAC [Andrew]
* IKEv2: permit DH=none (as in esp=aes;none,aes;dh22) [Andrew]
* IKEv1: Prevent crashes with IKEv1 mistakenly allowing narrowing=yes [Paul]
* IKEv1: DPD was not getting scheduled (bug introduced in 3.23) [Paul]
* IKEv1: modecfg_send_set() must not ignore failure of modecfg_resp() [Hugh]
* X509: Extend support for wildcard certs matching remote peer ID [Paul/Hugh]
* X509: Support PKCS7 for Microsoft interop with intermediate certs [Andrew]
* X509: Handle CRL fetching in separate thread [Andrew]
* pluto: Obsoleted connaddrfamily= (fixes 6in4 and 4in6) [Paul]
* pluto: New hostaddrfamily= and clientaddrfamily= (only needed w DNS) [Paul]
* pluto: Cleanup of state/md passing code [Andrew]
* pluto: Allow switching back from wrong instance to template conn [Paul]
* pluto: disentangle IKEv1 and IKEv2 packet sending code [Andrew]
* pluto: Allow rightsubnets= without leftsubnet(s)= [Paul]
* pluto: don't share IP leases for authby=secret (in case of group ID) [Paul]
* pluto: Parser bug prevented 4in6 config [mhuntxu at github, Daniel M. Weeks]
* pluto: Find and delete old connection/states with same ID [Paul/Hugh]
* pluto: traffic log (and updown) line had in/out bytes swapped [Paul/Tuomo]
* pluto: Fix memory/fd leaks found by Coverity and in cert code [Hugh/Andrew]
* pluto: Improve SPD longest prefix to priority calculation [Andrew/Paul/Hugh]
* addconn: Fix auto=route and auto=start processing [Paul]
* whack/auto: Ensure all status and list commands return no error code [Paul]
* KLIPS: Replace deprecated blkcipher with skcipher crypto API [Tijs Van Buggenhout]
* FIPS: Support new NIST ACVP protocol with cavp tool cmdline args [Andrew]
* FIPS: Don't attempt HMAC integrity test on rsasigkey (rhbz#1544143) [Paul]
* FIPS: Don't allow RSA keys < 3072 [Matt/Paul]
* FIPS: Enable our PRF aes_xcbc wrapper on NSS hash code in FIPS mode [Andrew]
* FIPS: Raise minimum RSA key length allowed to 3072 [Paul]
* CAVP: Add -<acvp-key> <acvp-value> and -json(output) options to CAVP [Andrew]
* portexcludes: new command ipsec portexcludes (see portexcludes.conf) [Paul]
* _updown.netkey: fix deleting routes when half routes are used [Tuomo]
* _updown.netkey: don't delete VTI interfaces until we can refcount [Tuomo]
* _updown.netkey: fix unroute: "need at least a destination address" [Tuomo]
* _updown.netkey: don't do proxyarp for direct host-host tunnels [Tuomo]
* _updown.netkey: force routing if we don't have route to remote network [Tuomo]
* _unbound-hook: Pass all IPSECKEY's to pluto, not just the first [Paul]
* contrib/python-swan: module to check if trafic get be encrypted [Kim]
* contrib/c-swan: example code to check if trafic get be encrypted [Kim]
* building: added USE_GLIBC_KERN_FLIP_HEADERS (default off) [Paul]
* building: when ElectricFence enabled, add extra system calls to seccomp [Andrew]
* ipsec: add checknss option --settrusts to reset CA trusts in nss db [Tuomo]
* _updown.netkey: force routing when necessary for IPsec to work [Tuomo]
* _updown.netkey: do not proxyarp for host-host tunnels [Tuomo]
* look: sort XFRM output by priority [Andrew]
* Bugtracker bugs fixed:
   #311: segfault in crl fetching git master f5b17dc [Andrew, Tuomo]
   #314: IPv6 default route is deleted by mistake
   #318: vti interface gets down on previous initiator if roles switch [Tuomo]
   #320: nsspassword file location is half implemented
   #328: Addcon crash on duplicit "left" or "leftid" keys in conn config [Stepan Broz]

v3.24 (June 26, 2018)
* This release was never published

v3.23 (January 25, 2018)
* IKEv2: MOBIKE Responder support (RFC 4555) [Antony/Paul]
* IKEv2: Add support for modecfgdns= and modecfgdomains= like for IKEv1 [Paul]
* IKEv2: EXPERIMENTAL: Support for Postquantim Preshared Keys [Vukasin Karadzic]
         based on draft-ietf-ipsecme-qr-ikev2-01 (using private use numbers)
         new option: ppk=yes|no|insist (default no)
* pluto: Fix DEFAULT_RUNDIR to be set so it is really configurable [Tuomo]
* pluto: Add support IDr payload (You Tarzan, me Jane) [Paul]
* pluto: pass state to send_crypto_helper_request() [Andrew]
* pluto: Internal time/scheduling changes, micro-seconds logging [Andrew]
* pluto: make counts of states consistently "unsigned" [Hugh]
* pluto/lib: Remove obsoleted/unused %myid support [Paul]
* pluto: add --impair replay-forward,replay-backward [Andrew]
* pluto: add --impair dup-incoming-packets [Andrew]
* pluto: Rework nic offload detection code [Aviv Heller]
* pluto: Retry send on -EAGAIN in check_msg_errqueue() (up to 32x) [Paul/Hugh]
* pluto: Pull latest kernel traffic counters before logging/deleting SA [Paul]
* pluto: STF_INLINE, STF_TOOMUCHCRYPTO no longer needed in helpers [Andrew]
* pluto: Replace socket queues with a simple queue and mutex+cont [Andrew]
* pluto: Do not send DPD/liveness probes for replaced inactive IPsec SAs [Paul]
* pluto: crypto processing cleanup [Andrew]
* XFRM: XFRM_MIGRATE support, used for MOBIKE [Antony]
* XFRM: Listen to NETLINK_ROUTE messages from kernel for MOBIKE [Antony]
* XFRM: Fix unique marks accidentally setting -1 instead of random [Paul]
* XFRM: Only install IPv6 holes when system has configured IPv6 [Antony]
* XFRM: Add support for decap-dscp=yes|no (default no) [Paul]
* XFRM: Add support for nopmtudisc=yes|no (default no) [Paul]
* KLIPS: Support kernels 4.14+ with renamed dev->priv_destructor [Paul]
* KLIPS: updown fixes for IPv6 default route and metric/mtu settings [Wolfgang]
* SECCOMP: Update syscall whitelist for use of libunbound [Paul]
* IKEv1: better handle ESP with no integrity vs unknown integrity [Andrew]
* IKEv1: Fix packet retransmit code wrf timeouts vs duplucates [Andrew]
* IKEv1: Prevent duplicate responder states on retransmision [Andrew]
* IKEv1: Don't linger R1 states for 1h but use configured timeouts [Paul]
* IKEv2: nat_traversal_change_port_lookup() code moved [Antony]
* IKEv2: Macros could misinterpret some IKE/IPsec states [Paul/Antony]
* IKEv2: Updated Group transforms to comply with RFC 8247 [Paul]
* PAM: Don't cancel pam threads (unsupported!) but drop results instead [Andrew]
* _updown: Fix resolv.conf handling (github #130) [Tuomo]
* _updown: Fix POINTPOINT interfaces not to use nexthop [Tuomo]
* _updown.netkey: Add source ip to dev lo by default [Tuomo]
* Makefiles: Fix INC_MANDIR to be share/man and add FINALMANDIR [Tuomo]
* packaging: Move debian/ to packaging ('make deb' still works) [Antony]
* contrib: Added ipsec-dyndns to demonstrante how push an IPSECKEY [Paul]
* Bugtracker bugs fixed:
   #313: changesource in updown_klips doesn't respect PLUTO_METRIC [Wolfgang]
   #314: IPv6 default route is deleted by mistake [Wolfgang]

v3.22 (October 22, 2017)
* IKEv2: EXPERIMENTAL: unbound DNS server ipsecmod support [Opportunistic IPsec]
* IKEv2: Initial support for RFC 7427 Digital Signature [Sahana Prasad/GSoC]
* IKEv2: Do not include INTEG=NONE in AEAD IKE proposals [Andrew]
* IKEv2: Accept both ESP=AEAD+NONE and ESP=AEAD in proposals [Andrew]
         (See also: https://www.rfc-editor.org/errata/eid5109)
* IKEV2: Fix interop with old pluto that rejected esp=aead+none [Andrew]
* IKEv2: Add support for GMAC via esp=null_auth_aes_gcm [Andrew]
* IKEv2: Fragmentation code cleanup and memory leak fixes [Andrew]
* IKEv1: Fix XAUTH retransmits and packet storage [Antony]
* IKEv1: Perform custom state change for XAUTH without ModeCFG [Paul]
* IKEv1: Add support for nat-ikev1-method=none [Paul]
* IKEv1: XAUTH password length wasn't consistent at 128 [Stepan Broz]
* pluto: Natively install ICMPv6 neighbour discovery holes [Mayank Totale/GSoC]
* pluto: Fixup XAUTH/PAM thread cancelation handling [Andrew/Antony]
* pluto: Change default rundir from /var/run/pluto to /run/pluto [Paul]
* pluto: Various ike_alg parsing updates [Andrew]
* pluto: Various cleanups in addresspool and XAUTH code [Hugh]
* pluto: Fix missing ntohl() on the SPI numbers in ipsec status [Paul]
* pluto: Various memory leak fixes [Antony,Paul,Hugh]
* pluto: Make ioctl(SIOCGIFFLAGS) failure for labeled devices non-fatal [Paul]
* pluto: Give IKE traffic preference via SO_PRIO [Paul]
* pluto: New setup options: ike-socket-errqueue= , ike-socket-bufsiza=e [Paul]
* pluto: Improve whack --listevents with libevent [Antony]
* pluto: Fixup NIC offload support [Antony, Hugh]
* pluto: Track and try the number of EAGAIN errors on IKE socket [Hugh/Paul]
* pluto: Prevent spurious initiating states on responder-only conn [Antony]
* pluto: don't call sanitize_string() in fmt_log() as it is expensive [Paul]
* pluto: No longer need to specify null for AEAD, can use esp=aes_gcm [Andrew]
* pluto: Increase default nhelpers for 1 CPU (2) and 2 CPUs (4) [Paul]
* pluto: New option logip= (default yes) to disable log of incoming IPs [Paul]
* pluto: signal handling cleanup [Andrew/Hugh]
* pluto: Don't try to retransmit unsent packet [Paul/Hugh]
* pluto: state hashing improvements [Andrew]
* pluto: Fix erranious connecting switching (bug in v3.21) [Paul]
* pluto: when deleting parent, don't deschedule DH for wrong child [Andrew]
* pluto: dpdaction=restart fixup when using %any [Antony]
* pluto: Don't die on labeled interfaces without SIOCGIFFLAGS support [Paul]
* addconn: left=%defaultroute would fail if >500 host routes [Kim]
* showhostkey/rsasigkey: Fixup mismatch of public key display [Andrew]
* FIPS: Some selftests did not run properly under FIPS mode [Andrew]
* KLIPS: Removed old premade patches, use make targets instead [paul]
* updown Don't remove source ip if it's still used (rhbz#1492501) [Tuomo]
* updown: Allow disabling via leftupdown="" or leftupdown="%disabled" [Paul]
* updown: SPI numbers were missing ntohl() conversion [Paul]
* various: phase out --ctlbase for --ctlsocket and --rundir [Paul]
* libipsecconf: reject unavailable kernel algorithms in parser [Andrew]
* libswan/pluto: throw a clearer error for broken libunbound [Paul]
* libswan/pluto: Cleanup logging and tighten logging lock [Andrew]
* libswan/pluto: Greatly optimize logging code [Andrew]
* libswan/pluto: Some logging algorithm renames for more consistency [Andrew]
* building: remove -fexceptions; breaks pthread_cleanup_push [Andrew]
* packaging: Update debian/ and move to packaging/debian [Antony]
* packaging: Update fedora/rhel spec files [Tuomo]
* testing: --impair-foo changed to --impair foo [Andrew]
* testing: Some new impair options for testing [Andrew,Sahana,Paul]
* testing: Allow null encryption with null auth for testing [Andrew]
* Bugtracker bugs fixed:
   #294: Bug in public key reported by rsasigkey [Tijs Van Buggenhout/Andrew]
   #299: Fix overlapping addresspool and static lease from passwd file [Antony]
   #300: Fix bug in v3.21 that rejected hardcodes certs without a CA [Paul]
   #302: IKEv1-only and IKEv2-only must not share IKE SA [Paul]
   #303: xauth password length limited to 64 bytes [Stepan Broz]

