1 secnet (0.6.0~) unstable; urgency=medium
3 * secnet: Make stderr line buffered
4 * logfile: Log to stderr by default (`filename' key now optional)
5 * logfile: Do not log differently with --nodetach
6 * logfile: New `prefix' option.
8 internal refactorings in secnet
11 * stest: Use stderr, not tty, for logging
12 * stest: Use new `prefix' option.
13 * stest: Add debug logs
14 * tests, mtest: Provide and use `prexec' for helping with debugging
15 * stest: Print the secnet runes we run
16 * stest: Print the special env vars we pass to secnet
17 * stest: Don't prefix ./ with another ./, in socktmp
18 * stest: Support not running secnet ourselves
19 * stest: Replace the call to `exit 1' with a new proc `finish'
20 * stest: Record the pids of of the secnets we spawn
21 * stest: Kill our child secnets when we call finish
22 * stest: Use `finish' for success exits
23 * stest: If one of our secnets dies, call the test a failure
24 * stest: Decode the slip packets that come via fake netlink
25 * stest: Check that received packet is as expected
26 * stest: Drop a redundant test
27 * mtest/t-prefix: Drop redundant setting of seddery
28 * test-example: Rules for making a privkeys directory
29 * test-example: Make privkeys by default
30 * test-example: Add the inside.key to the privcache too
31 * test-example: Add a 2nd rsa1 key
32 * stest: Transfer pubkeys from test-example
33 * stest: Provide a global `hash' key
34 * stest: Honour new privkey() hash
35 * tests: Pass --output-version=1 to make-secnet-sites
36 * test-example: Provide a new-style public key set for site outside
37 * test-example: Make sites.conf variable, in principle
38 * test-example: Generate new style sites.conf
39 * test-example: Test new long-term key arrangements
40 * test-example: all-privkeys: Define, and indirect through, a variable
41 * stest: Fix an entry in &DEPS
42 * mtest: Use --pubkeys-elide instead of --output-version
43 * stest: Honour new sitesconf_hook
44 * stest/t-nonnego-oo: Use `make-public' verb
45 * test-common: Use $(wildcard ) rather than $(shell echo )
46 * test-common: Framework for compatibility tests
47 * stest: Machinery for runing an old secnet if a test wants
48 * sest/t-Cnonnego-on: New test
49 * stest: Make it possible to have kex initiated by `outside'
50 * stest/t-Cnonnego-onr: New test
51 * stest: Add test for load-private
52 * stest: Introduce adj-after
53 * stest: Honour SECNET_STEST_TIMEOUT_MUL to multiply timeouts
54 * stest: Move puts $argl into divert branches
55 * stest: When SECNET_STEST_DIVERT_* set, print diverted command too
56 * stest: Require SECNET_STEST_DIVERT_* paths to start / or ./
57 * stest: Allow SECNET_STEST_DIVERT_*='i <some stuff>'
58 * stest: Print spawn rune on a line by itself
59 * test-example: Use subdirmk's new &:macro feature
60 * comprehensive-test script added
61 * pretest-to-tested script added
62 stest/udp-preload: Be more relaxed about paths
63 stest/udp-preload.c: Fix error handling of sun_prep
64 stest: Fix breakage if nproc is not installed
67 * dir-locals: Provide python-indent-offset too
68 * Provide osdep.[ch], currently empty
69 * portability: Provide implementation of fmemopen
72 * configure.ac: Drop checks for systems lacking stdint.h
73 * configure.ac: Drop AC_STDC_HEADERS
74 * configure.ac: Do not check for lack of standard headers
75 * autogen.sh: Write a comment about need for autoheader
76 * parallel bisect scripts: ad-hoc
77 * parallel bisect scripts: Better logging
78 * parallel bisect scripts: Honour $1 as iteration count
79 * build system: Fix race bug in recheck target
80 * subdirmk 0.3, other makefile fixes
81 build system: Add some missing clean and cdeps hooks
82 build system: Cope if HEAD refers to a packed ref
84 make-secnet-sites tainting
85 * make-secnet-sites: Tainted: Fix a lot of bad return values
88 * conffile: find_cl_if: fix fail_if_invalid==False
89 * config: Reject rather than silently ignoring wrong closure values
92 * rsa: emsa_pkcs1: Fix a message
93 * site: Move earlier all things needed for slog
94 * dh: Fix mpz padding bug in use of write_mpbin
95 * mobile sites: Do not ever expire peer addresses
97 new signature scheme key handling
98 * pubkey handling: Document key sets, id, etc. plan
