1 secnet (0.6.8~) unstable; urgency=medium
7 secnet (0.6.7) unstable; urgency=medium
9 * Upstream release of changes since 0.6.2.
10 (Versions 0.6.5 and 0.6.6 were Debian-only; 0.6.3 and 0.6.4
11 were not properly released at all and should be disregarded.)
14 * Update VERSION in Makefile.
16 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 09 Jan 2023 00:15:21 +0000
18 secnet (0.6.6) unstable; urgency=medium
21 * polypath: Do not separately log xmit failures.
24 * stest: Fix debugging output about spawning secnet
27 * Add missing build-dependency on netbase. Closes: #1028102.
28 * Copyright notices and LICENCE (aka debian/copyright) fixes
29 and improvements. [Requested by Debian ftpmaster]
30 * Add Debian upload step to release checklist.
32 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 08 Jan 2023 18:20:09 +0000
34 secnet (0.6.5) unstable; urgency=medium
36 Copyright and source code notices:
37 * Include notices and licences of all included elements in LICENCE,
38 not just in the files themselvves.
39 * Tidy up a handful of notices to the most recent facts.
40 * Do not claim CC-BY-SA 4.0 is GPL3+ compatible - only GPL3.
41 * Add a README.source.
42 * Update my own copyright year.
44 * Versions 0.6.3 and 0.6.4 burned due to failed uploads.
45 (See dgit bug #944855.)
47 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 12 Nov 2022 18:58:02 +0000
49 secnet (0.6.2) unstable; urgency=medium
51 Bugfixes to code and build system:
52 * site: promote creation of st->scratch, allowing new pubkey scheme
53 to work even when secnet is restarting.
54 * comm-common.h: Remove unused `notify' variable. [Colin Watson]
55 * Dir.sd.mk: Prevent builtin make rule overwriting conffile.c.
58 * configure: Correct bug reporting address. Report from Colin Watson.
59 * example.conf improvements:
60 - Comment out some tuning overrides
61 - Improve syntax by deleting one of the two map examples
62 - Add a commented-out mobile site setting
64 * OLD-NEWS, OLD-BUGS: Rename from NEWS and BUGS, and don't ship OLD-BUGS.
66 Debian packaging changes:
67 * debian/rules: Use dh sequencer. Resulting changes:
68 - We now provide debug symbols in the new Debian way.
69 - The way the prerm stops secnet accords with modern practice.
70 * init script: source /lib/lsb/init-functions.
71 * init script: make "restart" work if secnet is not running.
73 * debhelper compat: bump to 12 (stretch-backports).
74 * debian/rules: Use dh_prep instead of deprecated dh_clean -k.
75 * Adjust Priority (as per modern policy and lintian).
76 * Add some lintian overrides.
77 * Add missing Pre-Depends on init-system-helpers.
79 Credits and legal documentation improvements:
80 * Add missing credits for base91 and python argparse extension.
81 ensure some packaging credits exist in all the places they should be.
82 * Add copyright/credits notices to many files which were missing them.
83 * Move and centralise legal information into its own file, LICENCE.
86 * comprehensive-test: Actually allow OLD_SECNET_DIR set to ''
87 * test-example/common.conf: Fix a reference to the sites file.
88 * test-example/null-fake-userv: New test utility script.
90 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 30 Dec 2021 15:10:12 +0000
92 secnet (0.6.1) unstable; urgency=medium
95 * Fix completely broken startup logging. Config errors would not
96 be repoorted other than via the exit status! (Broken in 0.6.0.)
97 * Suppress various uninteresting messages during startup, to
98 avoid noise during successful startup.
99 * Move "starting" message earlier.
101 make-secnet-sites bugfixes:
102 * Fix error handling if caller is in wrong group.
103 * Fix regressions in handling of delegated sites file fragments
104 (especially wrt the optional group parameter to `location').
105 Broken since security fixes in 0.5.0.
107 Fixes to example config file:
108 * Use new name-prefixed format for map(site...) runes. Old runes
109 were desupported by make-secnet-sites security fix (in 0.5.0).
