X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=debian%2Fchangelog;h=fb1f4483ce3652af9953953ee7403f7e89d64a2f;hp=e688c7fd26bd2ae592b983710e4bbbfaf07f98e3;hb=b3626b7a0137bb2bcc1cac8e80de9057d6e6fbf4;hpb=6c23d95c113c39a34c4a031618c19adef2060389 diff --git a/debian/changelog b/debian/changelog index e688c7f..fb1f448 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,159 @@ -secnet (0.4.0~~iwj~) UNRELEASED; urgency=low +secnet (0.4.6~) unstable; urgency=medium - * wip.fuzz-slip-decoder branch - * wip.ipv6-3 branch - * wip.polypath branch + * - -- Ian Jackson Thu, 09 Oct 2014 19:19:05 +0100 + -- + +secnet (0.4.5) unstable; urgency=medium + + * INSTALL: Mention that rsa key generation might need ssh-keygen1. + * mobile: Fix negotiation bug with mixed old/new secnets and + simultaneous key setup attempts by each end. [Mark Wooding] + * Makefile.in: Support installation from a `VPATH' build. [Mark Wooding] + * Portability fixes for clang. [Mark Wooding] + + -- Ian Jackson Sat, 21 Sep 2019 12:04:31 +0100 + +secnet (0.4.4) unstable; urgency=medium + + Security fix: + * make-secnet-sites: Don't allow setting new VPN-level properties + when restricted. This could allow denial of service by + users with delegated authorisation. [Mark Wooding] + + Bugfixes for poor network environments: + * polypath: cope properly with asymmetric routing, by correcting + the handling of late duplicated packets etc. Protocol is now + incompatible with secnet prior to 0.3.0 when either end is mobile. + * Randomise key setup retry time. + + Other bugfixes: + * rsa and cbcmac: Fix configuration error messages. [Mark Wooding] + * Handle IPv4 addresses properly (ie, not foolishly byte-swapped), + when IPv6 is not available. [Mark Wooding] + * Better logging (and less foolish debug), especially about whether + key is set up, and about crossed key setup attempts. + * Internal refactoring and fixes. [Ian Jackson and Mark Wooding] + + Build system and portability: + * configure: rerun autogen.sh with autoconf 2.69-10 + * Avoid memset(0,0,0) wrt st->sharedsecret. (Fixes compiler warning; + in theory might cause miscompilation.) [Mark Wooding] + + Documentation: + * README.make-secnet-sites: new documentation file. [Mark Wooding] + * NOTES: Describe current allocation of capability bits. [Mark Wooding] + * NOTES: tiny fix tot protocol description. + * secnet(8): Delete wrong information about dh groups. [Mark Wooding] + + Administrivia: + * Fix erroneous GPL3+ licence notices "version d or later" (!) + * .dir-locals.el: Settings for Python code. [Mark Wooding] + + -- Ian Jackson Sun, 08 Sep 2019 22:53:14 +0100 + +secnet (0.4.3) unstable; urgency=low + + Security improvement: + * Use `mpz_powm_sec' for modexps. + + Enhancements: + * Implement comm-info and dedicated-interface-addr feature, for + benefit of hippotat. + * Implement `keepalive' site option, to try to keep link always up. + + Build etc. fixes: + * #include (fixes the build on jessie). + * Tolerate building from a git checkout, but with git not installed. + (This can happen in chroots.) + * Turn off -Wsign-compare for bison output. + * Makefile.in: Fix `check-ipaddrset' rule to get reference from + $(srcdir). (Makes out-of-tree builds work properly.) + * Release checklist fixes. + * Burn version numbers 0.4.1 and 0.4.2 due to errors in release prep. + + Bugfixes: + * When printing messages about dropping IPv6, do not print anything + about ihl. (Check the IP version field first!) + * When turning on debug, turn on verbose too. + + -- Ian Jackson Sat, 25 Nov 2017 13:36:41 +0000 + +secnet (0.4.0) unstable; urgency=low + + Debugging improvements: + * Packet-level debugging from site notes errors from transmit. + * Report when transport peers updated as a result of transmit. + + -- Ian Jackson Sat, 28 Feb 2015 15:03:00 +0000 + +secnet (0.4.0~beta2) unstable; urgency=low + + Polypath bugfixes: + * Ignore IPv6 Unique Local unicast addresses. + * Skip "tentative" IPv6 local addresses. + * Improve logging and debug output. + + Portability fix: + * Build where size_t is not compatible with int. + + Build system and packaging fixes: + * Makefile: support DESTDIR. + * debian/rules: set DESTDIR (not prefix). + * debian/rules: Support dpkg-buildflags. + * Install ipaddrset.py and secnet.8 with correct permissions. + * Fix check for and git rid of our copy. + * Use -lresolv only if inet_aton is not found otherwise. + * Use -lnsl only if inet_ntoa is not found otherwise. + * debian/rules: Provide build-arch and build-indep targets. + * debian/rules: Do not run build for *-indep (!) + * Makefile.in: Putative dual (backport and not) release build process doc. + + Copyright updates: + * Update to GPLv3. Add missing copyright notices and credits. + * Get rid of old FSF street address; use URL instead. + * Remove obsolete LICENCE.txt (which was for snprintf reimplementation). + * Remove obsolete references to Cendio (for old ipaddr.py). + + -- Ian Jackson Sun, 28 Dec 2014 17:14:10 +0000 + +secnet (0.4.0~beta1) unstable; urgency=low + + New features: + * Support transport over IPv6. (We do not yet carry IPv6 in the private + network.) IPv6 support depends on IPv6-capable adns (adns 1.5.x). + * New polypath comm, which can duplicate packets so as to send them via + multiple routes over the public network, for increased + reliability/performance (but increased cost). Currently Linux-only + but should be fairly easy to port. + * Support multiple public addresses for peers. + * Discard previously-received packets (by default). + + Logging improvements: + * Report (each first) transmission and reception success and failure. + * Log reason for DNS reolution failure. + * Log unexpected kinds of death from userv. + * Log authbind exit status as errno value (if appropriate). + + Configuration adjustments: + * Adjust default number of mobile peer addresses to store when a peer + public address is also configured. + * Make specifying peer public port optional. This avoids making special + arrangements to bind to a port for in mobile sites with no public + stable address. + + Bugfixes: + * Hackypar children will die if they get a terminating signal. + * Fix signal dispositions inherited by secnet's child processes. + * Fix off-by-one error which prevented setting transport-peers-max to 5. + + Test, build and internal improvements: + * Use conventional IP address handling library ipaddr.py. + * Provide a fuzzer for the slip decoder. + * Build system improvements. + * Many source code cleanups. + + -- Ian Jackson Sun, 26 Oct 2014 15:28:31 +0000 secnet (0.3.4) unstable; urgency=low