1 secnet (0.3.1~beta1) unstable; urgency=low
3 Security fixes (vulnerabilities are to inside attackers only):
4 * SECURITY: Fixes to MTU and fragmentation handling.
5 * SECURITY: Correctly set "unused" ICMP header field.
6 * SECURITY: Fix IP length check not to crash on very short packets.
9 * Make the inter-site MTU configurable, and negotiate it with the peer.
12 * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
13 * Fix formatting error in p-t-p startup message.
14 * Do not send ICMP errors in response to unknown incoming ICMP.
15 * Fix formatting error in secnet.8 manpage.
16 * Internal code rearrangements and improvements.
18 Packaging improvements:
19 * Updates to release checklist in Makefile.in.
20 * Additions to the test-example suite.
22 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100
24 secnet (0.3.0) unstable; urgency=low
26 * Release of 0.3.0. No code changes since 0.3.0~beta3.
27 * Update release checklist.
29 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 01 Sep 2013 20:27:48 +0100
31 secnet (0.3.0~beta3) unstable; urgency=low
33 * New upstream version.
34 - Stability bugfix: properly initialise site's scratch buffer.
36 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 05 Aug 2013 11:54:09 +0100
38 secnet (0.3.0~beta2) unstable; urgency=low
40 * New upstream version.
41 - SECURITY FIX: RSA public modulus and exponent buffer overflow.
42 - SECURITY FIX: Use constant-time memcmp for message authentication.
43 - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
44 - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
45 - SECURITY FIX: Fix site name checking when site name A is prefix of B.
46 - SECURITY FIX: Safely reject too-short IP packets.
47 - Better robustness for mobile sites (proper user of NAKs, new PROD msg).
48 - Better robustness against SLIP decoding errors.
49 - Fix bugs which caused routes to sometimes not be advertised.
50 - Protocol capability negotiation mechanism.
51 - Improvements and fixes to protocol and usage documentation.
52 - Other bugfixes and code tidying up.
54 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 25 Jul 2013 18:26:01 +0100
56 secnet (0.3.0~beta1) unstable; urgency=low
58 * New upstream version.
59 - SECURITY FIX: avoid crashes (or buffer overrun) on short packets.
60 - Bugfixes relating to packet loss during key exchange.
61 - Bugfixes relating to link up/down status.
62 - Bugfixes relating to logging.
63 - make-secnet-sites made more sophisticated to support two vpns on chiark.
64 - Documentation improvements.
65 - Build system improvements.
66 * Debian packaging improvements:
68 - Maintainer / uploaders.
69 - init script requires $remove_fs since we're in /usr.
71 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 12 Jul 2012 20:18:16 +0100
73 secnet (0.2.1-1) unstable; urgency=low
75 * New upstream version. (authbind endianness fix)
77 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 11 Dec 2011 13:14:57 +0000
79 secnet (0.2.0-1) unstable; urgency=low
81 * New upstream version.
83 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 10 Dec 2011 22:44:41 +0000
85 secnet (0.1.18-1) unstable; urgency=low
87 * New upstream version.
89 -- Stephen Early <steve@greenend.org.uk> Tue, 18 Mar 2008 17:45:00 +0000