110 * Fix "transform" syntax (broken since 0.3.0).
112 Other bugfixes and improvements:
113 * rsa: Do not crash if private key file is not accessible when
114 running --just-check-config. (Broken since 0.6.0.)
115 * rsa: Print errno value if we fail to open key file.
116 * config parsing: When closure is of wrong type, give details.
117 * Use CLOCK_MONOTONIC for all our timing needs (but only when
118 built against an as-yet-unpublished adns feature).
121 * Tests for some of the changes.
122 * Minor internal refactorings and improvements.
123 * Merge subdirmk 1.0.
125 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 24 May 2020 22:14:26 +0100
127 secnet (0.6.0) unstable; urgency=medium
130 * mobile sites: Do not ever expire peer addresses. In practice
131 this fixes transitions between IPv6-only and IPv4-only networks.
132 * make-secnet-sites: Tainted: Fix a lot of bad return values
133 (which would result in assertions rather than nice error messages).
134 * Fix hash algo confusion in mixed sha1/md5 configurations (see below).
136 Incompatible changes:
137 * site: Always advertise all capabilities, even in MSG1. This is
138 incompatible with secnets earlier than 0.3.0 (September 2013), which
139 are all quite badly broken and should have been upgraded long ago.
140 * Drop support for using the same loaded rsa key with multiple different
141 hash algorithms (which was broken in 0.5.0). Right now we support
142 only `sha1' and `md5' so everyone should be using `sha1'.
143 Installations which specified `md5' anywhere may need config changes.
145 Major new featureset (use of which is not adviseable yet):
146 * New facilities for negotiating about the signing keys to use for
147 authentication during key setup, and selecting and using the
148 appropriate keys. (``key-cache'/`privcache' and `peer-keys').
149 Using these new facilities for keyrollover now is in principle
150 possible but rather complex. Further machinery is planned;
151 for now, retain your existing config which should keep working.
153 - secnet: new `privcache' closure;
154 - secnet: `key-cache' and `peer-keys' keys on site closures;
155 - secnet: new file format for peer public keysets;
156 - secnet: new `make-public' config operator;
157 - make-secnet-sites `pub', `pkg', `serial', etc. keywords;
158 - make-secnet-sites --filter, --pubkeys-*, --output-version.
160 More minor (logging) improvements:
161 * Make stderr line buffered and log to it by default.
162 * Do not log differently with --nodetach.
163 * New `prefix' option to `logfile' closure.
164 * Tidy and simplify some messages.
167 * Many substantial internal refactorings in secnet.
168 * Many substantial internal refactorings in make-secnet-sites.
169 * make-secnet-sites option parsing totally replaced.
170 * Imported subtrees for base91-c and base91-python.
171 * New portablity code, etc.: osdep.[ch], fmemopen reimplementation.
172 * Explicitly define oddly-rotated dh padding arrangement (write_mpbin).
174 Build system and packaging:
175 * Do not fail to build from git when HEAD refers to a packed ref.
176 * Update to subdirmk 0.3.
177 * Many makefile fixes (esp. to clean and cdeps).
178 * configure.ac: Drop or suppress some very obsolete checks.
179 * autogen.sh: Write a comment about need for autoheader.
180 * dir-locals: Provide python-indent-offset too.
183 * stest: Use stderr, not tty, for logging.
184 * stest/udp-preload.c: Fix error handling of sun_prep.
185 * stest: Fix breakage if nproc is not installed.
187 Test suite improvements:
188 * New tests, including tests for new features.
189 * Existing tests (especially stest) generally made more thorough.
190 * New comprehensive-test and pretest-to-tested convenience scripts.
191 * Arrangements for testing with (user-provided) old secnet.
192 * parallel-test.*: scripts to help with parallelised bisection.
193 * stest: Print a lot more output about what we are doing.
194 * stest: Better support for cwd with longish pathname.
195 * stest: More flexibility, env var hooks, etc.
