See also https://libreswan.org/

v5.2 (Feb 26, 2025)
* IKEv2:
  - add PPK in INTERMEDIATE exchange, draft-ietf-ipsecme-ikev2-qr-alt-04 [Vukasin]
  - add initial support for RFC 5723 IKE_SESSION_RESUME [Nupur Agrawal, Andrew]
  - fix crash in <<ipsec rereadsecrets>> [Andrew, Ilya Maximets #1894]
  - fix bogus ERROR when deleting connection [Andrew, Ilya Maximets #1914]
* IPsec Interface:
  - add support on FreeBSD, NetBSD and OpenBSD [Andrew]
  - add ipsec-interface-managed=no for namespaces [Andrew]
* IKEv1:
  - removed compile-time SOFTREMOTE_CLIENT_WORKAROUND [Andrew]
  - fix INVALID_ID_INFORMATION response using corrupt IV [Andrew #1830]
  - fix reconnect with addresspool after restart [Andrew #1790]
  - fix padding of modecfg payloads [Andrew wmasilva #2023]
  - update ikepad= to allow {yes,no,auto} [Andrew]
* Linux:
  - packet offload counters supported in 6.7+ [Paul]
  - Add IPTFS support (RFC 9347) [Paul / Antony / Andrew]
  - 6.10+ need replay-window 0 on OUTBOUND SA [Paul]
  - Do not set nopmtudisc on inbound SA [Paul]
  - Set DSCP options only on the relevant direction SA [Paul]
* updown:
  - Use half-routes for IPv6 to cover whole address space #1994 [Tuomo]
  - Use sourceip= for all remote subnets when set [Tuomo]
* whack/addconn:
  - fix "duplicated flag ctlsocket" regression in 5.0 #1840 [Andrew, Ilya Maximets #1840]
  - orders of magnitude speedup of 'ipsec add' w/ protoports= [Ilya Maximets #1987]
* building:
  - fix build with USE_LIBCURL=false [Hans de Graaff #1845, Andrew]
  - fix build on OpenBSD 7.6 [Andrew]
  - fix build with GCC 15 / C 23 [Daiki Ueno]
  - fix init script on Alpine [Andrew #2042]
* testing:
  - update OpenBSD: 7.6; NetBSD: 10.1; FreeBSD: 14.2; Alpine: 3.21 [Andrew]
  - eliminate pyOpenSSL dependency when generating CRLs and PKCS12 files [Andrew #1990 #1996]

v5.1 (Oct 8, 2024)
* IKEv2:
  - fix race when initiator-responder cross rekey requests [Andrew]
  - don't ignore Delete IKE SA request while waiting for Delete IKE SA response [Andrew]
  - log arrival of first IKE_AUTH request that triggers DH [Andrew]
  - rate limit logging of packets with invalid payloads
* IKEv1:
  - fix Quick mode installing 0.0.0.0/0 when no MSG_CONFIG exchange [Andrew, Tuomo]
  - fix iOS Quick mode request needing to re-recover lease [Andrew, Tuomo]
  - fix regression where deleting ISAKMP deleted IPsec [Andrew, Tuomo]
  - add config options of ah=sha2{256,512} [Andrew]
  - add DH29,DH31 to default proposals [Andrew]
  - reject ESP AEAD combined with non-NULL integrity [Andrew]
* Crypto:
  - update IKE to use NSS's FIPS compliant PK11_AEADOp() [Andrew, Robert Relyea]
  - support ESP with CHACHA20POLY1305 on FreeBSD and OpenBSD [Andrew]
* IPsec Interface:
  - fix check for an existing IPsec Interface address (Linux) [Wolfgang]
  - add IPsec Interface address when connection establishes [Wolfgang]
  - fix adding IPv6 address to IPsec interface [Wolfgang]
  - delete Ipsec Interface address when connection unroutes [Wolfgang]
  - fix setting metric on IPsec Interface [Wolfgang]
  - add IPsec Interface device when connection orients [Andrew]
  - support existing IPsec interface on FreeBSD and OpenBSD [Andrew]
  - log addition of IPsec Interface or Address [Andrew]
  - don't delete existing ipsec1 interface (Linux) [Andrew]
  - handle repeated connection adds [Wolfgang]
* Linux:
  - handle NLMSG_DONE at end of response for > 6.9.0 kernels [Andrew]
  - fix hang because of unhandled NLMSG_DONE at end of response (6.9.0-rc1) [Andrew, Ilya, github/1675]
  - fix hang when initiating an on-demand TCP connection [Daiki, github/1156]
* updown:
  - restore 4.x behaviour of running "updown unroute|down" when initiate fails [Wolfgang, Andrew]
  - add test demonstrating redundant tunnels [Wolfgang]
  - add plutodebug=updown for debugging updown scripts [Andrew]
* config:
  - verbosely ignore x-* style comments in ipsec.conf [Andrew, github/1725]
* whack:
  - ignore older whack as could trigger core dump [Andrew, github/1709]
  - add --narrowing {yes,no}, retain undocumented --allow-narrowing [Andrew]
* building:
  - replace calloc(size,nr) with alloc_things(), fixing compile error [Daiki]
  - remove USE_NSS_AVA_COPY and copy of nss source, remove license exception [Tuomo]
  - fix syntax error in ckaid.c allowed by GCC [yuncang123]

v5.0 (Apr 24, 2024)
* IKEv1:
  - globally disabled by default (ikev1-policy=drop); see RFC9395 [Daniel]
  - limit default cryptosuite [Andrew, Paul, Tuomo]
    IKE={AES_CBC,3DES_CBC}-{HMAC_SHA2_256,HMAC_SHA2_512HMAC_SHA1}-{MODP2048,MODP1536,DH19,DH31}
    ESP={AES_CBC,3DES_CBC}-{HMAC_SHA1_96,HMAC_SHA2_512_256,HMAC_SHA2_256_128}-{AES_GCM_16_128,AES_GCM_16_256}
    AH=HMAC_SHA1_96+HMAC_SHA2_512_256+HMAC_SHA2_256_128
  - remove support for Labeled IPsec [Andrew]
  - properly ignore dpdaction= [Andrew]
  - see also IKEv2 routing/revival changes
* IKEv2:
  - warn that fragmentation=force is ignored [Andrew]
  - avoid post-authentication crash on corrupt TS payload [Andrew]
  - support addresspool=v4/mask,v6/mask [Andrew]
  - support subnet=SELECTOR,... using a single Child SA [Andrew]
  - when non-MOBIKE never update NATed endpoint [#1492/Wofferl/Andrew]
  - fix revival of IKE_AUTH (first) Child SA [Andrew]
  - properly ignore dpdaction=, keyingtries= [Andrew]
  - when reviving, install trap then block [Andrew]
  - for auto=keep only retry once [Andrew]
  - when redirect fails, fall back to revival [Andrew]
* Linux:
  - HW packet offload support [Raed Salem <raeds@nvidia.com>,Paul]
  - XFRM interface IP management with ref-counting [Brady Johnson]
  - fix IPcomp with XFRM interfaces [Wolfgang]
* BSD:
  - fix esp=aes_gcm [github/1220, Igor V. Gubenko, Andrew]
* whack:
  - review ipsec-whack.8 [Tuomo, Andrew, Paul]
  - change defaults to match addconn [Andrew]
  - add --{rekey,delete,down}-{ike,child} --name <conn> [Andrew]
  - match whack and addconn option names [Andrew]
  - drop NNN_ prefix from all output [Andrew]
* config (ipsec.conf, addconn):
  - update ipsec.conf.5 [Tuomo, Andrew, Paul]
  - log ipsec.conf errors and warnings in Pluto [Andrew]
  - <<include {a,b,c}.conf>> no longer supported [Andrew]
  - fix keyexchange={ikev1,ikev2}; deprecate ikev2= [Andrew]
  - remove nic-offload=auto option, only accept packet,crypto,yes [Paul]
  - warn when converting legacy ",," to "\," in {left,right}id= [Andrew]
  - change also= to expand inline (more like C's #include) [Andrew]
  - fix KEYWORD= sometimes causing Pluto to exit [Andrew]
  - parse <<KEYWORD=>> as <<KEYWORD=''>>, i.e., empty [Andrew]
  - warn when, within a conn, there are duplicate keys [Andrew]
  - add encap-dscp= [Wolfgang]
  - implement interface-ip= [Brady]
  - implement subnet=SELECTOR,SELECTOR,... [Andrew]
  - default ikev1-policy to drop [Daniel]
  - add ppk-ids= [Vukasin]
  - add experimental per-connection debug= [Andrew]
  - drop obsolete forceencaps= [Andrew]
  - add groundhog= [Andrew]
  - reject non-numeric sourceip=<address> [Andrew]
  - fix crash when dpdtimeout= missing [Andrew]
* building:
  - remove dependency on libxz via libsystemd [Tuomo Andrew]
  - use INSTALL_INITSYSTEM=false to prevent update of /etc/<initsystem> [Andrew]
  - use INSTALL_CONFIGS=false prevents update of /etc/ipsec.d et.al. [Andrew]
  - drop FINAL* make variables; see mk/config.mk for alternatives [Andrew]
  - remove old copy of unbound headers [Andrew]
  - use DESTDIR instead of FINAL* env vars [Andrew]
  - fix "make git-rpm" [Paul/Tuomo]
  - check return values of libcap-ng functions [Paul]
  - don't call ischar(signed char) [Andrew]
* packaging:
  - fix Debian systemd service install [Antonio Silva]
* testing:
  - fix namespace tests for super long dir names [Paul]
  - add Alpine, Debian, NetBSD and FreeBSD KVMs [Andrew]
  - add Alpine, Debian, NetBSD, FreeBSD and OpenBSD to nightly builds [Andrew]
  - add man pages to nightly build [Andrew]
* initsystem:
  - use documented ipsec sub-commands [Tuomo]
  - stop using _stackmanager [Tuomo]
* documentation:
  - update to docbook xml 4.5 [Tuomo]
  - re-org pages adding libreswan.5 [Andrew]
* ipsec utilities:
  - ipsec auto sub-command: deprecate [Tuomo]
  - ipsec auto --{cmd} connection -> ipsec {cmd} connection [Tuomo]
  - ipsec look: script moved to contrib/; use ip xfrm et.al. [Andrew]
  - ipsec portexcludes: script moved to contrib/ [Andrew]
  - ipsec barf: script moved to contrib/ [Andrew]
  - ipsec _secretsensor: script moved to contrib/ [Andrew]
  - ipsec show: drop ipsec subcommand (old, incomplete) [Paul]
  - ipsec verify: drop ipsec subcommand (old, incomplete) [Paul]

v4.15 (April 15, 2024)
* Security: Fixes http://libreswan.org/security/CVE-2024-3652
* Linux: remove dependency on libxz via libsystemd [Tuomo Andrew]
* IKEv1: set default proposals to ESP aes-sha1 and AH sha1 [Andrew]
* IKEv1: reject ESP proposal combining AEAD and non-empty INTEG [Andrew]
* IKEv1: reject exchange when connection has no proposals [Andrew]
* IKEv1: limit default cryptosuite [Andrew, Paul, Tuomo]
  IKE={AES_CBC,3DES_CBC}-{HMAC_SHA2_256,HMAC_SHA2_512HMAC_SHA1}-{MODP2048,MODP1536,DH19,DH31}
  ESP={AES_CBC,3DES_CBC}-{HMAC_SHA1_96,HMAC_SHA2_512_256,HMAC_SHA2_256_128}-{AES_GCM_16_128,AES_GCM_16_256}
  AH=HMAC_SHA1_96+HMAC_SHA2_512_256+HMAC_SHA2_256_128

v4.14 (March 11, 2024)
* Fix compile error in 4.13 in gntoid() [Andrew]
* testing: fixup ikev2-tfc-03 for padded packets [Andrew/Paul]

v4.13 (March 11, 2024)
* Security: Fixes http://libreswan.org/security/CVE-2024-2357
* Linux: make libcap-ng failures non-fatal [Andrew]
* BSD: fix esp=aes_gcm [Andrew]
* NetBSD: fix compiler warning in lib/libswan/x509.c [Andrew]
* x509: unpack IPv6 general names based on length [Andrew]
* pluto: TFC padding was not set for AEAD algorithms [SaiKumarCholleti@github]

v4.12 (Aug 8, 2023)
* SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-38710
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38711
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38712
* pluto: Do not crash on ipcomp expiry msg [Andrew]

v4.11 (May 3, 2023)
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-30570

v4.10 (February 28, 2023)
* SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-23009
* IKEv1: only clean up a connection when it isn't deleted [Andrew]

v4.9 (October 13, 2022)
* IKEv1: fix crasher (introduced in 4.8) when USE_NSS_KDF=false or MD5 [Andrew]
* IKEv2: fix RFC 8229 IKE/ESP over IPv6 TCP [Andrew]

v4.8 (October 2, 2022)
* release: remove SHA1 bindings from LIBRESWAN OpenPGP key [dkg/Paul]
* pluto: ignore obsoleted unused interfaces= / --iface [Paul/Andrew]
* pluto: various internal crypto struct changes [Andrew]
* pluto: fix traffic counters for AH and IPCOMP [Andrew]
* pluto: improve logging of duplicate serial cert error [Andrew]
* pluto: support for maxbytes/maxpacket counters [Antony/Paul]
* pluto: handle HW tokens using strange CKAIDs; github/815 [Andrew]
* pluto: added --ipsec-max-bytes / --ipsec-max-packets support [Antony]
* libipsecconf: added ipsec-max-bytes= and ipsec-max-packets= options [Paul]
* IKEv2: emit one CERTREQ payload with all the hashes [Andrew]
* addconn/whack: add support for {left,right}pubkey= [Andrew]
* showhostkey: add support for ECDSA pubkeys [Andrew]
* Crypto: add KDF self tests [Daiki Ueno]
* IPv6: open IPv6 IKE port 4500; github/800 [Andrew]
* showhostkey: add --pem option to print PEM encoded public key [Andrew]
* unbound: _unbound-hook converted from python to shell [Andrew]
* BSD: delete old BSDKAME code replaced by PFKEYV2 code [Andrew]
* BSD: fix replay window byte vs bit math [Andrew]
* BSD: fix code finding interfaces; github/728 [Andrew]
* FreeBSD: support large replay window; github/756 [Andrew]
* FreeBSD: support ESN; github/721 [Andrew]
* linux: update copy of xfrm.h header [Paul]
* packaging: update fedora spec file [Paul/Tuomo]
* building: on BSD, always use GCC; freebsd/264288 llvm/55963 [Andrew]
* building: enable LTO when USE_LTO=true; github/836 github/834 [Andrew]
* building: dropped default build and packaging support for:
  	    Fedora 22, 28, 29, 30
            Debian stretch
            Ubuntu cosmic, xenial
            RHEL6 was removed in v4.5
            Add SUSE, Arch, Mint

v4.7 (May 24, 2022)
* IKEv2: EAPTLS support [Timo Teräs / Andrew]
* IKEv2: EAPONLY support [Andrew]
* IKEv2: fix interop when IPCOMP+transport-mode [Andrew]
* IKEv2: fix race between new IKE SA and liveness [Andrew]
* IKEv2: fix interop with Android 12 + certificates [Andrew]
* IKEv1: reject IKEv2 only authby=secret+rsasig [Andrew]
* kernel: fix double delete of kernel policy when tearing down SA [Andrew]
* kernel: fix deleting policy when an XFRMi FD ID; github/618 [Andrew]
* kernel: general cleanups [Andrew]
* _stackmanager / pluto: support Ubuntu 18.04 LTS kernels [Paul]
* FreeBSD: libreswan builds out-of-the-box [Andrew]
* BSD: Add IPv6 support (tested on NetBSD)
* building: fix build on fedora rawhide [Paul]
* internals: initiate IKEv2 CREATE_CHILD_SA exchange using IKE SA [Andrew]
* internals: _updown.bsdkame renamed to _updown.bsd

v4.6 (January 11, 2022)
* SECURITY: Fixes CVE-2022-23094 https://libreswan.org/security/CVE-2022-23094
* IKEv2: aggressively check incoming fragments [Andrew]
* IKEv2: when rekeying and PFS, only propose/allow original crypt-suite [Andrew]
* IKEv2: when PFS, don't repeatedly log all proposals [Andrew]
* IKEv2: Labeled IPsec improvements [Andrew]
* IKEv1: support for ISAKMP_N_CISCO_LOAD_BALANCE removed [Andrew]
* pluto: Revamp the host connection lookup mechanism [Andrew]
* pluto: Change default replay-window from 32 to 128 [Paul]
* pluto: Change default esn= to "either" and prefer "yes" [Paul]
* pluto: Disable esn when replay-window=0 [Paul]
* pluto: Drop obsolete debug options such as crypto-low [Andrew]
* seccomp: Updated syscall allow-list [Paul]
* packaging: replace old SUSE packaging with pointer to downstream [Andrew]
* NetBSD: Don't use ESN - not supported by kernel [Andrew]
* letsencrypt: Fix bashisms in letsencrypt script [dkg]
* libipsecconf: allow leftauth=ecdsa|rsa (match authby= values) [Paul]
* testing: significantly improved testing [Andrew, Paul]

v4.5 (August 20, 2021)
* IKEv1: multiple subnets could lead to crossed wires, failures [Paul/Andrew]
* IKEv2: don't tear down IKE SA on TS_UNACCEPTABLE [Paul]
* IKEv2: unpend/delete Child SA when rejected by IKE_AUTH response [Andrew]
* IKEv2: mobike: resolve_defaultroute_one() updates [Andrew]
* IKEv2: mobike: prevent sending duplicate mobike response [Andrew]
* IKEv2: Support for Childless IKE SA [Andrew]
* IKEv2: redirect: make peer redirecting in IKE_AUTH childless [Vukasin]
* IKEv2: Labeled IPsec --up causes Childless IKE SA [Andrew/Paul]
* IKEv2: Labeled IPsec conns share SPD policies (as IKEv1) [Andrew/Paul/Kavinda]
* IKEv2: Performance; eliminate more O(#CONNECTIONS) code [Andrew]
* IKEv2: Immediately delete replaced Child from new (IC) IKE SA [Andrew/Paul]
* pluto: mismatched subnets= could take down all conns [Paul]
* pluto: Don't delete existing IKE SA of connection instance [Paul]
* pluto: fail better on parse errors in subnet= clause [Paul]
* libswan: use getaddrinfo(3) instead of gethostbyname2(3) [Hugh]
* libipsecconf: fail to load conn if no right= or left= set [Paul]
* libipsecconf: change default of initial-contact= to yes [Paul]
* X509: directly append new CRL requests to the fetch queue [Andrew]
* whack: implement --impair trigger:<global-event> [Andrew]
* ipsec.service: remove reload which did not work as expected [Tuomo]
* portexcludes: update to use python3 [Kim]
* building: fix NetBSD build [Andrew]
* building: fix arm / aarch64 build [kekePower@github]
* building: Remove support for RHEL6 USE_OLD_SELINUX [Paul]
* packaging: handle properly rpm sysctl config [Tuomo]
* packaging: rhel7: fix python2 shebang [Tuomo]