99 * sigkey handling: Introduce sigkeyid type
100 * sigkey handling: define MAX_SIG_KEYS
101 * sigkey handling: Introduce serialt type
102 * sigpubkey/sigprivkey: Provide a hash_if
103 * sigpubkey/sigprivkey: Provide a dispose() method
104 * sigscheme: Interface for signature schemes
105 * privcache: New closure for signature key handling
106 * privcache: Use new pathprefix_template facility
107 * privcache: Better debug
108 * privcache: Remove some spurious \n in messages
109 * site: New SIGKEYS log class, at level INFO, enabled by default
110 * NOTES: Add protocol elements for public key negotiation
111 * site: generate_msg: Introduce `privkey' variable
112 * site: Introduce `pubkey' variable (twice)
113 * site: Be able to use multiple private keys
114 * site: Read public peer keys from key file
115 * site: Update peer keys from ~update file
116 * site: Write an argument for the soundness of key file update
117 * site: key update soundness argument: deal with concurrency
118 * site: Reserve <peer-keys>~tmp for make-secnet-sites
119 * site: Remove a spurious \n in a message
120 * secnet: Provide `make-public' verb
123 * README: Introduce spec for "base91s" encoding
124 * B91 C DUMMY SYMLINK - WILL BE SUBTREE MERGE
125 * base91: CREDITS: Add information about C library
126 * base91: Build the C basE91 code with our own renaming
127 * base91: Patch the C version for our charset change
128 * base91: Link it into secnet
129 * BASE91 PYTHON DUMMY SYMLINK - WILL BE SUBTREE MERGE
130 * base91: CREDITS: Add information about Python library
131 * base91: Python: make `import' work
132 * pubkeys: Provide parser (and spec) for peer pubkeys files
133 * pubkeys: Provide ability to add extra action to KEYWORD
134 * pubkeys: Provide `fallback_skip' variable
135 * pubkeys: Introduce `pkgf' fallback groups
136 * pubkeys: Print file path in some log messages
137 * pubkeys: Move path and lno into a struct cloc
138 * pubkeys: Pass a cloc to loadpub
139 * pubkeys: Improve debug message for expected ENOENT
140 * pubkeys: Better debug logging for syntax errors
141 * pubkeys: Do not mind missing serial
144 [stuff to support new scheme]
145 * rsa1: Drop filename from two error messages
146 * rsa: Strip a couple of spurious newlines from pub key messages
149 * README: Document new semantics for `hash'
150 * privcache; uncached_load_file: Introduce error_out
152 * docs: Fix rsapriv/rsapub closure names
153 * docs: Move peer-keys documentation into a README file
156 * make-secnet-sites: Deduplicate `complain'
157 * make-secnet-sites: Tolerate late `complain'
158 * make-secnet-sites: Write output to ...~tmp~ and rename
159 * make-secnet-sites: Tainted.name: take `what'
160 * make-secnet-sites: Tainted: Provide hexid and base91
161 * make-secnet-sites: set_property: Break out kw
162 * make-secnet-sites: set_property: Break out propname
163 * make-secnet-sites: set_property: Support "aliases"
164 * make-secnet-sites: pubkeys: Allow multiple
165 * make-secnet-sites: Provide --debug and debugrepr
166 * make-secnet-sites: Tainted: Provide some commented-out debug
167 * make-secnet-sites: Introduce FilterState
168 * make-secnet-sites: pline: Break up `copyout'
169 * make-secnet-sites: Provide base91s_encode and base91s_decode
170 * make-secnet-sites: Provide --output-version option
171 * make-secnet-sites: Allow properties to control output to sites
172 * make-secnet-sites: Provide ArgActionLambda
173 * make-secnet-sites: Provide `serial' property class
174 * make-secnet-sites: Prepare for multiple public key types
175 * make-secnet-sites: Support new `pub' directive
176 * make-secnet-sites: Make the `pub' key name primary
177 * make-secnet-sites: Do not write `pub' entries in v1 output
178 * make-secnet-sites: Do not use `copy' in pubkey forsites
179 * make-secnet-sites: Write rsa1 keys as `pub rsa1 ...' in >=v2
180 * make-secnet-sites: Handle `pub rsa1' properties specially
181 * make-secnet-sites: Add new pubkeys-dir option, and pubkey paths
182 * make-secnet-sites: New --pubkeys-install option
183 * make-secnet-sites: Without --pubkeys-install, write appropriate key
184 * make-secnet-sites: Support `serial'
185 * make-secnet-sites: Support `pkg' and `pkgf'
186 * make-secnet-sites: In v1 output, ignore keys for non-0 groups
