Commit | Line | Data |
---|---|---|
0083ebff | 1 | secnet (0.4.5) unstable; urgency=medium |
b621d42a | 2 | |
e33d827e IJ |
3 | * INSTALL: Mention that rsa key generation might need ssh-keygen1. |
4 | * mobile: Fix negotiation bug with mixed old/new secnets and | |
5 | simultaneous key setup attempts by each end. [Mark Wooding] | |
6 | * Makefile.in: Support installation from a `VPATH' build. [Mark Wooding] | |
7 | * Portability fixes for clang. [Mark Wooding] | |
b621d42a | 8 | |
0083ebff | 9 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 21 Sep 2019 12:04:31 +0100 |
b621d42a | 10 | |
1cef26c2 | 11 | secnet (0.4.4) unstable; urgency=medium |
d723b9dc | 12 | |
8c944ec9 IJ |
13 | Security fix: |
14 | * make-secnet-sites: Don't allow setting new VPN-level properties | |
15 | when restricted. This could allow denial of service by | |
16 | users with delegated authorisation. [Mark Wooding] | |
17 | ||
18 | Bugfixes for poor network environments: | |
19 | * polypath: cope properly with asymmetric routing, by correcting | |
ef7be25b IJ |
20 | the handling of late duplicated packets etc. Protocol is now |
21 | incompatible with secnet prior to 0.3.0 when either end is mobile. | |
8c944ec9 IJ |
22 | * Randomise key setup retry time. |
23 | ||
24 | Other bugfixes: | |
25 | * rsa and cbcmac: Fix configuration error messages. [Mark Wooding] | |
26 | * Handle IPv4 addresses properly (ie, not foolishly byte-swapped), | |
27 | when IPv6 is not available. [Mark Wooding] | |
28 | * Better logging (and less foolish debug), especially about whether | |
29 | key is set up, and about crossed key setup attempts. | |
30 | * Internal refactoring and fixes. [Ian Jackson and Mark Wooding] | |
31 | ||
32 | Build system and portability: | |
33 | * configure: rerun autogen.sh with autoconf 2.69-10 | |
34 | * Avoid memset(0,0,0) wrt st->sharedsecret. (Fixes compiler warning; | |
35 | in theory might cause miscompilation.) [Mark Wooding] | |
36 | ||
37 | Documentation: | |
38 | * README.make-secnet-sites: new documentation file. [Mark Wooding] | |
39 | * NOTES: Describe current allocation of capability bits. [Mark Wooding] | |
40 | * NOTES: tiny fix tot protocol description. | |
41 | * secnet(8): Delete wrong information about dh groups. [Mark Wooding] | |
42 | ||
9c6a8729 IJ |
43 | Administrivia: |
44 | * Fix erroneous GPL3+ licence notices "version d or later" (!) | |
8c944ec9 | 45 | * .dir-locals.el: Settings for Python code. [Mark Wooding] |
d723b9dc | 46 | |
1cef26c2 | 47 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 08 Sep 2019 22:53:14 +0100 |
d723b9dc | 48 | |
daaccb8a | 49 | secnet (0.4.3) unstable; urgency=low |
e6d6991c | 50 | |
dc905acb IJ |
51 | Security improvement: |
52 | * Use `mpz_powm_sec' for modexps. | |
53 | ||
54 | Enhancements: | |
86420bb7 IJ |
55 | * Implement comm-info and dedicated-interface-addr feature, for |
56 | benefit of hippotat. | |
e6d6991c | 57 | * Implement `keepalive' site option, to try to keep link always up. |
dc905acb IJ |
58 | |
59 | Build etc. fixes: | |
658e8a99 IJ |
60 | * #include <limits.h> (fixes the build on jessie). |
61 | * Tolerate building from a git checkout, but with git not installed. | |
62 | (This can happen in chroots.) | |
dc905acb IJ |
63 | * Turn off -Wsign-compare for bison output. |
64 | * Makefile.in: Fix `check-ipaddrset' rule to get reference from | |
65 | $(srcdir). (Makes out-of-tree builds work properly.) | |
658e8a99 IJ |
66 | * Release checklist fixes. |
67 | * Burn version numbers 0.4.1 and 0.4.2 due to errors in release prep. | |
dc905acb IJ |
68 | |
69 | Bugfixes: | |
59a5b098 IJ |
70 | * When printing messages about dropping IPv6, do not print anything |
71 | about ihl. (Check the IP version field first!) | |
cb807040 | 72 | * When turning on debug, turn on verbose too. |
e6d6991c | 73 | |