v4.4 (April 22, 2021)
* IKEv2: Fixes for TCP encap in Transport Mode and host-to-host [Paul/Sabrina]
* IKEv2: Fixes to Labeled IPsec policies [Kavinda Wewegama/Paul]
* IKEv2: Add redirect statistics to whack --globalstatus [Clive Zagno]
* IKEv2: Connections would not always switch when needed [Andrew/Paul]
* pluto: Fix for host-to-host connections use non-standard IKE ports [Paul]
* pluto: Use peer ID (IKEv2 IDr, IKEv1 Aggr) to select best initial conn [Paul]
* pluto: Disable interface-ip= as the feature is not yet implemented [Paul]
* pluto: Fix PLUTO_PEER_CLIENT* in updown for NAT + Transport Mode [Paul]
* pluto: Remove never updated PLUTO_VERSION for updown scripts [Paul]
* pluto: Actually set PLUTO_CONNECTION_TYPE= to transport or tunnel [Paul]
* pluto: Allow non-templated wildcard ID connections to match [Paul]
* pluto: Reduce and merge various logging messages [Andrew]
* libipsecconf: Do not allow vhost/vnet in IKEv2 connections [Paul]
* XFRM: Restarting pluto when using ipsec-interface= could fail [Paul]
* contrib/munin: Update plugin to use python3 and update doc header [Tuomo]
* testing: Enable OpenBSD interop tests [Paul/Ravi]
* testing: Make tests more reliable on KVM [Andrew]

v4.3 (February 21, 2021)
* pluto: Restore range checking on Labeled IPsec [Paul/Andrew]
* pluto: Higher state serialno does not imply newest state [Paul]
* pluto: Cleanup ip_address vs ip_endpoint (protoport dropping) [Andrew]
* pluto: Revival of code could accidentally fallback to IKEv1 [Andrew]
* newhostkey: Add support for generating ECDSA keys [Daiki Ueno]
* libipsecconf: Ignore empty option at end of config (rhbz#1685653) [Andrew]
* whack: Add --global-redirect and --global-redirect-to options [Pietro Monteiro]

v4.2 (February 2, 2021)
* IKEv2: Support for IKEv2 Labeled IPsec [Hugh, Sahana, Paul, Kavinda Wewegama]
* IKEv2: MOBIKE could cause assertion failure due to eroute ownership [Paul]
* IKEv2: MOBIKE and NAT port update code interfered with each other [Andrew]
* IKEv1: Re-enable questionable Microsoft proposals to fix L2TP/IPsec [Paul]
* IKEv1: Do not load IKEv1 conns when IKEv1 support not compiled in [Paul]
* IKEv1: Fix XAUTH: re-transmit when sending CFG request [Andrew]
* pluto: New config setup option ikev1-policy=<accept|drop|reject> [Paul]
* pluto: Change default ikelifetime from 1h to 8h [Paul]
* pluto: Add ignore-peer-dns=yes|no and whack --ignore-peer-dns [Paul]
* pluto: Startup could take long time closing fd's (github#373) [Andrew]
* pluto: IKEv2 connection could accidentally retry as IKEv1 [Andrew]
* pluto: change default IKE SA lifetime from 1h to 8h [Paul]
         Resolves: github#362, github#405, hwdsl2/setup-ipsec-vpn#912
* pluto: Revived conns can try to quickly re-use existing NAT mapping.
         Can be used with new auto=keep [Paul, Andrew]
* pluto: Don't complain about DNS names starting with number [Paul]
* pluto: Re-implement Labeled IPsec for IKEv1 [Paul, Sahana]
* pluto: Support for --shutdown --leave-state [Paul]
* whack: add very raw --processstatus [Andrew]
* whack: no longer require --ipv6 when specifying raw IPv6 host addresses
* libswan: Re-introduce xauthusername/remote_peer_type for NM-libreswan [Paul]
* initsystem: fix docker/podman startup with sysvinit [Paul]
* initsystem: ensure non-testing namespaces work with systemd [Paul]
* initsystem: systemd support for ipsec whack --shutdown --leave-state [Paul]
* pluto: prefer IPv4 over IPv6 when performing DNS lookups [Andrew]
* building: Support for compiling without IKEv1 via USE_IKEv1=false [Paul]
* building: Various clang compiler related fixes [Timm Baeder]
* building: fix NetBSD arm64 build [Andrew]
* testing: many updates [Andrew, Paul]

v4.1 (October 18, 2020)
* IKEv2: Fix Notify protocol ID interop with Cisco introduced in 4.0 [Antony]
* addconn: Fix resolving with %defaultroute plus peer with A + AAAA [Antony]
* building: minor cleanups [Andrew/Tuomo]

v4.0 (October 14, 2020)
* KLIPS: Support for KLIPS completely removed [Paul]
* pluto: Removed support for deprecated algos: serpent, twofish, cast [Paul]
* IKEv2: EXPERIMENTAL: Support for RFC 8229 IKE/ESP over TCP [Andrew/Mayank Totale]
         New per-conn keywords: listen-tcp=yes|no, tcponly=yes|no, tcp-remoteport=
         Requires: Linux kernel >= 5.8
* IKEv2: Support for leftikeport= / rightikeport= [Andrew/Paul]
* IKEv2: EXPERIMENTAL: Support for INTERMEDIATE Exchange [Yulia Kuzovkova/GSoC]
         New keyword: intermediate=yes
* FIPS: Remove DH 23/24 from FIPS allowed list as per SP 800 56A Rev 3 [Paul]
* pluto: Support for rereading configured certificates from NSS [Myungjin Lee]
* pluto: plutodebug= keywords are now: base,cpu-usage,crypt,tmi,private [Andrew]
* pluto: find_pluto_xfrmi_interface() would only check first interface [Paul]
* pluto: ddos cookies-threshold and max-halfopen output was swapped [John Mah]
* pluto: Fix leased IP address leak [Andrew/Paul]
* pluto: Fix displaying PLUTO_BYTES_ counters [Paul]
* pluto: Replace/remove deprecated libselinux functions [Eduardo Barretto]
* pluto: Update selinux calls for Labeled IPsec support [Richard Haines]
* pluto: Memory leak fixes [Hugh]
* pluto: Remove unused per peer logging [Andrew]
* pluto: Cleanup logging code for minimal logging support [Andrew]
* pluto: Cleanup netlink / XFRM code [Hugh]
* pluto: xfrmi used mark-out for XFRMA_SET_MARK [Antony/Wolfgang]
* pluto: Support for ipsec0 interface to help migrate from KLIPS to XFRM [Paul]
* pluto: Fix logging some IKE messages to proper IKE SA state [Andrew]
* pluto: Remove global ikeport/nat-ikeport, add listen-udp/listen-tcp [Paul]
* pluto: Connections now have serial numbers which are logged [Paul/Andrew]
* pluto: No longer require :RSA sections in ipsec.secrets [Andrew]
* pluto: pluto chooses wrong raw RSA key (github#352) [Andrew]
* seccomp: Update syscall allowlist for pluto and addconn [Paul]
* whack: Support for ipsec whack --rereadcerts [Paul]
* whack: Rename --ikev1-allow and --ikev2-allow to --ikev1 and --ikev2 [Paul]
* whack: Clear inherited defaults for IKEv2 from IKEv1 connections [Paul]
* show: Fixup for python3 version of ipaddress module [Paul]
* IKEv2: Fix Windows 10 rekey being rejected [Antony/Paul]
* IKEv2: Remove duplicaes from proposals using "+" [Andrew]
* IKEv2: CERTREQ payload was not sent for authby=ecdsa [Paul]
* IKEv2: Decode notify payloads into the message digest [Andrew]
* IKEv2: Don't use NAT-T port when no NAT DETECTION payloads received [Andrew]
* IKEv2: Add load-balance support (multiple targets) to redirect [Vukasin]
* IKEv2: Only sent REDIRECTs to established IKE SA's (not IPsec SAs) [Paul]
* IKEv2: Fix AUTH failure if ID payload reserved fields != 0 [Paul/Andrew/Hugh]
* IKEv2: A delete(IKE SA) request should not trigger a delete request [Andrew]
* IKEv2: Ignore, not abort when receiving unknown type transforms [Andrew]
* IKEv2: Don't switch NAT port on receiving non-NAT notify payloads [Andrew]
* IKEv1: Prevent crashing in Quick Mode on unused NAT payload [Daniel Wendler]
* libipsecconf: Fix config handling of policy-label [bauen1]
* libipsecconf: Promote ah= / esp= as desired keywords over phase2alg= [Paul]
* libipsecconf: Remove most obsoleted option names with undersscore(_) [Paul]
* rsasigkey/newhostkey: Remove obsoleted --output option [Paul]
* building: Add NetBSD support [Andrew]
* building: Remove support for SINGLE_CONF_DIR, EMIT_ISAKMP_SPI, [Paul]
            USE_KEYRR and TEST_INDECENT_PROPOSAL
* building: Merge userland.mk into config.mk to simplify makefiles [Tuomo]
* building: Deprecate INC_ variables [Tuomo]
* building: Remove all support for SERPENT, TWOFISH, CAST and RIPEMD [Paul]
* building: Remove -DALLOW_MICROSOFT_BAD_PROPOSAL [Tuomo]
* building: The define USE_NSS_PRF was renamed to USE_NSS_KDF [Tuomo]
* building: Rename master branch to main branch [Paul]
* building: Fix finding ipsec command in non-standard bin dirs [Tuomo]
* building: Introduce USE_OLD_SELINUX to support libselinux < 2.1.9 [Paul]
* building: NETKEY options changed to XFRM options [Paul]
* building: NSS database (*.db) are now expected in /var/lib/ipsec/nss [Tuomo]
            ipsec checknss called in initsystem will migrate files
            Use FINALNSSDIR=/etc/ipsec.d to use the pre-4.0 location
* packaging: Debian: remove runtime dependency on systemd [Stephen Kitt]
* packaging: Fedora: add missing build dependency for certutil [Stephen Kitt]
* packaging: Debian switched to using /usr/libexec/ [dkg]
* testing: Support Fedora32, Ubuntu, improved namespaces support [Paul/Others]
* testing: Work around kernel ICMP Acquire bug [Paul]
* testing: Added interop testing with OpenBSD iked [Ravi Teja]
* documentation: friendler ipsec cmd output [Paul]

v3.32 (May 11, 2020)
* SECURITY: Fixes CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763
* IKEv2: Support non-narrowed child rekey for narrowing (regression in 3.31)
* FIPS: ECDSA keys were mistakenly rejected as "too weak" [Paul]
* FIPS: Minimum RSA key size is 2048, not 3072 [Paul]
* FIPS: Use NSS to check FIPS mode instead of manually checking fips=1 [Paul]
* IKEv2: Do not use fragments if not appropriate (regression from v3.30) [Paul]
* IKEv1: Add NSS KDF support for the Quick Mode KDF [Andrew/Paul]
* libipsecconf: support old-style ",," to mean "\," in specifying id [Paul]
* libipsecconf: left/rightinterface-ip= are not kt_obsolete [Paul]
* whack: Add missing ecdsa/sha2 and compat rsa policy options to whack [Paul]
* Fix left=%iface syntax due to string length miscalculation [Antony]
* X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN [Paul]
* packaging: debian fixes [Tuomo]
* building: USE_NSS_KDF=true now uses NSS for all KDF functions
            Using this option, libreswan no longer needs FIPS certification

v3.31 (March 3, 2020)
* IKEv2: Opportunistic conns specifying keyingtries=0 are changed to 1 [Paul]
* IKEv2: Fix ikev2 rekey failures due to bad Traffic Selector proposa [Antony]
* IKEv2: Verify (not ignore) expected TSi/TSr payloads for IPsec rekeys [Paul]
* IKEv1: Support for XFRMi interfaces [Paul]
* X509: When IDr payload is type ID_DER_ASN1_DN, don't check for SAN [Paul]
* pluto: Disable log_to_audit if kernel does not support audit [Paul]
* pluto: Increase max IKEv2 fragments to 32 to support Windows [John Mah]
* addconn: Do not assert on ipsec-interface=no [Paul]
* nat_traversal: Fix not to send nat-t keepalives when there is no nat [Tuomo]
* KLIPS: Fix _updown.klips (regression introduced in 3.30) [Wolfgang]

v3.30 (February 13, 2020)
* WARNING: This is the last release that supports the KLIPS stack,
           use the new ipsec-interface= virtual interfaces instead.
* XFRM: Fix detection on kernels without xfrm_stat (debian et all) [Paul]
* XFRM: XFRMi interface support using ipsec-interface= and iface-ip= [Antony]
* IKEv2: Message ID handling: remove a O(#STATES) lookup [Andrew]
* IKEv2: OE previous half-open state overwrites IPsec policy [Paul/Stepan]
* IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul]
* IKEv2: Prevent leak in ikev2_send_certreq() on sending error [Paul]
* IKEv2: Remove SHA1 from default proposal list [Paul]
* IKEv2: On PPK failure with insist, return AUTHENTICATION_FAILED [Vukasin]
* IKEv2: Do not try to delete (replaced) bare shunts [Paul]
* IKEv2: Delete pending outgoing bare shunts if incoming IPsec happened [Paul]
* IKEv2: Allow CP payload in CREATE_CHILD_SA (RFC 7296 Appendix C.4) [Paul]
* IKEv2: calculate_sa_prio() now allows OE shunt to override priority [Paul]
* IKEv2: calculate_sa_prio() support for /32 template vs instance [Hugh/Paul]
* IKEv2: IPv6 support for addresspool= option [Antony]
* IKEv2: Updated support for MOBIKE triggered events [Antony]
* IKEv2: Support reconnecting authnull clients [Paul]
* IKEv2: New whack commands --rekey-ike and --rekey-ipsec [Antony]
* IKEv2: Prefer RFC 7427 Digital Signatures for default authby=rsasig [Sahana]
* IKEv2: Refuse SHA1 for RFC 7427 Digital Signatures as per RFC 8247 [Sahana]
* IKEv2: Use IKEv2 fragment size values (not IKEv1) [Andrew]
* IKEv2: On initiator, do not retransmit on IKE_AUTH processing failure [Paul]
* IKEv1: Re-implement CVE-2019-10155 fix to prevent future occurrences [Andrew]
* IKEv1: do not assert on bad virtual private entry [Paul]
* pluto: Simplify plutodebug= options to: base, cpu-usage, crypt, private and tmi
         (maps old values to new ones for compatibility) [Andrew]
* pluto: non-default ipsec.conf did not load auto=add connections [Paul]
* pluto: fix %defaultroute for link-local and non-link-local gateway [Antony]
* pluto: Improve whackfd handling (prevent console hangs/omissions) [Andrew]
* pluto: Support to disable SAN checks (require-id-on-certificate=no) [Paul]
* pluto: Audit log IKE SA and IPsec SA failures for Common Criteria (CC) [Paul]
* pluto: Disable support for DH2/modp1024 at compile time [Paul]
* pluto: Add audit-log=yes|no (default yes) [Paul]
* pluto: DDNS event should not cause connection initialization [Paul]
* pluto: Various O(STATE) optimializations [Andrew]
* pluto: Fixup reporting of esp-hw-offload capabilities in kernel/nic [Paul]
* pluto: Add chacha20_poly1305 and curve25519 to default proposals [Paul]
* pluto: Updated SECCOMP syscall whitelist [Paul]
* pluto: With non-default config file, connections loading was skipped [Paul]
* pluto: Fix Opportunistic Encryption with Transport Mode policies [Paul]
* pluto: Fix various memory leaks in IKE and X.509 code [Andrew]
* pluto: netlink: increase the additional bufferspace to 32KiB [Antony]
* pluto: pluto --selftest no longer logs to stderr with timestamps [Paul]
* pluto: fix for redirect-to type when it is FQDN [John Mah]
* pluto: addresspool: give new lease to different (xauth)usernames [Paul]
* pluto: addresspool: reduce complexity from O(#LEASES) to O(1) [Andrew]
* whack: Remove obsoleted --whackrecord and --whackstoprecord options [Andrew]
* whack: Added whack --ddns to trigger DNS refresh event manually [Paul]
* X509: Offload most code to helpers for significant performance boost [Andrew]
* X509: Simplify code, cut redundant calculations, speed improvements [Andrew]
* X509: SAN checks should confirm IKE peer ID on responder too [Paul]
* letsencrypt: new command "ipsec letsencrypt" [Rishabh]
* _updown.netkey: PLUTO_VIRT_INTERFACE replaces PLUTO_INTERFACE [Antony]
* _updown.netkey: add IPv6 routing support [Tuomo]
* _updown.netkey: don't remove old resolv.conf, just update it [Tuomo]
* _updown.netkey: fix for iproute2 >= 5.1 which no longer ignores /mask [Paul]
* libswan: Don't leak ECDSA pubkey on form_ckaid_ecdsa() failure [Paul]
* libswan: Close netlink socket on send error in netlink_query() [Paul]
* libipsecconf: don't throw error for not finding a wildcarded include [Paul]
* verify: improve support for python2 and python3 [Anand Bibhuti/Paul]
* KLIPS: Support for kernels >= 4.20 with SYNC_SKCIPHER_REQUEST_ON_STACK [Paul]
* KLIPS: Userland tools compile fixes [Hugh/Paul]
* building: No longer build with DH2(modp1024) support (see RFC 8247) [Paul]
* building: Add config for PYTHON_BINARY, default being /usr/bin/python3 [Tuomo]
* building: Add new USE_NSS_PRF, to use KDF from NSS [Robert Relyea/Andrew]
* building: Add USE_PRF_AES_XCBC, replaces USE_XCBC [Paul]
* building: Fixes for NetBSD build [Andrew]
* building: Fixes for gcc10 [Paul]
* packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul]
* packaging: Add Debian stretch specific configs and more cleanup [Antony]
* packaging: make deb jessie and xenial config detection [Antony]
* packaging: update python she-bang handling [Tuomo]
* testing: Added a new namespaces based testrun method [Antony]
* testing: setup: namespace based ipsec stop needs ip xfrm flush state [Paul]
* testing: setup: namespace based ipsec skips initsystem [Paul]

