1 secnet (0.4.5~) unstable; urgency=medium
7 secnet (0.4.4) unstable; urgency=medium
10 * make-secnet-sites: Don't allow setting new VPN-level properties
11 when restricted. This could allow denial of service by
12 users with delegated authorisation. [Mark Wooding]
14 Bugfixes for poor network environments:
15 * polypath: cope properly with asymmetric routing, by correcting
16 the handling of late duplicated packets etc. Protocol is now
17 incompatible with secnet prior to 0.3.0 when either end is mobile.
18 * Randomise key setup retry time.
21 * rsa and cbcmac: Fix configuration error messages. [Mark Wooding]
22 * Handle IPv4 addresses properly (ie, not foolishly byte-swapped),
23 when IPv6 is not available. [Mark Wooding]
24 * Better logging (and less foolish debug), especially about whether
25 key is set up, and about crossed key setup attempts.
26 * Internal refactoring and fixes. [Ian Jackson and Mark Wooding]
28 Build system and portability:
29 * configure: rerun autogen.sh with autoconf 2.69-10
30 * Avoid memset(0,0,0) wrt st->sharedsecret. (Fixes compiler warning;
31 in theory might cause miscompilation.) [Mark Wooding]
34 * README.make-secnet-sites: new documentation file. [Mark Wooding]
35 * NOTES: Describe current allocation of capability bits. [Mark Wooding]
36 * NOTES: tiny fix tot protocol description.
37 * secnet(8): Delete wrong information about dh groups. [Mark Wooding]
40 * Fix erroneous GPL3+ licence notices "version d or later" (!)
41 * .dir-locals.el: Settings for Python code. [Mark Wooding]
43 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 08 Sep 2019 22:53:14 +0100
45 secnet (0.4.3) unstable; urgency=low
48 * Use `mpz_powm_sec' for modexps.
51 * Implement comm-info and dedicated-interface-addr feature, for
53 * Implement `keepalive' site option, to try to keep link always up.
56 * #include <limits.h> (fixes the build on jessie).
57 * Tolerate building from a git checkout, but with git not installed.
58 (This can happen in chroots.)
59 * Turn off -Wsign-compare for bison output.
60 * Makefile.in: Fix `check-ipaddrset' rule to get reference from
61 $(srcdir). (Makes out-of-tree builds work properly.)
62 * Release checklist fixes.
63 * Burn version numbers 0.4.1 and 0.4.2 due to errors in release prep.
66 * When printing messages about dropping IPv6, do not print anything
67 about ihl. (Check the IP version field first!)
68 * When turning on debug, turn on verbose too.
70 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 25 Nov 2017 13:36:41 +0000
72 secnet (0.4.0) unstable; urgency=low
74 Debugging improvements:
75 * Packet-level debugging from site notes errors from transmit.
76 * Report when transport peers updated as a result of transmit.
78 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 28 Feb 2015 15:03:00 +0000
80 secnet (0.4.0~beta2) unstable; urgency=low
83 * Ignore IPv6 Unique Local unicast addresses.
84 * Skip "tentative" IPv6 local addresses.
85 * Improve logging and debug output.
88 * Build where size_t is not compatible with int.
90 Build system and packaging fixes:
91 * Makefile: support DESTDIR.
92 * debian/rules: set DESTDIR (not prefix).
93 * debian/rules: Support dpkg-buildflags.
94 * Install ipaddrset.py and secnet.8 with correct permissions.
95 * Fix check for <linux/if_tun.h> and git rid of our copy.
96 * Use -lresolv only if inet_aton is not found otherwise.
97 * Use -lnsl only if inet_ntoa is not found otherwise.
98 * debian/rules: Provide build-arch and build-indep targets.
99 * debian/rules: Do not run build for *-indep (!)
100 * Makefile.in: Putative dual (backport and not) release build process doc.
103 * Update to GPLv3. Add missing copyright notices and credits.
104 * Get rid of old FSF street address; use URL instead.
105 * Remove obsolete LICENCE.txt (which was for snprintf reimplementation).
106 * Remove obsolete references to Cendio (for old ipaddr.py).
108 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 28 Dec 2014 17:14:10 +0000
110 secnet (0.4.0~beta1) unstable; urgency=low
113 * Support transport over IPv6. (We do not yet carry IPv6 in the private
114 network.) IPv6 support depends on IPv6-capable adns (adns 1.5.x).
115 * New polypath comm, which can duplicate packets so as to send them via
116 multiple routes over the public network, for increased
117 reliability/performance (but increased cost). Currently Linux-only
118 but should be fairly easy to port.
119 * Support multiple public addresses for peers.
120 * Discard previously-received packets (by default).
122 Logging improvements:
123 * Report (each first) transmission and reception success and failure.
124 * Log reason for DNS reolution failure.
125 * Log unexpected kinds of death from userv.
126 * Log authbind exit status as errno value (if appropriate).
128 Configuration adjustments:
129 * Adjust default number of mobile peer addresses to store when a peer
130 public address is also configured.
131 * Make specifying peer public port optional. This avoids making special
132 arrangements to bind to a port for in mobile sites with no public
136 * Hackypar children will die if they get a terminating signal.
137 * Fix signal dispositions inherited by secnet's child processes.
138 * Fix off-by-one error which prevented setting transport-peers-max to 5.
140 Test, build and internal improvements:
141 * Use conventional IP address handling library ipaddr.py.
142 * Provide a fuzzer for the slip decoder.
143 * Build system improvements.
144 * Many source code cleanups.
