X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=blobdiff_plain;f=debian%2Fchangelog;h=fb1f4483ce3652af9953953ee7403f7e89d64a2f;hp=f4227a0bef984717a87220419667c0f57ffd081d;hb=b3626b7a0137bb2bcc1cac8e80de9057d6e6fbf4;hpb=cb8070409796bbf1187248b05609a61b7f49e6b8

diff --git a/debian/changelog b/debian/changelog
index f4227a0..fb1f448 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,83 @@
-secnet (0.4.1~~) unstable; urgency=medium
+secnet (0.4.6~) unstable; urgency=medium
 
+  * 
+
+ --
+
+secnet (0.4.5) unstable; urgency=medium
+
+  * INSTALL: Mention that rsa key generation might need ssh-keygen1.
+  * mobile: Fix negotiation bug with mixed old/new secnets and
+    simultaneous key setup attempts by each end.  [Mark Wooding]
+  * Makefile.in: Support installation from a `VPATH' build.  [Mark Wooding]
+  * Portability fixes for clang.  [Mark Wooding]
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 21 Sep 2019 12:04:31 +0100
+
+secnet (0.4.4) unstable; urgency=medium
+
+  Security fix:
+  * make-secnet-sites: Don't allow setting new VPN-level properties
+    when restricted.  This could allow denial of service by
+    users with delegated authorisation.  [Mark Wooding]
+
+  Bugfixes for poor network environments:
+  * polypath: cope properly with asymmetric routing, by correcting
+    the handling of late duplicated packets etc.   Protocol is now
+    incompatible with secnet prior to 0.3.0 when either end is mobile.
+  * Randomise key setup retry time.
+
+  Other bugfixes:
+  * rsa and cbcmac: Fix configuration error messages.  [Mark Wooding]
+  * Handle IPv4 addresses properly (ie, not foolishly byte-swapped),
+    when IPv6 is not available.  [Mark Wooding]
+  * Better logging (and less foolish debug), especially about whether
+    key is set up, and about crossed key setup attempts.
+  * Internal refactoring and fixes.  [Ian Jackson and Mark Wooding]
+
+  Build system and portability:
+  * configure: rerun autogen.sh with autoconf 2.69-10
+  * Avoid memset(0,0,0) wrt st->sharedsecret.  (Fixes compiler warning;
+    in theory might cause miscompilation.)  [Mark Wooding]
+
+  Documentation:
+  * README.make-secnet-sites: new documentation file.  [Mark Wooding]
+  * NOTES: Describe current allocation of capability bits.  [Mark Wooding]
+  * NOTES: tiny fix tot protocol description.
+  * secnet(8): Delete wrong information about dh groups.  [Mark Wooding]
+
+  Administrivia:
+  * Fix erroneous GPL3+ licence notices "version d or later" (!)
+  * .dir-locals.el: Settings for Python code.  [Mark Wooding]
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 08 Sep 2019 22:53:14 +0100
+
+secnet (0.4.3) unstable; urgency=low
+
+  Security improvement:
+  * Use `mpz_powm_sec' for modexps.
+
+  Enhancements:
   * Implement comm-info and dedicated-interface-addr feature, for
     benefit of hippotat.
   * Implement `keepalive' site option, to try to keep link always up.
+
+  Build etc. fixes:
+  * #include <limits.h> (fixes the build on jessie).
+  * Tolerate building from a git checkout, but with git not installed.
+    (This can happen in chroots.)
+  * Turn off -Wsign-compare for bison output.
+  * Makefile.in: Fix `check-ipaddrset' rule to get reference from
+    $(srcdir).  (Makes out-of-tree builds work properly.)
+  * Release checklist fixes.
+  * Burn version numbers 0.4.1 and 0.4.2 due to errors in release prep.
+
+  Bugfixes:
   * When printing messages about dropping IPv6, do not print anything
     about ihl.  (Check the IP version field first!)
   * When turning on debug, turn on verbose too.
 
- --
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 25 Nov 2017 13:36:41 +0000
 
 secnet (0.4.0) unstable; urgency=low