v3.21 (August 9, 2017)
* FIPS: Don't crash on too weak PSK's in FIPS mode, warn for non-FIPS [Andrew]
* FIPS: rsasigkey: Use modulus F4, not 3 (FIPS 186-4, section B.3.1) [Paul]
* pluto: Support for "idXXX" esp/ike transform IDs removed [Andrew,Paul]
* pluto: Do not return whack error when termining an alias connection [Paul]
* pluto: Remove IKE policy bits on passthrough conns [Paul]
* pluto: Minor memory leak fixes [Paul]
* pluto: Fix memory leak due to addresspool reference count error [Antony]
* pluto: Re-add support for ipsec whack --listevents [Antony]
* pluto: Cleanup listed events on shutdown to please leak-detective [Antony]
* pluto: Perform stricter SubjectAltName checks on configured ID's [Paul]
* pluto: Handle *subnets in --route and --unroute via whack [Mika/Tuomo]
* pluto: Unify IKEv1 XAUTH and IKEv2 PAM threading code [Andrew]
* pluto: Use pthread_cancel() (not SIGINT, conflicts with debuggers) [Andrew]
* pluto: Fix memory corruption with XAUTH/PAM threads [Andrew/Hugh]
* pluto: Fix resource leak processing XAUTH password authentication [Andrew]
* pluto: Fix warnings generated by gcc 7.1 [Lubomir Rintel]
* pluto: NIC offload support nic-offload=auto|yes|no (eg mellanox) [Ilan Tayari]
* pluto: Use common function in ikev1 / ikev2 for dpd/liveness actions [Antony]
* NSS: Try harder finding private keys that reside on hardware tokens [Andrew]
* IKEv2: Opportunistic IPsec support for IPSECKEY records [Antony]
* IKEv2: New dnssec-enable=yes|no, dnssec-rootkey-file=, dnssec-anchors= [Paul]
* IKEv2: If CREATE_CHILD_SA superseded retransmit, drop it [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.1) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.2 responder) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.3 responder) [Antony]
* IKEv2: Flush ESP/AH proposals on the initiator. It could be stale [Antony]
* IKEv2: State Machine (svm) updates to simplify CREATE_CHILD_SA [Antony]
* IKEv2: DH role is based on message role not Original Initiator role [Antony]
* IKEv2: Return CHILD_SA_NOT_FOUND when appropriate [Antony]
* IKEv2: After an IKE rekey, rehash inherited Child SA to new parent [Antony]
* IKEv2: Rekeying must update SPIs when inheriting a Child SA [Antony]
* IKEv2: Decrypt and verify the paylods before calling processor [Andrew]
* IKEv2: Fragmentation code cleanup [Andrew]
* IKEv2: Drop CREATE_CHILD_SA message when no IKE state found [Antony]
* IKEv2: Do not send a new delete request for the same Child SA [Antony]
* IKEv2: During Child SA rekey, abort when ESP proposals mismatch [Antony]
* IKEv2: OE client check should take responders behind NAT into account [Paul]
* IKEv2: Improved dpdaction=hold processing [Antony]
* IKEv1: Only initiate and create IKE SA for appropriate dpdaction [Antony]
* IKEv1: Re-add SHA2_256 (preferred) and SHA2_512 to IKEv1 defaults [Andrew]
* IKEv1: Aggressive Mode fixes for sending CERT / CERTREQ payloads [Paul]
* IKEv1: Multiple CISCO_SPLIT_INC's cause duplicate spd_routes [Oleg Rosowiecki]
* X509: Improve some failure logging [Paul]
* XFRM: Use proper alignment for IPv4 AH as per RFC4302 Section 3.3.3.2.1 [Paul]
* XFRM: Update including system or local copy of xfrm.h [Paul/Antony]
* XFRM: Remove no longer needed {rt}netlink.h copies [Paul]
* KLIPS: cryptoapi: switch from hash to ahash [Richard]
* KLIPS: Add traffic accounting support [Richard/Paul]
* KLIPS: Support for linux 4.11 [Paul]
* lib: Move the alg_info lookup-by-name code to libswan [Andrew]
* lib: Move all conditionally compiled ike_alg*.c files to libswan.a [Andrew]
* addconn: Replace ttoaddr() with calls supporting DNSSEC [Paul/Antony]
* libswan: Algo code cleanup [Andrew]
* libipsecconf: Load specified RSA keys irrespective of policy [Paul]
* libipsecconf/pluto: Be more strict in authby= & type= combinations [Paul]
* libipsecconf: Fail to load connections with unsatisfied auto= clause [Hugh]
* parser: Numerous algorithm parser fixes, eg. esp=aes_ccm_8_128-null [Andrew]
* algparse: (Experimental) modified to run algorithm parser stand-alone [Andrew]
* newhostkey: Actually append to secrets as the warning claims it will [Paul]
* _updown.netkey: Fix syntax failure when PLUTO_MY_SOURCEIP is not set [Tuomo]
* _updown.netkey,klips: Fix use of printf when updating resolv.conf [Tuomo]
* _updown.netkey: Remove wrong use of PLUTO_PEER_CLIENT netmask [Tuomo]
* _updown: Add MAX_CIDR variable for host netmask [Tuomo]
* ipsec import: Trust bits correction did not always trigger [Tuomo]
* building: Convert lib/ to use mk/library.mk [Andrew]
* building: Work around rhel-6 gcc [Andrew]
* building: Add copy unbound-event.h work around broken unbound installs [Paul]
* packaging: Better split rpm and make variables [Paul]
* packaging: Updates for new requirements for ldns, unbound-devel [Paul]
* testing: Add DNSSEC, Opportunistic IPsec testcases, fixups [Multiple people]
* contrib: Munin plugin for libreswan [Kim/Paul]

v3.20 (March 14, 2017)
* pluto: Add ECP dh19(secp256r1), dh20(secp384r1) and dh21(secp521r1) [Andrew]
* pluto: Add dh= aliases for all modp= groups (eg "dh2" for "modp1024") [Paul]
* pluto: Add statistics support to ipsec whack --globalstatus [Paul]
* pluto: Add statistics clearing support using ipsec whack --clearstats [Paul]
* pluto: Fix use-after-free in whack event handler (since v3.19) [Andrew]
* pluto: Cleanup kernel_netlink.c [Hugh]
* pluto: Print AH= algorithm and ESN when established [Paul/Andrew]
* pluto: strip file path from abort messages [Andrew]
* pluto: Support initiating template conn with --remote-host <ipaddr> [Paul]
* pluto/libswan: Change most ttoaddr() to ttoaddr_num() to prevent DNS [Paul]
* pluto: fix use-after-free with EVENT_v2_RELEASE_WHACK [Andrew]
* pluto: orient() asserted on SPLIT_INC without remote-peer-type=cisco [Paul]
         (reported by Oleg Rosowiecki)
* pluto: accurately size a buffer for the decimal representation [Hugh]
         (debian bug 853507)
* pluto: avoid gcc unused variable warnings when USE_KLIPS=false [dkg]
* pluto: Support for Linux systems without IFA_F_TENTATIVE  (CentOS5) [Paul]
* pluto: Ignore uniqueids= for roadwarrior PSK and assume non-unique [Paul]
* IKEv2: CREATE_CHILD support for Parent SA and Child SA rekeying [Antony]
* IKEv2: Various refactoring for CREATE_CHILD support [Antony]
* IKEV2: OE/CAT: Don't send CP request when responder is behind NAT [Antony]
* IKEv2: log first notify payload when we receive an Notify Error [Paul]
* IKEv2: Fix memory leak in DH secret calculation (since v3.9) [Andrew]
         (reported by Eric Andersson)
* IKEv2: If re-entering ikev2_crypto_start(), reset msgid [Paul]
* IKEv2: prevent copying bogus peer id when ID kind is IPv4/IPv6 [Paul]
         (rhbz#1392191)
* IKEv2: suppress DELETE notifies for connections being replaced [Paul]
* IKEv2: re-instate ISAKMP_SA_established() [Paul]
* IKEv1: For IKE (phase 1), prefer 256-bit bit encryption [Andrew]
* IKEv1: Print conn algo's when using XAUTH [Andrew]
* IKEv1: Simplify ike= defaults (drop MODP1024, MD5, add MODP2048) [Andrew]
* IKEv1: Prefer 256-bit keys over 128-bit keys for IKE [Andrew]
* IKEv1: Also call ISAKMP_SA_established() in Aggressive Mode [Paul]
* newhostkey: Convert remaining --configdir for --nssdir [Tuomo]
* barf: Ensure proper macros are used. Add certutil/crlutil output [Paul]
* misc: Fix various spelling errors in code/comments/man pages [dkg]
* packaging: spec files should use 0 and 1, not true and false [David Arnold]
* building: NSS_REQ_AVA_COPY?=true to support new NSS lib export fix [Paul]
* building: Remove no longer needed NSSCERT_CheckCrlTimes() copy [Paul]
* building: fetch: remove support for ancient LDAP version 2 [Tuomo]
* building: move whack to separate programs/whack/ directory [Andrew]
* building: Various Makefile variable cleanups and double link fixes [Andrew]
* building: Don't check runtime for SElinux/systemd with DESTDIR [Paul]
* documentation: added oe-letsencrypt-* example configs [Paul]