146 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 15:28:31 +0000
148 secnet (0.3.4) unstable; urgency=low
151 * The previous security fix to buffer handling was entirely wrong. This
152 one is better. Thanks to Simon Tatham for the report and the patch.
154 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 22 Sep 2014 16:16:11 +0100
156 secnet (0.3.3) unstable; urgency=high
159 * Pass correct size argument to recvfrom. This is a serious security
160 problem which may be exploitable from outside the VPN.
161 * Fix a memory leak in some error logging.
164 * Two other latent bugs in buffer length handling found and fixed.
165 * Non-critical stylistic improvements to buffer length handling, to make
166 the code clearer and to assist audit.
168 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 23:50:45 +0100
170 secnet (0.3.3~beta1) unstable; urgency=low
172 Installation compatibility fix:
173 * In make-secnet-sites, always use our own ipaddr.py even if the
174 incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb).
175 (Future versions of secnet are going to need that Python module to be
178 For links involving mobile sites:
179 * Use source of NAK packets as hint for peer transport address.
180 * When initiating rekey, make use of data transport peer addresses.
183 * Provide clean target in test-example/Makefile.
185 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 00:11:44 +0100
187 secnet (0.3.2) unstable; urgency=low
189 * Release of 0.3.2. No code changes since 0.3.1~beta1.
191 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 26 Jun 2014 20:27:58 +0100
193 secnet (0.3.2~beta1) unstable; urgency=low
195 For links involving mobile sites:
196 * SECURITY: Properly update peer address array when it is full.
197 * Do name-resolution on peer-initiated key setup too, when we are mobile
198 (and other name-resolution improvements).
200 Other minor improvements:
201 * Log peer addresses on key exchange timeout.
202 * When printing version (eg during startup), use value from git-describe
203 and thus include git commit id where applicable.
204 * Updates to release checklist in Makefile.in.
205 * Use C99 _Bool for bool_t.
207 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 06 Jun 2014 01:17:54 +0100
209 secnet (0.3.1) unstable; urgency=low
211 * Release of 0.3.1. No code changes since 0.3.1~beta3.
213 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 15 May 2014 01:08:30 +0100
215 secnet (0.3.1~beta3) unstable; urgency=low
217 * Build fixes for non-i386 architectures and gcc 4.8.2.
219 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 08 May 2014 19:53:43 +0100
221 secnet (0.3.1~beta2) unstable; urgency=low
223 Fix relating to new fragmentation / ICMP functionality:
224 * Generate ICMP packets correctly in point-to-point configurations.
226 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 03 May 2014 18:58:09 +0100
228 secnet (0.3.1~beta1) unstable; urgency=low
230 Security fixes (vulnerabilities are to inside attackers only):
231 * SECURITY: Fixes to MTU and fragmentation handling.
232 * SECURITY: Correctly set "unused" ICMP header field.
233 * SECURITY: Fix IP length check not to crash on very short packets.
236 * Make the inter-site MTU configurable, and negotiate it with the peer.
239 * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
240 * Fix formatting error in p-t-p startup message.
241 * Do not send ICMP errors in response to unknown incoming ICMP.
242 * Fix formatting error in secnet.8 manpage.
243 * Internal code rearrangements and improvements.
245 Packaging improvements:
246 * Updates to release checklist in Makefile.in.
247 * Additions to the test-example suite.
249 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100
251 secnet (0.3.0) unstable; urgency=low
253 * Release of 0.3.0. No code changes since 0.3.0~beta3.
254 * Update release checklist.
256 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 01 Sep 2013 20:27:48 +0100
258 secnet (0.3.0~beta3) unstable; urgency=low
260 * New upstream version.
261 - Stability bugfix: properly initialise site's scratch buffer.
263 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 05 Aug 2013 11:54:09 +0100
265 secnet (0.3.0~beta2) unstable; urgency=low
267 * New upstream version.
268 - SECURITY FIX: RSA public modulus and exponent buffer overflow.
269 - SECURITY FIX: Use constant-time memcmp for message authentication.
270 - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
271 - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
272 - SECURITY FIX: Fix site name checking when site name A is prefix of B.
273 - SECURITY FIX: Safely reject too-short IP packets.
274 - Better robustness for mobile sites (proper user of NAKs, new PROD msg).
275 - Better robustness against SLIP decoding errors.
276 - Fix bugs which caused routes to sometimes not be advertised.
277 - Protocol capability negotiation mechanism.
278 - Improvements and fixes to protocol and usage documentation.
279 - Other bugfixes and code tidying up.
281 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 25 Jul 2013 18:26:01 +0100
283 secnet (0.3.0~beta1) unstable; urgency=low
285 * New upstream version.
286 - SECURITY FIX: avoid crashes (or buffer overrun) on short packets.
287 - Bugfixes relating to packet loss during key exchange.
288 - Bugfixes relating to link up/down status.
289 - Bugfixes relating to logging.
290 - make-secnet-sites made more sophisticated to support two vpns on chiark.
291 - Documentation improvements.
292 - Build system improvements.
293 * Debian packaging improvements:
295 - Maintainer / uploaders.
296 - init script requires $remove_fs since we're in /usr.
298 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 12 Jul 2012 20:18:16 +0100
300 secnet (0.2.1-1) unstable; urgency=low
302 * New upstream version. (authbind endianness fix)
304 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 11 Dec 2011 13:14:57 +0000
306 secnet (0.2.0-1) unstable; urgency=low
308 * New upstream version.
310 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 10 Dec 2011 22:44:41 +0000
312 secnet (0.1.18-1) unstable; urgency=low
314 * New upstream version.
316 -- Stephen Early <steve@greenend.org.uk> Tue, 18 Mar 2008 17:45:00 +0000