v3.29 (June 10, 2019)
* SECURITY: Fixes CVE-2019-10155 https://libreswan.org/security/CVE-2019-10155
* programs: Change to /proc/sys/net/core/xfrm_acq_expires to detect XFRM [Paul]
* barf: Fix shell script parse error and small cleanup [Tuomo/Hugh]
* packaging: fedora30 requires gcc to be listed as BuildRequires: [Paul]
* packaging: rhel6 doesn't need USE_AVA_COPY=true or WERROR_CFLAGS= [Tuomo]
* packaging/rhel6: remove -lrt, not needed any more [Tuomo]
* systemd: change Restart default to on-failure [Tuomo]
* building: Makefiles: Use RT_LDFLAGS for glibc < 2.17 support [Tuomo]
* building: userland-cflags.mk: add RT_LDFLAGS= for older glibc [Tuomo]

v3.28 (May 20, 2019)
* SECURITY: Fixes CVE-2019-12312 https://libreswan.org/security/CVE-2019-12312
* KLIPS: Disable KLIPS userland support per default [Paul]
         WARNING: Support for KLIPS will be removed in 2019
* MAST: Removed support for MAST variant of KLIPS stack [Paul]
* IKE: Change default connection from IKEv1 to IKEv2 [Paul]
* IKEv2: Don't try to encrypt notify response without SKEYSEED [Andrew/Paul/Hugh]
* IKEv2: ikev2= keyword changed to only accept "yes" or "no" [Paul]
* IKEv2: Support for REDIRECT (RFC 5685) [Vukasin Karadzic/GSoC]
         (new keywords redirect-to, accept-redirect, global-redirect=
          global-redirect-to and new ipsec whack --redirect command
* IKEv2: Initialize daily secret used for DCOOKIES [Paul/Andrew]
* IKEv2: Extend narrowing code to support protoports [Andrew/Paul]
* IKEv2: Fix bug that prevented AH from rekeying [Andrew]
* IKEv2: IKE SA rekey could lead to losing track of Child SA [Andrew/Antony]
* IKEv2: A spurious DH calculation was performed and discarded [Andrew]
* IKEv2: Support for IPCOMP (compress=yes) [Paul]
* IKEv2: Initialize NAT keepalives check on IKE SA establishment [Paul]
* IKEv2: Only sent NAT keepalives for IKE states (suppresses IPsec dups) [Paul]
* IKEv2: Timeout in receiving IKE_AUTH reply would abort connection [Paul]
* IKEv2: Add ECP384, ECP521 and CURVE25519 to default IKEv2 proposal [Paul]
* IKEv2: Remove SHA1 from default IKEv2 proposal [Paul]
* IKEv2: Delete on auto=start conn would not restart (introduced in 3.23) [Paul]
* IKEv2: Compact proposals to prevent fragmentation of IKE_INIT [Andrew]
* IKEv2: Fix opportunistic group policy on /32 groupinstances on delete [Paul]
* IKEv2: Fix opportunistic /32 on non-defaultroute interface [Paul]
* IKEv2: Do not send two requests for IKEv2_INTERNAL_IP4_ADDRESS [Paul]
* IKEv2: Show payload structure of received packet in RFC notation [Andrew]
* IKEv2: Release whack when peer ID is wrong [Paul]
* IKEv2: Hardened PPK code and fixed memory leaks [Hugh]
* IKEv2: Use less resources under DDoS attack to send/process COOKIES [Andrew]
* IKEv2: Delete partial Child SA states that can never establish [Paul]
* IKEv2: Remove SHA1 from default proposals [Paul]
* IKEv2: Add ECP groups and Curve25519 to default proposal [Paul]
* IKEv2: Fix AH rekeying (handle not having encrypter [Paul]
* IKEv2: NAT-T keepalives did not start if only IKEv2 conns were in use [Paul]
* IKEv2: Drop IKE_SA_INIT requests with non-zero SPIr [Andrew]
* IKEv2: On rekey, sometimes a CHILD SA was lost (wrong hash slot) [Andrew]
* IKEv1: Don't leave a dangling pointer after IKE SA delete [Paul/Hugh]
* IKEv1: Only sent NAT keepalives for IPsec states (suppresses 1 dup) [Paul]
* IKEv1: Do not activate DPD when peer does not support it [Paul]
* IKEv1: Reject key sizes <= 0 properly instead of crashing [Paul]
* IKEv1: Fix Aggressive Mode interop with Volans Technology [wuwei29]
* IKEv1: Remove bogus "duplicate Delete" check causing Windows 1m outage [Paul]
* IKEv1: If whack socket not there for passwd input, return STF_FATAL [Paul]
* IKEv1: Remove Win98 workaround ignoring IPsec SA deletes in first 60s [Paul]
* X509: Do not keep received CERTs beyond the connection lifetime [Andrew]
* X509: Support for NSS IPsec profiles mbz#1252891 [Kai Engbert/Paul]
* X509: Don't fail validation on critical flag in Key Usage payloads [Paul]
* X509: Fix ocsp-method=get|post to actually skip get when asked) [Stepan Broz]
* X509: Fix various leaks [Hugh, Andrew]
* X509: Cache contents read from NSS database for performance [Andrew]
* pluto: Re-initialize (w backoff) conns that should remain "up" [Paul/Hugh]
* pluto: Use any sent IKE message to reset the DPD/liveness counter [Paul]
* pluto: Add timing information to packet processing [Andrew]
* pluto: Significant performance improvements for conns and certs [Andrew]
* pluto: Simplify state lookups and SPI passing [Andrew]
* pluto: Speed up state lookups by only looking at proper hash chain [Andrew]
* pluto: metric= value should accept values > 255 [Tuomo]
* pluto: New "cpu-usage" plutodebug option displaying timing info [Andrew/Paul]
* pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul]
* pluto: Fix memory leak in CERTREQ sending [Hugh]
* pluto: Revive (with back-off) auto=start conns that receive Delete/Notify [Paul]
* pluto: Show all activated impairments in ipsec status [Andrew]
* pluto: Do not load a connection if its certificate has a problem [Andrew]
* pluto: Handle case when external use deletes certificate from NSS [Andrew]
* pluto: Fix resource leaks [Andrew/Hugh]
* pluto: Improve and extend pluto statistics [Paul]
* pluto: Deleting a connection should bring it down first to run _updown [Paul]
* pluto: Revive auto=start conns that receive Delete/Notify [Paul/Hugh/Andrew]
* pluto: Refuse to load connections with unsupported type=transport [Paul]
* pluto: Refuse to load connections with TFC and AH or Transport Mode [Paul]
* addconn: Fix crash on startup with dnssec-enable=no [Stepan Broz]
* libswan: Only use valid ephemeral ports for libunbound context [Stepan Broz]
* libswan: Do not process DNSSEC root key or trust anchors when disabled [Paul]
* libipsecconf: conn %default content could get overwritten rhbz#1704085 [Hugh]
* libipsecconf: Allow IKEv2 style ike/esp proposals using '+' symbol [Andrew]
  (example: ike=aes_gcm+chacha20_poly1305,aes-sha2+sha1)
* libipsecconf: Updated defaults for filling in proposal elements [Andrew]
  (drop sha1, sha2_512 before sha2_256 for esp, lots of new DH groups)
* libipsecconf: Be more tolerant of duplicate proposals and 'none' DH [Andrew]
* confreadwrite: Fix double host printing, line and bad ikev2=UNKNOWN [Paul]
* ipsec: Add "ipsec traffic" as shorthand for "ipsec trafficstatus" [Paul]
* ipsec: Add "ipsec brief" as shorthand for "ipsec briefcstatus" [Paul]
* _stackmanager: Do not attempt to load PF_KEY (af_key.ko) module [Paul]
* whack: Fix option name to and documentation of ms-dh-downgrade [Tuomo]
* whack: Two new impairments: del-with-notify and bad-ikev2-xchg [Andrew/Paul]
* whack: Fix non operational connection flags / arguments [Daniel Kautz]
* whack: Add new --briefstatus which skips showing all states [Paul]
* auto: Fix replace operation for when changing from subnet= to subnets= [wuwei29]
* verify: Removed broken IP forwarding check [Paul]
* FIPS: X.509 minimum public key size check was rejecting valid keys [Paul]
* FIPS: Disallow AES-XCBC from PRF/INTEG, Allow AES-GMAC [Paul]
* FIPS: Fixup FIPS_IKE_SA_LIFETIME_MAXIMUM to 24h as per NIST SP 800-77 [Paul]
* FIPS: Force IKE maximum lifetime of 24h (default is 1h) [Paul/Vukasin]
* XFRM: Use netlink for last remaining obsolete PF_KEY API API calls [Antony]
* XFRM: Clean up and add logging to IPsec SA for nic-offload= [Hugh/Paul]
* XFRM: Set default XFRM_LIFETIME_DEFAULT to 30 (was 300) [Paul]
* libswan: Fix leaks in badly formed secrets/ppk_id [Vukasin Karadzic]
* libswan: Don't crash on mangled PSK or PPK secrets [Vukasin Karadzic]
* initsystems/systemd: Install tmpfiles config when installing unitfile [Tuomo]
* barf: No longer look for netstat, ifconfig and mii-tool [Paul]
* building: Sort all wildcarded object files for build reproducibility [dkg]
* building: Update NSS includes to not use obsoleted header files [Paul/Andrew]
* building: USE_NSS_AVA_COPY ?= false, only needed with NSS < 3.30 [Tuomo]
* building: USE_UNBOUND_EVENT_H_COPY ?= false, enable only for [Tuomo]
            unbound <= 1.7.3 without unbound-event.h
* building: Fix UNBOUND_VERSION testing so result compiles on Fedora 29 [Hugh]
* building: USE_NSS_IPSEC_PROFILE ?= true, Requires nss >= 3.41 [Tuomo]
* building: Support for unbound > 1.8.0 [Antony]
* building: Update XFRM headers [Antony]
* building: Add 'make install-rpm-dep' and 'make install-deb-dep' [Antony]
* testing: Lots of new and improved test cases [lots of people]
* packaging: Add a spec file for RHEL8/CentOS8 [Paul]
* packaging: debian: explicitly set ARCH for reproducibility [dkg]
* packaging: debian updates [Antony/Paul]

v3.27 (October 7, 2018)
* XFRM: SA marks must be included for delete operation [Tijs Van Buggenhout]
* pluto: Resolve a crasher in ECDSA freeing code [Hugh/Sahana]
* pluto: Resolve a hang when recursively loading same config file [Hugh]
* pluto: Refuse to load conns with different subnet address families [Paul]
* IKEv2: Fix regression on ID_NULL causing a new conn instance [Paul]
* IKEv1: Drop duplicates when not a reply [Andrew]
* IKEv1: Don't respond with errors to invalid encrypted packets [Andrew]
* IKEv1: Don't print empty informational warning on delete payload [Paul]
* IKEv1: Don't add spurious ESP-NULL proposal to AH proposals [Andrew]
* whack: Release whack socket on IKE_AUTH errors [Andrew]
* libswan: fix buffer size to getnameinfo() call in resolve_ppp_peer() [Hugh]
* libipsecconf: Don't accidentally clear modecfgdomains= entries [Andrew]
* building: Fixup NSS includes and links (fixes Debian builds) [Andrew/Paul]
* documentation: Update (L)GPL license links and http -> https links [dkg]
* Bugtracker bugs fixed:
   #177 left=%defaultroute not working when "src" in the default route [Kim]
   #80 VTI interface vanishes when peer goes down and up [yu-shiba]

v3.26 (September 16, 2018)
* IKEv2: Support for RSA-PSS (RFC 7427) via authby=rsa-sha2 [Sahana Prasad]
* IKEv2: Support for ECDSA (RFC 7427) via authby=ecdsa-sha2 [Sahana Prasad]
* IKEv2: Use DER handling code of NSS instead of our custom code [Andrew]
* IKEv2: Fix core dump when impaired and proposing esp=null-none [Andrew]
* IKEv2: Fix traffic selector lookup for asymmetric conns [Andrew/Paul]
* IKEv2: Add IKE and ESP support for chacha20poly1305 (RFC 7634) [Andrew]
* IKEv2: Fix leaks in ikev2_calculate_rsa_hash [Hugh]
* IKEv2: Simplify proposal generating [Hugh]
* IKEv1: Fix handling XAUTH empty passwords [Andrew]
* IKEv1: Various code cleanup, next payload handling [Hugh]
* IKEv1: fix optional key-length regression (in v3.25) with ESP prop [Andrew]
* IKEv1: Don't delete replaced IKE SA, it confuses third party clients [Paul]
* pluto: Relax strictness of DH in ESP/AH proposals [Andrew]
* pluto: Fix for two roadwarriors using ID_IPv4 behind same NAT [Paul]
* pluto: Do not hand out old lease address for authby=secret conns [Paul]
* pluto: new --selftest option that exits pluto after startup tests [Paul]
* pluto: Updated known Vendor ID table [Paul]
* XFRM:  Don't call init_pfkey() on boot so Linux upstream can kill it [Andrew]
*_unbound-hook: Fixup adding IPv4 pubkey, unbound now quotes arg as 1 [Paul]
* building: Fix listed patches for debian build [Paul]
* building: enable DH31 (curve25519) per default [Paul]
* building: disable DH23,DH24 per default [Paul]
* testing: prepare to migrate from f22 to f28 [Andrew, Antony, Paul]
* Bugtracker bugs fixed:
   #166 IPsec/XAuth reusing lease for multiple clients behind same NAT [Paul]

v3.25 (June 27, 2018)
* IKEv2: MOBIKE Initiator support (RFC 4555) [Antony]
* IKEv2: Support for IKE SA rekeying RFC7296 1.3.2, initiator [Antony]
* IKEv2: Support for IPsec SA rekeying RFC7296 1.3.3, initiator [Antony]
* IKEv2: Support for IKE SA reauth=yes|no RFC7296  2.8.3 [Antony]
* IKEv2: Temporarily disable Liveness/DPD when MOBIKE kick in [Antony]
* IKEv2: No longer allow contradicting esp= and pfs= options [Andrew]
* IKEv2: PPK support for authby=rsasig [Vukasin Karadzic]
* IKEv2: Support for CURVE25519 (RFC 8031) [Andrew]
* IKEv2: IANA INTERNAL_DNSSEC_TA allocation added [Paul]
* IKEv2: Add PPK support to authby=rsasig [Vukasin]
* IKEv2: Don't calculate NO_PPK_AUTH when the POLICY is INSIST [Vukasin]
* IKEv2: fix PPK when responder is ppk=no but has a valid PPKID [Paul/Vukasin]
* IKEv2: Support for protoport based Opportunistic IPsec [Paul]
* IKEv2: Support multiple authby values (eg authby=rsasig,null) [Paul]
* IKEv2: Support for AUTHNULL fallback via private use Notify [Vukasin]
* IKEv2: Fix v3.23 regression causing liveness check to always fail [Tuomo]
* IKEv2: Support for Microsoft rekey bug: ms-dh-downgrade=yes|no [Andrew/Paul]
* IKEv2: Allow switching between OE instances with different protoports [Paul]
* IKEv2: process INITIAL_CONTACT and delete old states from a connection [Paul]
* IKEv2: Only retransmit fragments on receiving first fragment [Andrew]
* IKEv2: When sending fragments, also update st_msgid_lastreplied [Paul]
* IKEv2: Encrypt IKE_AUTH reply when authenticaion failed [Andrew]
* IKEv2: Fix handling of corrupt encrypted packets [Andrew]
* IKEv2: Do not call ISAKMP_SA_established() during CREATE_CHILD_SA [Paul]
* IKEv2: When receiving Initial Contact, delete old IPsec SA's [Paul]
* IKEv2: Harden IP triggered OE with new dns-match-id=yes|no [AntonyPaul]
* IKEv2: Add PRF/INTEG support for AES_XCBC / AES_CMAC [Andrew]
* IKEv2: permit DH=none (as in esp=aes;none,aes;dh22) [Andrew]
* IKEv1: Prevent crashes with IKEv1 mistakenly allowing narrowing=yes [Paul]
* IKEv1: DPD was not getting scheduled (bug introduced in 3.23) [Paul]
* IKEv1: modecfg_send_set() must not ignore failure of modecfg_resp() [Hugh]
* X509: Extend support for wildcard certs matching remote peer ID [Paul/Hugh]
* X509: Support PKCS7 for Microsoft interop with intermediate certs [Andrew]
* X509: Handle CRL fetching in separate thread [Andrew]
* pluto: Obsoleted connaddrfamily= (fixes 6in4 and 4in6) [Paul]
* pluto: New hostaddrfamily= and clientaddrfamily= (only needed w DNS) [Paul]
* pluto: Cleanup of state/md passing code [Andrew]
* pluto: Allow switching back from wrong instance to template conn [Paul]
* pluto: disentangle IKEv1 and IKEv2 packet sending code [Andrew]
* pluto: Allow rightsubnets= without leftsubnet(s)= [Paul]
* pluto: don't share IP leases for authby=secret (in case of group ID) [Paul]
* pluto: Parser bug prevented 4in6 config [mhuntxu at github, Daniel M. Weeks]
* pluto: Find and delete old connection/states with same ID [Paul/Hugh]
* pluto: traffic log (and updown) line had in/out bytes swapped [Paul/Tuomo]
* pluto: Fix memory/fd leaks found by Coverity and in cert code [Hugh/Andrew]
* pluto: Improve SPD longest prefix to priority calculation [Andrew/Paul/Hugh]
* addconn: Fix auto=route and auto=start processing [Paul]
* whack/auto: Ensure all status and list commands return no error code [Paul]
* KLIPS: Replace deprecated blkcipher with skcipher crypto API [Tijs Van Buggenhout]
* FIPS: Support new NIST ACVP protocol with cavp tool cmdline args [Andrew]
* FIPS: Don't attempt HMAC integrity test on rsasigkey (rhbz#1544143) [Paul]
* FIPS: Don't allow RSA keys < 3072 [Matt/Paul]
* FIPS: Enable our PRF aes_xcbc wrapper on NSS hash code in FIPS mode [Andrew]
* FIPS: Raise minimum RSA key length allowed to 3072 [Paul]
* CAVP: Add -<acvp-key> <acvp-value> and -json(output) options to CAVP [Andrew]
* portexcludes: new command ipsec portexcludes (see portexcludes.conf) [Paul]
* _updown.netkey: fix deleting routes when half routes are used [Tuomo]
* _updown.netkey: don't delete VTI interfaces until we can refcount [Tuomo]
* _updown.netkey: fix unroute: "need at least a destination address" [Tuomo]
* _updown.netkey: don't do proxyarp for direct host-host tunnels [Tuomo]
* _updown.netkey: force routing if we don't have route to remote network [Tuomo]
* _unbound-hook: Pass all IPSECKEY's to pluto, not just the first [Paul]
* contrib/python-swan: module to check if traffic get be encrypted [Kim]
* contrib/c-swan: example code to check if traffic get be encrypted [Kim]
* building: added USE_GLIBC_KERN_FLIP_HEADERS (default off) [Paul]
* building: when ElectricFence enabled, add extra system calls to seccomp [Andrew]
* ipsec: add checknss option --settrusts to reset CA trusts in nss db [Tuomo]
* _updown.netkey: force routing when necessary for IPsec to work [Tuomo]
* _updown.netkey: do not proxyarp for host-host tunnels [Tuomo]
* look: sort XFRM output by priority [Andrew]
* Bugtracker bugs fixed:
   #311: segfault in crl fetching git master f5b17dc [Andrew, Tuomo]
   #314: IPv6 default route is deleted by mistake
   #318: vti interface gets down on previous initiator if roles switch [Tuomo]
   #320: nsspassword file location is half implemented
   #328: Addcon crash on duplicit "left" or "leftid" keys in conn config [Stepan Broz]