v3.19 (January 15, 2017)
* NSS: Support for configurable nss dir via @IPSEC_NSSDIR@ [dkg/Tuomo]
* FIPS: Only pluto needs a .hmac file, reducing crypto boundary [Paul]
* FIPS: do not allow DBG_PRIVATE to be set when running in FIPS mode [Paul]
* FIPS: Ignore failureshunt=passthrough and negotiationshunt=passthrough [Paul]
* FIPS: Filter default proposals of non-FIPS allowed proposals [Andrew]
* FIPS: Added CAVP test for pluto GCM code [Andrew]
* FIPS: More cleanup of crypto related structs and functions [Andrew]
* FIPS: Implement SHA based PRFs directly in NSS [Andrew]
* FIPS: Support for CAVP testing 'HMAC construct' based SHA PRF code [Andrew]
* IKEv2: Don't crash on bogus mixed protocol Delete Payloads [Hugh/Paul]
* IKEv2: Add asymmetric AUTH support (leftauth= and rightauth=) [Antony/Paul]
* IKEv2: refactored AUTH handling payload into v2_check_auth() [Paul]
* IKEv2: support CERT chain sending [Paul]
* IKEv2: Allow CERT and CERTREQ payloads multiple times [Paul]
* IKEv2: do not attempt to send notify in reply to IKE_AUTH reply [Paul]
* IKEv2: When receiving DELETE, ensure expire+restart when needed [Antony]
* IKEv1: If a queued up DPD probe finds no IKE SA, create a new one [Paul]
* IKEv1: accept_delete() check if IKE SA is shared before deleting [Paul]
* IKEv1: Remove ADNS, DNS continuations and IKEv1 OE code [Paul/Antony]
* IKEv1: Schedule IPsec SA REPLACE immediately when receiving DELETE [Antony]
* IKEv1: Some IKE SA failure on initiator could lead to hanging whack [Paul]
* KLIPS: fix for unregister_netdevice() for Linux 3.6.11 and up [Richard/Paul]
* XFRM: EXPERIMENTAL Support for configuring IP address on the VTI device [Paul]
        keyword: leftvti=address/mask
* XFRM: Fix NAT-T support when userland compiled without KLIPS support [Paul]
* X509: Obsolete /etc/ipsec.d/crls (load_crls()) and whack --rereadcrls [Paul]
* X509: New whack --fetchcrls (alias ipsec crls) to trigger a fetch [Paul]
* X509: Iterate all X.509 certs and try to fetch their crls [Kim]
* X509: Start a fetch for CRLs 5 seconds after startup [Kim]
* X509: --rereadcrls no longer overwrites newer CRLs with older ones [Paul]
* X509: log the NSS error when CERT_ImportCerts() fails [Paul]
* X509: Don't attempt to fetch crl->uri when not present [Paul/Matt]
* X509: Additional OCSP options to tweak the cache and fetch method [Paul]
        (new keywords: ocsp-method ocsp-cache-size ocsp-cache-min-age
                       ocsp-cache-max-age)
* X509: Fix memory leak in certificate handling (lsbz#278) [William Rios]
* X509: Fix memory leak in certificate chain handling [Matt]
* pluto: close whack socket in add_pending when dup pending is skipped [Hugh]
* pluto: Avoid adding duplicate bare shunts causing lockup [Paul]
* pluto: drop modp1024 (DH2) from IKEv1 "ike=" default list [Andrew]
* pluto: send_packet() now refuses to send a packet to 0.0.0.0 [Paul]
* pluto: find_hostpair ignore CK_INSTANCES that are ID_NULL [Antony]
* pluto: Fix ca name and generalName leak lsbz#276 [Bill Rios]
* pluto: EXPERIMENTAL SECCOMP support (seccomp=enabled|tolerant|disabled) [Paul]
* pluto: connection instances need their own reqid [Antony]
         (this resolves multiple clients behind same NAT router issue)
* pluto: Use a global reqid counter instead of looping every time [Paul]
* pluto: use sets instead of nested loops for transform processing [Andrew]
* pluto: Prefer not switching connections when possible [Paul/Hugh]
* pluto: Move unique mark from rw_instantiate() to instantiate() for OE [Paul]
* pluto: log more information when a bare shunt is missing [Hugh]
* pluto: redo process_encrypted_informational_ikev2 [Hugh]
* pluto: Add new config option encapsulation=auto|yes|no [Paul/Patrick Kerpan]
         replacing forceencaps=yes|no
* pluto: No longer log bogus reapchildren warning [Paul]
* libipsecconf: libipsecconf: remove last remnants of manual keying [Paul]
* libipsecconf: remove auth= alias for phase2= [Paul]
* _updown.netkey: Move addcat call from route-host to up-client [Paul]
* ipsec: initnss|import use --nssdir for nssdb directory option [Tuomo]
* newhostkey: use --nssdir for nssdb directory option [Tuomo]
* showhostkey: use --nssdir for nssdb directory option [Tuomo]
* barf: minor improvements with systemd/journalctl [Paul]
* verify: fix "with FIPS" output to print OK [Paul]
* _stackmanager: add cmac and chacha20poly1305 to modprobe list [Paul]
* building: libreswan assumes -std=gnu99 when building [Andrew]
* building: USE_EXTRACRYPTO replaced by USE_SERPENT and USE_TWOFISH [Paul]
* building: Disable DH22 by default. To re-enable use USE_DH22=true [Paul]
* building: work around flex 2.5.4 (CentOS 5); use: -o/output/file [Andrew]
* sysvinit: remove unnecessary warnings about already stopped pluto [Tuomo]
* initsystems: Enable "systemctl help ipsec" [dkg]
* testing: various web output fixes (see testing.libreswan.org) [Andrew]
* testing: various test updates / additions [Paul/Antony]
* documentation: fixup changes in GPL 2.0 / LGPL like FSF address [dkg]
* Bugtracker bugs fixed:
   #270 newhostkey: text output produces 1 character bug in pubkey [Andew]
   #272 Option --leak-detective causes assertion failure [Bill / Paul]
   #277 pluto: fix pluto events leak in timer_event_cb [Bill Rios]
   #152: ipsec whack --initiate for xauth does not release whack [Paul/Hugh]

v3.18 (July 27, 2016)
* SECURITY: CVE-2016-5391: IKEv2 proposal lacking DH causes restart [Andrew]
* XFRM: EXPERIMENTAL Support for NAT OE Client Address Translation [Antony]
        keyword: leftcat=yes|no
* XFRM: EXPERIMENTAL Support for routed-VPNs using VTI [Paul/Tuomo]
        keywords: vti-interface=<name> vti-routing=yes|no vti-shared=yes|no
* XFRM: EXPERIMENTAL Support for Traffic Flow Confidentiality tfc=XXX [Paul]
* KLIPS: Fix for /proc/net/pf_key oops on < 4.4 [Erik Andersson]
* KLIPS: Fix overwriting the sk pointer in 4.4 kernels [Ofer Heifetz]
* FIPS: Only the pluto binary needs a fipscheck .hmac file for self-test [Paul]
* FIPS: Change SA_LIFE_DURATION_MAXIMUM from 1 day to 8h [Paul]
* FIPS: Do not allow Linux-style sha2 truncation for ESP in FIPS mode [Paul]
* FIPS: Allow PSK in FIPS mode. This was erroneously not allowed [Paul]
* FIPS: Added new ipsec whack --fipsstatus [Paul]
* IKEv2: For default proposals, prefer MODP2048 over MODP1536 [Andrew]
* IKEv2: For proposals like ike=aes-sha2, prefer AES_256 over AES_128 [Andrew]
* IKEv2: For default ESP proposals, include and prefer AES_GCM [Andrew]
* IKEv2: For default ESP/AH proposals, do not propose MD5 integrity [Andrew]
* IKEv2: Add MODP3072 to defaults to ease interop with strongswan [Andrew]
* IKEv2: Prefer sha2-512 over sha2-256 for ESP to avoid linux bug [Andrew]
* IKEv2: fix use of ikev2_cert_req_fields [Lubomir Rintel]
* IKEv2: Extend and improve notify handling [Paul]
* IKEv2: Update ike endpoint as per rfc7296#section-2.23 [Antony/Paul]
* IKEv2: If first liveness probe failed, we never noticed liveness failure [Paul]
* pluto: Extend mark= support for mark-in= and mark-out= [Paul]
* pluto: implement unique marks by using mark=-1 [Paul]
* pluto: Add systemd watchdog support via USE_SYSTEMD_WATCHDOG [Matt/Paul]
* pluto: Follow connaddrfamily when resolving hostnames [Daniel M. Weeks]
* pluto: Check enum names consistency on startup [Hugh]
* pluto: Log mismatched DH group (KE payload) to log (not debug) [Andrew]
* pluto: Don't try to delete non-existing ipsec sa's (github #50) [Paul]
* pluto: Prevent double free of id data [Hugh]
* pluto: Avoid crashing on gaining remote ip locally (rhbz#1229766) [Paul]
* pluto: ESN could use uninitialised values and fail [Paul/Andrew]
* X509: Try subsequent crl distribution points when first one fails [Kim]
* whack: Display IPv4 lease address in --trafficstatus [Andrew]
* libipsecconf: New keyword left/rightckaid=XXX [Andrew]
* libipsecconf: Remove legacy keyword subnetwithin= [Hugh]
* libipsecconf: Clean out kv_auto / kv_manual attributes [Hugh]
* updown: Add SPI_IN= and SPI_OUT= to updown scripts [Paul]
* programs: Removed obsoleted ikeping and livetest [Paul]
* newhostkey: No longer touch any secret files [Andrew]
* showhostkey: Only look at NSS - don't require ipsec.secrets [Andrew]
* libswan: Fix unbound dnsctx handling [Hugh/Paul]
* libswan/libipsecconf: Clean up SECRETS code [Andrew]
* libswan: Delete getNSSPassword; replaced by lsw_nss_get_password [Andrew]
* addconn: Find peer IP address when resolving default route [Daniel M. Weeks]
* barf: If systemd detected, use journalctl to get logs [Paul]
* building: The make variable NSSLIBS was renamed to NSS_LDFLAGS [Andrew]
* building: Fix building without DNSSEC support [Hugh/Paul]
* packaging: Updates for debian packaging [dkg]
* initsystem: Add docker support using 'make INITSYSTEM=docker' [Kim]
* ipsec import: Add --configdir|--ipsecdir option for nss db location [Tuomo]
* _import_crl: Fix to work with nsspasswd [Andrew]
* _stackmanager: Remove loading of hardware random modules [Tuomo]
* _stackmanager: hide error if /proc/sys/net is read-only (i.e. docker) [Kim]
* ipsec: remove run by root check for Neutron/VPNaaS [Tuomo]
* ipsec: add option [--configdir|--ipsecdir /etc/ipsec.d] [Tuomo]
* testing: Various improvements for running tests, include web tree [Andrew]
* testing: New makefile targets, see 'make kvm-help' [Andrew]
* testing: pluto support for --expire-bare-shunt <interval> [Paul]

v3.17 (April 4, 2016)
* SECURITY: CVE-2016-3071: IKEv2 aes_xcbc transform causes restart [Andrew]
* pluto: replace make variable HAVE_NO_FORK with USE_FORK, USE_DAEMON, and
         USE_VFORK [Andrew]
* pluto: add make variable USE_PTHREAD_SETSCHEDPRIO used by Darwin [Andrew]
* IKEv2: Add Vendor ID support and VID_OPPORTUNISTIC [Paul]
* IKEv2: Send VID_OPPORTUNISTIC when doing AUTH-NULL Opportunistic IPsec [Paul]
* IKEv2: New keyword drop-oppo-null=no|yes (default no) [Paul]
* IKEv2: ikev2_out_generic{_raw}() functions [Paul]
* IKEv2: Raise minimum nonce size from 8 to 16 bytes as per RFC-7296 [Paul]
* IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes [Paul]
* IKEv2: Fix memory leak of dcookies [Paul]
* IKEv2: Switch pluto to native IKEv2 SA code, disentangle from IKEv1 [Andrew]
* IKEv2: Log local and remote IKE and ESP/AH proposal sets [Andrew]
* IKEv2: ESN support (XFRM linux 2.6.39+) via esn=yes|no(default)|either [Paul]
* IKEv2: Do not include aes_xcbc in proposal list until NSS supports it [Paul]
* IKEv2: Prefer sha2_512 over sha2_256 over sha1 [Paul]
* IKEv2: Use SHA2-256 instead of SHA1 as hash algorithm for dcookies [Paul]
* IKEv2: Validate unexpected dcookies to limit TRANSCRIPT attack [Paul]
* IKEv2: Don't duplicate failed IKE SA every pending cycle of 120s [Paul]
* IKEv2: add --impair-send-bogus-dcookie for testing [Paul]
* IKEv1: Packet retransmit fixes for Main/Aggr/Xauth modes [Paul]
* IKEv1: Minor logging changes for DPD/NAT-T/AGGR [Paul]
* IKEv1: Prefix a few functons with ikev1_* where not obvious [Paul]
* IKEv1: Always send modecfg banner and domain if they are set [Lubomir Rintel]
* pluto: fetch crls from middleCA/endcert AIA distribution points [Kim/Mika]
* pluto: crls must be refreshed periodically, not only near expiry [Kim/Mika]
* pluto: Raise IKEv1 and IKEv2 default nonce size from 16 to 32 bytes [Paul]
* pluto: Don't delete IKE SA when shared with multiple connections [Paul]
* pluto: connection restart failed for dynamic dns conns [Wolfgang]
* pluto: Ignore tentative and failed IPv6 addresses [Lubomir Rintel]
* pluto: Fix various coverity warnings and corner cases [Hugh, Paul]
* pluto: Rename *xauthusername= to *username= (keep compat alias) [Paul]
* pluto: accept/verify the KE contents before creating the state [Andrew]
* pluto: Parse the IKE SA proposals before creating the state [Andrew]
* pluto/rsasigkey: libgmp functions obsoleted by native NSS [Andrew]
* pluto: Be more careful handling realloc() failure [Hugh]
* pluto: Fix leaks in NSS/certificate handling code [William Rios]
* pluto: Refuse to load conns with protoport=XX/%any on both sides [Paul]
* pluto: Ignore unsupported keys from the NSS database [Andrew]
* pluto: orphan_hold() can encounter connection in delete phase [Antony]
* rsasigkey: Only print the comment line, pubkey and CKAID [Paul]
* secrets: Remove wrapper for "ipsec secrets" and make it inline [Paul]
* libipsecconf: Make handling of policy bits more systematic [Hugh]
* barf: Only sysvinit printed the string "subsystem" [Paul]
* FIPS: Code cleanup and misc. fixes [Andrew / Paul]
* FIPS: Add _import_crl to the FIPS file list [Paul]
* KLIPS: Support for Linux 4.4.x kernel (lsw#256) [Wolfgang]
* KLIPS: IPv6 can't determine routing device (lsw#237) [Wolfgang]
* KLIPS: Fix pluto compile for USE_KLIPS=false [Paul]
* barf: Does not show pluto log correctly in the output (rhbz#1309764) [Paul]
* packaging: debian/ fixes [Marc-Christian Petersen / Tuomo]
* sysvinit: Fix displaying number of tunnels in status command [Paul]
* Bugtracker bugs fixed:
   #258 DPD with dynamic dns can't reconnect a host connection [Wolfgang]