187 * make-secnet-sites: Rework with new `inpub' class
188 * make-secnet-sites: Rework --pubkeys-MODE, provide --pubkeys-single
189 * make-secnet-sites: New --pubkeys-elide mode
190 * make-secnet-sites: Declare `pubkey' directive old
192 * make-secnet-sites: Introduce new OpMod classes
193 * make-secnet-sites: Refactor operational code into OpModes
194 * make-secnet-sites: Move sites file writing into OpBase
195 * make-secnet-sites: OpBase.read_in: save read lines
196 * make-secnet-sites: Provide explicit --conf mode option
197 * make-secnet-sites: Abolish now-obsolete `service' variable
198 * make-secnet-sites: OpBase.write_out: Tolerate sitesfile is None
199 * make-secnet-sites: OpBase.write_out: Move heading back into OpUserv
200 * make-secnet-sites: OpUserv: Rename sitesfile to outputfile
201 * make-secnet-sites: OpConf: Move positional_args to OpBase
202 * README.make-secnet-sites: Slightly restructure mode docs
203 * make-secnet-sites: Provide --filter mode
204 * mtest/t-filter: New test for --filter mode
207 * site: Always advertise all capabilities
208 * rsa: Bring hash selection in-house
209 * sig: Abolish sethash and defhash everywhere
214 secnet (0.5.1) unstable; urgency=medium
216 POTENTIALLY INCOMPATIBLE CHANGE. Some security implications.
218 * make-secnet-sites: Prefix names when writing secnet sites.conf file.
220 make-secnet-sites must copy names (vpn, location and site names) from
221 the input sites file (which is not wholly trusted) to the secnet
222 config file. Prior to this release, naming a location or site the
223 same as a secnet predefined name could generate a broken sites.conf
224 which secnet would reject. (With the existing featureset,
225 malfunctions other than rejection, eg privilege escalation, are not
228 make-secnet-sites now adds a prefix to these names when writing
229 sites.conf. This will not affect configurations which use the
230 make-secnet-sites-provided `all-sites' key, as is usual. Other
231 configurations will break unless the references in the static part of
232 the config are adjusted.
234 Previous behaviour can be restored with the --no-conf-key-prefix
235 option. (Planned future enhancements to secnet are likely to make use
236 of that option, with untrusted input, dangerously insecure.)
238 other changes to make-secnet-sites:
239 * Fix argument parsing. Fixes a regression affecting -P in 0.5.0,
240 and also fixes new facilities introduced in 0.5.0.
241 * Sort the properties on output (and adjust the test case expected
242 outputs). Tests now pass on (at least) Python 2.7.13, 3.5.3, 3.7.5.
243 * Delete some unused code.
246 * Change one idiom to avoid a warning from GCC9. No functional change.
248 build system - MAJOR CHANGES:
249 * Fix out-of-tree builds. (Broken in 0.5.0)
250 * Replace recursive make with use of the new subdirmk system.
251 This represents a fairly comprehensive overhaul of the makefiles.
252 Several bugs (esp. involving dependencies between files in different
253 directories) are fixed.
254 * Drop `make check' from `make all'. (Otherwise there is no way
255 to ask for `all' without `check'.)
256 * Suppress two unhelpful new compiler warnings from GCC9.
257 * Release checklist update.
260 * Credit Mark Wooding properly in CREDITS.
261 * Include DEVELOPER-CERTIFICATE.
264 * Locations now have different names to sites.
265 * Somewhat better debugging output from mtest.
266 * Do not run msgcode-test except with `make fullcheck'.
267 * Other minor bugfixes and improvments.
268 * stest: Suppress unhelpful -Wno-unused-result (needed for stretch).
270 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 22 Nov 2019 23:13:14 +0000
272 secnet (0.5.0) unstable; urgency=medium
274 make-secnet-sites SECURITY FIX:
275 * Do not blindly trust inputs; instead, check the syntax for sanity.
276 Previous releases can be induced to run arbitrary code as the user
277 invoking secnet (which might be root), if a secnet sites.conf is used
278 that was generated from an untrustworthy sites file.
279 * The userv invocation mode of make-secnet-sites seems to have been safe
280 in itself, but it previously allowed hazardous data to be propagated
281 into the master sites file. This is now prevented too.
