X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=debian%2Fchangelog;h=59031e4a200f113956b5b7dbfa2588fe4d54d742;hp=43b771f94a374f57eb6754d03d86126548d7478f;hb=ca53592227f187270bfd611e21e63f33d07a9f7e;hpb=e4cfe5379b48e36de6de4deb0832837be6d60ca3

diff --git a/debian/changelog b/debian/changelog
index 43b771f..59031e4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,131 @@
-secnet (0.3.2~~) unstable; urgency=low
+secnet (0.4.0~beta2~) unstable; urgency=low
+
+  Polypath bugfixes:
+  * Ignore IPv6 Unique Local unicast addresses.
+  * Skip "tentative" IPv6 local addresses.
+  * Improve logging and debug output.
+
+  Portability fix:
+  * Build where size_t is not compatible with int.
+
+  Build system and packaging fixes:
+  * Makefile: support DESTDIR.
+  * debian/rules: set DESTDIR (not prefix).
+  * debian/rules: Support dpkg-buildflags.
+  * Install ipaddrset.py and secnet.8 with correct permissions.
+  * Fix check for <linux/if_tun.h> and git rid of our copy.
+  * Use -lresolv only if inet_aton is not found otherwise.
+  * Use -lnsl only if inet_ntoa is not found otherwise.
+  * debian/rules: Provide build-arch and build-indep targets.
+  * debian/rules: Do not run build for *-indep (!)
+  * Makefile.in: Putative dual (backport and not) release build process doc.
+
+  Copyright updates:
+  * Update to GPLv3.  Add missing copyright notices and credits.
+  * Get rid of old FSF street address; use URL instead.
+  * Remove obsolete LICENCE.txt (which was for snprintf reimplementation).
+  * Remove obsolete references to Cendio (for old ipaddr.py).
 
+ --
+
+secnet (0.4.0~beta1) unstable; urgency=low
+
+  New features:
+  * Support transport over IPv6.  (We do not yet carry IPv6 in the private
+    network.)  IPv6 support depends on IPv6-capable adns (adns 1.5.x).
+  * New polypath comm, which can duplicate packets so as to send them via
+    multiple routes over the public network, for increased
+    reliability/performance (but increased cost).  Currently Linux-only
+    but should be fairly easy to port.
+  * Support multiple public addresses for peers.
+  * Discard previously-received packets (by default).
+
+  Logging improvements:
+  * Report (each first) transmission and reception success and failure.
+  * Log reason for DNS reolution failure.
+  * Log unexpected kinds of death from userv.
+  * Log authbind exit status as errno value (if appropriate).
+
+  Configuration adjustments:
+  * Adjust default number of mobile peer addresses to store when a peer
+    public address is also configured.
+  * Make specifying peer public port optional.  This avoids making special
+    arrangements to bind to a port for in mobile sites with no public
+    stable address.
+
+  Bugfixes:
+  * Hackypar children will die if they get a terminating signal.
+  * Fix signal dispositions inherited by secnet's child processes.
+  * Fix off-by-one error which prevented setting transport-peers-max to 5.
+
+  Test, build and internal improvements:
+  * Use conventional IP address handling library ipaddr.py.
+  * Provide a fuzzer for the slip decoder.
+  * Build system improvements.
+  * Many source code cleanups.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 26 Oct 2014 15:28:31 +0000
+
+secnet (0.3.4) unstable; urgency=low
+
+  SECURITY FIX:
+  * The previous security fix to buffer handling was entirely wrong.  This
+    one is better.  Thanks to Simon Tatham for the report and the patch.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 22 Sep 2014 16:16:11 +0100
+
+secnet (0.3.3) unstable; urgency=high
+
+  SECURITY FIXES:
+  * Pass correct size argument to recvfrom.  This is a serious security
+    problem which may be exploitable from outside the VPN.
+  * Fix a memory leak in some error logging.
+
+  Other related fixes:
+  * Two other latent bugs in buffer length handling found and fixed.
+  * Non-critical stylistic improvements to buffer length handling, to make
+    the code clearer and to assist audit.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 19 Sep 2014 23:50:45 +0100
+
+secnet (0.3.3~beta1) unstable; urgency=low
+
+  Installation compatibility fix:
+  * In make-secnet-sites, always use our own ipaddr.py even if the
+    incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb).
+    (Future versions of secnet are going to need that Python module to be
+    installed.)
+
+  For links involving mobile sites:
+  * Use source of NAK packets as hint for peer transport address.
+  * When initiating rekey, make use of data transport peer addresses.
+
+  Build fix:
+  * Provide clean target in test-example/Makefile.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 19 Sep 2014 00:11:44 +0100
+
+secnet (0.3.2) unstable; urgency=low
+
+  * Release of 0.3.2.  No code changes since 0.3.1~beta1.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 26 Jun 2014 20:27:58 +0100
+
+secnet (0.3.2~beta1) unstable; urgency=low
+
+  For links involving mobile sites:
   * SECURITY: Properly update peer address array when it is full.
+  * Do name-resolution on peer-initiated key setup too, when we are mobile
+    (and other name-resolution improvements).
+
+  Other minor improvements:
   * Log peer addresses on key exchange timeout.
   * When printing version (eg during startup), use value from git-describe
     and thus include git commit id where applicable.
   * Updates to release checklist in Makefile.in.
   * Use C99 _Bool for bool_t.
 
- --
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 06 Jun 2014 01:17:54 +0100
 
 secnet (0.3.1) unstable; urgency=low