v3.16 (December 18, 2015)
* auto: add new option --start which is like auto=start [Tuomo]
* libipsecconf: allow time with no unit suffix (openswan compat) [Hugh]
* libipsecconf: cleanup parser.y to work on old/new GCC and 32/64bit [Hugh]
* libipsecconf: re-introduce strictcrlpolicy= as alias for crl-strict= [Paul]
* libipsecconf: Allow time specification for dpdtimeout= / dpddelay= [Paul]
* libipsecconf: aliases curl_timeout / curl_iface for openswan migration [Paul]
* libswan: Fix memory leak in match_rdn() [Valeriu Goldberger]
* PAM: Fix some IKEv1 XAUTH methods always returning "denied" [Antony]
* PAM: stacked pam modules (eg pam_ssss) need CAP_DAC_READ_SEARCH [Matt]
* newhostkey: fix seeddev device [Paul]
* pluto: terminate_connection() when we become unoriented (rhbz#609343) [Paul]
* pluto: find_client_connection() must ignore unoriented c (rhbz#1166146) [Paul]
* pluto: Fix trafficstatus byte counter output [Antony]
* pluto: accept racoon's over-sized padding (got rejected in 3.14) [Andrew]
* pluto: obsolete plutofork= and ignore the keyword on startup [Paul]
* pluto: send_crl_to_import: use waitpid(2) to wait for correct child [Hugh]
* pluto: cleanup struct spd_route and related tidying [Hugh]
* pluto: fix eclipsed to iterate over connection's spd_routes [Hugh]
* pluto: accept delete payload with wrong side's SPI (CISCO bug) [Paul+Hugh]
* pluto: initialise phase2 our_lastused/peer_lastused on creation [Paul+Hugh]
* pluto: pluto: OE: add shunts.total count to ipsec whack --globalstatus [Paul]
* pluto: Add keyword  replay-window= (default 32, 0 means disable) [Paul]
* pluto: Add fake-strongswan=yes|no (default no) to send strongswan VID [Paul]
* pluto: Add support for XFRM marking cia mark=val/mask [Amir Naftali]
* pluto: Use selinux dynamic class/perm discovery, not old API [Lubomir Rintel]
* pluto: Fix for uniqueids killing second tunnel between hosts [Tuomo]
* pluto: Don't refuse to load passthrough conn with ike= / esp= settings [Paul]
* pluto: Free the event struct initialized in main loop and tidy [Antony]
* pluto: Add event for child handling of addconn [Wolfgang/Antony]
* pluto: release_fragments() cannot try both IKEv1 and IKEv2 fragments [Paul]
* X509: load_end_nss_certificate() cleanup [Matt]
* X509: Add on-demand loading of NSS certificate private keys [Matt]
* X509: Fix possible NSS cert leaks in trusted_ca_nss() [Matt]
* IKEv2: delete_state() should only handle shunt of real parent SA [Paul]
* IKEv2: retransmit_v2_msg() should delete parent and child SA on failure [Paul]
* IKEv2: mixup in parent/child SA caused keyingtries to be lost [Paul]
* IKEv2: Remove two bogus state machine entries for INFORMATIONAL [Paul]
* IKEv2: Remove duplicate SEND_V2_NOTIFICATION() [Paul]
* IKEv2: Only let passthrough conn win if it has longer prefix [Paul]
* OE: Deleting opportunistic Parent with no Child SA [Paul]
* OE: Send authentication failed for OE child fail [Paul]
* OE: Don't reject IPv6 family for OE foodgroups [Antony]
* OE: Move orphan_holdpass() call into delete_state() [Paul]
* OE: Call orphan_holdpass() for opportunistic conns for EVENT_SA_EXPIRE [Paul]
* OE: Do not answer IKE request if we matched authby=never conn [Paul]
* OE: Fix memory leaks in nullgw and bs->why [Antony]
* OE: At IKE rekey time, delete the IKE/IPsec SA when idle [Antony]
* FIPS: fips.h should only require compiled libexec/ components [Paul]
* XAUTH: Fix for connection going up->down->up causing passert [Hugh]
* XAUTH: Do not interpret padding as incomplete attribute [Lubomir Rintel]
* XAUTH: Improve failure logging [Paul]
* XFRM: Workaround bug in Linux kernel NLMSG_OK's definition [Hugh]
* KLIPS: kernels 4.1.x+ always use the same interface to uids [Roel van Meer]
* KLIPS: Various changes to support 4.1.x kernels [Wolfgang]
* ipsec: custom directory not recognized, github issue #44 [Tuomo]
* updown.*: Fix NetworkManager callback [Lubomir Rintel]
* addconn: tidy [Hugh]
* building: obsolete USE_ADNS and disable building adns helpers [Paul]
* building: Do not link all binaries with nss,nspr and gmp [Paul]
* building install "ipsec_initnss.8" and "ipsec_import.8" man pages [Andrew]
* packaging: debian/ directory update [Paul/Daniel]
* testing: Various testing updates and improvements [Antony/Paul/Andrew]
* documentation: added CODE_OF_CONDUCT.d [Paul]
* Bugtracker bugs fixed:
   #216 No longer require :RSA entries for X.509 certs in ipsec.secrets [Matt]
   #233 pluto sends delete SAs in wrong order and reconnection issues [Wolfgang]
   #247 KLIPS: fix pluto can't add ipv6 addresses to ipsec devices [Wolfgang]
   #248 keyingtries=%forever doesn't work anymore [Wolfgang]

v3.15 (August 24, 2015)
* SECURITY: CVE-2015-3240 IKE daemon restart when receiving a bad DH gx [Hugh]
* KLIPS: fix use of *iovec() functions for linux 4.x kernels [Greg Ungerer]
* IKEv1: Remove old IPsec SA's when newest IPsec SA is removed [CHEN, JIANFU]
* IKEv1: Fix Labeled IPsec SECCTX parsing - bug introduced in 3.14 [Matt]
* NETKEY: workaround for NLMSG_OK() macro causing build failure on i686 [Hugh]
* NETKEY: Fix IPsec SA priority on type=passthrough conns [Antony]
* NETKEY: Fix nflog= on type=passthrough conns [Paul]
* pluto: Use PORT_ErrorToString() to translate NSS errors [Matt]
* pluto/whack: add --impair-send-zero-gx to test CVE-2015-3240 [Paul]
* ipsec: checknss/initnss must both convert old database if it exists [Tuomo]
* packaging: debian fixes for userland package [Antony]

v3.14 (August 11, 2015)
* NSS: Major rewrite of PRF / PRFPLUS / integrity functions for FIPS [Andrew]
* FIPS: Added programs/pluto/cavp for NIST CVAS testing [Andrew]
* IKEv2: RFC 7383 IKEv2 Fragmentation support [Herbert/Hugh]
* IKEv2: RFC 7619 Auth Null support (authby=null) [Paul/Antony/Hugh]
* IKEv2: RFC 7619 ID Null support (leftid=%null) [Paul/Antony/Hugh]
* IKEv2: whack and smc related time out fixes [Antony]
* IKEv2: rekey, expire, delete refactoring and fixes [Antony]
* IKEv2: do not pad IKE messages (fix interop w. InsideSecure) [Paul]
* IKEv2: Fix esp=camellia to use the IKEv2 IANA registry number for ESP [Paul]
* IKEv2: Fix memory leaks in addresspool and child exchange sadb [Antony]
* IKEv2: Support for INVALID_KE DH group re-transmits [Paul/Hugh]
* IKEv2: if applicable, add CERTREQ payload to IKE_SA_INIT response [Antony]
* IKEv2: Various memory leak fixes [Hugh]
* IKEv2: Delete parent/child SA when IPsec SA expires due inactivity [Antony]
* IKEv2: Added pam-authorize= (default no) for userid verification [Antony]
* IKEv2: Informational exchange did not always update msgid counters [Paul]
* IKEv2: Don't send v2N_INVALID_MSGID in response to duplicate IKE_INIT packet
* IKEv2: Time all crypto operations, not just DH IKEv2 [Antony]
* IKEv2: reduce leaks involving sa_v2_convert [Hugh]
* IKEv2: eliminate leaks of st_tpacket [Hugh]
* IKEv2: fix send certreq [Antony]
* IKEv2: find_host_connection now checks RSA, PSK and NULL one by one [Antony]
* IKEv1: Don't copy isakmp_sa from received packet [Paul]
* IKEv1: Do not retransmit forever [Antony/Herbert]
* FIPS: Enforce crypto restrictions in FIPS mode (no md5,twofish, etc) [Paul]
* XAUTH: retransmit user/password request in 10s (instead of 30s) [Wolfgang]
* X509: Re-added CRL and OCSP support using NSS [Matt]
* X509: Expired certificate could crash pluto [Wolfgang]
* x509: New options: ocsp_enable= ocsp_strict= ocsp_timeout= [Matt]
        ocsp_uri= and ocsp_trust_name=
* pluto: Converted select() loop to use libevent and subsecond timers [Antony]
* pluto: unroute IPSEC SA instead of hold, if oppo and CK_INSTANCE [Antony]
* pluto: Added --impair-send-no-ikev2-auth and --impair-force-fips [Paul]
* pluto: Added retransmit-timeout= (default 60s) [Antony]
* pluto: Added retransmit-interval= in ms (default 500) [Antony]
* pluto: Greatly reduce time to retransmit from 20s to 0.5s [Antony]
* pluto: Support for IKEv2 AES_CTR (ike=aes_ctr) [Andrew Cagney]
* pluto: Support for CBC/CTR test vectors using NSS [Andrew Cagney]
* pluto: Remove last weary old FreeS/WAN X.509 code and use NSS instead [Matt]
* pluto: Static IP support using passwd file with addresspool= [Wolfgang]
* pluto: major tidy of labeled ipsec code [Hugh]
* pluto: fixes for uninitialized fields in output struct [Hugh/Paul]
* pluto: audit format and log item update as per audit spec [Paul]
* pluto: simplify and clarify sa_copy_sa and friends [Hugh]
* pluto: small steps improving crypto helpers [Hugh]
* pluto: plutostderrlog= renamed to logfile= [Paul]
* pluto: plutostderrlogtime= renamed to logtime= [Paul]
* pluto: New option logappend=yes|no (default yes) [Paul]
* pluto: Removed obsoleted loopback= support [Paul]
* pluto: advanced state counting (anon,auth,halfopen,child) [Paul/Andrew/Hugh]
         (see ipsec whack --globalstatus)
* pluto/rsasigkey: added --seedbits option (and seedbits= option) [Paul]
* pluto: do not terminate_connection() in-flight [Hugh]
* pluto: don't use an expired reserved kernel SPI as fallback [Herbert Xu]
* pluto: Use "third best" monotime() on mismatched kernel/glibc headers [Paul]
* pluto: removed bool inbound_only from delete_ipsec_sa() [Paul/Herbert]
* pluto: fix modecfg client/server status display (was swapped) [Herbert]
* pluto: Global NFLOG support via nflog-all= keyword (default off) [Paul]
* pluto: Per-conn NFLOG support via nflog= keyword (default off) [Paul]
* pluto: Reduce default logging for unknown/halfopen/opportunistic SA's [Paul]
* pluto: Fix bogus "no RSA public key known for '%fromcert'" [Herbert Xu]
* pluto: exclude ike/esp options from %default for never-negotiate conns [Paul]
* pluto: added xfrmlifetime= (default 300) to customise NETKEY acquires [Paul]
* pluto: added shuntlifetime= (default 15m) for bare shunts [Paul]
* pluto: added negotiationshunt= (default hold) [Paul]
* pluto: Obsoleted force-busy= for ddos-mode= [Paul]
* pluto: Added config setup keyword ddos-mode= (default auto) [Paul]
* pluto: Added config setup keyword ddos-ike-threshold= (default 25000) [Paul]
* pluto: Added config setup keyword max-halfopen-ike= (default 50000) [Paul]
* pluto: route_owner() don't passert on changed interface [Paul]
* pluto: Remove DNSSEC DLV support (DLV is decommissioned) [paul]
* pluto: Support for unbound < 1.4.21 [Tony Whyman]
* libipsecconf: Improve parser for pipe case (with NM) [Hugh/Lubomir Rintel]
* libcrypto/twofish: Fix CALC_SB_* macros [Lubomir Rintel]
* readwriteconf: improve error handling [Hugh]
* ipsec: ipsec --import does not need to run restorecon [Paul]
* ipsec: --checknss option automatically updates NSS DB to SQL [Matt]
* ipsec: --checknflog option installs nflog-group= iptables rules [Paul]
* rsasigkey: Rename --random to --seeddev [Paul]
* packaging: Various SPEC file fixes and Buildrequires: updates [Tuomo/Kim]
* packaging: Add v6neighbour-hole.conf for Neighbour Discovery hole [Paul]
* initsystems: run ipsec --checknss before start [Tuomo]
* building: overhaul of build system Makefiles (see mk/) [Andrew]
* testing: docker test type support [Antony]
* testing: test case updates/additions [Antony/Paul/Andrew/Matt]
* testing: more FIPS support and --impair-force-fips option added [Paul]
* NETKEY: Fix bare shunt management code to work properly for NETKEY [Paul/Hugh/Antony]
* NETKEY: Increase netlink message buffer for larger SElinux labels [Paul]
* NETKEY: kernel netlink decode and log policy expire message [Antony]
* KLIPS: move udp_encap_enable() to not be within spinlock [Wolfgang]
* KLIPS: ipsec_rcv_decap_ipip broken for IPv6 lsb#227 [Frank Schmirler]
* KLIPS: Support for SHA2 via CryptoAPI [Wolfgang]
* KLIPS: Support for sha2_truncbug [Wolfgang]
* whack: New ipsec whack --purgeocsp [Matt]
* whack: New ipsec whack --ddos-busy | --ddos-auto | --ddos-unlimited [Paul]
* whack: New ipsec whack --globalstatus [Paul]
* whack: New ipsec whack --shuntstatus [Paul]
* whack: New ipsec whack --deleteid --name <id> [Antony]
* whack: cleanup help text [Tuomo]
* _stackmanager: Don't load blacklisted modules (rhbz#1207689) [Paul/Tuomo]
* _stackmanager: Support for xfrmlifetime= ipsec.conf option [Paul]
* _updown: add proxy arp for cases where routing won't work [Tuomo/Wolfgang]
* Bugtracker bugs fixed:
  #260: libswan: extra safety around same_id() when ID_FROMCERT is used [Paul]