283 make-secnet-sites overhaul work:
284 * make-secnet-sites is now in the common subset of Python2 and Python3.
285 The #! is python3 now, but it works with Python2.7 too.
286 It will probably *not* work with old versions of Python2.
287 * We no longer depend on the obsolete `ipaddr' library. We use
288 `ipaddress' now. And this is onlo a Recommends in the .deb.
289 * Ad-hoc argument parser been replaced with `argparse'.
290 There should be no change to existing working invocations.
291 * Bad address syntax error does not wrongly mention IPv6 scopes.
292 * Minor refactoring to support forthcoming work. [Mark Wooding]
294 other bugfixes, improvements and changes to secnet itself:
295 * Better logging of why we are sending NAK messages.
296 * Correctly use the verified copy of the peer remote capabilities
297 from MSG3. (Bug is not a vulnerability.) [Mark Wooding]
298 * Significant internal rearrangements and refactorings, to support
299 forthcoming key management work. [Mark Wooding and Ian Jackson]
302 * Completely overhaul release checklist; drop dist target.
303 * Remove dependency on `libfl.a'. [Mark Wooding]
304 * polypath.c: Fix missing include of <limits.h>. [Mark Wooding]
305 * Add a Wireshark dissector `secnet-wireshark.lua'. It is not
306 installed anywhere right now. [Mark Wooding]
309 * Improve documentation of capability negotiation in NOTES, secnet(8)
310 and magic.h. [Mark Wooding]
312 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 24 Oct 2019 19:11:54 +0100
314 secnet (0.4.5) unstable; urgency=medium
316 * INSTALL: Mention that rsa key generation might need ssh-keygen1.
317 * mobile: Fix negotiation bug with mixed old/new secnets and
318 simultaneous key setup attempts by each end. [Mark Wooding]
319 * Makefile.in: Support installation from a `VPATH' build. [Mark Wooding]
320 * Portability fixes for clang. [Mark Wooding]
322 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 21 Sep 2019 12:04:31 +0100
324 secnet (0.4.4) unstable; urgency=medium
327 * make-secnet-sites: Don't allow setting new VPN-level properties
328 when restricted. This could allow denial of service by
329 users with delegated authorisation. [Mark Wooding]
331 Bugfixes for poor network environments:
332 * polypath: cope properly with asymmetric routing, by correcting
333 the handling of late duplicated packets etc. Protocol is now
334 incompatible with secnet prior to 0.3.0 when either end is mobile.
335 * Randomise key setup retry time.
338 * rsa and cbcmac: Fix configuration error messages. [Mark Wooding]
339 * Handle IPv4 addresses properly (ie, not foolishly byte-swapped),
340 when IPv6 is not available. [Mark Wooding]
341 * Better logging (and less foolish debug), especially about whether
342 key is set up, and about crossed key setup attempts.
343 * Internal refactoring and fixes. [Ian Jackson and Mark Wooding]
345 Build system and portability:
346 * configure: rerun autogen.sh with autoconf 2.69-10
347 * Avoid memset(0,0,0) wrt st->sharedsecret. (Fixes compiler warning;
348 in theory might cause miscompilation.) [Mark Wooding]
351 * README.make-secnet-sites: new documentation file. [Mark Wooding]
352 * NOTES: Describe current allocation of capability bits. [Mark Wooding]
353 * NOTES: tiny fix tot protocol description.
354 * secnet(8): Delete wrong information about dh groups. [Mark Wooding]
357 * Fix erroneous GPL3+ licence notices "version d or later" (!)
358 * .dir-locals.el: Settings for Python code. [Mark Wooding]
360 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 08 Sep 2019 22:53:14 +0100
362 secnet (0.4.3) unstable; urgency=low
364 Security improvement:
365 * Use `mpz_powm_sec' for modexps.
368 * Implement comm-info and dedicated-interface-addr feature, for
370 * Implement `keepalive' site option, to try to keep link always up.
373 * #include <limits.h> (fixes the build on jessie).
374 * Tolerate building from a git checkout, but with git not installed.
375 (This can happen in chroots.)
376 * Turn off -Wsign-compare for bison output.
377 * Makefile.in: Fix `check-ipaddrset' rule to get reference from
378 $(srcdir). (Makes out-of-tree builds work properly.)
379 * Release checklist fixes.
380 * Burn version numbers 0.4.1 and 0.4.2 due to errors in release prep.