v3.24 (June 26, 2018)
* This release was never published

v3.23 (January 25, 2018)
* IKEv2: MOBIKE Responder support (RFC 4555) [Antony/Paul]
* IKEv2: Add support for modecfgdns= and modecfgdomains= like for IKEv1 [Paul]
* IKEv2: EXPERIMENTAL: Support for Postquantim Preshared Keys [Vukasin Karadzic]
         based on draft-ietf-ipsecme-qr-ikev2-01 (using private use numbers)
         new option: ppk=yes|no|insist (default no)
* pluto: Fix DEFAULT_RUNDIR to be set so it is really configurable [Tuomo]
* pluto: Add support IDr payload (You Tarzan, me Jane) [Paul]
* pluto: pass state to send_crypto_helper_request() [Andrew]
* pluto: Internal time/scheduling changes, micro-seconds logging [Andrew]
* pluto: make counts of states consistently "unsigned" [Hugh]
* pluto/lib: Remove obsoleted/unused %myid support [Paul]
* pluto: add --impair replay-forward,replay-backward [Andrew]
* pluto: add --impair dup-incoming-packets [Andrew]
* pluto: Rework nic offload detection code [Aviv Heller]
* pluto: Retry send on -EAGAIN in check_msg_errqueue() (up to 32x) [Paul/Hugh]
* pluto: Pull latest kernel traffic counters before logging/deleting SA [Paul]
* pluto: STF_INLINE, STF_TOOMUCHCRYPTO no longer needed in helpers [Andrew]
* pluto: Replace socket queues with a simple queue and mutex+cont [Andrew]
* pluto: Do not send DPD/liveness probes for replaced inactive IPsec SAs [Paul]
* pluto: crypto processing cleanup [Andrew]
* XFRM: XFRM_MIGRATE support, used for MOBIKE [Antony]
* XFRM: Listen to NETLINK_ROUTE messages from kernel for MOBIKE [Antony]
* XFRM: Fix unique marks accidentally setting -1 instead of random [Paul]
* XFRM: Only install IPv6 holes when system has configured IPv6 [Antony]
* XFRM: Add support for decap-dscp=yes|no (default no) [Paul]
* XFRM: Add support for nopmtudisc=yes|no (default no) [Paul]
* KLIPS: Support kernels 4.14+ with renamed dev->priv_destructor [Paul]
* KLIPS: updown fixes for IPv6 default route and metric/mtu settings [Wolfgang]
* SECCOMP: Update syscall whitelist for use of libunbound [Paul]
* IKEv1: better handle ESP with no integrity vs unknown integrity [Andrew]
* IKEv1: Fix packet retransmit code wrf timeouts vs duplucates [Andrew]
* IKEv1: Prevent duplicate responder states on retransmision [Andrew]
* IKEv1: Don't linger R1 states for 1h but use configured timeouts [Paul]
* IKEv2: nat_traversal_change_port_lookup() code moved [Antony]
* IKEv2: Macros could misinterpret some IKE/IPsec states [Paul/Antony]
* IKEv2: Updated Group transforms to comply with RFC 8247 [Paul]
* PAM: Don't cancel pam threads (unsupported!) but drop results instead [Andrew]
* _updown: Fix resolv.conf handling (github #130) [Tuomo]
* _updown: Fix POINTPOINT interfaces not to use nexthop [Tuomo]
* _updown.netkey: Add source ip to dev lo by default [Tuomo]
* Makefiles: Fix INC_MANDIR to be share/man and add FINALMANDIR [Tuomo]
* packaging: Move debian/ to packaging ('make deb' still works) [Antony]
* contrib: Added ipsec-dyndns to demonstrante how push an IPSECKEY [Paul]
* Bugtracker bugs fixed:
   #313: changesource in updown_klips doesn't respect PLUTO_METRIC [Wolfgang]
   #314: IPv6 default route is deleted by mistake [Wolfgang]

v3.22 (October 22, 2017)
* IKEv2: EXPERIMENTAL: unbound DNS server ipsecmod support [Opportunistic IPsec]
* IKEv2: Initial support for RFC 7427 Digital Signature [Sahana Prasad/GSoC]
* IKEv2: Do not include INTEG=NONE in AEAD IKE proposals [Andrew]
* IKEv2: Accept both ESP=AEAD+NONE and ESP=AEAD in proposals [Andrew]
         (See also: https://www.rfc-editor.org/errata/eid5109)
* IKEV2: Fix interop with old pluto that rejected esp=aead+none [Andrew]
* IKEv2: Add support for GMAC via esp=null_auth_aes_gcm [Andrew]
* IKEv2: Fragmentation code cleanup and memory leak fixes [Andrew]
* IKEv1: Fix XAUTH retransmits and packet storage [Antony]
* IKEv1: Perform custom state change for XAUTH without ModeCFG [Paul]
* IKEv1: Add support for nat-ikev1-method=none [Paul]
* IKEv1: XAUTH password length wasn't consistent at 128 [Stepan Broz]
* pluto: Natively install ICMPv6 neighbour discovery holes [Mayank Totale/GSoC]
* pluto: Fixup XAUTH/PAM thread cancellation handling [Andrew/Antony]
* pluto: Change default rundir from /var/run/pluto to /run/pluto [Paul]
* pluto: Various ike_alg parsing updates [Andrew]
* pluto: Various cleanups in addresspool and XAUTH code [Hugh]
* pluto: Fix missing ntohl() on the SPI numbers in ipsec status [Paul]
* pluto: Various memory leak fixes [Antony,Paul,Hugh]
* pluto: Make ioctl(SIOCGIFFLAGS) failure for labeled devices non-fatal [Paul]
* pluto: Give IKE traffic preference via SO_PRIO [Paul]
* pluto: New setup options: ike-socket-errqueue= , ike-socket-bufsiza=e [Paul]
* pluto: Improve whack --listevents with libevent [Antony]
* pluto: Fixup NIC offload support [Antony, Hugh]
* pluto: Track and try the number of EAGAIN errors on IKE socket [Hugh/Paul]
* pluto: Prevent spurious initiating states on responder-only conn [Antony]
* pluto: don't call sanitize_string() in fmt_log() as it is expensive [Paul]
* pluto: No longer need to specify null for AEAD, can use esp=aes_gcm [Andrew]
* pluto: Increase default nhelpers for 1 CPU (2) and 2 CPUs (4) [Paul]
* pluto: New option logip= (default yes) to disable log of incoming IPs [Paul]
* pluto: signal handling cleanup [Andrew/Hugh]
* pluto: Don't try to retransmit unsent packet [Paul/Hugh]
* pluto: state hashing improvements [Andrew]
* pluto: Fix erranious connecting switching (bug in v3.21) [Paul]
* pluto: when deleting parent, don't deschedule DH for wrong child [Andrew]
* pluto: dpdaction=restart fixup when using %any [Antony]
* pluto: Don't die on labeled interfaces without SIOCGIFFLAGS support [Paul]
* addconn: left=%defaultroute would fail if >500 host routes [Kim]
* showhostkey/rsasigkey: Fixup mismatch of public key display [Andrew]
* FIPS: Some selftests did not run properly under FIPS mode [Andrew]
* KLIPS: Removed old premade patches, use make targets instead [paul]
* updown Don't remove source ip if it's still used (rhbz#1492501) [Tuomo]
* updown: Allow disabling via leftupdown="" or leftupdown="%disabled" [Paul]
* updown: SPI numbers were missing ntohl() conversion [Paul]
* various: phase out --ctlbase for --ctlsocket and --rundir [Paul]
* libipsecconf: reject unavailable kernel algorithms in parser [Andrew]
* libswan/pluto: throw a clearer error for broken libunbound [Paul]
* libswan/pluto: Cleanup logging and tighten logging lock [Andrew]
* libswan/pluto: Greatly optimize logging code [Andrew]
* libswan/pluto: Some logging algorithm renames for more consistency [Andrew]
* building: remove -fexceptions; breaks pthread_cleanup_push [Andrew]
* packaging: Update debian/ and move to packaging/debian [Antony]
* packaging: Update fedora/rhel spec files [Tuomo]
* testing: --impair-foo changed to --impair foo [Andrew]
* testing: Some new impair options for testing [Andrew,Sahana,Paul]
* testing: Allow null encryption with null auth for testing [Andrew]
* Bugtracker bugs fixed:
   #294: Bug in public key reported by rsasigkey [Tijs Van Buggenhout/Andrew]
   #299: Fix overlapping addresspool and static lease from passwd file [Antony]
   #300: Fix bug in v3.21 that rejected hardcodes certs without a CA [Paul]
   #302: IKEv1-only and IKEv2-only must not share IKE SA [Paul]
   #303: xauth password length limited to 64 bytes [Stepan Broz]

v3.21 (August 9, 2017)
* FIPS: Don't crash on too weak PSK's in FIPS mode, warn for non-FIPS [Andrew]
* FIPS: rsasigkey: Use modulus F4, not 3 (FIPS 186-4, section B.3.1) [Paul]
* pluto: Support for "idXXX" esp/ike transform IDs removed [Andrew,Paul]
* pluto: Do not return whack error when termining an alias connection [Paul]
* pluto: Remove IKE policy bits on passthrough conns [Paul]
* pluto: Minor memory leak fixes [Paul]
* pluto: Fix memory leak due to addresspool reference count error [Antony]
* pluto: Re-add support for ipsec whack --listevents [Antony]
* pluto: Cleanup listed events on shutdown to please leak-detective [Antony]
* pluto: Perform stricter SubjectAltName checks on configured ID's [Paul]
* pluto: Handle *subnets in --route and --unroute via whack [Mika/Tuomo]
* pluto: Unify IKEv1 XAUTH and IKEv2 PAM threading code [Andrew]
* pluto: Use pthread_cancel() (not SIGINT, conflicts with debuggers) [Andrew]
* pluto: Fix memory corruption with XAUTH/PAM threads [Andrew/Hugh]
* pluto: Fix resource leak processing XAUTH password authentication [Andrew]
* pluto: Fix warnings generated by gcc 7.1 [Lubomir Rintel]
* pluto: NIC offload support nic-offload=auto|yes|no (eg mellanox) [Ilan Tayari]
* pluto: Use common function in ikev1 / ikev2 for dpd/liveness actions [Antony]
* NSS: Try harder finding private keys that reside on hardware tokens [Andrew]
* IKEv2: Opportunistic IPsec support for IPSECKEY records [Antony]
* IKEv2: New dnssec-enable=yes|no, dnssec-rootkey-file=, dnssec-anchors= [Paul]
* IKEv2: If CREATE_CHILD_SA superseded retransmit, drop it [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.1) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.2 responder) [Antony]
* IKEv2: Add PFS support for CREATE_CHILD_SA (RFC7296 1.3.3 responder) [Antony]
* IKEv2: Flush ESP/AH proposals on the initiator. It could be stale [Antony]
* IKEv2: State Machine (svm) updates to simplify CREATE_CHILD_SA [Antony]
* IKEv2: DH role is based on message role not Original Initiator role [Antony]
* IKEv2: Return CHILD_SA_NOT_FOUND when appropriate [Antony]
* IKEv2: After an IKE rekey, rehash inherited Child SA to new parent [Antony]
* IKEv2: Rekeying must update SPIs when inheriting a Child SA [Antony]
* IKEv2: Decrypt and verify the paylods before calling processor [Andrew]
* IKEv2: Fragmentation code cleanup [Andrew]
* IKEv2: Drop CREATE_CHILD_SA message when no IKE state found [Antony]
* IKEv2: Do not send a new delete request for the same Child SA [Antony]
* IKEv2: During Child SA rekey, abort when ESP proposals mismatch [Antony]
* IKEv2: OE client check should take responders behind NAT into account [Paul]
* IKEv2: Improved dpdaction=hold processing [Antony]
* IKEv1: Only initiate and create IKE SA for appropriate dpdaction [Antony]
* IKEv1: Re-add SHA2_256 (preferred) and SHA2_512 to IKEv1 defaults [Andrew]
* IKEv1: Aggressive Mode fixes for sending CERT / CERTREQ payloads [Paul]
* IKEv1: Multiple CISCO_SPLIT_INC's cause duplicate spd_routes [Oleg Rosowiecki]
* X509: Improve some failure logging [Paul]
* XFRM: Use proper alignment for IPv4 AH as per RFC4302 Section 3.3.3.2.1 [Paul]
* XFRM: Update including system or local copy of xfrm.h [Paul/Antony]
* XFRM: Remove no longer needed {rt}netlink.h copies [Paul]
* KLIPS: cryptoapi: switch from hash to ahash [Richard]
* KLIPS: Add traffic accounting support [Richard/Paul]
* KLIPS: Support for linux 4.11 [Paul]
* lib: Move the alg_info lookup-by-name code to libswan [Andrew]
* lib: Move all conditionally compiled ike_alg*.c files to libswan.a [Andrew]
* addconn: Replace ttoaddr() with calls supporting DNSSEC [Paul/Antony]
* libswan: Algo code cleanup [Andrew]
* libipsecconf: Load specified RSA keys irrespective of policy [Paul]
* libipsecconf/pluto: Be more strict in authby= & type= combinations [Paul]
* libipsecconf: Fail to load connections with unsatisfied auto= clause [Hugh]
* parser: Numerous algorithm parser fixes, eg. esp=aes_ccm_8_128-null [Andrew]
* algparse: (Experimental) modified to run algorithm parser stand-alone [Andrew]
* newhostkey: Actually append to secrets as the warning claims it will [Paul]
* _updown.netkey: Fix syntax failure when PLUTO_MY_SOURCEIP is not set [Tuomo]
* _updown.netkey,klips: Fix use of printf when updating resolv.conf [Tuomo]
* _updown.netkey: Remove wrong use of PLUTO_PEER_CLIENT netmask [Tuomo]
* _updown: Add MAX_CIDR variable for host netmask [Tuomo]
* ipsec import: Trust bits correction did not always trigger [Tuomo]
* building: Convert lib/ to use mk/library.mk [Andrew]
* building: Work around rhel-6 gcc [Andrew]
* building: Add copy unbound-event.h work around broken unbound installs [Paul]
* packaging: Better split rpm and make variables [Paul]
* packaging: Updates for new requirements for ldns, unbound-devel [Paul]
* testing: Add DNSSEC, Opportunistic IPsec testcases, fixups [Multiple people]
* contrib: Munin plugin for libreswan [Kim/Paul]

v3.20 (March 14, 2017)
* pluto: Add ECP dh19(secp256r1), dh20(secp384r1) and dh21(secp521r1) [Andrew]
* pluto: Add dh= aliases for all modp= groups (eg "dh2" for "modp1024") [Paul]
* pluto: Add statistics support to ipsec whack --globalstatus [Paul]
* pluto: Add statistics clearing support using ipsec whack --clearstats [Paul]
* pluto: Fix use-after-free in whack event handler (since v3.19) [Andrew]
* pluto: Cleanup kernel_netlink.c [Hugh]
* pluto: Print AH= algorithm and ESN when established [Paul/Andrew]
* pluto: strip file path from abort messages [Andrew]
* pluto: Support initiating template conn with --remote-host <ipaddr> [Paul]
* pluto/libswan: Change most ttoaddr() to ttoaddr_num() to prevent DNS [Paul]
* pluto: fix use-after-free with EVENT_v2_RELEASE_WHACK [Andrew]
* pluto: orient() asserted on SPLIT_INC without remote-peer-type=cisco [Paul]
         (reported by Oleg Rosowiecki)
* pluto: accurately size a buffer for the decimal representation [Hugh]
         (debian bug 853507)
* pluto: avoid gcc unused variable warnings when USE_KLIPS=false [dkg]
* pluto: Support for Linux systems without IFA_F_TENTATIVE  (CentOS5) [Paul]
* pluto: Ignore uniqueids= for roadwarrior PSK and assume non-unique [Paul]
* IKEv2: CREATE_CHILD support for Parent SA and Child SA rekeying [Antony]
* IKEv2: Various refactoring for CREATE_CHILD support [Antony]
* IKEV2: OE/CAT: Don't send CP request when responder is behind NAT [Antony]
* IKEv2: log first notify payload when we receive an Notify Error [Paul]
* IKEv2: Fix memory leak in DH secret calculation (since v3.9) [Andrew]
         (reported by Eric Andersson)
* IKEv2: If re-entering ikev2_crypto_start(), reset msgid [Paul]
* IKEv2: prevent copying bogus peer id when ID kind is IPv4/IPv6 [Paul]
         (rhbz#1392191)
* IKEv2: suppress DELETE notifies for connections being replaced [Paul]
* IKEv2: re-instate ISAKMP_SA_established() [Paul]
* IKEv1: For IKE (phase 1), prefer 256-bit bit encryption [Andrew]
* IKEv1: Print conn algo's when using XAUTH [Andrew]
* IKEv1: Simplify ike= defaults (drop MODP1024, MD5, add MODP2048) [Andrew]
* IKEv1: Prefer 256-bit keys over 128-bit keys for IKE [Andrew]
* IKEv1: Also call ISAKMP_SA_established() in Aggressive Mode [Paul]
* newhostkey: Convert remaining --configdir for --nssdir [Tuomo]
* barf: Ensure proper macros are used. Add certutil/crlutil output [Paul]
* misc: Fix various spelling errors in code/comments/man pages [dkg]
* packaging: spec files should use 0 and 1, not true and false [David Arnold]
* building: NSS_REQ_AVA_COPY?=true to support new NSS lib export fix [Paul]
* building: Remove no longer needed NSSCERT_CheckCrlTimes() copy [Paul]
* building: fetch: remove support for ancient LDAP version 2 [Tuomo]
* building: move whack to separate programs/whack/ directory [Andrew]
* building: Various Makefile variable cleanups and double link fixes [Andrew]
* building: Don't check runtime for SElinux/systemd with DESTDIR [Paul]
* documentation: added oe-letsencrypt-* example configs [Paul]