v3.13 (June 1, 2015)
* SECURITY: CVE-2015-3204 malicious payload causing restart [Javantea/Hugh]

v3.12 (November 6, 2014)
* IKEv2: CP payload now installs internal address and dns [Antony]
* IKEv2: Don't try to decrypt if DH is incomplete [Antony]
* IKEv2: If applicable, add a CERTREQ payload in IKE_SA_INIT response [Antony]
* IKEv2: Fix parent I2 replace event delay [Antony]
* IKEv2: Liveness fix for restarting instantiated connection [Antony]
* IKEv2: Schedule expire instead of replace when rekey=no [Antony]
* IKEv2: Zero out CP payload before sending [Antony]
* IKEv2: Fix message id in create child sa response [Antony]
* IKEv2: Don't try to instantiate unoriented connections [Antony]
* XAUTH: Fix 2 missing breaks when deciding on sending ModeCFG payloads [Paul]
* X509: Ensure that root CA does not end up in the ca_path list [Matt]
* pluto: Cleanup DYNDNS code and other clang warnings [Hugh]
* pluto: lswconf.c: getNSSPassword: fix bugs and tidy [Hugh]
* pluto: check return value of ike_alg_register_enc for twofish/serpent [Paul]
* pluto: fix various uninitialised variables in out_struct() calls [Paul/Hugh]
* KLIPS: Fix missing breaks in spi command algo type parsing [Paul]
* KLIPS: Support for kernel 3.17 [David/Paul]
* building: disable libcap-ng and NM support for OSX [Paul]

v3.11 (October 22, 2014)
* x509: IKEv1 CA cert chain support with sendca option [Matt]
* pluto: Fix mtu= option mangling introduced in 3.10 [Kim]
* pluto: Fixes auto=start and auto=route with %defaultroute [Kim/Tuomo/Paul]
         (troubled in 3.9 and 3.10)
* pluto: Don't register ESP_BLOWFISH [Paul]
* pluto: ESP support for aes_xcbc [Paul]
* pluto: ESP support for aes_ctr [Paul]
* pluto: ESP support for camellia on NETKEY [Paul]
* pluto: IKE support for aes_xcbc (pending NSS update) [Paul]
* IKEv1: Default to DH Group 2 and 5 for initiating Aggressive Mode [Paul]
         (3.9 included DH 14 which was preferred, causing interop issues)
* pluto: Force ESP_CAST to only allow 128 bit key sizes [Paul]
* pluto: Log_crypto_workers threads did not use static bool first_time [Coverity]
* pluto: Warn (not fail) on empty NSS private key passwords [Oskari Saarenmaa]
         - rhbz#1145231 (rhel7) and rhbz#1144941 (fedora)
* pluto: Added PLUTO_IN_BYTES= / PLUTO_OUT_BYTES= for updown [Antony]
* pluto: Handle list of certs from parse_pkcs7_cert [Hugh]
* pluto: Fix --impair-retransmits IMPAIR code [Hugh]
* pluto: separate SEND_V2_NOTIFICATION from SEND_NOTIFICATION [Hugh]
* pluto: Various fixes/cleanups in algo registration functions [Paul/Hugh]
* pluto: ah=null as a valid phase2alg for a connection [Paul]
* pluto: Clean up complete_v*_state_transitions and related things [Hugh]
* pluto: More crypto helper cleanup [Hugh]
* NETKEY: Don't trust PF_KEY API to tell us about IPCOMP support [Paul]
* KLIPS: ip_select_ident was backported to 3.2.63 [Bram]
* IKEv2: Don't copy reserved ISAKMP flags in reply msg (rhbz#1052811) [Paul]
* IKEv2: ISAKMP_FLAGS_v2_IKE_I was not always set on Original Initiator [Paul]
* IKEv2: CP payload support for responder [Antony]
* IKEv2: CREATE_CHILD_SA support for responder [Antony]
         (NON_ADDITIONAL_SAS stub removed)
* systemd: Use After=network-online.target instead of network.target [Kim]
           - rhbz#1145245 (rhel7) and rhbz#1144832 (fedora)
* systemd: Add Wants=network-online.target [Lukas Wunner]
* addconn: Route before and after listen (bug introduced in 3.10) [Paul/Hugh]
* rsasigkey: Use a version of jam_str instead of strcpy() for hostname [Paul]
* IKEv2: CERTREQ payload should use SHA1 hash of DN instead of IKEv1 DN [Matt]
* updown: Pluto should give CAP_NET_RAW to updown for iptables -t mangle [Paul]
* _stackmanager: Fixed to work again with mawk [Marc-Christian Petersen/Tuomo]
* testing: Many test case updates [Paul/Antony/Hugh/Matt]
* Bugtracker bugs fixed:
  #206: Libreswan v3.10 on 32-bit does not work [Kim]

v3.10 (September 1, 2014)
* XAUTH: New option: ipsec whack --trafficstatus [Antony]
* XAUTH: New option: ipsec --deleteuser --name xauth-username [Antony]
* XAUTH: Do not strip "-" from XAUTH usernames [Paul]
* _updown.netkey: New environment variable PLUTO_ADDTIME for IPsec SA's [Paul]
* _updown.netkey: Don't skip routing if mtu= option is used [Tuomo]
* NETKEY: protoport= installed broken swapped src/dst passthrough SA's [Antony]
* NETKEY: fix names for RIPEMD160 and AES_CTR [Paul]
* KLIPS: support 3.16+ kernels with update __ip_select_ident() [Thomas Geulig]
* _stackmanager: KLIPS support for alias devices [Marc-Christian Petersen]
* pluto: Simplify/tidy alg_info [Hugh]
* pluto: Simplify find_host_connection() and terminate_connection() [Hugh]
* pluto: Fix a leaking socket in whack [Hugh]
* pluto: Combine same_dn() and match_dn() to avoid deduplicate logic [Hugh]
* pluto: Add strneq(); get rid of most remaining strncmp calls [Hugh]
* pluto: Get rid of or document strcat, strncat, strcpy, etc [Hugh]
* pluto: malloc/calloc/realloc/free tidying, including a few bug fixes [Hugh]
* pluto: Fix memory allocation/free errors (especially in ike_frag) [Hugh/Paul]
         (triggered as of 3.9 when --leak-detective was used)
* pluto: Various warning fixes from LLVM/Coverity [Hugh]
* pluto: Don't listen before all connections are loaded [Paul]
         (this sub-optimal behaviour was introduced in 3.1)
* cryptohelpers: cleanup and improved error logging [Hugh]
* IKEv2: esp=/phase2alg= should be strict (bug introduced in 3.9) [Paul]
* IKEv2: Don't abort all proposals when encountering unknown PRF [Hugh]
* IKEv2: ikev2_parse_*_sa_body: stop matching after first success [Hugh]
* IKEv2: Reject responder SA with multiple proposals [Hugh]
* IKEv2: Enforce proposal numbering rules [Hugh]
* IKEv2: first initiating XCHG of Original Responder is not a retransmit [Paul]
* IKEv2: Don't respond to reply messages when parent SA was not found [Paul]
* IKEv2: clarify O_responder/O_initiator and Request/Reply code [Paul]
* IKEv2: Check received msgid is larger then previous before storing [Paul]
* IKEv1: parse_ipsec_sa_body() did not allow newer AH transforms [Paul]
* IKEv1: Add sha2 and aes_xcbc support for AH/ESP auth algorithm [Paul]
* IKEv1: cap IKE lifetimes > 1d to 1d, instead of rejecting SA [Paul]
* IKEv1: cisco-unity=yes now also sends VID when acting as VPN server
* whack: Don't change exit status for RC_INFORMATIONAL* [Mike Gilbert]
* rsasigkey: a logic error limited the randomness of the key size [Paul]
* ipsec: create NSS DB on startup when missing [Paul]
* ipsec: Added "ipsec --checknss" that creates-when-missing NSS DB [Paul]
* verify: Make verify python3 compatible [Slavek Kabrda]
* readwriteconf: Fix writing kt_invertbool's (like aggrmode=) [Paul]
* testing: Obsoleted dotest.sh with dotest.py, speed increase [Antony]
* testing: Added more test cases and general cleanup [Antony/Paul]
* compiling: Fix ADNS without USE_DNSSEC compile [Tuomo]

