Correct PPTP server firewall rules chain.

[tomato/davidwu.git] / release / src / router / xl2tpd / CHANGES

v1.3.2 (unreleased)
* Remove unused variables reported by gcc -Wunused [Paul Wouters]

v1.3.1 (Oct 6, 2011)
* Suse updated to spec and init files [Shinichi Furuso]
* SAREF: Changed IP_IPSEC_REFINFO to global option "saref refinfo" [Paul]
* samples: cleaned up samples and removed broken ones [Tuomo]

v1.3.0 (July 23, 2011)
* Added xl2tpd-control [Alexander Dorokhov]
* Added 'a' (add) and 'd' (delete) control options [Alexander Dorokhov]
* Refresh debian/ from Debian. [Roberto C. Snchez]
* Buffer overrun in reading >16 char l2tp-secrets [Matt Domsch]
  (https://bugzilla.redhat.com/show_bug.cgi?id=689178)
* xl2tpd may leaks file descriptors [Steve Barth]
* xl2tpd: field o_pad in "struct payload_hdr" unnecessary. RFC 2661 [Ilya]
* Fix logging in write_packet() [Ilya]
* Bug tracker bugs fixed:
  #1119 Segfault upon config error [Andrey Cherny]
  #1223 Gentoo QA warning: dereferencing pointer [Andrey Cherny]
  #1236 xl2tpd hungs and wont redial after communication fail [Andrey Cherny]
  #1237 delayed null pointer check [Andrey Cherny]

v1.2.8
* Makefile: fix compilation with --as-needed linker flag [Vladimir V. Kamarzin]
* Workaround for apple clients missing htons() [Brian Mastenbrook]
* Log destination ip and port in case of send failure [Mika Ilmaranta]
* Added Default-Stop: to fedora initscript [Paul]
* Bug tracker bugs fixed:
  #1078 xl2tpd doesn't pass 'ipparam' to pppd and pppd won't get
        client ip (Xiaoguang WANG)

v1.2.7
* Reduce time in signal handlers where we cannot log [Shinichi Furuso]
* Add rx/tx bps speed setting options [Tony Hoyle]
  (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578070)
* Rename FFLAGS to IPFLAGS to avoid clashing on debian [Paul]
* spelling fix (dont -> don't) [Paul]

v1.2.6
* Partial fix for compiling on OpenBSD [synapse]
* add missing setting of logopen=1 in init_log() [Shingo Yamawaki]
* xltpd could deadlock on syslog() call in signal handler [Bart Trojanowski] 
* fix fedora/centos spec file [Paul]

v1.2.5
* Fix initscript for https://bugzilla.redhat.com/show_bug.cgi?id=247100
* Fix for two Windows machines behind the same NAT with the samed
  number of l2tp connection attempts since boot [Shinichi Furuso]

v1.2.4
* Fixes to Suse spec file [Shingo Yamawaki]
* unclutter logs for 'select timeout' [Shingo Yamawaki]
* Make sure child_handler and destroy_call won't conflict when pppd is killed
  [Mika Ilmaranta/ Tuomo]
* Workaround for broken kernels that send duplicate pids to waitpid()
  See: https://bugzilla.redhat.com/show_bug.cgi?id=486945 [Mika / Tuomo]
* Fix pppd option from legacy -detach to nodetach [Tuomo]
  
v1.2.3
* Fixes for prefix/destdir and spec files [paul/tuomo]
* Use pcap not pcap-devel on suse, rhel and centos [paul/tuomo/shingo]
* Added pfc to contrib. pfc is a tool to compile active-filters
  for pppd, which can be used for dial-on-demand filters [paul/roberto]
* Bug tracker bugs fixed
  # 998: xl2tpd-1.2.2 Makefile sets wrong path for mandir 

v1.2.2
* PPP CHAP authentication using plugin passwordfd.so failed [tgohad@mvista.com]
* Use SIGALRM only in select(). This prevents a problem where a pppd child
  (eg ntpd via ppp-up.d/ script) is using signaling too. [Shingo Yamawaki]
* A file descriptor is left opened when exec'ing pppd. [Shingo Yamawaki]
* When select() is interrupted, readfds should not be used. [Shingo Yamawaki]
* Modifications to Makefile to support DESTDIR [paul]
* Modifications to compile on OpenBSD [Stephen Ayotte]
* Bug tracker bugs fixed
  #955: refuse authentication is backward for LAC sections [Dean Scarff]

v1.2.1
* Fixes to Suse init file and spec file [paul]
* Changed some build defaults in Makefile [paul]

v1.2.0
* Synchronised IP_IPSEC_REFINFO define with KLIPSNG patch [paul]
* Fixed versioning and bumped to 1.2.0 [paul]

v1.1.12
* Fix for dropped packets and wrong disconnects. [Ray Overland / Tuomo]
* Included debian directory from Roberto C. Sanchez <roberto@connexer.com> 

v1.1.11
* Support for passwordfd when using xl2tpd as client.
  Patch by David MacKinnon <blaedd@google.com>
* Add DEBUG_AUTH comments to the Makefile [paul]
* Workaround for Cisco routers that do not send transmit speed or framing
  type [paul]
* Fix two old l2tpd references to xl2tpd (syslog used wrong name) [paul]

v1.1.10
* add pid to pppd logging [tuomo]
* don't specify compiler flags (overrides packaging flags in rpm) [tuomo]
* minor documentation fixes [tuomo/paul]

v1.1.09
* Forgot to bump version number, so to avoid confusing, I bumped everything
  to 1.1.09