197 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 16 Feb 2020 12:48:13 +0000
199 secnet (0.5.1) unstable; urgency=medium
201 POTENTIALLY INCOMPATIBLE CHANGE. Some security implications.
203 * make-secnet-sites: Prefix names when writing secnet sites.conf file.
205 make-secnet-sites must copy names (vpn, location and site names) from
206 the input sites file (which is not wholly trusted) to the secnet
207 config file. Prior to this release, naming a location or site the
208 same as a secnet predefined name could generate a broken sites.conf
209 which secnet would reject. (With the existing featureset,
210 malfunctions other than rejection, eg privilege escalation, are not
213 make-secnet-sites now adds a prefix to these names when writing
214 sites.conf. This will not affect configurations which use the
215 make-secnet-sites-provided `all-sites' key, as is usual. Other
216 configurations will break unless the references in the static part of
217 the config are adjusted.
219 Previous behaviour can be restored with the --no-conf-key-prefix
220 option. (Planned future enhancements to secnet are likely to make use
221 of that option, with untrusted input, dangerously insecure.)
223 other changes to make-secnet-sites:
224 * Fix argument parsing. Fixes a regression affecting -P in 0.5.0,
225 and also fixes new facilities introduced in 0.5.0.
226 * Sort the properties on output (and adjust the test case expected
227 outputs). Tests now pass on (at least) Python 2.7.13, 3.5.3, 3.7.5.
228 * Delete some unused code.
231 * Change one idiom to avoid a warning from GCC9. No functional change.
233 build system - MAJOR CHANGES:
234 * Fix out-of-tree builds. (Broken in 0.5.0)
235 * Replace recursive make with use of the new subdirmk system.
236 This represents a fairly comprehensive overhaul of the makefiles.
237 Several bugs (esp. involving dependencies between files in different
238 directories) are fixed.
239 * Drop `make check' from `make all'. (Otherwise there is no way
240 to ask for `all' without `check'.)
241 * Suppress two unhelpful new compiler warnings from GCC9.
242 * Release checklist update.
245 * Credit Mark Wooding properly in CREDITS.
246 * Include DEVELOPER-CERTIFICATE.
249 * Locations now have different names to sites.
250 * Somewhat better debugging output from mtest.
251 * Do not run msgcode-test except with `make fullcheck'.
252 * Other minor bugfixes and improvments.
253 * stest: Suppress unhelpful -Wno-unused-result (needed for stretch).
255 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 22 Nov 2019 23:13:14 +0000
257 secnet (0.5.0) unstable; urgency=medium
259 make-secnet-sites SECURITY FIX:
260 * Do not blindly trust inputs; instead, check the syntax for sanity.
261 Previous releases can be induced to run arbitrary code as the user
262 invoking secnet (which might be root), if a secnet sites.conf is used
263 that was generated from an untrustworthy sites file.
264 * The userv invocation mode of make-secnet-sites seems to have been safe
265 in itself, but it previously allowed hazardous data to be propagated
266 into the master sites file. This is now prevented too.
268 make-secnet-sites overhaul work:
269 * make-secnet-sites is now in the common subset of Python2 and Python3.
270 The #! is python3 now, but it works with Python2.7 too.
271 It will probably *not* work with old versions of Python2.
272 * We no longer depend on the obsolete `ipaddr' library. We use
273 `ipaddress' now. And this is onlo a Recommends in the .deb.
274 * Ad-hoc argument parser been replaced with `argparse'.
275 There should be no change to existing working invocations.
276 * Bad address syntax error does not wrongly mention IPv6 scopes.
277 * Minor refactoring to support forthcoming work. [Mark Wooding]
279 other bugfixes, improvements and changes to secnet itself:
280 * Better logging of why we are sending NAK messages.
281 * Correctly use the verified copy of the peer remote capabilities
282 from MSG3. (Bug is not a vulnerability.) [Mark Wooding]
283 * Significant internal rearrangements and refactorings, to support
284 forthcoming key management work. [Mark Wooding and Ian Jackson]
287 * Completely overhaul release checklist; drop dist target.