v3.19 (January 15, 2017)
* NSS: Support for configurable nss dir via IPSEC_NSSDIR [dkg/Tuomo]
* FIPS: Only pluto needs a .hmac file, reducing crypto boundary [Paul]
* FIPS: do not allow DBG_PRIVATE to be set when running in FIPS mode [Paul]
* FIPS: Ignore failureshunt=passthrough and negotiationshunt=passthrough [Paul]
* FIPS: Filter default proposals of non-FIPS allowed proposals [Andrew]
* FIPS: Added CAVP test for pluto GCM code [Andrew]
* FIPS: More cleanup of crypto related structs and functions [Andrew]
* FIPS: Implement SHA based PRFs directly in NSS [Andrew]
* FIPS: Support for CAVP testing 'HMAC construct' based SHA PRF code [Andrew]
* IKEv2: Don't crash on bogus mixed protocol Delete Payloads [Hugh/Paul]
* IKEv2: Add asymmetric AUTH support (leftauth= and rightauth=) [Antony/Paul]
* IKEv2: refactored AUTH handling payload into v2_check_auth() [Paul]
* IKEv2: support CERT chain sending [Paul]
* IKEv2: Allow CERT and CERTREQ payloads multiple times [Paul]
* IKEv2: do not attempt to send notify in reply to IKE_AUTH reply [Paul]
* IKEv2: When receiving DELETE, ensure expire+restart when needed [Antony]
* IKEv1: If a queued up DPD probe finds no IKE SA, create a new one [Paul]
* IKEv1: accept_delete() check if IKE SA is shared before deleting [Paul]
* IKEv1: Remove ADNS, DNS continuations and IKEv1 OE code [Paul/Antony]
* IKEv1: Schedule IPsec SA REPLACE immediately when receiving DELETE [Antony]
* IKEv1: Some IKE SA failure on initiator could lead to hanging whack [Paul]
* KLIPS: fix for unregister_netdevice() for Linux 3.6.11 and up [Richard/Paul]
* XFRM: EXPERIMENTAL Support for configuring IP address on the VTI device [Paul]
        keyword: leftvti=address/mask
* XFRM: Fix NAT-T support when userland compiled without KLIPS support [Paul]
* X509: Obsolete /etc/ipsec.d/crls (load_crls()) and whack --rereadcrls [Paul]
* X509: New whack --fetchcrls (alias ipsec crls) to trigger a fetch [Paul]
* X509: Iterate all X.509 certs and try to fetch their crls [Kim]
* X509: Start a fetch for CRLs 5 seconds after startup [Kim]
* X509: --rereadcrls no longer overwrites newer CRLs with older ones [Paul]
* X509: log the NSS error when CERT_ImportCerts() fails [Paul]
* X509: Don't attempt to fetch crl->uri when not present [Paul/Matt]
* X509: Additional OCSP options to tweak the cache and fetch method [Paul]
        (new keywords: ocsp-method ocsp-cache-size ocsp-cache-min-age
                       ocsp-cache-max-age)
* X509: Fix memory leak in certificate handling (lsbz#278) [William Rios]
* X509: Fix memory leak in certificate chain handling [Matt]
* pluto: close whack socket in add_pending when dup pending is skipped [Hugh]
* pluto: Avoid adding duplicate bare shunts causing lockup [Paul]
* pluto: drop modp1024 (DH2) from IKEv1 "ike=" default list [Andrew]
* pluto: send_packet() now refuses to send a packet to 0.0.0.0 [Paul]
* pluto: find_hostpair ignore CK_INSTANCES that are ID_NULL [Antony]
* pluto: Fix ca name and generalName leak lsbz#276 [Bill Rios]
* pluto: EXPERIMENTAL SECCOMP support (seccomp=enabled|tolerant|disabled) [Paul]
* pluto: connection instances need their own reqid [Antony]
         (this resolves multiple clients behind same NAT router issue)
* pluto: Use a global reqid counter instead of looping every time [Paul]
* pluto: use sets instead of nested loops for transform processing [Andrew]
* pluto: Prefer not switching connections when possible [Paul/Hugh]
* pluto: Move unique mark from rw_instantiate() to instantiate() for OE [Paul]
* pluto: log more information when a bare shunt is missing [Hugh]
* pluto: redo process_encrypted_informational_ikev2 [Hugh]
* pluto: Add new config option encapsulation=auto|yes|no [Paul/Patrick Kerpan]
         replacing forceencaps=yes|no
* pluto: No longer log bogus reapchildren warning [Paul]
* libipsecconf: libipsecconf: remove last remnants of manual keying [Paul]
* libipsecconf: remove auth= alias for phase2= [Paul]
* _updown.netkey: Move addcat call from route-host to up-client [Paul]
* ipsec: initnss|import use --nssdir for nssdb directory option [Tuomo]
* newhostkey: use --nssdir for nssdb directory option [Tuomo]
* showhostkey: use --nssdir for nssdb directory option [Tuomo]
* barf: minor improvements with systemd/journalctl [Paul]
* verify: fix "with FIPS" output to print OK [Paul]
* _stackmanager: add cmac and chacha20poly1305 to modprobe list [Paul]
* building: libreswan assumes -std=gnu99 when building [Andrew]
* building: USE_EXTRACRYPTO replaced by USE_SERPENT and USE_TWOFISH [Paul]
* building: Disable DH22 by default. To re-enable use USE_DH22=true [Paul]
* building: work around flex 2.5.4 (CentOS 5); use: -o/output/file [Andrew]
* sysvinit: remove unnecessary warnings about already stopped pluto [Tuomo]
* initsystems: Enable "systemctl help ipsec" [dkg]
* testing: various web output fixes (see testing.libreswan.org) [Andrew]
* testing: various test updates / additions [Paul/Antony]
* documentation: fixup changes in GPL 2.0 / LGPL like FSF address [dkg]
* Bugtracker bugs fixed:
   #270 newhostkey: text output produces 1 character bug in pubkey [Andew]
   #272 Option --leak-detective causes assertion failure [Bill / Paul]
   #277 pluto: fix pluto events leak in timer_event_cb [Bill Rios]
   #152: ipsec whack --initiate for xauth does not release whack [Paul/Hugh]

v3.18 (July 27, 2016)
* SECURITY: CVE-2016-5391: IKEv2 proposal lacking DH causes restart [Andrew]
* XFRM: EXPERIMENTAL Support for NAT OE Client Address Translation [Antony]
        keyword: leftcat=yes|no
* XFRM: EXPERIMENTAL Support for routed-VPNs using VTI [Paul/Tuomo]
        keywords: vti-interface=<name> vti-routing=yes|no vti-shared=yes|no
* XFRM: EXPERIMENTAL Support for Traffic Flow Confidentiality tfc=XXX [Paul]
* KLIPS: Fix for /proc/net/pf_key oops on < 4.4 [Erik Andersson]
* KLIPS: Fix overwriting the sk pointer in 4.4 kernels [Ofer Heifetz]
* FIPS: Only the pluto binary needs a fipscheck .hmac file for self-test [Paul]
* FIPS: Change SA_LIFE_DURATION_MAXIMUM from 1 day to 8h [Paul]
* FIPS: Do not allow Linux-style sha2 truncation for ESP in FIPS mode [Paul]
* FIPS: Allow PSK in FIPS mode. This was erroneously not allowed [Paul]
* FIPS: Added new ipsec whack --fipsstatus [Paul]
* IKEv2: For default proposals, prefer MODP2048 over MODP1536 [Andrew]
* IKEv2: For proposals like ike=aes-sha2, prefer AES_256 over AES_128 [Andrew]
* IKEv2: For default ESP proposals, include and prefer AES_GCM [Andrew]
* IKEv2: For default ESP/AH proposals, do not propose MD5 integrity [Andrew]
* IKEv2: Add MODP3072 to defaults to ease interop with strongswan [Andrew]
* IKEv2: Prefer sha2-512 over sha2-256 for ESP to avoid linux bug [Andrew]
* IKEv2: fix use of ikev2_cert_req_fields [Lubomir Rintel]
* IKEv2: Extend and improve notify handling [Paul]
* IKEv2: Update ike endpoint as per rfc7296#section-2.23 [Antony/Paul]
* IKEv2: If first liveness probe failed, we never noticed liveness failure [Paul]
* pluto: Extend mark= support for mark-in= and mark-out= [Paul]
* pluto: implement unique marks by using mark=-1 [Paul]
* pluto: Add systemd watchdog support via USE_SYSTEMD_WATCHDOG [Matt/Paul]
* pluto: Follow connaddrfamily when resolving hostnames [Daniel M. Weeks]
* pluto: Check enum names consistency on startup [Hugh]
* pluto: Log mismatched DH group (KE payload) to log (not debug) [Andrew]
* pluto: Don't try to delete non-existing ipsec sa's (github #50) [Paul]
* pluto: Prevent double free of id data [Hugh]
* pluto: Avoid crashing on gaining remote ip locally (rhbz#1229766) [Paul]
* pluto: ESN could use uninitialised values and fail [Paul/Andrew]
* X509: Try subsequent crl distribution points when first one fails [Kim]
* whack: Display IPv4 lease address in --trafficstatus [Andrew]
* libipsecconf: New keyword left/rightckaid=XXX [Andrew]
* libipsecconf: Remove legacy keyword subnetwithin= [Hugh]
* libipsecconf: Clean out kv_auto / kv_manual attributes [Hugh]
* updown: Add SPI_IN= and SPI_OUT= to updown scripts [Paul]
* programs: Removed obsoleted ikeping and livetest [Paul]
* newhostkey: No longer touch any secret files [Andrew]
* showhostkey: Only look at NSS - don't require ipsec.secrets [Andrew]
* libswan: Fix unbound dnsctx handling [Hugh/Paul]
* libswan/libipsecconf: Clean up SECRETS code [Andrew]
* libswan: Delete getNSSPassword; replaced by lsw_nss_get_password [Andrew]
* addconn: Find peer IP address when resolving default route [Daniel M. Weeks]
* barf: If systemd detected, use journalctl to get logs [Paul]
* building: The make variable NSSLIBS was renamed to NSS_LDFLAGS [Andrew]
* building: Fix building without DNSSEC support [Hugh/Paul]
* packaging: Updates for debian packaging [dkg]
* initsystem: Add docker support using 'make INITSYSTEM=docker' [Kim]
* ipsec import: Add --configdir|--ipsecdir option for nss db location [Tuomo]
* _import_crl: Fix to work with nsspasswd [Andrew]
* _stackmanager: Remove loading of hardware random modules [Tuomo]
* _stackmanager: hide error if /proc/sys/net is read-only (i.e. docker) [Kim]
* ipsec: remove run by root check for Neutron/VPNaaS [Tuomo]
* ipsec: add option [--configdir|--ipsecdir /etc/ipsec.d] [Tuomo]
* testing: Various improvements for running tests, include web tree [Andrew]
* testing: New makefile targets, see 'make kvm-help' [Andrew]
* testing: pluto support for --expire-bare-shunt <interval> [Paul]

v3.17 (April 4, 2016)
* SECURITY: CVE-2016-3071: IKEv2 aes_xcbc transform causes restart [Andrew]
* pluto: replace make variable HAVE_NO_FORK with USE_FORK, USE_DAEMON, and
         USE_VFORK [Andrew]
* pluto: add make variable USE_PTHREAD_SETSCHEDPRIO used by Darwin [Andrew]
* IKEv2: Add Vendor ID support and VID_OPPORTUNISTIC [Paul]
* IKEv2: Send VID_OPPORTUNISTIC when doing AUTH-NULL Opportunistic IPsec [Paul]
* IKEv2: New keyword drop-oppo-null=no|yes (default no) [Paul]
* IKEv2: ikev2_out_generic{_raw}() functions [Paul]
* IKEv2: Raise minimum nonce size from 8 to 16 bytes as per RFC-7296 [Paul]
* IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes [Paul]
* IKEv2: Fix memory leak of dcookies [Paul]
* IKEv2: Switch pluto to native IKEv2 SA code, disentangle from IKEv1 [Andrew]
* IKEv2: Log local and remote IKE and ESP/AH proposal sets [Andrew]
* IKEv2: ESN support (XFRM linux 2.6.39+) via esn=yes|no(default)|either [Paul]
* IKEv2: Do not include aes_xcbc in proposal list until NSS supports it [Paul]
* IKEv2: Prefer sha2_512 over sha2_256 over sha1 [Paul]
* IKEv2: Use SHA2-256 instead of SHA1 as hash algorithm for dcookies [Paul]
* IKEv2: Validate unexpected dcookies to limit TRANSCRIPT attack [Paul]
* IKEv2: Don't duplicate failed IKE SA every pending cycle of 120s [Paul]
* IKEv2: add --impair-send-bogus-dcookie for testing [Paul]
* IKEv1: Packet retransmit fixes for Main/Aggr/Xauth modes [Paul]
* IKEv1: Minor logging changes for DPD/NAT-T/AGGR [Paul]
* IKEv1: Prefix a few functions with ikev1_* where not obvious [Paul]
* IKEv1: Always send modecfg banner and domain if they are set [Lubomir Rintel]
* pluto: fetch crls from middleCA/endcert AIA distribution points [Kim/Mika]
* pluto: crls must be refreshed periodically, not only near expiry [Kim/Mika]
* pluto: Raise IKEv1 and IKEv2 default nonce size from 16 to 32 bytes [Paul]
* pluto: Don't delete IKE SA when shared with multiple connections [Paul]
* pluto: connection restart failed for dynamic dns conns [Wolfgang]
* pluto: Ignore tentative and failed IPv6 addresses [Lubomir Rintel]
* pluto: Fix various coverity warnings and corner cases [Hugh, Paul]
* pluto: Rename *xauthusername= to *username= (keep compat alias) [Paul]
* pluto: accept/verify the KE contents before creating the state [Andrew]
* pluto: Parse the IKE SA proposals before creating the state [Andrew]
* pluto/rsasigkey: libgmp functions obsoleted by native NSS [Andrew]
* pluto: Be more careful handling realloc() failure [Hugh]
* pluto: Fix leaks in NSS/certificate handling code [William Rios]
* pluto: Refuse to load conns with protoport=XX/%any on both sides [Paul]
* pluto: Ignore unsupported keys from the NSS database [Andrew]
* pluto: orphan_hold() can encounter connection in delete phase [Antony]
* rsasigkey: Only print the comment line, pubkey and CKAID [Paul]
* secrets: Remove wrapper for "ipsec secrets" and make it inline [Paul]
* libipsecconf: Make handling of policy bits more systematic [Hugh]
* barf: Only sysvinit printed the string "subsystem" [Paul]
* FIPS: Code cleanup and misc. fixes [Andrew / Paul]
* FIPS: Add _import_crl to the FIPS file list [Paul]
* KLIPS: Support for Linux 4.4.x kernel (lsw#256) [Wolfgang]
* KLIPS: IPv6 can't determine routing device (lsw#237) [Wolfgang]
* KLIPS: Fix pluto compile for USE_KLIPS=false [Paul]
* barf: Does not show pluto log correctly in the output (rhbz#1309764) [Paul]
* packaging: debian/ fixes [Marc-Christian Petersen / Tuomo]
* sysvinit: Fix displaying number of tunnels in status command [Paul]
* Bugtracker bugs fixed:
   #258 DPD with dynamic dns can't reconnect a host connection [Wolfgang]

v3.16 (December 18, 2015)
* auto: add new option --start which is like auto=start [Tuomo]
* libipsecconf: allow time with no unit suffix (openswan compat) [Hugh]
* libipsecconf: cleanup parser.y to work on old/new GCC and 32/64bit [Hugh]
* libipsecconf: re-introduce strictcrlpolicy= as alias for crl-strict= [Paul]
* libipsecconf: Allow time specification for dpdtimeout= / dpddelay= [Paul]
* libipsecconf: aliases curl_timeout / curl_iface for openswan migration [Paul]
* libswan: Fix memory leak in match_rdn() [Valeriu Goldberger]
* PAM: Fix some IKEv1 XAUTH methods always returning "denied" [Antony]
* PAM: stacked pam modules (eg pam_ssss) need CAP_DAC_READ_SEARCH [Matt]
* newhostkey: fix seeddev device [Paul]
* pluto: terminate_connection() when we become unoriented (rhbz#609343) [Paul]
* pluto: find_client_connection() must ignore unoriented c (rhbz#1166146) [Paul]
* pluto: Fix trafficstatus byte counter output [Antony]
* pluto: accept racoon's over-sized padding (got rejected in 3.14) [Andrew]
* pluto: obsolete plutofork= and ignore the keyword on startup [Paul]
* pluto: send_crl_to_import: use waitpid(2) to wait for correct child [Hugh]
* pluto: cleanup struct spd_route and related tidying [Hugh]
* pluto: fix eclipsed to iterate over connection's spd_routes [Hugh]
* pluto: accept delete payload with wrong side's SPI (CISCO bug) [Paul+Hugh]
* pluto: initialise phase2 our_lastused/peer_lastused on creation [Paul+Hugh]
* pluto: pluto: OE: add shunts.total count to ipsec whack --globalstatus [Paul]
* pluto: Add keyword  replay-window= (default 32, 0 means disable) [Paul]
* pluto: Add fake-strongswan=yes|no (default no) to send strongswan VID [Paul]
* pluto: Add support for XFRM marking cia mark=val/mask [Amir Naftali]
* pluto: Use selinux dynamic class/perm discovery, not old API [Lubomir Rintel]
* pluto: Fix for uniqueids killing second tunnel between hosts [Tuomo]
* pluto: Don't refuse to load passthrough conn with ike= / esp= settings [Paul]
* pluto: Free the event struct initialized in main loop and tidy [Antony]
* pluto: Add event for child handling of addconn [Wolfgang/Antony]
* pluto: release_fragments() cannot try both IKEv1 and IKEv2 fragments [Paul]
* X509: load_end_nss_certificate() cleanup [Matt]
* X509: Add on-demand loading of NSS certificate private keys [Matt]
* X509: Fix possible NSS cert leaks in trusted_ca_nss() [Matt]
* IKEv2: delete_state() should only handle shunt of real parent SA [Paul]
* IKEv2: retransmit_v2_msg() should delete parent and child SA on failure [Paul]
* IKEv2: mixup in parent/child SA caused keyingtries to be lost [Paul]
* IKEv2: Remove two bogus state machine entries for INFORMATIONAL [Paul]
* IKEv2: Remove duplicate SEND_V2_NOTIFICATION() [Paul]
* IKEv2: Only let passthrough conn win if it has longer prefix [Paul]
* OE: Deleting opportunistic Parent with no Child SA [Paul]
* OE: Send authentication failed for OE child fail [Paul]
* OE: Don't reject IPv6 family for OE foodgroups [Antony]
* OE: Move orphan_holdpass() call into delete_state() [Paul]
* OE: Call orphan_holdpass() for opportunistic conns for EVENT_SA_EXPIRE [Paul]
* OE: Do not answer IKE request if we matched authby=never conn [Paul]
* OE: Fix memory leaks in nullgw and bs->why [Antony]
* OE: At IKE rekey time, delete the IKE/IPsec SA when idle [Antony]
* FIPS: fips.h should only require compiled libexec/ components [Paul]
* XAUTH: Fix for connection going up->down->up causing passert [Hugh]
* XAUTH: Do not interpret padding as incomplete attribute [Lubomir Rintel]
* XAUTH: Improve failure logging [Paul]
* XFRM: Workaround bug in Linux kernel NLMSG_OK's definition [Hugh]
* KLIPS: kernels 4.1.x+ always use the same interface to uids [Roel van Meer]
* KLIPS: Various changes to support 4.1.x kernels [Wolfgang]
* ipsec: custom directory not recognized, github issue #44 [Tuomo]
* updown.*: Fix NetworkManager callback [Lubomir Rintel]
* addconn: tidy [Hugh]
* building: obsolete USE_ADNS and disable building adns helpers [Paul]
* building: Do not link all binaries with nss,nspr and gmp [Paul]
* building install "ipsec_initnss.8" and "ipsec_import.8" man pages [Andrew]
* packaging: debian/ directory update [Paul/Daniel]
* testing: Various testing updates and improvements [Antony/Paul/Andrew]
* documentation: added CODE_OF_CONDUCT.d [Paul]
* Bugtracker bugs fixed:
   #216 No longer require :RSA entries for X.509 certs in ipsec.secrets [Matt]
   #233 pluto sends delete SAs in wrong order and reconnection issues [Wolfgang]
   #247 KLIPS: fix pluto can't add ipv6 addresses to ipsec devices [Wolfgang]
   #248 keyingtries=%forever doesn't work anymore [Wolfgang]