v3.9 (July 9, 2014)
* Documentation: cleanup of README.* and docs/* [Paul]
* libswan: Cleanup allocation and  certificate handling functions [Hugh]
* libswan: Introduce add_str() to replace abused strncat() [Hugh]
* libswan: Complain when loading connection with expired certificate [Paul]
* libswan: Some error messages did not make it to the whack log (user) [Paul]
* pluto: STF_TOOMUCHCRYPTO handling should not delete the state [Paul/Hugh]
* pluto: Default cipher keysizes is now RFC compliant 128 (not 256) [Paul]
* pluto: Allow sha2 as an alias for sha2_256 [Paul/Matt]
* pluto: Allow more DBG_* and IMPAIR options [Hugh]
* pluto: Some enc transforms did not send KEY LENGTH for default key size [Paul]
* pluto: Ensure required KEY_LENGTH attributes for some ciphers are sent [Paul]
* pluto: Default ESP key size was "max" instead of "default" [Paul/Hugh]
* pluto: Bogus keysizes (eg 3des666) was not rejected at IKE level [Paul/Hugh]
* pluto: esp=aes now accepts both aes128 and aes256 [Paul/Hugh]
* pluto: ipsec status did not display "000" for ESP default size [Paul]
* pluto: ipsec status did not print IKE algo separator (",") [Paul]
* pluto: ipsec status no longer prints remote nexthop when oriented [Paul]
* pluto: sa_copy_sa_first() memory leak fixed [Hugh]
* pluto: Improved exponential backoff in message retransmission [Hugh]
* pluto: timer.c simplifications and improvements for monotonic time [Hugh]
* pluto: Cleanup and document wire_chunk crypto helper code [Hugh]
* pluto: rename program files using proper ikev[12]_* prefixes [Paul]
* pluto: Don't load certs via load_acerts() from /etc/ipsec.d/acerts/ [Paul]
* pluto: Drop CAP_DAC_OVERRIDE privs later to support non-root dirs [Paul]
* pluto: Remove unused libaes/libdes/liblswcrypto [Paul]
* pluto: Print proper cipher/algo/modp groups in phase1/parent SA [Paul]
* pluto: Various IANA updates to ipsec/ike/ikev2 registries [Paul]
* pluto: STF_TOOMUCHCRYPTO could cause double delete of state [Hugh]
* pluto: Alias "sha" to "sha1" for ike= and esp= [Matt]
* pluto: Simplify/cleanup NSS and cryptohelper code [Hugh]
* pluto: pluto_crypt.c used non-thread-safe strerror() [Hugh]
* pluto: ensure addconn thread uses the same ctlbase as pluto did [Paul]
* pluto: LEAK_DETECTIVE is now a runtime --leak-detective pluto option [Paul]
* pluto: Add modp2048 to default proposal list [Paul]
* pluto: oakley_alg_makedb() algo preference picking fixed [Paul/Hugh]
* pluto: Added --impair-send-key-size-check for testing [Paul]
* pluto: Make timer.c code IKE version independent [Antony]
* addconn: Default gateway finding logic fixes [Wolfgang]
* addconn: Only resolve %defaultroute using the main routing table [Wolfgang]
* addconn: ensure expired certificates show clearly over whack
* NATT: Added nat-ikev1-method=drafts|rfc|both to workaround buggy Ciscos [Paul]
* NATT: non port-floating (4500) NATT draft support removed [Paul]
* NATT: Change order of NATT payloads to accommodate racoon sensitivity [Paul]
* NATT: ignore incoming ISAKMP_NEXT_SAK (AKA ISAKMP_NEXT_NATD_BADDRAFTS) [Paul]
* NATT: Added IKEv2 NAT-Traversal support [Antony]
* XAUTH: Cleanup code [Hugh]
* XAUTH: Workaround for Android bug sending trailing NULL with password [Hugh]
* XAUTH: Improved logging and output for automated processing (eg for NM) [Paul]
* XAUTH: Hand out previously given IP lease to same client on reconnect [Antony]
* DPD: openbsd isakmpd bug workaround for duplicate DPD seqno [Paul]
* IKEv1: aggr mode: print names of ignored proposals part [Paul]
* IKEv1: rename init_am_st_oakley() to init_aggr_st_oakley() [Paul]
* IKEv2: Rekey / Delete event scheduling fixes [Antony]
* IKEv2: liveness (DPD) fix msgid handling for Informational XCHG [Matt]
* IKEv2: Improved RESPONDER_TIMEOUT logic [Antony]
* IKEv2: Extend smc with SMF2_CONTINUE_MATCH for cookie state matching [Hugh]
* IKEv2: handle DDOS cookie without creating state and using memory [Hugh]
* IKEv2: Fix IS_IPSEC_SA_ESTABLISHED macro to include IKEv2 [Antony]
* IKEv2: CREATE_CHILD_SA exchange can return NO_ADDITIONAL_SAS [Antony]
* IKEv2: Lingering states were never cleaned up [Antony]
* IKEv2: Support Authenticated Header ("AH") [Hugh]
* IKEv2: don't call dpd_active_locally() on an undefined state [Paul]
* IKEv2: Return proper message to the user when our RSA/PSK is missing [Paul]
* IKEv2: Always add SAi TSi TSr in I2 to allow IKE SA Reauthentication [Antony]
* IKEv2: When deleting CHILD_SA without a IKE SA don't try to send v2D [Antony]
* IKEv2: Fix process_informational_ikev2() for Delete payloads [Paul/Hugh]
* IKEv2: Improved logging of IKEv2 transform IDs [Hugh]
* pluto/whack: Allow shutdown command for different MAGIC [Paul]
* NSS: Changed PR_ASSERT() calls to passert() calls [Paul]
* NSS: ipsec initnss can now take a non-default location [Paul]
* newhostkey: Return proper error codes, no longer allow stdin [Paul]
* OCF: ipsec_ocf_cbimm KLIPS option was always ignored by mistake [Hugh]
* OCF: Remove obsoleted HAVE_OCF support for IKE acceleration [Paul]
       (kernel OCF support is still available and supported)
* NETKEY: esp=cast failed due to wrong crypto identifier [Paul]
* KLIPS: SAref patches for Ubuntu kernel 3.11.0-15.25 [Simon Deziel]
* KLIPS: Improved support for various 3.x Linux kernels [various]
* KLIPS: support for CONFIG_USER_NS [Matt]
* _stackmanager: only unload stack when switching (rhbz#1025687) [Paul/Tuomo]
* building: remove LIBDIR as we install all programs in LIBEXECDIR [Tuomo]
* packaging: NSS fixups for deb packaging [mountaincat]
* testing: a LOT of test case updates [many people]
* Bugfixes for better C-library compatibility with "musl" [Hugh/Paul]
* Bugtracker bugs fixed:
  #67: uniqueids: don't compare ipv4 and ipv6 addresses [Tuomo]
  #86: left=%defaultroute does not work in a conn [Hugh/Paul]

v3.8 (January 15, 2014)
* SECURITY: CVE-2013-6467 missing IKEv2 payloads causes restart [Iustina/Hugh]
* building: Remove #ifdef DEBUG - always compile into userland [Paul]
* IKEv2: Updated AUTH names to latest IANA registry entries [Paul]
* pluto/whack: Added --impair-send-ikev2-ke test option [Paul]
* pluto: allow shutdown command even with bad WHACK_BASIC_MAGIC [Paul]
* addconn: ignore obsoleted --defaultroute and --defaultroutenexthop [Paul]
* Various code cleanup [Hugh]
* initscripts: sysv should try harder to kill pluto without ctl file [Tuomo]
* gentoo: fixes to build and init system on Gentoo [Mike Gilbert]
* KLIPS: fix NAT-T status in eroute output [Paul]
* pluto: updated ietf_constants.h with IANA entries [Paul]
* IKE: Make sure sha2 is an alias for sha2_256 for ike= and esp= [Hugh/Paul]
* Bugtracker bugs fixed:
  #171: showhostkey.c:322: bad switch statement

v3.7 (December 10, 2013)
* SECURITY: CVE-2013-4564 Denial of service via unauth packet [Paul/Hugh]
* SECURITY: fix insecure tmp file in rpm %post - introduced in 3.6 [Tuomo]
* SECURITY: Properly handle IKEv2 I1 notification without KE payload [Paul]
* IKE: aes_gcm and aes_ccm now specify key size without salt [Paul/Hugh]
* NETKEY: Added twofish and serpent as valid ESP algorithms [Paul]
* KLIPS: Fix for crashes in ipsec_xmit_ipip() [Thomas/Roel/David]
* KLIPS: Fix NAT-T (NEED_UDP_ENCAP_ENABLE) for 3.4 kernel [Roel]
* KLIPS: Fix compiling for 3.9 kernels (PDE_DATA fix) [Paul]
* KLIPS: Claim we do namespaces - makes it work on simple host case [Paul]
* IKEv2: Add support for AES-GCM, AES-CCM [Paul/Hugh]
* IKEv2: Check for inbound traffic before sending liveness exchange [Matt]
* IKEv2: Fix some error codes that mistakenly used IKEv1 versions [Paul]
* IKEv2: in R1 don't copy their IKEv2 minor for our reply packet [Paul]
* IKEv2: Don't kill unrelated states on same hash chain in IKE DEL [Hugh]
* pluto: change ipsec_notification_names to ikev[12]_notify_names [Paul]
* pluto: Various cleanup and reducing scope of variables [Hugh]
* building: support for slackware version/init system detection [Roel]
* rsasigkey: Remove spurious debug line confusing ipsec showhostkey [Paul]
  (rhbz#1039655)
* initsystems: fix typo in openrc script [Natanael Copa]
* testing: KVM test system updates [Paul]
* secrets: Log glob failing for secrets parser as warning, not error [Paul]
* setup: fix systemd init detection [Tuomo]
* labeled ipsec: Set default value of secctx_attr_value to 32001 [Paul]
  (rhbz#923250)
* barf: don't load l2tp kernel modules and use new syntax (rhbz#1033191) [Paul]
* Bugtracker bugs fixed:
  #116: Don't load connections when leftcert= cert not found in NSS DB [Matt]

v3.6 (October 30, 2013)
* IKEv2: Fix interoperability bug in SKEYSEED generation [Paul/Hugh/Antony]
* IKEv2: Add liveness checks (a.k.a DPD for IKEv2) [Matt Rogers]
* IKEv2: ikev2=insist allowed ikev1 when acting as responder [Matt Rogers]
* IKEv2: Fix fallback to ikev1 when remote has ikev2=no [Paul]
* IKEv1: Cleanup AGGR Mode VendorID - also send fragmentation vid [Paul]
* IKEv1: Added cisco_unity= (default no) option which sends VID [Paul]
* IKEv1: Fix compatibility with NAT-T and remote_peer_type=cisco [Paul]
* IKEv1: dpdaction=restart_by_peer is now called dpdaction=restart [Paul]
* IKEv1: Added support for modecfgbanner= and modecfgdomain= [Paul]
* IKE: introduce ikepad=yes|no (default yes) for Checkpoint interop [David]
* pluto: work around for Cisco VPN clients sending extraneous bytes [Paul/Hugh]
* pluto: Support for google-authenticator OTP via pam [Paul]
* pluto: fix kernel.c typo in word outgoing [Tuomo]
* pluto: remove dsa/elgamal stubs from gnupg that were unused [Paul]
* pluto: Added per conn priority= to specify kernel IPsec SA priority [Paul]
* keyword: auto=route and ipsec auto --route renamed to "ondemand" [Paul]
* NETKEY/BSD: Added per conn reqid= to specify kernel IPsec SA [Paul]
              (based on idea by Panagiotis Tamtamis)
* pluto: %fromcert now works for local certs and those received via IKE [Matt]
* pluto: Allow \\ masking in RDNs similar to ,, [Matt Rogers]
* pluto: merge updateresolvconf/restoreresolv.conf in client-up|down [Paul]
* building: Removed USE_MODP_RFC5114 flag. Support is always added [Paul]
* building: Removed USE_AGGRESSIVE flag. Support is always added [Paul]
* building: Removed USE_XAUTH flag, Support is always added [Paul]
* building: Removed MODECFG* flags, Support is always added [Paul]
* building: Remove blowfish (use twofish instead) [Paul]
* building: Generate Makefile depend files automatically [Tuomo]
* building: Add support for openrc initsystem on Alpine Linux [Paul]
* packaging: spec files now initialise NSS DB when not found [Paul]
* NETKEY: Take protoport= into account when setting IPsec SA priority [Paul]
* NETKEY: Change Update SA to Add SA when existing SA is not found [Mattias]
* NETKEY: Fix Labeled IPsec (broken in openswan 2.6.33) [Paul]
* KLIPS: Support for 3.10+ kernels (/proc use via seq_* functions) [David]
* Changed HAVE_STATSD compile option to statsbin= runtime option [Paul]
* sysvinit: status function used incorrect variable for pid file [Tuomo]
* _stackmanager: coding style cleanup - fixes bashism [Tuomo]
* testing: Various interop test case updates [Paul]
* FIPS: Support versioned hmac files, fips test in non-fips mode [Paul]
* rsasigkey/newhostkey: Keysize for new RSA keys keysize increased from 2192
  to randomised 3072-4096 (in blocks of 16) to fight keysize monoculture [Paul]
* Removed unused and unmaintained USE_TAPROOM functionality [Paul]
* NAT-T: Added 100.64.0.0/10 from RFC 6598 to virtual_private [Paul]
* NSS: pluto should not open NSS files in readwrite, just read [Paul]
* Bugtracker bugs fixed:
  #130: debian debuild creates a deb with /usr/libexec contents
        [Marc-Christian Petersen]
  #145: support old location of /selinux/enforce still in use by CentOS6 [Paul]