288 * Remove dependency on `libfl.a'. [Mark Wooding]
289 * polypath.c: Fix missing include of <limits.h>. [Mark Wooding]
290 * Add a Wireshark dissector `secnet-wireshark.lua'. It is not
291 installed anywhere right now. [Mark Wooding]
294 * Improve documentation of capability negotiation in NOTES, secnet(8)
295 and magic.h. [Mark Wooding]
297 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 24 Oct 2019 19:11:54 +0100
299 secnet (0.4.5) unstable; urgency=medium
301 * INSTALL: Mention that rsa key generation might need ssh-keygen1.
302 * mobile: Fix negotiation bug with mixed old/new secnets and
303 simultaneous key setup attempts by each end. [Mark Wooding]
304 * Makefile.in: Support installation from a `VPATH' build. [Mark Wooding]
305 * Portability fixes for clang. [Mark Wooding]
307 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 21 Sep 2019 12:04:31 +0100
309 secnet (0.4.4) unstable; urgency=medium
312 * make-secnet-sites: Don't allow setting new VPN-level properties
313 when restricted. This could allow denial of service by
314 users with delegated authorisation. [Mark Wooding]
316 Bugfixes for poor network environments:
317 * polypath: cope properly with asymmetric routing, by correcting
318 the handling of late duplicated packets etc. Protocol is now
319 incompatible with secnet prior to 0.3.0 when either end is mobile.
320 * Randomise key setup retry time.
323 * rsa and cbcmac: Fix configuration error messages. [Mark Wooding]
324 * Handle IPv4 addresses properly (ie, not foolishly byte-swapped),
325 when IPv6 is not available. [Mark Wooding]
326 * Better logging (and less foolish debug), especially about whether
327 key is set up, and about crossed key setup attempts.
328 * Internal refactoring and fixes. [Ian Jackson and Mark Wooding]
330 Build system and portability:
331 * configure: rerun autogen.sh with autoconf 2.69-10
332 * Avoid memset(0,0,0) wrt st->sharedsecret. (Fixes compiler warning;
333 in theory might cause miscompilation.) [Mark Wooding]
336 * README.make-secnet-sites: new documentation file. [Mark Wooding]
337 * NOTES: Describe current allocation of capability bits. [Mark Wooding]
338 * NOTES: tiny fix tot protocol description.
339 * secnet(8): Delete wrong information about dh groups. [Mark Wooding]
342 * Fix erroneous GPL3+ licence notices "version d or later" (!)
343 * .dir-locals.el: Settings for Python code. [Mark Wooding]
345 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 08 Sep 2019 22:53:14 +0100
347 secnet (0.4.3) unstable; urgency=low
349 Security improvement:
350 * Use `mpz_powm_sec' for modexps.
353 * Implement comm-info and dedicated-interface-addr feature, for
355 * Implement `keepalive' site option, to try to keep link always up.
358 * #include <limits.h> (fixes the build on jessie).
359 * Tolerate building from a git checkout, but with git not installed.
360 (This can happen in chroots.)
361 * Turn off -Wsign-compare for bison output.
362 * Makefile.in: Fix `check-ipaddrset' rule to get reference from
363 $(srcdir). (Makes out-of-tree builds work properly.)
364 * Release checklist fixes.
365 * Burn version numbers 0.4.1 and 0.4.2 due to errors in release prep.
368 * When printing messages about dropping IPv6, do not print anything
369 about ihl. (Check the IP version field first!)
370 * When turning on debug, turn on verbose too.
372 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 25 Nov 2017 13:36:41 +0000
374 secnet (0.4.0) unstable; urgency=low
376 Debugging improvements:
377 * Packet-level debugging from site notes errors from transmit.
378 * Report when transport peers updated as a result of transmit.
380 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 28 Feb 2015 15:03:00 +0000
382 secnet (0.4.0~beta2) unstable; urgency=low
385 * Ignore IPv6 Unique Local unicast addresses.
386 * Skip "tentative" IPv6 local addresses.
387 * Improve logging and debug output.
390 * Build where size_t is not compatible with int.
392 Build system and packaging fixes:
393 * Makefile: support DESTDIR.