v3.15 (August 24, 2015)
* SECURITY: CVE-2015-3240 IKE daemon restart when receiving a bad DH gx [Hugh]
* KLIPS: fix use of *iovec() functions for linux 4.x kernels [Greg Ungerer]
* IKEv1: Remove old IPsec SA's when newest IPsec SA is removed [CHEN, JIANFU]
* IKEv1: Fix Labeled IPsec SECCTX parsing - bug introduced in 3.14 [Matt]
* NETKEY: workaround for NLMSG_OK() macro causing build failure on i686 [Hugh]
* NETKEY: Fix IPsec SA priority on type=passthrough conns [Antony]
* NETKEY: Fix nflog= on type=passthrough conns [Paul]
* pluto: Use PORT_ErrorToString() to translate NSS errors [Matt]
* pluto/whack: add --impair-send-zero-gx to test CVE-2015-3240 [Paul]
* ipsec: checknss/initnss must both convert old database if it exists [Tuomo]
* packaging: debian fixes for userland package [Antony]

v3.14 (August 11, 2015)
* NSS: Major rewrite of PRF / PRFPLUS / integrity functions for FIPS [Andrew]
* FIPS: Added programs/pluto/cavp for NIST CVAS testing [Andrew]
* IKEv2: RFC 7383 IKEv2 Fragmentation support [Herbert/Hugh]
* IKEv2: RFC 7619 Auth Null support (authby=null) [Paul/Antony/Hugh]
* IKEv2: RFC 7619 ID Null support (leftid=%null) [Paul/Antony/Hugh]
* IKEv2: whack and smc related time out fixes [Antony]
* IKEv2: rekey, expire, delete refactoring and fixes [Antony]
* IKEv2: do not pad IKE messages (fix interop w. InsideSecure) [Paul]
* IKEv2: Fix esp=camellia to use the IKEv2 IANA registry number for ESP [Paul]
* IKEv2: Fix memory leaks in addresspool and child exchange sadb [Antony]
* IKEv2: Support for INVALID_KE DH group re-transmits [Paul/Hugh]
* IKEv2: if applicable, add CERTREQ payload to IKE_SA_INIT response [Antony]
* IKEv2: Various memory leak fixes [Hugh]
* IKEv2: Delete parent/child SA when IPsec SA expires due inactivity [Antony]
* IKEv2: Added pam-authorize= (default no) for userid verification [Antony]
* IKEv2: Informational exchange did not always update msgid counters [Paul]
* IKEv2: Don't send v2N_INVALID_MSGID in response to duplicate IKE_INIT packet
* IKEv2: Time all crypto operations, not just DH IKEv2 [Antony]
* IKEv2: reduce leaks involving sa_v2_convert [Hugh]
* IKEv2: eliminate leaks of st_tpacket [Hugh]
* IKEv2: fix send certreq [Antony]
* IKEv2: find_host_connection now checks RSA, PSK and NULL one by one [Antony]
* IKEv1: Don't copy isakmp_sa from received packet [Paul]
* IKEv1: Do not retransmit forever [Antony/Herbert]
* FIPS: Enforce crypto restrictions in FIPS mode (no md5,twofish, etc) [Paul]
* XAUTH: retransmit user/password request in 10s (instead of 30s) [Wolfgang]
* X509: Re-added CRL and OCSP support using NSS [Matt]
* X509: Expired certificate could crash pluto [Wolfgang]
* x509: New options: ocsp_enable= ocsp_strict= ocsp_timeout= [Matt]
        ocsp_uri= and ocsp_trust_name=
* pluto: Converted select() loop to use libevent and subsecond timers [Antony]
* pluto: unroute IPSEC SA instead of hold, if oppo and CK_INSTANCE [Antony]
* pluto: Added --impair-send-no-ikev2-auth and --impair-force-fips [Paul]
* pluto: Added retransmit-timeout= (default 60s) [Antony]
* pluto: Added retransmit-interval= in ms (default 500) [Antony]
* pluto: Greatly reduce time to retransmit from 20s to 0.5s [Antony]
* pluto: Support for IKEv2 AES_CTR (ike=aes_ctr) [Andrew Cagney]
* pluto: Support for CBC/CTR test vectors using NSS [Andrew Cagney]
* pluto: Remove last weary old FreeS/WAN X.509 code and use NSS instead [Matt]
* pluto: Static IP support using passwd file with addresspool= [Wolfgang]
* pluto: major tidy of labeled ipsec code [Hugh]
* pluto: fixes for uninitialized fields in output struct [Hugh/Paul]
* pluto: audit format and log item update as per audit spec [Paul]
* pluto: simplify and clarify sa_copy_sa and friends [Hugh]
* pluto: small steps improving crypto helpers [Hugh]
* pluto: plutostderrlog= renamed to logfile= [Paul]
* pluto: plutostderrlogtime= renamed to logtime= [Paul]
* pluto: New option logappend=yes|no (default yes) [Paul]
* pluto: Removed obsoleted loopback= support [Paul]
* pluto: advanced state counting (anon,auth,halfopen,child) [Paul/Andrew/Hugh]
         (see ipsec whack --globalstatus)
* pluto/rsasigkey: added --seedbits option (and seedbits= option) [Paul]
* pluto: do not terminate_connection() in-flight [Hugh]
* pluto: don't use an expired reserved kernel SPI as fallback [Herbert Xu]
* pluto: Use "third best" monotime() on mismatched kernel/glibc headers [Paul]
* pluto: removed bool inbound_only from delete_ipsec_sa() [Paul/Herbert]
* pluto: fix modecfg client/server status display (was swapped) [Herbert]
* pluto: Global NFLOG support via nflog-all= keyword (default off) [Paul]
* pluto: Per-conn NFLOG support via nflog= keyword (default off) [Paul]
* pluto: Reduce default logging for unknown/halfopen/opportunistic SA's [Paul]
* pluto: Fix bogus "no RSA public key known for '%fromcert'" [Herbert Xu]
* pluto: exclude ike/esp options from %default for never-negotiate conns [Paul]
* pluto: added xfrmlifetime= (default 300) to customise NETKEY acquires [Paul]
* pluto: added shuntlifetime= (default 15m) for bare shunts [Paul]
* pluto: added negotiationshunt= (default hold) [Paul]
* pluto: Obsoleted force-busy= for ddos-mode= [Paul]
* pluto: Added config setup keyword ddos-mode= (default auto) [Paul]
* pluto: Added config setup keyword ddos-ike-threshold= (default 25000) [Paul]
* pluto: Added config setup keyword max-halfopen-ike= (default 50000) [Paul]
* pluto: route_owner() don't passert on changed interface [Paul]
* pluto: Remove DNSSEC DLV support (DLV is decommissioned) [paul]
* pluto: Support for unbound < 1.4.21 [Tony Whyman]
* libipsecconf: Improve parser for pipe case (with NM) [Hugh/Lubomir Rintel]
* libcrypto/twofish: Fix CALC_SB_* macros [Lubomir Rintel]
* readwriteconf: improve error handling [Hugh]
* ipsec: ipsec --import does not need to run restorecon [Paul]
* ipsec: --checknss option automatically updates NSS DB to SQL [Matt]
* ipsec: --checknflog option installs nflog-group= iptables rules [Paul]
* rsasigkey: Rename --random to --seeddev [Paul]
* packaging: Various SPEC file fixes and Buildrequires: updates [Tuomo/Kim]
* packaging: Add v6neighbour-hole.conf for Neighbour Discovery hole [Paul]
* initsystems: run ipsec --checknss before start [Tuomo]
* building: overhaul of build system Makefiles (see mk/) [Andrew]
* testing: docker test type support [Antony]
* testing: test case updates/additions [Antony/Paul/Andrew/Matt]
* testing: more FIPS support and --impair-force-fips option added [Paul]
* NETKEY: Fix bare shunt management code to work properly for NETKEY [Paul/Hugh/Antony]
* NETKEY: Increase netlink message buffer for larger SElinux labels [Paul]
* NETKEY: kernel netlink decode and log policy expire message [Antony]
* KLIPS: move udp_encap_enable() to not be within spinlock [Wolfgang]
* KLIPS: ipsec_rcv_decap_ipip broken for IPv6 lsb#227 [Frank Schmirler]
* KLIPS: Support for SHA2 via CryptoAPI [Wolfgang]
* KLIPS: Support for sha2_truncbug [Wolfgang]
* whack: New ipsec whack --purgeocsp [Matt]
* whack: New ipsec whack --ddos-busy | --ddos-auto | --ddos-unlimited [Paul]
* whack: New ipsec whack --globalstatus [Paul]
* whack: New ipsec whack --shuntstatus [Paul]
* whack: New ipsec whack --deleteid --name <id> [Antony]
* whack: cleanup help text [Tuomo]
* _stackmanager: Don't load blacklisted modules (rhbz#1207689) [Paul/Tuomo]
* _stackmanager: Support for xfrmlifetime= ipsec.conf option [Paul]
* _updown: add proxy arp for cases where routing won't work [Tuomo/Wolfgang]
* Bugtracker bugs fixed:
  #260: libswan: extra safety around same_id() when ID_FROMCERT is used [Paul]

v3.13 (June 1, 2015)
* SECURITY: CVE-2015-3204 malicious payload causing restart [Javantea/Hugh]

v3.12 (November 6, 2014)
* IKEv2: CP payload now installs internal address and dns [Antony]
* IKEv2: Don't try to decrypt if DH is incomplete [Antony]
* IKEv2: If applicable, add a CERTREQ payload in IKE_SA_INIT response [Antony]
* IKEv2: Fix parent I2 replace event delay [Antony]
* IKEv2: Liveness fix for restarting instantiated connection [Antony]
* IKEv2: Schedule expire instead of replace when rekey=no [Antony]
* IKEv2: Zero out CP payload before sending [Antony]
* IKEv2: Fix message id in create child sa response [Antony]
* IKEv2: Don't try to instantiate unoriented connections [Antony]
* XAUTH: Fix 2 missing breaks when deciding on sending ModeCFG payloads [Paul]
* X509: Ensure that root CA does not end up in the ca_path list [Matt]
* pluto: Cleanup DYNDNS code and other clang warnings [Hugh]
* pluto: lswconf.c: getNSSPassword: fix bugs and tidy [Hugh]
* pluto: check return value of ike_alg_register_enc for twofish/serpent [Paul]
* pluto: fix various uninitialised variables in out_struct() calls [Paul/Hugh]
* KLIPS: Fix missing breaks in spi command algo type parsing [Paul]
* KLIPS: Support for kernel 3.17 [David/Paul]
* building: disable libcap-ng and NM support for OSX [Paul]

v3.11 (October 22, 2014)
* x509: IKEv1 CA cert chain support with sendca option [Matt]
* pluto: Fix mtu= option mangling introduced in 3.10 [Kim]
* pluto: Fixes auto=start and auto=route with %defaultroute [Kim/Tuomo/Paul]
         (troubled in 3.9 and 3.10)
* pluto: Don't register ESP_BLOWFISH [Paul]
* pluto: ESP support for aes_xcbc [Paul]
* pluto: ESP support for aes_ctr [Paul]
* pluto: ESP support for camellia on NETKEY [Paul]
* pluto: IKE support for aes_xcbc (pending NSS update) [Paul]
* IKEv1: Default to DH Group 2 and 5 for initiating Aggressive Mode [Paul]
         (3.9 included DH 14 which was preferred, causing interop issues)
* pluto: Force ESP_CAST to only allow 128 bit key sizes [Paul]
* pluto: Log_crypto_workers threads did not use static bool first_time [Coverity]
* pluto: Warn (not fail) on empty NSS private key passwords [Oskari Saarenmaa]
         - rhbz#1145231 (rhel7) and rhbz#1144941 (fedora)
* pluto: Added PLUTO_IN_BYTES= / PLUTO_OUT_BYTES= for updown [Antony]
* pluto: Handle list of certs from parse_pkcs7_cert [Hugh]
* pluto: Fix --impair-retransmits IMPAIR code [Hugh]
* pluto: separate SEND_V2_NOTIFICATION from SEND_NOTIFICATION [Hugh]
* pluto: Various fixes/cleanups in algo registration functions [Paul/Hugh]
* pluto: ah=null as a valid phase2alg for a connection [Paul]
* pluto: Clean up complete_v*_state_transitions and related things [Hugh]
* pluto: More crypto helper cleanup [Hugh]
* NETKEY: Don't trust PF_KEY API to tell us about IPCOMP support [Paul]
* KLIPS: ip_select_ident was backported to 3.2.63 [Bram]
* IKEv2: Don't copy reserved ISAKMP flags in reply msg (rhbz#1052811) [Paul]
* IKEv2: ISAKMP_FLAGS_v2_IKE_I was not always set on Original Initiator [Paul]
* IKEv2: CP payload support for responder [Antony]
* IKEv2: CREATE_CHILD_SA support for responder [Antony]
         (NON_ADDITIONAL_SAS stub removed)
* systemd: Use After=network-online.target instead of network.target [Kim]
           - rhbz#1145245 (rhel7) and rhbz#1144832 (fedora)
* systemd: Add Wants=network-online.target [Lukas Wunner]
* addconn: Route before and after listen (bug introduced in 3.10) [Paul/Hugh]
* rsasigkey: Use a version of jam_str instead of strcpy() for hostname [Paul]
* IKEv2: CERTREQ payload should use SHA1 hash of DN instead of IKEv1 DN [Matt]
* updown: Pluto should give CAP_NET_RAW to updown for iptables -t mangle [Paul]
* _stackmanager: Fixed to work again with mawk [Marc-Christian Petersen/Tuomo]
* testing: Many test case updates [Paul/Antony/Hugh/Matt]
* Bugtracker bugs fixed:
  #206: Libreswan v3.10 on 32-bit does not work [Kim]

v3.10 (September 1, 2014)
* XAUTH: New option: ipsec whack --trafficstatus [Antony]
* XAUTH: New option: ipsec --deleteuser --name xauth-username [Antony]
* XAUTH: Do not strip "-" from XAUTH usernames [Paul]
* _updown.netkey: New environment variable PLUTO_ADDTIME for IPsec SA's [Paul]
* _updown.netkey: Don't skip routing if mtu= option is used [Tuomo]
* NETKEY: protoport= installed broken swapped src/dst passthrough SA's [Antony]
* NETKEY: fix names for RIPEMD160 and AES_CTR [Paul]
* KLIPS: support 3.16+ kernels with update __ip_select_ident() [Thomas Geulig]
* _stackmanager: KLIPS support for alias devices [Marc-Christian Petersen]
* pluto: Simplify/tidy alg_info [Hugh]
* pluto: Simplify find_host_connection() and terminate_connection() [Hugh]
* pluto: Fix a leaking socket in whack [Hugh]
* pluto: Combine same_dn() and match_dn() to avoid deduplicate logic [Hugh]
* pluto: Add strneq(); get rid of most remaining strncmp calls [Hugh]
* pluto: Get rid of or document strcat, strncat, strcpy, etc [Hugh]
* pluto: malloc/calloc/realloc/free tidying, including a few bug fixes [Hugh]
* pluto: Fix memory allocation/free errors (especially in ike_frag) [Hugh/Paul]
         (triggered as of 3.9 when --leak-detective was used)
* pluto: Various warning fixes from LLVM/Coverity [Hugh]
* pluto: Don't listen before all connections are loaded [Paul]
         (this sub-optimal behaviour was introduced in 3.1)
* cryptohelpers: cleanup and improved error logging [Hugh]
* IKEv2: esp=/phase2alg= should be strict (bug introduced in 3.9) [Paul]
* IKEv2: Don't abort all proposals when encountering unknown PRF [Hugh]
* IKEv2: ikev2_parse_*_sa_body: stop matching after first success [Hugh]
* IKEv2: Reject responder SA with multiple proposals [Hugh]
* IKEv2: Enforce proposal numbering rules [Hugh]
* IKEv2: first initiating XCHG of Original Responder is not a retransmit [Paul]
* IKEv2: Don't respond to reply messages when parent SA was not found [Paul]
* IKEv2: clarify O_responder/O_initiator and Request/Reply code [Paul]
* IKEv2: Check received msgid is larger then previous before storing [Paul]
* IKEv1: parse_ipsec_sa_body() did not allow newer AH transforms [Paul]
* IKEv1: Add sha2 and aes_xcbc support for AH/ESP auth algorithm [Paul]
* IKEv1: cap IKE lifetimes > 1d to 1d, instead of rejecting SA [Paul]
* IKEv1: cisco-unity=yes now also sends VID when acting as VPN server
* whack: Don't change exit status for RC_INFORMATIONAL* [Mike Gilbert]
* rsasigkey: a logic error limited the randomness of the key size [Paul]
* ipsec: create NSS DB on startup when missing [Paul]
* ipsec: Added "ipsec --checknss" that creates-when-missing NSS DB [Paul]
* verify: Make verify python3 compatible [Slavek Kabrda]
* readwriteconf: Fix writing kt_invertbool's (like aggrmode=) [Paul]
* testing: Obsoleted dotest.sh with dotest.py, speed increase [Antony]
* testing: Added more test cases and general cleanup [Antony/Paul]
* compiling: Fix ADNS without USE_DNSSEC compile [Tuomo]

