From bf372706c469764d59e9f29c39e3ecbebd72b8d2 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Sat, 16 Jul 2016 15:19:53 +0200 Subject: Imported Upstream version 5.5.0 --- NEWS | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 8de6cac4e..db30df1d2 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,41 @@ +strongswan-5.5.0 +---------------- + +- The new libtpmtss library offers support for both TPM 1.2 and TPM 2.0 + Trusted Platform Modules. This allows the Attestation IMC/IMV pair to + do TPM 2.0 based attestation. + +- The behavior during IKEv2 exchange collisions has been improved/fixed in + several corner cases and support for TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND + notifies, as defined by RFC 7296, has been added. + +- IPsec policy priorities can be set manually (e.g. for high-priority drop + policies) and outbound policies may be restricted to a network interface. + +- The scheme for the automatically calculated default priorities has been + changed and now also considers port masks, which were added with 5.4.0. + +- FWD policies are now installed in both directions in regards to the traffic + selectors. Because such "outbound" FWD policies could conflict with "inbound" + FWD policies of other SAs they are installed with a lower priority and don't + have a reqid set, which allows kernel plugins to distinguish between the two + and prefer those with a reqid. + +- For outbound IPsec SAs no replay window is configured anymore. + +- Enhanced the functionality of the swanctl --list-conns command by listing + IKE_SA and CHILD_SA reauthentication and rekeying settings, and EAP/XAuth + identities and EAP types. + +- DNS servers installed by the resolve plugin are now refcounted, which should + fix its use with make-before-break reauthentication. Any output written to + stderr/stdout by resolvconf is now logged. + +- The methods in the kernel interfaces have been changed to take structs instead + of long lists of arguments. Similarly the constructors for peer_cfg_t and + child_cfg_t now take structs. + + strongswan-5.4.0 ---------------- -- cgit v1.2.3