v3.5 (July 13, 2013)
* NETKEY: _stackmanager: Clear disable_xfm/disable_policy /proc files
          for labeled IPsec [Paul]
* KLIPS: Added support for kernel 3.9.x [Paul/David]
* KLIPS: NATT support for kernel 3.5+ needs udp_encap_enable() [David]
* KLIPS: pointer can look valid during free process [Unknown/David]
* KLIPS: change default for hidetos (quality of service) to yes [Paul]
* KLIPS: preliminary SHA2 family support via OCF/CryptoAPI [David]
* MAST: _stackmanager: bring mast0 up even if module was loaded [neoXite]
* MAST: Add support for IPv6 iptables mangle table in updown.mast [Paul]
* _stackmanager: Move iptables mangle rules to MAST only section [Paul]
* _stackmanager: re-add support for hidetos=, overridemtu= and fragicmp= [Paul]
* _stackmanager: Clear disable_xfm/disable_policy for labeled IPsec [Paul]
* pluto: Fix reading ipsec.secrets without trailing newline [Hugh]
* pluto: 'ipsec status' output changes, added 'config setup' items [Paul]
* pluto: Added config setup, compile paths, runtime info to ipsec status [Paul]
* pluto: removed IKE_ALG and KERNEL_ALG defines [Paul]
* pluto: Simplify Pluto_IsFIPS(), remove redundant log message [Paul]
* pluto: Added Pluto_IsSElinux() to log SElinux runtime status [Paul]
* pluto: Removed unused alg_info parameters permitman and permitike [Paul]
* pluto: Fix STATE_XAUTH_R0/STATE_XAUTH_R1 state names [Paul]
* pluto: out_modify_previous_np() should allow ISAKMP_NEXT_SIG for RSA [Paul]
* building: cleanup old vars, and allow more env overrides [Paul]
* packaging: Fix systemd script Alias target (rhbz#982166) [Paul]
* newhostkey: help the user when nssdb is not initialized yet [Paul]
* newhostkey: simplify default nss dir handling [Paul]
* lswan_detect: cleanup coding style and fix help for unknown options [Tuomo]
* lswan_detect: add gentoo detection [Tuomo]
* setup: add rhsysv, openrc, and real sysv init support [Tuomo]
* barf: do not cause any iptables modules to get loaded (rhbz#954249) [Paul]
* look: Don't cause loading of iptables kernel modules (rhbz#954249) [Paul]
* FIPS: Remove hardcoded /usr/libexec/ipsec path, use IPSEC_EXECDIR [Paul]
* FIPS: Add warning in ipsec verify for prelink command [Paul]
* testing: Add option for "post" scripts during a test run [Matt Rogers]
* testing: dist_cert support for commands in different path locations [Matt]
* testing: Generate CRL with leading zero byte for testing [Paul]
* Bugtracker bugs fixed:
   #82: Phase out DBG_KLIPS/DBG_NETKEY for DBG_KERNEL [Paul]
   #96: lswan_detect: Alpine linux compatibility [Tuomo]
   #99: NETKEY: Segfault on acquire_netlink with labeled_ipsec [Kim/Tuomo]
  #101: restore port when ipsec policy is generated for nat-t [Kim/Tuomo]
  #124: pluto: Add usage comment for addresspool.* [Paul]
  #126: pluto: nhelpers= does not default to -1 [Paul]
  #128: pluto: prevent libcurl sigalarm from crashing pluto (lsbz#128) [Paul]

v3.4 (June 6, 2013)
* Change coding style to Linux kernel [Team]
* IN MEMORIAM: June 3rd, 2013 Hugh Daniel

v3.3 (May 13, 2013)
* SECURITY: atodn() buffer overflow with oe=yes [Florian/Hugh/Paul]
            affected: libreswan 3.0 and 3.1 (CVE-2013-2052)
            see also: openswan up to 2.6.38 (CVE-2013-2053)
            see also: strongswan up to 4.3.4 (CVE-2013-2054)
* security: dn_parse(), hex_str() write beyond end of the buffer [Florian]
* security: get_rnd_bytes: Abort on random number generator failure [Florian]
* security: Integer overflow if the leak detective enabled [Florian]
* security: Check that origin of netlink message is the kernel [Florian]
* security: Abort on crypto failure for 3des/aes to prevent leaks [Florian]
* security: Check PK11_CreateContextBySymKey() for NULL and SECFailure [Paul]
* security: RSA: Check modulus length against key overall length [Florian]
* security: fetch_curl: Set timeout for the entire request [Florian]
* security: Multiple hardening fixes from security audit [Florian Weimer]
* security: Cleanup buffer usage for traffic logging with XAUTH [Hugh]
* security: Cleanup ASN1_BUF_LEN use and remove unused load_host_cert() [Paul]
* security: cleanup CFLAGS handling [Paul]
* security: IKEv2 crashed when using nhelpers=0 [Paul]
* security: Remove stale non-NSS ASN1 handling and pem decryption code [Paul]
* security: Initial loading of file CRL fails for NSS CAs  [Matt Rogers]
            (rhbz#960171)
* security: Removal of USE_WEAKSTUFF and USE_NOCRYPTO (1DES, modp768) [Paul]
* security: Removal of 1DES for KLIPS using CryptoAPI [Paul]
* security: * security: Cleanup of ASN1_BUF_LEN/BUF_LEN/PATH_MAX defines [Paul]
* pluto: Add support for OID_SHA224_WITH_RSA signatures [Paul]
* pluto: Always list section headers --list* calls, even when empty [Paul]
* X509: Fix for CRL sig failure if first byte is zero [Dhr/Matt/Paul]
        (rhbz#958969)
* _stackmanager: fix loading of aes-x86_64 module [Tuomo]
* Bugtracker bugs fixed:
   #64: removal of /dev/*random everywhere put feeding nss pools [Paul]
   #90: NETKEY: Transport mode inbound eroute was from client [Kim/Tuomo]
   #91: SAREF: Patches updated for 3.4.x (tested on 3.4.42) [Andreas Herz]

v3.2 (April 13, 2013)
* addresspool: Identify reconnecting client and re-use lease [Antony]
* IKEv1: Support for sending initial_contact in Main Mode [Paul]
* addconn: improve defaultroute finder [Kim]
* compiling: fix use of variables in buildsystem consistent [Tuomo]
* ipsec: fix syntax error in --help introduced in 3.1 [Tuomo]
* verify: fix wrong confdir location [Tuomo]
* pluto: cleanup of XAUTHuser and traffic statistics logging [Paul]
* pluto: Obsoleted force_keepalive= and --force_keepalive [Paul]
* pluto: Added per-conn nat_keepalive=yes|no (default yes) [Paul]
* pluto: Log our own vendorid as "received" instead of "ignored" [Paul]
* pluto: Prevent logging from truncating XAUTHuser= [Paul]
* pluto: Don't log (0 byte) SA traffic statistics for ISAKMP SA's [Paul]
* pluto: Some more changes in the output of ipsec auto --status [Paul]
* pluto: wipe old logfile on restart (match previous behaviour) [Antony]
* _stackmanager: When unloading NETKEY, unload ip_vti before xfrm*tunnel [Paul]
* _stackmanager: Stack was not cleaned up for upstart / non-modular [Paul]
* building: Fix warnings when compiling with clang [Florian Weimer]
* building: Add -pie to linker flags, ensure relro is not overwritten [Paul]
* building: fix "make depend" in programs/pluto [Antony]
* packaging: Split RHEL spec file into rhel5/rhel6, add USE_OCF flag [Paul]
* initsystem: fixed default sysv init status function [Tuomo]
* KLIPS: SAref patches for 3.0.55+ and RHEL 2.6.32-358.2.1 [Pavel Kopchyk]
* Bugtracker bugs fixed:
   #75: Libreswan inserts wrong xfrm policies on some configurations [Tuomo]
   #76: NSS:: ipsec initnss fails with a @FINALCONFDDIR@ replace and
        no default configdir [Tuomo]
   #78: NSS: segfault on libnss functions when using ikev2 [Antony]
   #85: NETKEY: Pass traffic selectors to the kernel in Transport Mode
        support was incomplete and broke nat-t transport mode [Kim/Tuomo]

v3.1 (March 14, 2013)
* XAUTH: Support for leftaddresspool= [Antony]
* XAUTH: Added xauthby=alwaysok option [Paul]
* XAUTH: Added xauthfail=hard|soft option [Paul]
* IKEv1: Support for IKE fragmentation via ike_frag= [Wolfgang/Paul/Hugh]
* IKEv1: Support for removing bogus non-ESP markers [Paul/Hugh]
* NETKEY: Show traffic stats in ipsec auto --status and teardown [Wes/Paul]
* ipsec: Add "ipsec start|stop|restart|status" aliases [Paul]
* testing: Many updates to KVM testing infrastructure [Paul/Antony]
* starter: auto=route and auto=start only performed auto=add [Wolfgang]
* libswan: logging cleanups from openswan 2.5.x era [DHR/Antony/Paul]
* pluto: log XAUTHusername in the "established IPsec SA" line [Paul]
* pluto: Show labeled IPsec information in ipsec auto --status [Paul]
* pluto: Various minor changes to ipsec auto --status output [Paul]
* pluto: Debug logs were not written if a file was specified [Paul/Antony]
* pluto: fix for additional proposal sizes when enabling 1DES [Paul]
* IKEv2: narrowing used a wrong port range in determining bestfit [Coverity]
* IKEv1: Better logging of Vendor IDs in [Paul]
* KLIPS:  enable crytoAPI in packaging/makefiles/module.defs [Paul]
* SAREF: patches for Ubuntu kernel 3.2.0-33.52 [Simon]
* libipsecconf: Improved fix for osw#1370  (segfault on no EOL) [Philippe]
* libipsecconf: Forbid rekey=no plus dpdaction=restart(_by_peer) [Paul]
* libipsecconf: crlcheckinterval unit is time, not number [Tuomo]
* libipsecconf: Remove bogus key_from_DNS_on_demand policy for PSK [Paul]
* libipsecconf: Raise POLICY bits from int (32) to lset_t(64) [Paul]
* libipsecconf: sourceip= setting could overwrite nexthop= setting [Paul]
* XAUTH: ModeConfig DNS options only worked via whack, not config file [Paul]
* XAUTH: modecfg_wins[12]= support removed [Paul]
* XAUTH: Use re_entrant versions of localtime_r/gmtime_r [Paul]
* XAUTH: Added threading mutex locks for log functions [Philippe/Paul]
* XAUTH: Added threading mutex locks for crypt() [Philippe]
         (crypt_r is not available on all platforms)
* XAUTH: Only try to update resolveconf/restoreconf when XAUTH client [Paul]
* addconn: If no protostack= is configured, return "netkey" as default [Paul]
* addconn: Fix for addconn loading Point-To-Point connections [Kim]
* X509: Initialise libcurl for SSL to support CRLs over HTTPS [Paul]
* X509: Warn 14 days before certificates expire [Tuomo]
* packaging: add /etc/ipsec.d/{crls,cacerts} to rpm spec files [Tuomo]
* packaging: Fixes to spec file, added kmod spec file for KLIPS [Paul]
* compiling: added -pthread to CFLAGS [Tuomo]
* _plutorun: pass all command line options to pluto [Tuomo]
* _updown: Various fixes for klips/netkey version [Tuomo/Antony]
* X509: Reintroduced lock_certs_and_keys()/unlock_certs_and_keys()  [Paul]
* initsystem: change sysv initscripts to use new _plutorun interface [Tuomo]
* DPD: Don't try to delete non-events [Paul]
* Bugtracker bugs fixed:
   #8  honour compress=no option [Matt Rogers]
   #50 It is assumed ipsec.conf lives in the same dir as rc.d/init.d [Tuomo]
   #53  ipsec auto --status does not show phase2 parameters when using
        (unspecified) defaults? [Matt Rogers]
   #71 Libreswan pre-3.1 git version breaks on-demand ipv6 tunneling [Tuomo]