383 * When printing messages about dropping IPv6, do not print anything
384 about ihl. (Check the IP version field first!)
385 * When turning on debug, turn on verbose too.
387 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 25 Nov 2017 13:36:41 +0000
389 secnet (0.4.0) unstable; urgency=low
391 Debugging improvements:
392 * Packet-level debugging from site notes errors from transmit.
393 * Report when transport peers updated as a result of transmit.
395 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 28 Feb 2015 15:03:00 +0000
397 secnet (0.4.0~beta2) unstable; urgency=low
400 * Ignore IPv6 Unique Local unicast addresses.
401 * Skip "tentative" IPv6 local addresses.
402 * Improve logging and debug output.
405 * Build where size_t is not compatible with int.
407 Build system and packaging fixes:
408 * Makefile: support DESTDIR.
409 * debian/rules: set DESTDIR (not prefix).
410 * debian/rules: Support dpkg-buildflags.
411 * Install ipaddrset.py and secnet.8 with correct permissions.
412 * Fix check for <linux/if_tun.h> and git rid of our copy.
413 * Use -lresolv only if inet_aton is not found otherwise.
414 * Use -lnsl only if inet_ntoa is not found otherwise.
415 * debian/rules: Provide build-arch and build-indep targets.
416 * debian/rules: Do not run build for *-indep (!)
417 * Makefile.in: Putative dual (backport and not) release build process doc.
420 * Update to GPLv3. Add missing copyright notices and credits.
421 * Get rid of old FSF street address; use URL instead.
422 * Remove obsolete LICENCE.txt (which was for snprintf reimplementation).
423 * Remove obsolete references to Cendio (for old ipaddr.py).
425 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 28 Dec 2014 17:14:10 +0000
427 secnet (0.4.0~beta1) unstable; urgency=low
430 * Support transport over IPv6. (We do not yet carry IPv6 in the private
431 network.) IPv6 support depends on IPv6-capable adns (adns 1.5.x).
432 * New polypath comm, which can duplicate packets so as to send them via
433 multiple routes over the public network, for increased
434 reliability/performance (but increased cost). Currently Linux-only
435 but should be fairly easy to port.
436 * Support multiple public addresses for peers.
437 * Discard previously-received packets (by default).
439 Logging improvements:
440 * Report (each first) transmission and reception success and failure.
441 * Log reason for DNS reolution failure.
442 * Log unexpected kinds of death from userv.
443 * Log authbind exit status as errno value (if appropriate).
445 Configuration adjustments:
446 * Adjust default number of mobile peer addresses to store when a peer
447 public address is also configured.
448 * Make specifying peer public port optional. This avoids making special
449 arrangements to bind to a port for in mobile sites with no public
453 * Hackypar children will die if they get a terminating signal.
454 * Fix signal dispositions inherited by secnet's child processes.
455 * Fix off-by-one error which prevented setting transport-peers-max to 5.
457 Test, build and internal improvements:
458 * Use conventional IP address handling library ipaddr.py.
459 * Provide a fuzzer for the slip decoder.
460 * Build system improvements.
461 * Many source code cleanups.
463 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 15:28:31 +0000
465 secnet (0.3.4) unstable; urgency=low
468 * The previous security fix to buffer handling was entirely wrong. This
469 one is better. Thanks to Simon Tatham for the report and the patch.
471 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 22 Sep 2014 16:16:11 +0100
473 secnet (0.3.3) unstable; urgency=high
476 * Pass correct size argument to recvfrom. This is a serious security
477 problem which may be exploitable from outside the VPN.
478 * Fix a memory leak in some error logging.
481 * Two other latent bugs in buffer length handling found and fixed.
482 * Non-critical stylistic improvements to buffer length handling, to make
483 the code clearer and to assist audit.
485 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 23:50:45 +0100
487 secnet (0.3.3~beta1) unstable; urgency=low
489 Installation compatibility fix:
490 * In make-secnet-sites, always use our own ipaddr.py even if the
491 incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb).
492 (Future versions of secnet are going to need that Python module to be
495 For links involving mobile sites:
496 * Use source of NAK packets as hint for peer transport address.
497 * When initiating rekey, make use of data transport peer addresses.
500 * Provide clean target in test-example/Makefile.
502 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 00:11:44 +0100
504 secnet (0.3.2) unstable; urgency=low
506 * Release of 0.3.2. No code changes since 0.3.1~beta1.
