From 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 Mon Sep 17 00:00:00 2001
From: Rene Mayrhofer <rene@mayrhofer.eu.org>
Date: Wed, 21 Oct 2009 11:14:02 +0000
Subject: [svn-upgrade] Integrating new upstream version, strongswan (4.3.4)

---
 NEWS | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index d38e9fe67..6cf4d080d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,37 @@
+strongswan-4.3.4
+----------------
+
+- IKEv2 charon daemon ported to FreeBSD and Mac OS X. Installation details can
+  be found on wiki.strongswan.org.
+
+- ipsec statusall shows the number of bytes transmitted and received over
+  ESP connections configured by the IKEv2 charon daemon.
+
+- The IKEv2 charon daemon supports include files in ipsec.secrets.
+
+
+strongswan-4.3.3
+----------------
+
+- The configuration option --enable-integrity-test plus the strongswan.conf
+  option libstrongswan.integrity_test = yes activate integrity tests
+  of the IKE daemons charon and pluto, libstrongswan and all loaded
+  plugins. Thus dynamic library misconfigurations and non-malicious file
+  manipulations can be reliably detected.
+
+- The new default setting libstrongswan.ecp_x_coordinate_only=yes allows
+  IKEv1 interoperability with MS Windows using the ECP DH groups 19 and 20.
+
+- The IKEv1 pluto daemon now supports the AES-CCM and AES-GCM ESP
+  authenticated encryption algorithms.
+
+- The IKEv1 pluto daemon now supports V4 OpenPGP keys.
+
+- The RDN parser vulnerability discovered by Orange Labs research team
+  was not completely fixed in version 4.3.2. Some more modifications
+  had to be applied to the asn1_length() function to make it robust.
+
+
 strongswan-4.3.2
 ----------------
 
-- 
cgit v1.2.3