From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 18 Dec 2018 13:48:18 +0000 (+0100)
Subject: NEWS: More news for 5.7.2
X-Git-Tag: 5.7.2rc1~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d1e58e11f75685ec7aa42472e5824ef31a67833a;p=thirdparty%2Fstrongswan.git

NEWS: More news for 5.7.2
---

diff --git a/NEWS b/NEWS
index 5870fe0cbe..e7bc3cc60a 100644
--- a/NEWS
+++ b/NEWS
@@ -12,17 +12,41 @@ strongswan-5.7.2
   necessary to manually enable charon.plugins.tpm.fips_186_4 if the TPM doesn't
   use the maximum salt length.
 
+- swanctl now accesses directories for credentials relative to swanctl.conf, in
+  particular, when it's loaded from a custom location via --file argument.  The
+  base directory that's used if --file is not given is configurable at runtime
+  via SWANCTL_DIR environment variable.
+
+- With RADIUS Accounting enabled, the eap-radius plugin adds the session ID to
+  Access-Request messages, simplifying associating database entries for IP
+  leases and accounting with sessions.
+
+- IPs assigned by RADIUS servers are included in Accounting-Stop even if clients
+  don't claim them, allowing releasing them early on connection errors.
+
+- Selectors installed on transport mode SAs by the kernel-netlink plugin are
+  updated on IP address changes (e.g. via MOBIKE).
+
 - Added support for RSA signatures with SHA-256 and SHA-512 to the agent plugin.
   For older versions of ssh/gpg-agent that only support SHA-1, IKEv2 signature
   authentication has to be disabled via charon.signature_authentication.
 
 - The sshkey and agent plugins support Ed25519/Ed448 SSH keys and signatures.
 
+- The openssl plugin supports X25519/X448 Diffie-Hellman and Ed25519/Ed448 keys
+  and signatures when built against OpenSSL 1.1.1.
+
 - Ed25519, ChaCha20/Poly1305, SHA-3 and AES-CCM were added to the botan plugin.
 
 - The mysql plugin now properly handles database connections with transactions
   under heavy load.
 
+- IP addresses in HA pools are now distributed evenly among all segments.
+
+- On newer FreeBSD kernels, the kernel-pfkey plugin reads the reqid directly
+  from SADB_ACQUIRE messages, i.e. not requiring previous policy installation by
+  the plugin, e.g. for compatibility with if_ipsec(4) VTIs.
+
 
 strongswan-5.7.1
 ----------------