Changes:

Note: For tracking purposes, the (name1/name2) means (author/who merged
the code into cvs)

1.99.8
* Applied freeswan-msl2tp-payload-malformed-workaround.patch (jjo)
* Add support for ID_FQDN (kb)
* Applied NAT-T 0.6 diffs (ml/ts/kb)
* Applied X.509 0.9.32 diffs (fix port selector bug) (as/kb)
* Added RFC3526 support (MODP Groups) (jjo)
* Fix libsha2/libaes/twofish compiling bug (-fomit-frame-pointer typos) (kb)

1.99.7.3
* Added X.509 0.9.31 diffs - fixed RSA certs (as/kb)

1.99.7.2
* Added X.509 0.9.30 diffs - fixes wildcard DNs (as/kb)


1.99.7.1
* Added X.509 0.9.29 diffs (as/kb)
* Compile fix for some versions of Linux kernel which didn't like " " in
  the config.in files (kb)
* Fix for GCC 3.3 compiling spi.c (trivial whitespace fix)
* Added contib/fswcert - from http://www.strongsec.com/freeswan/old.htm


1.99.7
* Added X.509 0.9.27 diffs (as/kb)
* Added X.509 0.9.28 diffs (as/kb)
* Fix for 1DES in 56bit mode (jjo)
* Fix for building ALG's on 2.2.x (jjo)
* Dead Peer Detection (draft-ietf-ipsec-dpd-02) - based on Snapgear patch,
  ported into Super FreeS/WAN by Paweł Krawczyk (pk), JuanJo Ciarlante
  (jjo) and myself (kb).  Run "man ipsec.conf" to see how to use the dpd*
  parameters.
* contrib/ipsecrets2pem - convert from /etc/ipsec.secrets RSA key
  to PEM RSA key format; it acts as a stdin/out filter. (jjo)


* Dead Peer Detection (draft-ietf-ipsec-dpd-02) - based on Snapgear patch, 
  ported into Super FreeS/WAN by Paweł Krawczyk (pk), JuanJo Ciarlante 
  (jjo) and myself (kb).  Run "man ipsec.conf" to see how to use the dpd*
  parameters.
* Several changes to Aggressive Mode support - 4 patches from Henrik were 
  applied.  These fix the assert() crash reported on the mailing list, make 
  support more strict (only do aggressive mode if enabled), fixes for 
  Aggressive Mode Roadwarriors, and some better error reporting (hn/kb)


1.99.6.2
* Fix for running OE w/NAT, where clients behind OE/NAT GW would only be
  able to reach OE enabled hosts, meaning 99% of connections failed. (mcr/kb)
* Added X.509 0.9.27 diffs (as/kb)
* Fix for 1DES in 56bit mode (jjo)
* Fix for building ALG's on 2.2.x (jjo)
* Fix for nicer debug message (jam/kb)
* Added X.509 0.9.28 diffs (as/kb)

1.99.6.1
* Fix to connections.c for connection not found problems (introduced as
  part of the X.509 0.9.25 patch (as/kb)
* Update docs to reflect the new requirement for cryptoapi package (kb)
* Fix for compiling ALG 3DES when the internal 3DES is disabled - this
  lead to libdes.a build errors. (jjo)

1.99.6
* Check for cryptoapi support during config for ALG (mcp/kb)
* Change utils/setup to stop FreeS/WAN after NFS (if you have NFS mounts
  over IPSec, your machine would take ages to shutdown) (ts/kb)
* Added X.509 0.9.25 diffs (as/kb)
* Added Aggressive Mode Initiator support (Henrik/kb) 
* Fixes for ALG ESP keylen (jjo)
* Fixes for 1DES inter-op with Win2K/XP (Ard Biesheuvel/jjo)

1.99.5
* New version numbering system
* Add ALG 0.8.1rc4 - can now using cryptoapi style of alg/hash 
  registration (optional) (jjo)
* New "ipsec verify" command (Paul Wouters/kb)
* Added X.509 0.9.22 diffs (as/kb)
* Doc fixes to change --start -> --up (also broken in stock 1.99) (kb)
* Added contrib/espinudp-check.c, a little utility to test your kernel for
  ESPinUDP support.  (kb)

_kb3 to _kb4
* MTS Patch to fix AT&T's IBM VPN system.  This just does some keepalive magic
  so AT&T doesn't kill the connection. (amcedwards/kb)
* Added X.509 0.9.20 diffs (as/kb)
* Fixes to NAT-T for draft 02_n (SafeNet SoftRemote Interop) (mlafon/kb)
* Added X.509 0.9.21 diffs, which fixes OE conflict with port selectors
  (as/kb)