v3.9 (July 9, 2014)
* Documentation: cleanup of README.* and docs/* [Paul]
* libswan: Cleanup allocation and  certificate handling functions [Hugh]
* libswan: Introduce add_str() to replace abused strncat() [Hugh]
* libswan: Complain when loading connection with expired certificate [Paul]
* libswan: Some error messages did not make it to the whack log (user) [Paul]
* pluto: STF_TOOMUCHCRYPTO handling should not delete the state [Paul/Hugh]
* pluto: Default cipher keysizes is now RFC compliant 128 (not 256) [Paul]
* pluto: Allow sha2 as an alias for sha2_256 [Paul/Matt]
* pluto: Allow more DBG_* and IMPAIR options [Hugh]
* pluto: Some enc transforms did not send KEY LENGTH for default key size [Paul]
* pluto: Ensure required KEY_LENGTH attributes for some ciphers are sent [Paul]
* pluto: Default ESP key size was "max" instead of "default" [Paul/Hugh]
* pluto: Bogus keysizes (eg 3des666) was not rejected at IKE level [Paul/Hugh]
* pluto: esp=aes now accepts both aes128 and aes256 [Paul/Hugh]
* pluto: ipsec status did not display "000" for ESP default size [Paul]
* pluto: ipsec status did not print IKE algo separator (",") [Paul]
* pluto: ipsec status no longer prints remote nexthop when oriented [Paul]
* pluto: sa_copy_sa_first() memory leak fixed [Hugh]
* pluto: Improved exponential backoff in message retransmission [Hugh]
* pluto: timer.c simplifications and improvements for monotonic time [Hugh]
* pluto: Cleanup and document wire_chunk crypto helper code [Hugh]
* pluto: rename program files using proper ikev[12]_* prefixes [Paul]
* pluto: Don't load certs via load_acerts() from /etc/ipsec.d/acerts/ [Paul]
* pluto: Drop CAP_DAC_OVERRIDE privs later to support non-root dirs [Paul]
* pluto: Remove unused libaes/libdes/liblswcrypto [Paul]
* pluto: Print proper cipher/algo/modp groups in phase1/parent SA [Paul]
* pluto: Various IANA updates to ipsec/ike/ikev2 registries [Paul]
* pluto: STF_TOOMUCHCRYPTO could cause double delete of state [Hugh]
* pluto: Alias "sha" to "sha1" for ike= and esp= [Matt]
* pluto: Simplify/cleanup NSS and cryptohelper code [Hugh]
* pluto: pluto_crypt.c used non-thread-safe strerror() [Hugh]
* pluto: ensure addconn thread uses the same ctlbase as pluto did [Paul]
* pluto: LEAK_DETECTIVE is now a runtime --leak-detective pluto option [Paul]
* pluto: Add modp2048 to default proposal list [Paul]
* pluto: oakley_alg_makedb() algo preference picking fixed [Paul/Hugh]
* pluto: Added --impair-send-key-size-check for testing [Paul]
* pluto: Make timer.c code IKE version independent [Antony]
* addconn: Default gateway finding logic fixes [Wolfgang]
* addconn: Only resolve %defaultroute using the main routing table [Wolfgang]
* addconn: ensure expired certificates show clearly over whack
* NATT: Added nat-ikev1-method=drafts|rfc|both to workaround buggy Ciscos [Paul]
* NATT: non port-floating (4500) NATT draft support removed [Paul]
* NATT: Change order of NATT payloads to accommodate racoon sensitivity [Paul]
* NATT: ignore incoming ISAKMP_NEXT_SAK (AKA ISAKMP_NEXT_NATD_BADDRAFTS) [Paul]
* NATT: Added IKEv2 NAT-Traversal support [Antony]
* XAUTH: Cleanup code [Hugh]
* XAUTH: Workaround for Android bug sending trailing NULL with password [Hugh]
* XAUTH: Improved logging and output for automated processing (eg for NM) [Paul]
* XAUTH: Hand out previously given IP lease to same client on reconnect [Antony]
* DPD: openbsd isakmpd bug workaround for duplicate DPD seqno [Paul]
* IKEv1: aggr mode: print names of ignored proposals part [Paul]
* IKEv1: rename init_am_st_oakley() to init_aggr_st_oakley() [Paul]
* IKEv2: Rekey / Delete event scheduling fixes [Antony]
* IKEv2: liveness (DPD) fix msgid handling for Informational XCHG [Matt]
* IKEv2: Improved RESPONDER_TIMEOUT logic [Antony]
* IKEv2: Extend smc with SMF2_CONTINUE_MATCH for cookie state matching [Hugh]
* IKEv2: handle DDOS cookie without creating state and using memory [Hugh]
* IKEv2: Fix IS_IPSEC_SA_ESTABLISHED macro to include IKEv2 [Antony]
* IKEv2: CREATE_CHILD_SA exchange can return NO_ADDITIONAL_SAS [Antony]
* IKEv2: Lingering states were never cleaned up [Antony]
* IKEv2: Support Authenticated Header ("AH") [Hugh]
* IKEv2: don't call dpd_active_locally() on an undefined state [Paul]
* IKEv2: Return proper message to the user when our RSA/PSK is missing [Paul]
* IKEv2: Always add SAi TSi TSr in I2 to allow IKE SA Reauthentication [Antony]
* IKEv2: When deleting CHILD_SA without a IKE SA don't try to send v2D [Antony]
* IKEv2: Fix process_informational_ikev2() for Delete payloads [Paul/Hugh]
* IKEv2: Improved logging of IKEv2 transform IDs [Hugh]
* pluto/whack: Allow shutdown command for different MAGIC [Paul]
* NSS: Changed PR_ASSERT() calls to passert() calls [Paul]
* NSS: ipsec initnss can now take a non-default location [Paul]
* newhostkey: Return proper error codes, no longer allow stdin [Paul]
* OCF: ipsec_ocf_cbimm KLIPS option was always ignored by mistake [Hugh]
* OCF: Remove obsoleted HAVE_OCF support for IKE acceleration [Paul]
       (kernel OCF support is still available and supported)
* NETKEY: esp=cast failed due to wrong crypto identifier [Paul]
* KLIPS: SAref patches for Ubuntu kernel 3.11.0-15.25 [Simon Deziel]
* KLIPS: Improved support for various 3.x Linux kernels [various]
* KLIPS: support for CONFIG_USER_NS [Matt]
* _stackmanager: only unload stack when switching (rhbz#1025687) [Paul/Tuomo]
* building: remove LIBDIR as we install all programs in LIBEXECDIR [Tuomo]
* packaging: NSS fixups for deb packaging [mountaincat]
* testing: a LOT of test case updates [many people]
* Bugfixes for better C-library compatibility with "musl" [Hugh/Paul]
* Bugtracker bugs fixed:
  #67: uniqueids: don't compare ipv4 and ipv6 addresses [Tuomo]
  #86: left=%defaultroute does not work in a conn [Hugh/Paul]

v3.8 (January 15, 2014)
* SECURITY: CVE-2013-6467 missing IKEv2 payloads causes restart [Iustina/Hugh]
* building: Remove #ifdef DEBUG - always compile into userland [Paul]
* IKEv2: Updated AUTH names to latest IANA registry entries [Paul]
* pluto/whack: Added --impair-send-ikev2-ke test option [Paul]
* pluto: allow shutdown command even with bad WHACK_BASIC_MAGIC [Paul]
* addconn: ignore obsoleted --defaultroute and --defaultroutenexthop [Paul]
* Various code cleanup [Hugh]
* initscripts: sysv should try harder to kill pluto without ctl file [Tuomo]
* gentoo: fixes to build and init system on Gentoo [Mike Gilbert]
* KLIPS: fix NAT-T status in eroute output [Paul]
* pluto: updated ietf_constants.h with IANA entries [Paul]
* IKE: Make sure sha2 is an alias for sha2_256 for ike= and esp= [Hugh/Paul]
* Bugtracker bugs fixed:
  #171: showhostkey.c:322: bad switch statement

v3.7 (December 10, 2013)
* SECURITY: CVE-2013-4564 Denial of service via unauth packet [Paul/Hugh]
* SECURITY: fix insecure tmp file in rpm %post - introduced in 3.6 [Tuomo]
* SECURITY: Properly handle IKEv2 I1 notification without KE payload [Paul]
* IKE: aes_gcm and aes_ccm now specify key size without salt [Paul/Hugh]
* NETKEY: Added twofish and serpent as valid ESP algorithms [Paul]
* KLIPS: Fix for crashes in ipsec_xmit_ipip() [Thomas/Roel/David]
* KLIPS: Fix NAT-T (NEED_UDP_ENCAP_ENABLE) for 3.4 kernel [Roel]
* KLIPS: Fix compiling for 3.9 kernels (PDE_DATA fix) [Paul]
* KLIPS: Claim we do namespaces - makes it work on simple host case [Paul]
* IKEv2: Add support for AES-GCM, AES-CCM [Paul/Hugh]
* IKEv2: Check for inbound traffic before sending liveness exchange [Matt]
* IKEv2: Fix some error codes that mistakenly used IKEv1 versions [Paul]
* IKEv2: in R1 don't copy their IKEv2 minor for our reply packet [Paul]
* IKEv2: Don't kill unrelated states on same hash chain in IKE DEL [Hugh]
* pluto: change ipsec_notification_names to ikev[12]_notify_names [Paul]
* pluto: Various cleanup and reducing scope of variables [Hugh]
* building: support for slackware version/init system detection [Roel]
* rsasigkey: Remove spurious debug line confusing ipsec showhostkey [Paul]
  (rhbz#1039655)
* initsystems: fix typo in openrc script [Natanael Copa]
* testing: KVM test system updates [Paul]
* secrets: Log glob failing for secrets parser as warning, not error [Paul]
* setup: fix systemd init detection [Tuomo]
* labeled ipsec: Set default value of secctx_attr_value to 32001 [Paul]
  (rhbz#923250)
* barf: don't load l2tp kernel modules and use new syntax (rhbz#1033191) [Paul]
* Bugtracker bugs fixed:
  #116: Don't load connections when leftcert= cert not found in NSS DB [Matt]

v3.6 (October 30, 2013)
* IKEv2: Fix interoperability bug in SKEYSEED generation [Paul/Hugh/Antony]
* IKEv2: Add liveness checks (a.k.a DPD for IKEv2) [Matt Rogers]
* IKEv2: ikev2=insist allowed ikev1 when acting as responder [Matt Rogers]
* IKEv2: Fix fallback to ikev1 when remote has ikev2=no [Paul]
* IKEv1: Cleanup AGGR Mode VendorID - also send fragmentation vid [Paul]
* IKEv1: Added cisco_unity= (default no) option which sends VID [Paul]
* IKEv1: Fix compatibility with NAT-T and remote_peer_type=cisco [Paul]
* IKEv1: dpdaction=restart_by_peer is now called dpdaction=restart [Paul]
* IKEv1: Added support for modecfgbanner= and modecfgdomain= [Paul]
* IKE: introduce ikepad=yes|no (default yes) for Checkpoint interop [David]
* pluto: work around for Cisco VPN clients sending extraneous bytes [Paul/Hugh]
* pluto: Support for google-authenticator OTP via pam [Paul]
* pluto: fix kernel.c typo in word outgoing [Tuomo]
* pluto: remove dsa/elgamal stubs from gnupg that were unused [Paul]
* pluto: Added per conn priority= to specify kernel IPsec SA priority [Paul]
* keyword: auto=route and ipsec auto --route renamed to "ondemand" [Paul]
* NETKEY/BSD: Added per conn reqid= to specify kernel IPsec SA [Paul]
              (based on idea by Panagiotis Tamtamis)
* pluto: %fromcert now works for local certs and those received via IKE [Matt]
* pluto: Allow \\ masking in RDNs similar to ,, [Matt Rogers]
* pluto: merge updateresolvconf/restoreresolv.conf in client-up|down [Paul]
* building: Removed USE_MODP_RFC5114 flag. Support is always added [Paul]
* building: Removed USE_AGGRESSIVE flag. Support is always added [Paul]
* building: Removed USE_XAUTH flag, Support is always added [Paul]
* building: Removed MODECFG* flags, Support is always added [Paul]
* building: Remove blowfish (use twofish instead) [Paul]
* building: Generate Makefile depend files automatically [Tuomo]
* building: Add support for openrc initsystem on Alpine Linux [Paul]
* packaging: spec files now initialise NSS DB when not found [Paul]
* NETKEY: Take protoport= into account when setting IPsec SA priority [Paul]
* NETKEY: Change Update SA to Add SA when existing SA is not found [Mattias]
* NETKEY: Fix Labeled IPsec (broken in openswan 2.6.33) [Paul]
* KLIPS: Support for 3.10+ kernels (/proc use via seq_* functions) [David]
* Changed HAVE_STATSD compile option to statsbin= runtime option [Paul]
* sysvinit: status function used incorrect variable for pid file [Tuomo]
* _stackmanager: coding style cleanup - fixes bashism [Tuomo]
* testing: Various interop test case updates [Paul]
* FIPS: Support versioned hmac files, fips test in non-fips mode [Paul]
* rsasigkey/newhostkey: Keysize for new RSA keys keysize increased from 2192
  to randomised 3072-4096 (in blocks of 16) to fight keysize monoculture [Paul]
* Removed unused and unmaintained USE_TAPROOM functionality [Paul]
* NAT-T: Added 100.64.0.0/10 from RFC 6598 to virtual_private [Paul]
* NSS: pluto should not open NSS files in readwrite, just read [Paul]
* Bugtracker bugs fixed:
  #130: debian debuild creates a deb with /usr/libexec contents
        [Marc-Christian Petersen]
  #145: support old location of /selinux/enforce still in use by CentOS6 [Paul]

v3.5 (July 13, 2013)
* NETKEY: _stackmanager: Clear disable_xfm/disable_policy /proc files
          for labeled IPsec [Paul]
* KLIPS: Added support for kernel 3.9.x [Paul/David]
* KLIPS: NATT support for kernel 3.5+ needs udp_encap_enable() [David]
* KLIPS: pointer can look valid during free process [Unknown/David]
* KLIPS: change default for hidetos (quality of service) to yes [Paul]
* KLIPS: preliminary SHA2 family support via OCF/CryptoAPI [David]
* MAST: _stackmanager: bring mast0 up even if module was loaded [neoXite]
* MAST: Add support for IPv6 iptables mangle table in updown.mast [Paul]
* _stackmanager: Move iptables mangle rules to MAST only section [Paul]
* _stackmanager: re-add support for hidetos=, overridemtu= and fragicmp= [Paul]
* _stackmanager: Clear disable_xfm/disable_policy for labeled IPsec [Paul]
* pluto: Fix reading ipsec.secrets without trailing newline [Hugh]
* pluto: 'ipsec status' output changes, added 'config setup' items [Paul]
* pluto: Added config setup, compile paths, runtime info to ipsec status [Paul]
* pluto: removed IKE_ALG and KERNEL_ALG defines [Paul]
* pluto: Simplify Pluto_IsFIPS(), remove redundant log message [Paul]
* pluto: Added Pluto_IsSElinux() to log SElinux runtime status [Paul]
* pluto: Removed unused alg_info parameters permitman and permitike [Paul]
* pluto: Fix STATE_XAUTH_R0/STATE_XAUTH_R1 state names [Paul]
* pluto: out_modify_previous_np() should allow ISAKMP_NEXT_SIG for RSA [Paul]
* building: cleanup old vars, and allow more env overrides [Paul]
* packaging: Fix systemd script Alias target (rhbz#982166) [Paul]
* newhostkey: help the user when nssdb is not initialized yet [Paul]
* newhostkey: simplify default nss dir handling [Paul]
* lswan_detect: cleanup coding style and fix help for unknown options [Tuomo]
* lswan_detect: add gentoo detection [Tuomo]
* setup: add rhsysv, openrc, and real sysv init support [Tuomo]
* barf: do not cause any iptables modules to get loaded (rhbz#954249) [Paul]
* look: Don't cause loading of iptables kernel modules (rhbz#954249) [Paul]
* FIPS: Remove hardcoded /usr/libexec/ipsec path, use IPSEC_EXECDIR [Paul]
* FIPS: Add warning in ipsec verify for prelink command [Paul]
* testing: Add option for "post" scripts during a test run [Matt Rogers]
* testing: dist_cert support for commands in different path locations [Matt]
* testing: Generate CRL with leading zero byte for testing [Paul]
* Bugtracker bugs fixed:
   #82: Phase out DBG_KLIPS/DBG_NETKEY for DBG_KERNEL [Paul]
   #96: lswan_detect: Alpine linux compatibility [Tuomo]
   #99: NETKEY: Segfault on acquire_netlink with labeled_ipsec [Kim/Tuomo]
  #101: restore port when ipsec policy is generated for nat-t [Kim/Tuomo]
  #124: pluto: Add usage comment for addresspool.* [Paul]
  #126: pluto: nhelpers= does not default to -1 [Paul]
  #128: pluto: prevent libcurl sigalarm from crashing pluto (lsbz#128) [Paul]

v3.4 (June 6, 2013)
* Change coding style to Linux kernel [Team]
* IN MEMORIAM: June 3rd, 2013 Hugh Daniel

