From 15fb7904f4431a6e7c305fd08732458f7f885e7e Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Tue, 11 Mar 2014 20:48:48 +0100 Subject: Imported Upstream version 5.1.2 --- NEWS | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 35edec9b4..0d22295d4 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,49 @@ +strongswan-5.1.2 +---------------- + +- A new default configuration file layout is introduced. The new default + strongswan.conf file mainly includes config snippets from the strongswan.d + and strongswan.d/charon directories (the latter containing snippets for all + plugins). The snippets, with commented defaults, are automatically + generated and installed, if they don't exist yet. They are also installed + in $prefix/share/strongswan/templates so existing files can be compared to + the current defaults. + +- As an alternative to the non-extensible charon.load setting, the plugins + to load in charon (and optionally other applications) can now be determined + via the charon.plugins..load setting for each plugin (enabled in the + new default strongswan.conf file via the charon.load_modular option). + The load setting optionally takes a numeric priority value that allows + reordering the plugins (otherwise the default plugin order is preserved). + +- All strongswan.conf settings that were formerly defined in library specific + "global" sections are now application specific (e.g. settings for plugins in + libstrongswan.plugins can now be set only for charon in charon.plugins). + The old options are still supported, which now allows to define defaults for + all applications in the libstrongswan section. + +- The ntru libstrongswan plugin supports NTRUEncrypt as a post-quantum + computer IKE key exchange mechanism. The implementation is based on the + ntru-crypto library from the NTRUOpenSourceProject. The supported security + strengths are ntru112, ntru128, ntru192, and ntru256. Since the private DH + group IDs 1030..1033 have been assigned, the strongSwan Vendor ID must be + sent (charon.send_vendor_id = yes) in order to use NTRU. + +- Defined a TPMRA remote attestation workitem and added support for it to the + Attestation IMV. + +- Compatibility issues between IPComp (compress=yes) and leftfirewall=yes as + well as multiple subnets in left|rightsubnet have been fixed. + +- When enabling its "session" strongswan.conf option, the xauth-pam plugin opens + and closes a PAM session for each established IKE_SA. Patch courtesy of + Andrea Bonomi. + +- The strongSwan unit testing framework has been rewritten without the "check" + dependency for improved flexibility and portability. It now properly supports + multi-threaded and memory leak testing and brings a bunch of new test cases. + + strongswan-5.1.1 ---------------- -- cgit v1.2.3