v3.0 (January 02, 2013)
* FORK: Rename from Openswan to Libreswan [Team]
        (for older CHANGES see docs/CHANGES.openswan)
* FORK: Changed our VendorID prefix to "OEN" [Team]
* LICENSE: Updated FSF address on the GPLv2 COPYING file [Team]
* TRADEMARK: Give everyone unlimitel eternal royalty-free license to
        use the name "libreswan" to refer to this software and website [Team]
* NSS: is now mandatory - custom crypto code removed [Paul]
* NSS: Support reading NSS password from file [Avesh]
* NSS: Added "ipsec initnss" and "ipsec import" commands [Paul]
* NSS: We need to include nsperror.h for PR_GetError() [Paul]
* NSS: PK11_DigestFinal() passed sizeof pointer instead of passing
        sizeof *pointer [Paul]
* NSS: use pkg-config to find the right cflags and libs [Paul]
* DNS: Removed LWRES code and old static ISC libraries [Paul]
* DNS: Don't attempt to resolve numerical sourceip= values [Paul]
* DNS: starter and pluto now support USE_DNSSEC using libunbound [Paul]
* OE: Removed support for old KEY and TXT DNS records [Paul]
* OE: Add support for IPSECKEY in ipsec showhostkey [Paul]
* pluto: --config <fn> uses libipsecconf to read 'config setup' [Kim B. Heino]
* pluto: left=%defaultroute now obtains src ip from routing table [Kim B. Heino]
* pluto: Removed support for non-strict ike/esp lines [Paul]
* pluto: UDPFROMTO support was not enabled for NETKEY if not also build
         with KLIPS [Paul]
* pluto: Pass traffic selectors to the kernel in Transport Mode [Avesh]
         (rhbz#831669)
* pluto: Fix phase confusion in xauth/modeconfig [Avesh]
* pluto: Added new option plutostderrlogtime= (default=no) [Paul]
* pluto: Additional safety checks to strncat() calls for addrtot(),
         inet_addrtot(), sin_addrtot(), alg_info_snprint_esp(),
         alg_info_snprint_ah(), idtoa() and format_end() [Paul]
* pluto: Removed unused OCSP code [Paul]
* pluto: Add Linux audit support via USE_LINUX_AUDIT (incomplete) [Paul/Antony]
* pluto: crlcheckinterval did not interpret plain numbers as seconds [Philippe]
* pluto: Change ft_mbz to ft_zig - Don't error on "must be zero" but instead
         "zero ignore". This works around an Android ICS/racoon bug [Paul]
* pluto: Update known vendorids [Paul]
* pluto: phased out HAVE_THREADS, pluto/pam now thread-safe [Philippe/Paul]
* pluto: Fixed IPSEC_CONFDDIR handling which broke NSS in tests [Paul]
* pluto: obsoleted prepluto= postpluto= plutoopts= config setup options [Paul]
* pluto: obsoleted plutowait= and pluto= config setup option [Paul]
* pluto: obsoleted nocrsend= option removed (use leftsendcert=) [Paul]
* pluto: removed manual keying remnants [Paul]
* pluto: remove protostack=auto and --use-auto, netkey is new default [Paul]
* pluto: Added perpeerlog=yes|no and perpeerlogdir=/var/log [Paul]
* pluto: Added retransmits=yes|no (matches pluto --noretransmits) [Paul]
* pluto: Added plutofork=yes|no to match pluto --nofork [Paul]
* pluto: added ikeport= and nat_ikeport= options, and --natikeport [Paul]
* pluto: support for secretsfile= and ipsecdir= in ipsec.conf [Paul]
* pluto: remove old unused USE_IPSECPOLICY code [Paul]
* pluto: rhbz#609343: pluto crashes when removing logical interface [Avesh]
* pluto: don't stop processing after --coredir argument [Paul]
* pluto: perform whack --listen and addconn --autoall on startup [Paul]
* pluto: honour plutostderrlog= natively now _plutorun is gone
         This also adds a new option --logfile to the pluto daemon [Paul]
* pluto: if started with --nofork, don't care about existing pid file [Paul]
* pluto: incorrect free in scan_proc_shunts() [Roel van Meer]
* pluto: eclipsed() was broken since freeswan-2.02 [Philippe]
* _plutoload: obsoleted [Kim/Paul]
* auto: no longer pass defaultroute/defaultrouteaddr to addconn [Paul]
* whack: fix handling --sha2_truncbug and --nm_configured options [Paul]
* whack: don't try to write to closed stdout tty [Philippe]
* DPD: reduce flood of DPD messages with unexpected seqno [Andrey Alexandrenko]
* DPD: We did not send DPD VID in aggressive mode with NAT-T disabled
* DPD: dpdaction=restart can cause full phase1 timeout after DPD
  (rhbz#848132) [Avesh]
* PAM: updated contrib/pam.d/pluto (rhbz#815127) [Philippe Vouters]
* PAM: move pam out of contrib, and install config when HAVE_XAUTHPAM [Paul]
* IKEv1: In aggressive mode: allow ISAKMP_NEXT_CR ISAKMP_NEXT_CERT as
         payloads [Philippe]
* IKEv1: aggressive mode sometimes picked wrong RSA/PSK conn [Philippe]
* IKEv1: Simplify outgoing NAT-T proposals, fix logging [Paul]
* XAUTH: Support for runtime choice of xauthby=<pam|file> [Philippe]
* XAUTH: Support for Mutual RSA + XAuth (interop with Shrew Soft) [Philippe]
* XAUTH: Fixed updown to remove ModeCfg (cisco) obtained sourceip [Avesh/Tuomo]
* XAUTH: Do not redo xauth/modecfg during rekey to cisco [Avesh]
* XAUTH: Use incoming XAUTH VID when picking best connection [Philippe]
* XAUTH: pam was failing when built with USE_LIBCAP_NG=true [Philippe Vouters]
* XAUTH: Fixup of defines [Paul/Philippe]
* XAUTH: Don't use XAUTH VID to put conn in policy XAUTH [Andrey Alexandrenko]
* XAUTH: Fix XAUTH TYPE handling and logging [Philippe]
* IKEv2: Comply to RFC's for "must be zero" to ignore instead of abort [Paul]
         (rhbz#831669)
* IKEv2: road warrior support [Antony/Paul/Avesh]
* IKEv2: narrowing code extended to cover ports,protocol,subnets [Antony/Paul]
* Only set MODP768_MODULUS with USE_VERYWEAK_DH1 [Paul]
* NETKEY: ignore interfaces= line for NETKEY [Paul]
* NETKEY: Fix for three AES-GCM issues with key lengths 128, 192, 256 bits
          and IV of 8, 12, 16 bytes as per RFC 4106 [Avesh]
* NETKEY: Labeled IPsec updates [Avesh]
* NETKEY: Support for SHA384/SHA512 and integ(ikev2)  in ESP [Avesh]
* NETKEY: In _updown.netkey, insert route on correct interface when nexthop
          is used [Tuomo]
* NETKEY: Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY"
          This caused module unload issues and XFRM_MSG_REPLACE errors [Paul]
* KLIPS: Removed support for Linux < 2.4.4 [Paul]
* KLIPS: Changed _startklips to use ip route instead of netstat [Harald]
* KLIPS: misc. fixes, mostly satot() related [David]
* KLIPS: 20% speed gain on transmitting packets [David]
* MAST: Fixed _updown.mast missing incomplete if-clause [Harald]
* SAREF: kernel patches updated to linux 3.2.0 [Simon Deziel]
* addconn: mimic _plutoload, cleanup and fixup of functions [Paul]
* scripts: Support /etc/sysconfig/ipsec and /etc/default/ipsec (rhbz#789917)
* _stackmanager: new script replacing _startnetkey/_startklips [Paul]
* barf: do not grep lastlog, wtmp, tmp (rhbz#771612) [Paul]
* verify: ported ipsec verify from perl to python [Paul]
* verify: check ipsec.conf, ipsec.secrets syntax [Paul]
* verify: warn on newly obsoleted keywords [Paul]
* auto: fix --status output for vnet/vhost case [Ani]
* copyright: Removed obsoleted/unmaintained "ipsec copyright" command [Paul]
* showdefaults: removed ipsec showdefaults [Paul]
* _include: Removed obsolete _include program [Paul]
* policy: Removed broken 'ipsec policy' [Paul]
* mailkey: Removed obsolete command. Was already not build or installed [Paul]
* scripts: phased out /var/run/pluto/ipsec.info [Paul]
* OSX: Set __APPLE_USE_RFC_3542 required for udpfromto functionality [Paul]
* DOCS: Add man page leftid= note on Cisco ID_KEY_ID Group Name [Philippe]
* liblibreswan: Remove unused optionsfrom() temp file handling [Paul]
* liblibreswan: Support comma's inside OID's by using ",," to mean ","
  inside the OID (rhbz#868986) [Matt Rogers]
* initsystems: Native support for systemd, upstart and sysvinit [Paul/Wes]
* testing: Ported broken UML harness to KVM/libvirt/9p [Paul/Antony]
           (see the wiki on libreswan.org for details on how to use it)
* packaging: Updated libreswan.spec to reflect updated options [Paul]
* packaging: /usr/lib{64}/ipsec is no longer used [Paul]
* manpages: Build during build phase, not during install phase [Wes]
* compiling: Update standard compile options to be more hardened [Paul]
* Bugtracker bugs fixed:
     #7    after 'make install' - check if the service is enabled
           or not and notify the user [Wes]
     #9    install /etc/pam.d/pluto if USE_XAUTH=true [Wes]
     #25   addconn behaves differently from whack regarding case  [Paul]
     #33   warn on /usr/local install with selinux enabled [Wes]
     #40   ensure make install checks and restorecon's SElinux policies [Wes]
  osw#993  ipsec showhostkey: wrong kind of key PPK_XAUTH [Philippe Vouters]
  osw#1308 forceencaps= setting does now show up in "ipsec auto --status"
           [Matt Rogers]
  osw#1329 IKEv2 core dumps on 2.6.32 with changes backported from the 2.6.38
           tree [Steve Lanser]
  osw#1334 Block rules created by openswan remain even after tunnel
           establishment or XFRM_MSG_POLEXPIRE [Panagiotis Tamtamis]
  osw#1349 pluto logging no subjectAltName matches ID '%fromcert', replaced
           by subject DN [Tuomo]
  osw#1359 Openswan L2TP and IPhone vpn connection [Paul]
  osw#1370 Segfault on no new line at the end of ipsec.conf [Wes]
  osw#1375 ipsec verify uses perl, should use python [Paul]
  osw#1381 XAuth: the variable PLUTO_XAUTH_USERNAME is empty in the updown
   	   script [Bram]
  osw#1384 confusing output from ipsec auto --status [Bram]

For older changes, see docs/CHANGES.openswan