_kb2 to _kb3
* Change Makefile's minstall target to "make modules" first, since when
  building against never-compiled kernel sources, make modules_install
  would fail due to various modules never having been built. (kb)
* Added X.509 patch 0.9.16 and 0.9.17 with Stephen Bevan's Port Selector
  (RFC 2401) patch, with various bugfixes by Andreas Steffan. (as/kb)
* Added X.509 patch 0.9.18 diffs - bugfixes for port selectors by Andreas
* Various code-jiggery to make port selections not conflict with NAT-T
  (mlafon/kb)
* Patched from NAT-T 0.4 -> 0.5  - Adds support for new NAT-T RFC, and changes
  proposal order so SSH Sentinel, FreeS/WAN and SafeNet SoftRemote.  This also
  includes bugfix that was part of _kb2 (mlafon/kb)
* NAT-T 0.5a (bugfix for floating ports) (mlafon/kb)
* Added X.509 0.9.19 patch diffs (as/kb)

_kb1 to _kb2
* Disable NAT_T_SUPPORT_LAST_DRAFTS, as it currently breaks NAT-T support
  for FreeS/WAN to FreeS/WAN connections.  SSH Sentinel unaffected.
  Reported by Tuomo Soini.  (mlafon/kb)

_kb10 to 1.99_kb1
* Replaced docs/ with 1.99's vastly improved docs (kb)
* Final code diffs from 1.99candOc25S -> 1.99 Final (kb)
* Replaced testing/ with 1.99's testing tree (kb)

*** 1.98b_kb series below this point *** 

_kb9 to _kb10
* Bugfix for server.c to compile properly.  (Tuomo Soini/kb)
* Bugfix in libcrypto/perlasm/x86unix.pl to remove gcc2 dependacy (jjo/kb)
* Fix ESP/AH DOS from CERT (http://www.kb.cert.org/vuls/id/459371)
  in ipsec_rcv.c (backported from 1.99 - rgb/kb)
* Backport from 1.99 for new rpm building system (sam/kb)
* Backport from 1.99 for _startklips to work with new RH kernels 
  (2.4.18-17.#.x style naming) (sam/kb)
* Makefile fixes so make minstall works again (broken in 1.99cand-oct25) (kb)

_kb8 to _kb9
* Bugfix in klips Makefile for -DNAT_TRAVERSAL (mlafon/kb)
* Bugfix in pluto to not shutdown ipsec# during --rereadsecrets (dhr/kb)
* Changed libdes so it compiles with GCC 3.2 (ie: RH 8.0) (Tom Hughes/kb)

_kb7 to _kb8
* Support for Oakley Group 1 (MODP 768 bits) in IKE (ddr)
  Note: This is unsafe for production use, however it is required by RFC2409
* Bugfix for NULL cipher.  Thanks to this fix, FreeS/WAN can now talk
  ESP_NULL with KAME or Win2K.  Both fixes contributed by David De Reu
  <DeReu@tComLabs.com> JuanJo then cleaned up the NULL fix for inclusion
  here. (ddr/jjo)
* Bumped NAT-T to 0.4, which includes the bug fixed in _kb7 (math)


_kb6 to _kb7

* Fix for manual keying with NAT-T - reported by Tim Carr (math)

_kb5 to _kb6

* Fix for __fswab32 errors which caused pluto + whack not to compile. (jjo)

_kb4 to _kb5

* NAT-T Enabled by default now (math)
* Bumped X.509 patch from v0.9.14 to v0.9.15 (as/kb)
* Changed package naming format so future RPM releases are possible (kb)

_kb3 to _kb4

* Started from scratch using v1.98b tree.
* Now using NAT-T 0.3, which includes the PSK bug fix
* Now using Notify/DeleteSA 020904, which includes the Cisco Inter-op Fix

_kb2 to _kb3

* Used Pawel's patches as a baseline
* Applied DHR's Pluto Lifetime fix
* Applied NAT-T 0.2
* Applied Notify/DeleteSA patched version from Andreas Steffen
* Fix for Cisco Inter-op on SA
* Fix for PSK + NAT-T conflicts
* Included ESPinUDP version for 2.4.18 and 2.4.19

_kb2

* Never publicly released

_kb1 (aka super-freeswan-1.98b)

* Buggy, please don't use.  Use at least kb3 or newer

# RCSID $Id: CHANGES.SUPERFS,v 1.60 2003/07/08 19:03:15 ken Exp $