394 * debian/rules: set DESTDIR (not prefix).
395 * debian/rules: Support dpkg-buildflags.
396 * Install ipaddrset.py and secnet.8 with correct permissions.
397 * Fix check for <linux/if_tun.h> and git rid of our copy.
398 * Use -lresolv only if inet_aton is not found otherwise.
399 * Use -lnsl only if inet_ntoa is not found otherwise.
400 * debian/rules: Provide build-arch and build-indep targets.
401 * debian/rules: Do not run build for *-indep (!)
402 * Makefile.in: Putative dual (backport and not) release build process doc.
405 * Update to GPLv3. Add missing copyright notices and credits.
406 * Get rid of old FSF street address; use URL instead.
407 * Remove obsolete LICENCE.txt (which was for snprintf reimplementation).
408 * Remove obsolete references to Cendio (for old ipaddr.py).
410 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 28 Dec 2014 17:14:10 +0000
412 secnet (0.4.0~beta1) unstable; urgency=low
415 * Support transport over IPv6. (We do not yet carry IPv6 in the private
416 network.) IPv6 support depends on IPv6-capable adns (adns 1.5.x).
417 * New polypath comm, which can duplicate packets so as to send them via
418 multiple routes over the public network, for increased
419 reliability/performance (but increased cost). Currently Linux-only
420 but should be fairly easy to port.
421 * Support multiple public addresses for peers.
422 * Discard previously-received packets (by default).
424 Logging improvements:
425 * Report (each first) transmission and reception success and failure.
426 * Log reason for DNS reolution failure.
427 * Log unexpected kinds of death from userv.
428 * Log authbind exit status as errno value (if appropriate).
430 Configuration adjustments:
431 * Adjust default number of mobile peer addresses to store when a peer
432 public address is also configured.
433 * Make specifying peer public port optional. This avoids making special
434 arrangements to bind to a port for in mobile sites with no public
438 * Hackypar children will die if they get a terminating signal.
439 * Fix signal dispositions inherited by secnet's child processes.
440 * Fix off-by-one error which prevented setting transport-peers-max to 5.
442 Test, build and internal improvements:
443 * Use conventional IP address handling library ipaddr.py.
444 * Provide a fuzzer for the slip decoder.
445 * Build system improvements.
446 * Many source code cleanups.
448 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 15:28:31 +0000
450 secnet (0.3.4) unstable; urgency=low
453 * The previous security fix to buffer handling was entirely wrong. This
454 one is better. Thanks to Simon Tatham for the report and the patch.
456 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 22 Sep 2014 16:16:11 +0100
458 secnet (0.3.3) unstable; urgency=high
461 * Pass correct size argument to recvfrom. This is a serious security
462 problem which may be exploitable from outside the VPN.
463 * Fix a memory leak in some error logging.
466 * Two other latent bugs in buffer length handling found and fixed.
467 * Non-critical stylistic improvements to buffer length handling, to make
468 the code clearer and to assist audit.
470 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 23:50:45 +0100
472 secnet (0.3.3~beta1) unstable; urgency=low
474 Installation compatibility fix:
475 * In make-secnet-sites, always use our own ipaddr.py even if the
476 incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb).
477 (Future versions of secnet are going to need that Python module to be
480 For links involving mobile sites:
481 * Use source of NAK packets as hint for peer transport address.
482 * When initiating rekey, make use of data transport peer addresses.
485 * Provide clean target in test-example/Makefile.
487 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 00:11:44 +0100
489 secnet (0.3.2) unstable; urgency=low
491 * Release of 0.3.2. No code changes since 0.3.1~beta1.
493 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 26 Jun 2014 20:27:58 +0100
495 secnet (0.3.2~beta1) unstable; urgency=low
497 For links involving mobile sites:
498 * SECURITY: Properly update peer address array when it is full.
499 * Do name-resolution on peer-initiated key setup too, when we are mobile
500 (and other name-resolution improvements).
502 Other minor improvements:
503 * Log peer addresses on key exchange timeout.