v3.3 (May 13, 2013)
* SECURITY: atodn() buffer overflow with oe=yes [Florian/Hugh/Paul]
            affected: libreswan 3.0 and 3.1 (CVE-2013-2052)
            see also: openswan up to 2.6.38 (CVE-2013-2053)
            see also: strongswan up to 4.3.4 (CVE-2013-2054)
* security: dn_parse(), hex_str() write beyond end of the buffer [Florian]
* security: get_rnd_bytes: Abort on random number generator failure [Florian]
* security: Integer overflow if the leak detective enabled [Florian]
* security: Check that origin of netlink message is the kernel [Florian]
* security: Abort on crypto failure for 3des/aes to prevent leaks [Florian]
* security: Check PK11_CreateContextBySymKey() for NULL and SECFailure [Paul]
* security: RSA: Check modulus length against key overall length [Florian]
* security: fetch_curl: Set timeout for the entire request [Florian]
* security: Multiple hardening fixes from security audit [Florian Weimer]
* security: Cleanup buffer usage for traffic logging with XAUTH [Hugh]
* security: Cleanup ASN1_BUF_LEN use and remove unused load_host_cert() [Paul]
* security: cleanup CFLAGS handling [Paul]
* security: IKEv2 crashed when using nhelpers=0 [Paul]
* security: Remove stale non-NSS ASN1 handling and pem decryption code [Paul]
* security: Initial loading of file CRL fails for NSS CAs  [Matt Rogers]
            (rhbz#960171)
* security: Removal of USE_WEAKSTUFF and USE_NOCRYPTO (1DES, modp768) [Paul]
* security: Removal of 1DES for KLIPS using CryptoAPI [Paul]
* security: * security: Cleanup of ASN1_BUF_LEN/BUF_LEN/PATH_MAX defines [Paul]
* pluto: Add support for OID_SHA224_WITH_RSA signatures [Paul]
* pluto: Always list section headers --list* calls, even when empty [Paul]
* X509: Fix for CRL sig failure if first byte is zero [Dhr/Matt/Paul]
        (rhbz#958969)
* _stackmanager: fix loading of aes-x86_64 module [Tuomo]
* Bugtracker bugs fixed:
   #64: removal of /dev/*random everywhere put feeding nss pools [Paul]
   #90: NETKEY: Transport mode inbound eroute was from client [Kim/Tuomo]
   #91: SAREF: Patches updated for 3.4.x (tested on 3.4.42) [Andreas Herz]

v3.2 (April 13, 2013)
* addresspool: Identify reconnecting client and re-use lease [Antony]
* IKEv1: Support for sending initial_contact in Main Mode [Paul]
* addconn: improve defaultroute finder [Kim]
* compiling: fix use of variables in buildsystem consistent [Tuomo]
* ipsec: fix syntax error in --help introduced in 3.1 [Tuomo]
* verify: fix wrong confdir location [Tuomo]
* pluto: cleanup of XAUTHuser and traffic statistics logging [Paul]
* pluto: Obsoleted force_keepalive= and --force_keepalive [Paul]
* pluto: Added per-conn nat_keepalive=yes|no (default yes) [Paul]
* pluto: Log our own vendorid as "received" instead of "ignored" [Paul]
* pluto: Prevent logging from truncating XAUTHuser= [Paul]
* pluto: Don't log (0 byte) SA traffic statistics for ISAKMP SA's [Paul]
* pluto: Some more changes in the output of ipsec auto --status [Paul]
* pluto: wipe old logfile on restart (match previous behaviour) [Antony]
* _stackmanager: When unloading NETKEY, unload ip_vti before xfrm*tunnel [Paul]
* _stackmanager: Stack was not cleaned up for upstart / non-modular [Paul]
* building: Fix warnings when compiling with clang [Florian Weimer]
* building: Add -pie to linker flags, ensure relro is not overwritten [Paul]
* building: fix "make depend" in programs/pluto [Antony]
* packaging: Split RHEL spec file into rhel5/rhel6, add USE_OCF flag [Paul]
* initsystem: fixed default sysv init status function [Tuomo]
* KLIPS: SAref patches for 3.0.55+ and RHEL 2.6.32-358.2.1 [Pavel Kopchyk]
* Bugtracker bugs fixed:
   #75: Libreswan inserts wrong xfrm policies on some configurations [Tuomo]
   #76: NSS:: ipsec initnss fails with a @FINALCONFDDIR@ replace and
        no default configdir [Tuomo]
   #78: NSS: segfault on libnss functions when using ikev2 [Antony]
   #85: NETKEY: Pass traffic selectors to the kernel in Transport Mode
        support was incomplete and broke nat-t transport mode [Kim/Tuomo]

v3.1 (March 14, 2013)
* XAUTH: Support for leftaddresspool= [Antony]
* XAUTH: Added xauthby=alwaysok option [Paul]
* XAUTH: Added xauthfail=hard|soft option [Paul]
* IKEv1: Support for IKE fragmentation via ike_frag= [Wolfgang/Paul/Hugh]
* IKEv1: Support for removing bogus non-ESP markers [Paul/Hugh]
* NETKEY: Show traffic stats in ipsec auto --status and teardown [Wes/Paul]
* ipsec: Add "ipsec start|stop|restart|status" aliases [Paul]
* testing: Many updates to KVM testing infrastructure [Paul/Antony]
* starter: auto=route and auto=start only performed auto=add [Wolfgang]
* libswan: logging cleanups from openswan 2.5.x era [DHR/Antony/Paul]
* pluto: log XAUTHusername in the "established IPsec SA" line [Paul]
* pluto: Show labeled IPsec information in ipsec auto --status [Paul]
* pluto: Various minor changes to ipsec auto --status output [Paul]
* pluto: Debug logs were not written if a file was specified [Paul/Antony]
* pluto: fix for additional proposal sizes when enabling 1DES [Paul]
* IKEv2: narrowing used a wrong port range in determining bestfit [Coverity]
* IKEv1: Better logging of Vendor IDs in [Paul]
* KLIPS:  enable crytoAPI in packaging/makefiles/module.defs [Paul]
* SAREF: patches for Ubuntu kernel 3.2.0-33.52 [Simon]
* libipsecconf: Improved fix for osw#1370  (segfault on no EOL) [Philippe]
* libipsecconf: Forbid rekey=no plus dpdaction=restart(_by_peer) [Paul]
* libipsecconf: crlcheckinterval unit is time, not number [Tuomo]
* libipsecconf: Remove bogus key_from_DNS_on_demand policy for PSK [Paul]
* libipsecconf: Raise POLICY bits from int (32) to lset_t(64) [Paul]
* libipsecconf: sourceip= setting could overwrite nexthop= setting [Paul]
* XAUTH: ModeConfig DNS options only worked via whack, not config file [Paul]
* XAUTH: modecfg_wins[12]= support removed [Paul]
* XAUTH: Use re_entrant versions of localtime_r/gmtime_r [Paul]
* XAUTH: Added threading mutex locks for log functions [Philippe/Paul]
* XAUTH: Added threading mutex locks for crypt() [Philippe]
         (crypt_r is not available on all platforms)
* XAUTH: Only try to update resolveconf/restoreconf when XAUTH client [Paul]
* addconn: If no protostack= is configured, return "netkey" as default [Paul]
* addconn: Fix for addconn loading Point-To-Point connections [Kim]
* X509: Initialise libcurl for SSL to support CRLs over HTTPS [Paul]
* X509: Warn 14 days before certificates expire [Tuomo]
* packaging: add /etc/ipsec.d/{crls,cacerts} to rpm spec files [Tuomo]
* packaging: Fixes to spec file, added kmod spec file for KLIPS [Paul]
* compiling: added -pthread to CFLAGS [Tuomo]
* _plutorun: pass all command line options to pluto [Tuomo]
* _updown: Various fixes for klips/netkey version [Tuomo/Antony]
* X509: Reintroduced lock_certs_and_keys()/unlock_certs_and_keys()  [Paul]
* initsystem: change sysv initscripts to use new _plutorun interface [Tuomo]
* DPD: Don't try to delete non-events [Paul]
* Bugtracker bugs fixed:
   #8  honour compress=no option [Matt Rogers]
   #50 It is assumed ipsec.conf lives in the same dir as rc.d/init.d [Tuomo]
   #53  ipsec auto --status does not show phase2 parameters when using
        (unspecified) defaults? [Matt Rogers]
   #71 Libreswan pre-3.1 git version breaks on-demand ipv6 tunneling [Tuomo]

v3.0 (January 02, 2013)
* FORK: Rename from Openswan to Libreswan [Team]
        (for older CHANGES see docs/CHANGES.openswan)
* FORK: Changed our VendorID prefix to "OEN" [Team]
* LICENSE: Updated FSF address on the GPLv2 COPYING file [Team]
* TRADEMARK: Give everyone unlimitel eternal royalty-free license to
        use the name "libreswan" to refer to this software and website [Team]
* NSS: is now mandatory - custom crypto code removed [Paul]
* NSS: Support reading NSS password from file [Avesh]
* NSS: Added "ipsec initnss" and "ipsec import" commands [Paul]
* NSS: We need to include nsperror.h for PR_GetError() [Paul]
* NSS: PK11_DigestFinal() passed sizeof pointer instead of passing
        sizeof *pointer [Paul]
* NSS: use pkg-config to find the right cflags and libs [Paul]
* DNS: Removed LWRES code and old static ISC libraries [Paul]
* DNS: Don't attempt to resolve numerical sourceip= values [Paul]
* DNS: starter and pluto now support USE_DNSSEC using libunbound [Paul]
* OE: Removed support for old KEY and TXT DNS records [Paul]
* OE: Add support for IPSECKEY in ipsec showhostkey [Paul]
* pluto: --config <fn> uses libipsecconf to read 'config setup' [Kim B. Heino]
* pluto: left=%defaultroute now obtains src ip from routing table [Kim B. Heino]
* pluto: Removed support for non-strict ike/esp lines [Paul]
* pluto: UDPFROMTO support was not enabled for NETKEY if not also build
         with KLIPS [Paul]
* pluto: Pass traffic selectors to the kernel in Transport Mode [Avesh]
         (rhbz#831669)
* pluto: Fix phase confusion in xauth/modeconfig [Avesh]
* pluto: Added new option plutostderrlogtime= (default=no) [Paul]
* pluto: Additional safety checks to strncat() calls for addrtot(),
         inet_addrtot(), sin_addrtot(), alg_info_snprint_esp(),
         alg_info_snprint_ah(), idtoa() and format_end() [Paul]
* pluto: Removed unused OCSP code [Paul]
* pluto: Add Linux audit support via USE_LINUX_AUDIT (incomplete) [Paul/Antony]
* pluto: crlcheckinterval did not interpret plain numbers as seconds [Philippe]
* pluto: Change ft_mbz to ft_zig - Don't error on "must be zero" but instead
         "zero ignore". This works around an Android ICS/racoon bug [Paul]
* pluto: Update known vendorids [Paul]
* pluto: phased out HAVE_THREADS, pluto/pam now thread-safe [Philippe/Paul]
* pluto: Fixed IPSEC_CONFDDIR handling which broke NSS in tests [Paul]
* pluto: obsoleted prepluto= postpluto= plutoopts= config setup options [Paul]
* pluto: obsoleted plutowait= and pluto= config setup option [Paul]
* pluto: obsoleted nocrsend= option removed (use leftsendcert=) [Paul]
* pluto: removed manual keying remnants [Paul]
* pluto: remove protostack=auto and --use-auto, netkey is new default [Paul]
* pluto: Added perpeerlog=yes|no and perpeerlogdir=/var/log [Paul]
* pluto: Added retransmits=yes|no (matches pluto --noretransmits) [Paul]
* pluto: Added plutofork=yes|no to match pluto --nofork [Paul]
* pluto: added ikeport= and nat_ikeport= options, and --natikeport [Paul]
* pluto: support for secretsfile= and ipsecdir= in ipsec.conf [Paul]
* pluto: remove old unused USE_IPSECPOLICY code [Paul]
* pluto: rhbz#609343: pluto crashes when removing logical interface [Avesh]
* pluto: don't stop processing after --coredir argument [Paul]
* pluto: perform whack --listen and addconn --autoall on startup [Paul]
* pluto: honour plutostderrlog= natively now _plutorun is gone
         This also adds a new option --logfile to the pluto daemon [Paul]
* pluto: if started with --nofork, don't care about existing pid file [Paul]
* pluto: incorrect free in scan_proc_shunts() [Roel van Meer]
* pluto: eclipsed() was broken since freeswan-2.02 [Philippe]
* _plutoload: obsoleted [Kim/Paul]
* auto: no longer pass defaultroute/defaultrouteaddr to addconn [Paul]
* whack: fix handling --sha2_truncbug and --nm_configured options [Paul]
* whack: don't try to write to closed stdout tty [Philippe]
* DPD: reduce flood of DPD messages with unexpected seqno [Andrey Alexandrenko]
* DPD: We did not send DPD VID in aggressive mode with NAT-T disabled
* DPD: dpdaction=restart can cause full phase1 timeout after DPD
  (rhbz#848132) [Avesh]
* PAM: updated contrib/pam.d/pluto (rhbz#815127) [Philippe Vouters]
* PAM: move pam out of contrib, and install config when HAVE_XAUTHPAM [Paul]
* IKEv1: In aggressive mode: allow ISAKMP_NEXT_CR ISAKMP_NEXT_CERT as
         payloads [Philippe]
* IKEv1: aggressive mode sometimes picked wrong RSA/PSK conn [Philippe]
* IKEv1: Simplify outgoing NAT-T proposals, fix logging [Paul]
* XAUTH: Support for runtime choice of xauthby=<pam|file> [Philippe]
* XAUTH: Support for Mutual RSA + XAuth (interop with Shrew Soft) [Philippe]
* XAUTH: Fixed updown to remove ModeCfg (cisco) obtained sourceip [Avesh/Tuomo]
* XAUTH: Do not redo xauth/modecfg during rekey to cisco [Avesh]
* XAUTH: Use incoming XAUTH VID when picking best connection [Philippe]
* XAUTH: pam was failing when built with USE_LIBCAP_NG=true [Philippe Vouters]
* XAUTH: Fixup of defines [Paul/Philippe]
* XAUTH: Don't use XAUTH VID to put conn in policy XAUTH [Andrey Alexandrenko]
* XAUTH: Fix XAUTH TYPE handling and logging [Philippe]
* IKEv2: Comply to RFC's for "must be zero" to ignore instead of abort [Paul]
         (rhbz#831669)
* IKEv2: road warrior support [Antony/Paul/Avesh]
* IKEv2: narrowing code extended to cover ports,protocol,subnets [Antony/Paul]
* Only set MODP768_MODULUS with USE_VERYWEAK_DH1 [Paul]
* NETKEY: ignore interfaces= line for NETKEY [Paul]
* NETKEY: Fix for three AES-GCM issues with key lengths 128, 192, 256 bits
          and IV of 8, 12, 16 bytes as per RFC 4106 [Avesh]
* NETKEY: Labeled IPsec updates [Avesh]
* NETKEY: Support for SHA384/SHA512 and integ(ikev2)  in ESP [Avesh]
* NETKEY: In _updown.netkey, insert route on correct interface when nexthop
          is used [Tuomo]
* NETKEY: Revert "Always use XFRM_MSG_UPDPOLICY instead of XFRM_MSG_NEWPOLICY"
          This caused module unload issues and XFRM_MSG_REPLACE errors [Paul]
* KLIPS: Removed support for Linux < 2.4.4 [Paul]
* KLIPS: Changed _startklips to use ip route instead of netstat [Harald]
* KLIPS: misc. fixes, mostly satot() related [David]
* KLIPS: 20% speed gain on transmitting packets [David]
* MAST: Fixed _updown.mast missing incomplete if-clause [Harald]
* SAREF: kernel patches updated to linux 3.2.0 [Simon Deziel]
* addconn: mimic _plutoload, cleanup and fixup of functions [Paul]
* scripts: Support /etc/sysconfig/ipsec and /etc/default/ipsec (rhbz#789917)
* _stackmanager: new script replacing _startnetkey/_startklips [Paul]
* barf: do not grep lastlog, wtmp, tmp (rhbz#771612) [Paul]
* verify: ported ipsec verify from perl to python [Paul]
* verify: check ipsec.conf, ipsec.secrets syntax [Paul]
* verify: warn on newly obsoleted keywords [Paul]
* auto: fix --status output for vnet/vhost case [Ani]
* copyright: Removed obsoleted/unmaintained "ipsec copyright" command [Paul]
* showdefaults: removed ipsec showdefaults [Paul]
* _include: Removed obsolete _include program [Paul]
* policy: Removed broken 'ipsec policy' [Paul]
* mailkey: Removed obsolete command. Was already not build or installed [Paul]
* scripts: phased out /var/run/pluto/ipsec.info [Paul]
* OSX: Set __APPLE_USE_RFC_3542 required for udpfromto functionality [Paul]
* DOCS: Add man page leftid= note on Cisco ID_KEY_ID Group Name [Philippe]
* liblibreswan: Remove unused optionsfrom() temp file handling [Paul]
* liblibreswan: Support comma's inside OID's by using ",," to mean ","
  inside the OID (rhbz#868986) [Matt Rogers]
* initsystems: Native support for systemd, upstart and sysvinit [Paul/Wes]
* testing: Ported broken UML harness to KVM/libvirt/9p [Paul/Antony]
           (see the wiki on libreswan.org for details on how to use it)
* packaging: Updated libreswan.spec to reflect updated options [Paul]
* packaging: /usr/lib{64}/ipsec is no longer used [Paul]
* manpages: Build during build phase, not during install phase [Wes]
* compiling: Update standard compile options to be more hardened [Paul]
* Bugtracker bugs fixed:
     #7    after 'make install' - check if the service is enabled
           or not and notify the user [Wes]
     #9    install /etc/pam.d/pluto if USE_XAUTH=true [Wes]
     #25   addconn behaves differently from whack regarding case  [Paul]
     #33   warn on /usr/local install with selinux enabled [Wes]
     #40   ensure make install checks and restorecon's SElinux policies [Wes]
  osw#993  ipsec showhostkey: wrong kind of key PPK_XAUTH [Philippe Vouters]
  osw#1308 forceencaps= setting does now show up in "ipsec auto --status"
           [Matt Rogers]
  osw#1329 IKEv2 core dumps on 2.6.32 with changes backported from the 2.6.38
           tree [Steve Lanser]
  osw#1334 Block rules created by openswan remain even after tunnel
           establishment or XFRM_MSG_POLEXPIRE [Panagiotis Tamtamis]
  osw#1349 pluto logging no subjectAltName matches ID '%fromcert', replaced
           by subject DN [Tuomo]
  osw#1359 Openswan L2TP and IPhone vpn connection [Paul]
  osw#1370 Segfault on no new line at the end of ipsec.conf [Wes]
  osw#1375 ipsec verify uses perl, should use python [Paul]
  osw#1381 XAuth: the variable PLUTO_XAUTH_USERNAME is empty in the updown
   	   script [Bram]
  osw#1384 confusing output from ipsec auto --status [Bram]

For older changes, see docs/CHANGES.openswan