508 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 26 Jun 2014 20:27:58 +0100
510 secnet (0.3.2~beta1) unstable; urgency=low
512 For links involving mobile sites:
513 * SECURITY: Properly update peer address array when it is full.
514 * Do name-resolution on peer-initiated key setup too, when we are mobile
515 (and other name-resolution improvements).
517 Other minor improvements:
518 * Log peer addresses on key exchange timeout.
519 * When printing version (eg during startup), use value from git-describe
520 and thus include git commit id where applicable.
521 * Updates to release checklist in Makefile.in.
522 * Use C99 _Bool for bool_t.
524 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 06 Jun 2014 01:17:54 +0100
526 secnet (0.3.1) unstable; urgency=low
528 * Release of 0.3.1. No code changes since 0.3.1~beta3.
530 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 15 May 2014 01:08:30 +0100
532 secnet (0.3.1~beta3) unstable; urgency=low
534 * Build fixes for non-i386 architectures and gcc 4.8.2.
536 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 08 May 2014 19:53:43 +0100
538 secnet (0.3.1~beta2) unstable; urgency=low
540 Fix relating to new fragmentation / ICMP functionality:
541 * Generate ICMP packets correctly in point-to-point configurations.
543 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 03 May 2014 18:58:09 +0100
545 secnet (0.3.1~beta1) unstable; urgency=low
547 Security fixes (vulnerabilities are to inside attackers only):
548 * SECURITY: Fixes to MTU and fragmentation handling.
549 * SECURITY: Correctly set "unused" ICMP header field.
550 * SECURITY: Fix IP length check not to crash on very short packets.
553 * Make the inter-site MTU configurable, and negotiate it with the peer.
556 * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
557 * Fix formatting error in p-t-p startup message.
558 * Do not send ICMP errors in response to unknown incoming ICMP.
559 * Fix formatting error in secnet.8 manpage.
560 * Internal code rearrangements and improvements.
562 Packaging improvements:
563 * Updates to release checklist in Makefile.in.
564 * Additions to the test-example suite.
566 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100
568 secnet (0.3.0) unstable; urgency=low
570 * Release of 0.3.0. No code changes since 0.3.0~beta3.
571 * Update release checklist.
573 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 01 Sep 2013 20:27:48 +0100
575 secnet (0.3.0~beta3) unstable; urgency=low
577 * New upstream version.
578 - Stability bugfix: properly initialise site's scratch buffer.
580 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 05 Aug 2013 11:54:09 +0100
582 secnet (0.3.0~beta2) unstable; urgency=low
584 * New upstream version.
585 - SECURITY FIX: RSA public modulus and exponent buffer overflow.
586 - SECURITY FIX: Use constant-time memcmp for message authentication.
587 - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
588 - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
589 - SECURITY FIX: Fix site name checking when site name A is prefix of B.
590 - SECURITY FIX: Safely reject too-short IP packets.
591 - Better robustness for mobile sites (proper user of NAKs, new PROD msg).
592 - Better robustness against SLIP decoding errors.
593 - Fix bugs which caused routes to sometimes not be advertised.
594 - Protocol capability negotiation mechanism.
595 - Improvements and fixes to protocol and usage documentation.
596 - Other bugfixes and code tidying up.
598 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 25 Jul 2013 18:26:01 +0100
600 secnet (0.3.0~beta1) unstable; urgency=low
602 * New upstream version.
603 - SECURITY FIX: avoid crashes (or buffer overrun) on short packets.
604 - Bugfixes relating to packet loss during key exchange.
605 - Bugfixes relating to link up/down status.
606 - Bugfixes relating to logging.
607 - make-secnet-sites made more sophisticated to support two vpns on chiark.
608 - Documentation improvements.
609 - Build system improvements.
610 * Debian packaging improvements:
612 - Maintainer / uploaders.
613 - init script requires $remove_fs since we're in /usr.
615 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 12 Jul 2012 20:18:16 +0100
617 secnet (0.2.1-1) unstable; urgency=low
619 * New upstream version. (authbind endianness fix)
621 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 11 Dec 2011 13:14:57 +0000
623 secnet (0.2.0-1) unstable; urgency=low
625 * New upstream version.
627 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 10 Dec 2011 22:44:41 +0000
629 secnet (0.1.18-1) unstable; urgency=low
631 * New upstream version.
633 -- Stephen Early <steve@greenend.org.uk> Tue, 18 Mar 2008 17:45:00 +0000