504 * When printing version (eg during startup), use value from git-describe
505 and thus include git commit id where applicable.
506 * Updates to release checklist in Makefile.in.
507 * Use C99 _Bool for bool_t.
509 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 06 Jun 2014 01:17:54 +0100
511 secnet (0.3.1) unstable; urgency=low
513 * Release of 0.3.1. No code changes since 0.3.1~beta3.
515 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 15 May 2014 01:08:30 +0100
517 secnet (0.3.1~beta3) unstable; urgency=low
519 * Build fixes for non-i386 architectures and gcc 4.8.2.
521 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 08 May 2014 19:53:43 +0100
523 secnet (0.3.1~beta2) unstable; urgency=low
525 Fix relating to new fragmentation / ICMP functionality:
526 * Generate ICMP packets correctly in point-to-point configurations.
528 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 03 May 2014 18:58:09 +0100
530 secnet (0.3.1~beta1) unstable; urgency=low
532 Security fixes (vulnerabilities are to inside attackers only):
533 * SECURITY: Fixes to MTU and fragmentation handling.
534 * SECURITY: Correctly set "unused" ICMP header field.
535 * SECURITY: Fix IP length check not to crash on very short packets.
538 * Make the inter-site MTU configurable, and negotiate it with the peer.
541 * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
542 * Fix formatting error in p-t-p startup message.
543 * Do not send ICMP errors in response to unknown incoming ICMP.
544 * Fix formatting error in secnet.8 manpage.
545 * Internal code rearrangements and improvements.
547 Packaging improvements:
548 * Updates to release checklist in Makefile.in.
549 * Additions to the test-example suite.
551 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100
553 secnet (0.3.0) unstable; urgency=low
555 * Release of 0.3.0. No code changes since 0.3.0~beta3.
556 * Update release checklist.
558 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 01 Sep 2013 20:27:48 +0100
560 secnet (0.3.0~beta3) unstable; urgency=low
562 * New upstream version.
563 - Stability bugfix: properly initialise site's scratch buffer.
565 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 05 Aug 2013 11:54:09 +0100
567 secnet (0.3.0~beta2) unstable; urgency=low
569 * New upstream version.
570 - SECURITY FIX: RSA public modulus and exponent buffer overflow.
571 - SECURITY FIX: Use constant-time memcmp for message authentication.
572 - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
573 - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
574 - SECURITY FIX: Fix site name checking when site name A is prefix of B.
575 - SECURITY FIX: Safely reject too-short IP packets.
576 - Better robustness for mobile sites (proper user of NAKs, new PROD msg).
577 - Better robustness against SLIP decoding errors.
578 - Fix bugs which caused routes to sometimes not be advertised.
579 - Protocol capability negotiation mechanism.
580 - Improvements and fixes to protocol and usage documentation.
581 - Other bugfixes and code tidying up.
583 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 25 Jul 2013 18:26:01 +0100
585 secnet (0.3.0~beta1) unstable; urgency=low
587 * New upstream version.
588 - SECURITY FIX: avoid crashes (or buffer overrun) on short packets.
589 - Bugfixes relating to packet loss during key exchange.
590 - Bugfixes relating to link up/down status.
591 - Bugfixes relating to logging.
592 - make-secnet-sites made more sophisticated to support two vpns on chiark.
593 - Documentation improvements.
594 - Build system improvements.
595 * Debian packaging improvements:
597 - Maintainer / uploaders.
598 - init script requires $remove_fs since we're in /usr.
600 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 12 Jul 2012 20:18:16 +0100
602 secnet (0.2.1-1) unstable; urgency=low
604 * New upstream version. (authbind endianness fix)
606 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 11 Dec 2011 13:14:57 +0000
608 secnet (0.2.0-1) unstable; urgency=low
610 * New upstream version.
612 -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 10 Dec 2011 22:44:41 +0000
614 secnet (0.1.18-1) unstable; urgency=low
616 * New upstream version.
618 -- Stephen Early <steve@greenend.org.uk> Tue, 18 Mar 2008 17:45:00 +0000