X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=debian%2Fchangelog;h=fb1f4483ce3652af9953953ee7403f7e89d64a2f;hp=ef9ca19f2269dbcd4fc6dd918d891d1b50d1afb8;hb=b3626b7a0137bb2bcc1cac8e80de9057d6e6fbf4;hpb=60cb91a95c71273eb3bd67517464d8ed501c8f70

diff --git a/debian/changelog b/debian/changelog
index ef9ca19..fb1f448 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,93 @@
-secnet (0.4.0~beta2~) unstable; urgency=low
+secnet (0.4.6~) unstable; urgency=medium
+
+  * 
+
+ --
+
+secnet (0.4.5) unstable; urgency=medium
+
+  * INSTALL: Mention that rsa key generation might need ssh-keygen1.
+  * mobile: Fix negotiation bug with mixed old/new secnets and
+    simultaneous key setup attempts by each end.  [Mark Wooding]
+  * Makefile.in: Support installation from a `VPATH' build.  [Mark Wooding]
+  * Portability fixes for clang.  [Mark Wooding]
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 21 Sep 2019 12:04:31 +0100
+
+secnet (0.4.4) unstable; urgency=medium
+
+  Security fix:
+  * make-secnet-sites: Don't allow setting new VPN-level properties
+    when restricted.  This could allow denial of service by
+    users with delegated authorisation.  [Mark Wooding]
+
+  Bugfixes for poor network environments:
+  * polypath: cope properly with asymmetric routing, by correcting
+    the handling of late duplicated packets etc.   Protocol is now
+    incompatible with secnet prior to 0.3.0 when either end is mobile.
+  * Randomise key setup retry time.
+
+  Other bugfixes:
+  * rsa and cbcmac: Fix configuration error messages.  [Mark Wooding]
+  * Handle IPv4 addresses properly (ie, not foolishly byte-swapped),
+    when IPv6 is not available.  [Mark Wooding]
+  * Better logging (and less foolish debug), especially about whether
+    key is set up, and about crossed key setup attempts.
+  * Internal refactoring and fixes.  [Ian Jackson and Mark Wooding]
+
+  Build system and portability:
+  * configure: rerun autogen.sh with autoconf 2.69-10
+  * Avoid memset(0,0,0) wrt st->sharedsecret.  (Fixes compiler warning;
+    in theory might cause miscompilation.)  [Mark Wooding]
+
+  Documentation:
+  * README.make-secnet-sites: new documentation file.  [Mark Wooding]
+  * NOTES: Describe current allocation of capability bits.  [Mark Wooding]
+  * NOTES: tiny fix tot protocol description.
+  * secnet(8): Delete wrong information about dh groups.  [Mark Wooding]
+
+  Administrivia:
+  * Fix erroneous GPL3+ licence notices "version d or later" (!)
+  * .dir-locals.el: Settings for Python code.  [Mark Wooding]
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 08 Sep 2019 22:53:14 +0100
+
+secnet (0.4.3) unstable; urgency=low
+
+  Security improvement:
+  * Use `mpz_powm_sec' for modexps.
+
+  Enhancements:
+  * Implement comm-info and dedicated-interface-addr feature, for
+    benefit of hippotat.
+  * Implement `keepalive' site option, to try to keep link always up.
+
+  Build etc. fixes:
+  * #include <limits.h> (fixes the build on jessie).
+  * Tolerate building from a git checkout, but with git not installed.
+    (This can happen in chroots.)
+  * Turn off -Wsign-compare for bison output.
+  * Makefile.in: Fix `check-ipaddrset' rule to get reference from
+    $(srcdir).  (Makes out-of-tree builds work properly.)
+  * Release checklist fixes.
+  * Burn version numbers 0.4.1 and 0.4.2 due to errors in release prep.
+
+  Bugfixes:
+  * When printing messages about dropping IPv6, do not print anything
+    about ihl.  (Check the IP version field first!)
+  * When turning on debug, turn on verbose too.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 25 Nov 2017 13:36:41 +0000
+
+secnet (0.4.0) unstable; urgency=low
+
+  Debugging improvements:
+  * Packet-level debugging from site notes errors from transmit.
+  * Report when transport peers updated as a result of transmit.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 28 Feb 2015 15:03:00 +0000
+
+secnet (0.4.0~beta2) unstable; urgency=low
 
   Polypath bugfixes:
   * Ignore IPv6 Unique Local unicast addresses.
@@ -18,6 +107,7 @@ secnet (0.4.0~beta2~) unstable; urgency=low
   * Use -lnsl only if inet_ntoa is not found otherwise.
   * debian/rules: Provide build-arch and build-indep targets.
   * debian/rules: Do not run build for *-indep (!)
+  * Makefile.in: Putative dual (backport and not) release build process doc.
 
   Copyright updates:
   * Update to GPLv3.  Add missing copyright notices and credits.
@@ -25,7 +115,7 @@ secnet (0.4.0~beta2~) unstable; urgency=low
   * Remove obsolete LICENCE.txt (which was for snprintf reimplementation).
   * Remove obsolete references to Cendio (for old ipaddr.py).
 
- --
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 28 Dec 2014 17:14:10 +0000
 
 secnet (0.4.0~beta1) unstable; urgency=low