v1.1.08
* Confirmed pppd bug of not always terminating on SIGTERM. The new define
  TRUST_PPPD_TO_DIE determins whether we send SIGTERM or SIGKILL, with
  SIGKILL being the (new) default. (ppp-2.4.2-6.4.RHEL4 is known to be
  broken)

v1.1.07
* Fix for unaligned header field accesses crashes on RISC by Dave S. Miller
  (# 735)
* Added and enabled pppd debugging code to assist locating a serious
  xl2tpd infinite loop when pppd does not die after a SIGTERM.
* Complete support for pppol2tp's kernel mode L2TP. Patch by Cedric
* Make spec file Fedora Extras compliant
* Added pppol2tp-linux-2.4.27.patch to contrib/
* Pidfile fixes (by Tuomo)
* Fix creation of pid file if /var/run/xl2tpd does not exist.
* Fix compile without SANITY defined (Charlie Brady <charlieb@moodindigo.ca>)
* Fix configuration filename for the ppp options file (#725 by Tuomo)
* Fixes to compile with all DEBUG_* statements enabled
* Documented all DEBUG_* statements in Makefile

v1.1.06
* Build xl2tpd and use /etc/xl2tpd/xl2tpd.* configuration files with fallback
  to /etc/l2tpd/l2tpd.* configuration files.
* Support for pppol2tp's kernel mode L2TP.
  Patch by Cedric Schieli <cschieli@gmail.com>
* Documented IPsec SA reference tracking for use with Openswan
* Added patents documentation.
* Migration support on xl2tpd.spec for l2tpd -> xl2tpd

v1.1.05
* Changed versioning scheme to match Xelerance standards
* IPsec SA reference tracking added (used with Openswan's IPsec transport mode)
  This adds support for multiple clients behind the same NAT router, and
  multiple clients on the same internal IP behind different NAT routers.
* Fix for Windows clients that send the wrong tunnel ID for closing tunnels

v1.04
* actually, 1.03 tag in GIT was in the wrong place. This is the right release.

v1.03
* fixes for gcc 4.xx compilation

v1.02
* udpated CHNANGELOG

v1.01
* various debugging added, but debugging should not be on by default
* async/sync conversion routines must be ready for possibility that the read
  will block due to routing loops
* refactored control socket handling.
* use man page in doc/
* move all logic about pty usage to pty.c try ptmx first. if it fails try
  legacy ptys
* rename log() to l2tp_log(), as "log" is a math function.

v1.00
* First version managed by Xelerance, called xl2tpd.
* If we aren't deamonized, then log to stderr.
* added install: and DESTDIR support 

0.70
--
Change path for config files from /etc/l2tp to /etc/l2tpd (jacco2@dds.nl)
Turn of echo no ptys to pppd (Damien de Soto)
Add pty name to command line passed to pppd (Chris Wilson)
Added listen-addr parameter to l2tpd.conf (jacco2@dds.nl)
Close stdin when in daemon mode (jacco2@dds.nl)
Improve interoperability with MSL2TP (jacco2@dds.nl)
Eliminate some warnings (jacco2@dds.nl)

0.69
--
Edited l2tpd.conf.5 man page to correct some information
Added l2tpd.8 and l2tp-secrets.5 man pages
Zero'ed out memory malloced to hold challenge, otherwise we may pass
    wrong challenge to md5 code

0.68
--
Updated copyright notice on all relevent files
Changed vendor name as it appears in AVP's
Add new sources of randomness, reading /dev/urandom
Seed rand() with time()
Stubs available for egd randomness source, not implemented yet though
Don't close fd 0 as workaround for signal problems in daemon mode
Fix some off by 6 errors in avp handling

0.67
--
close pty connecting to pppd in child_handler()
Add code to daemonize correctly
Add command line options
    -D to not daemonize
    -p to specify a pidfile
    -c to specify a config file
    -s to specify a secrets file
Catch a SIGHUP that's coming from who-knows-where and do nothing

0.66
--
Fixed tunnel authentication mechanism so that it works!
Fixed several segfaults...some in debugging code

0.65.1
--
Reformatted all .c and .h files using GNU indent

0.65
--
Fix to handling SLI packets
reformatted some code in a few small places
Added valid, new (since L2TP draft days) result codes
autodialed calls switched to be "Incoming calls" rather than "Outgoing"
Re-arranged some header declarations
Remote systems may use the same Tunnel ID...this is OK
Look for l2tpd.conf in /etc/l2tp and in /etc/l2tpd...look for
    l2tp-secrets int he same directory
Portability enhancement (act.sa_restorer only used on i386?)
    (Jean-Francois Dive)

0.64
--
Too many that I lost track...
Scaleability improvements from Huiban Yoann at Siemens
Rudimentary Outgoing Call Request system
As in CREDITS, "an uncountable amount of little bug fixes"

0.63
--
Syslog support added!!!
Improved data sequencing & flow control serial number checking
Removed call flow/session control serial number checking in ICRQ
  -- Did we do this already and we're going mindless? :D
Removed checking of now-defunct R bit
Changed PPP framing to always sync
Various and asundry other fixes

NOW OPERABLE WITH CISCO IOS 12.1
Continued interoperability improvements with Windows 2000 clients

0.62
--
Removed call flow/session control (inapplicable as of RFC spec draft 13)
Corrected invalid Receive Window Size AVP in ICCN
Corrected Bearer Capabilities non-requirement in SCCRQ & SCCRP
Verified operability with Cisco 3000 series

0.61
--
Fixed shutdown of PPPd from SIGKILL to SIGTERM
Beginning code cleanup and interoperability testing