[src/netbsd-6]: src Pull up following revision(s) (requested by drochner in t...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/75722062c782
branches:  netbsd-6
changeset: 774571:75722062c782
user:      riz <riz%NetBSD.org@localhost>
date:      Mon Sep 03 18:45:42 2012 +0000

description:
Pull up following revision(s) (requested by drochner in ticket #527):

mention switch to FAST_IPSEC in January

diffstat:

 distrib/notes/common/main |  17 ++++++++++++++++-
 doc/CHANGES               |   4 +++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diffs (56 lines):

diff -r d5047426e179 -r 75722062c782 distrib/notes/common/main
--- a/distrib/notes/common/main Mon Sep 03 18:41:15 2012 +0000
+++ b/distrib/notes/common/main Mon Sep 03 18:45:42 2012 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: main,v 1.484.2.1 2012/08/17 23:53:48 riz Exp $
+.\"    $NetBSD: main,v 1.484.2.2 2012/09/03 18:45:42 riz Exp $
 .\"
 .\" Copyright (c) 1999-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -500,6 +500,15 @@
 .Xr groff 1
 can still be found in pkgsrc as
 .Pa textproc/groff .
+.It
+.Xr kame_ipsec 4
+has been replaced by
+.Xr fast_ipsec 4 .
+The option to use the old implementation (see
+.Xr options 4 )
+will be removed in the next
+.Nx
+release.
 .bullet)
 .
 .Ss "The NetBSD Foundation"
@@ -747,6 +756,12 @@
 .Xr sysctl 8
 command or through
 .Xr sysctl.conf 5 .
+.Pp
+The implementation of SHA2-HMAC in KAME_IPSEC as used in NetBSD-5
+and before did not comply to current standards.
+FAST_IPSEC does, with the result that old and new systems cannot
+communicate over IPSEC, if one of the affected authentication
+algorithms (hmac_sha256, hmac_sha384, hmac_sha512) is used.
 .
 .Ss2 Issues affecting an upgrade from NetBSD 4.x releases
 .Pp
diff -r d5047426e179 -r 75722062c782 doc/CHANGES
--- a/doc/CHANGES       Mon Sep 03 18:41:15 2012 +0000
+++ b/doc/CHANGES       Mon Sep 03 18:45:42 2012 +0000
@@ -1,4 +1,4 @@
-# LIST OF CHANGES FROM LAST RELEASE:                   <$Revision: 1.1670.2.8 $>
+# LIST OF CHANGES FROM LAST RELEASE:                   <$Revision: 1.1670.2.9 $>
 #
 #
 # [Note: This file does not mention every change made to the NetBSD source tree.
@@ -1213,6 +1213,8 @@
                using large pages). [chs 20111204]
        adventure(6): New save file format. Please regenerate (restore
                and re-save) any old save files. [dholland 20120107]
+       ipsec(4): Make FAST_IPSEC the default IPSEC implementation.
+               [drochner 20120109]
        x86, xen: Add cpu ucode loading support via cpuctl(8). [cegger 20120113]
        sandpoint: Netronix NH-230/231 and compatible NAS are supported.
                [phx 20120114]