X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=NEWS;h=8094c3e79c448870a606cd3aca1224a4fd58b9bc;hp=ac1bf83ec30a78c86aca455cbd240f512bf68312;hb=0391d9ee80a1847381ad205b8f707e43707b90b0;hpb=4f5e39ecfaa49376b0a5c3a4c384e91a828c1105 diff --git a/NEWS b/NEWS index ac1bf83..8094c3e 100644 --- a/NEWS +++ b/NEWS @@ -1,22 +1,83 @@ * Planned for the future -Netlink device that implements an Ethernet bridge. +Please note that the 0.1 series of secnet releases is now 'maintenance +only'; further development continues in secnet-0.2. -Modular transform code: choice of block ciphers, modes, sequence -numbers / timestamps, etc. similar to IWJ's udptunnel +Debconf support - if you are using the Debian packaged version and +your secnet configuration is autogenerated using debconf then the +upgrade to version 0.2.0 should just involve installing the package; +an appropriate 0.2-style configuration file will be generated +automatically. -Path-MTU discovery for each tunnel, and fragmentation/DF support in -netlink code. +* New in version 0.1.18 -Separation of device drivers from IP router code - driver produces a -stream of packets (which has a tag indicating type and parameters). -Router module can be connected to stream to multiplex it between -different tunnels. +ipaddr.py now declares its character encoding; required by recent +versions of Python -Support for dynamic creation of streams/tunnels to cope with laptops, -etc. +* New in version 0.1.17 -See also file "TODO". +autoconf updates for cross-compilation / more modern autoconf from +Ross Younger + +MacOS X support from Richard Kettlewell + +Makefile fix: Update bison pattern rule to indicate that both the +.tab.c and .tab.h files are generated by the same command. + +i386 ip_csum implementation updated to work with modern gcc + +Rename global 'log' to 'slilog' to avoid conflict with gcc built-in +log() function. + +* New in version 0.1.16 + +XXX XXX PROTOCOL COMPATIBILITY IS BROKEN BETWEEN VERSION 0.1.16 AND +XXX XXX ALL PREVIOUS VERSIONS. + +Bugfix: rsa.c private-key now works properly when you choose not to +verify it. + +Bugfix: serpent key setup was only using the first 8 bytes of the key +material. (Oops!) Ian Jackson contributed a fix so the full 32 bytes +are used, in big-endian mode. + +Debatable-bugfix: RSA operations now use PKCS1 v1.5-style padding + +"Hacky parallelism" contributed by Ian Jackson; this permits +public-key operations to be performed in a subprocess during key +exchange, to make secnet more usable on very slow machines. This is +not compiled in by default; if you find you need it (because key +exchanges are taking more than a second or two) then add +-DHACKY_PARALLEL to FLAGS in the Makefile.in and recompile. + +udp module updates from Peter Benie: + 1) Handle the case where authbind-helper terminates with a signal + 2) Cope with signals being delivered during waitpid + 3) Add 'address' (optional) to the udp settings. This is an IP address + that the socket will be bound to. + 4) Change the endianess of the arguments to authbind-helper. + sprintf("%04X") already translates from machine repesentation to most + significant octet first so htons reversed it again. + +All uses of alloca() expunged by Peter Benie. + +make-secnet-sites now supports configurations where each tunnel gets +its own interface on the host, and the IP router code in secnet is +disabled. make-secnet-sites has been rewritten for clarity. For +information on how to configure secnet for one-interface-per-tunnel, +see the example.conf file. + +* New in version 0.1.15 + +Now terminates with an error when an "include" filename is not +specified in the configuration file (thanks to RJK). + +RSA private key operations optimised using CRT. Thanks to SGT. + +Now compiles cleanly with -Wwrite-strings turned on in gcc. + +Anything sent to stderr once secnet has started running in the +background is now redirected to the system/log facility. * New in version 0.1.14