8f9d08fa | 74 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 25 Nov 2017 13:36:41 +0000 |
e6d6991c | 75 | |
11653375 | 76 | secnet (0.4.0) unstable; urgency=low |
62846523 IJ |
77 | |
78 | Debugging improvements: | |
79 | * Packet-level debugging from site notes errors from transmit. | |
92ae57c5 | 80 | * Report when transport peers updated as a result of transmit. |
62846523 | 81 | |
11653375 | 82 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 28 Feb 2015 15:03:00 +0000 |
62846523 | 83 | |
a0898ee0 | 84 | secnet (0.4.0~beta2) unstable; urgency=low |
b073e347 | 85 | |
60cb91a9 IJ |
86 | Polypath bugfixes: |
87 | * Ignore IPv6 Unique Local unicast addresses. | |
88 | * Skip "tentative" IPv6 local addresses. | |
89 | * Improve logging and debug output. | |
90 | ||
91 | Portability fix: | |
92 | * Build where size_t is not compatible with int. | |
93 | ||
94 | Build system and packaging fixes: | |
af720152 | 95 | * Makefile: support DESTDIR. |
fb75bb37 | 96 | * debian/rules: set DESTDIR (not prefix). |
24982c27 | 97 | * debian/rules: Support dpkg-buildflags. |
60cb91a9 IJ |
98 | * Install ipaddrset.py and secnet.8 with correct permissions. |
99 | * Fix check for <linux/if_tun.h> and git rid of our copy. | |
100 | * Use -lresolv only if inet_aton is not found otherwise. | |
101 | * Use -lnsl only if inet_ntoa is not found otherwise. | |
102 | * debian/rules: Provide build-arch and build-indep targets. | |
103 | * debian/rules: Do not run build for *-indep (!) | |
ca535922 | 104 | * Makefile.in: Putative dual (backport and not) release build process doc. |
b073e347 | 105 | |
c215a4bc IJ |
106 | Copyright updates: |
107 | * Update to GPLv3. Add missing copyright notices and credits. | |
108 | * Get rid of old FSF street address; use URL instead. | |
109 | * Remove obsolete LICENCE.txt (which was for snprintf reimplementation). | |
110 | * Remove obsolete references to Cendio (for old ipaddr.py). | |
111 | ||
a0898ee0 | 112 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 28 Dec 2014 17:14:10 +0000 |
b073e347 | 113 | |
537ff1ad | 114 | secnet (0.4.0~beta1) unstable; urgency=low |
6c23d95c | 115 | |
1e36b4e9 IJ |
116 | New features: |
117 | * Support transport over IPv6. (We do not yet carry IPv6 in the private | |
118 | network.) IPv6 support depends on IPv6-capable adns (adns 1.5.x). | |
119 | * New polypath comm, which can duplicate packets so as to send them via | |
120 | multiple routes over the public network, for increased | |
121 | reliability/performance (but increased cost). Currently Linux-only | |
122 | but should be fairly easy to port. | |
123 | * Support multiple public addresses for peers. | |
124 | * Discard previously-received packets (by default). | |
125 | ||
126 | Logging improvements: | |
127 | * Report (each first) transmission and reception success and failure. | |
128 | * Log reason for DNS reolution failure. | |
129 | * Log unexpected kinds of death from userv. | |
130 | * Log authbind exit status as errno value (if appropriate). | |
131 | ||
132 | Configuration adjustments: | |
133 | * Adjust default number of mobile peer addresses to store when a peer | |
134 | public address is also configured. | |
135 | * Make specifying peer public port optional. This avoids making special | |
136 | arrangements to bind to a port for in mobile sites with no public | |
137 | stable address. | |
138 | ||
139 | Bugfixes: | |
140 | * Hackypar children will die if they get a terminating signal. | |
141 | * Fix signal dispositions inherited by secnet's child processes. | |
142 | * Fix off-by-one error which prevented setting transport-peers-max to 5. | |
143 | ||
144 | Test, build and internal improvements: | |
145 | * Use conventional IP address handling library ipaddr.py. | |
146 | * Provide a fuzzer for the slip decoder. | |
147 | * Build system improvements. | |
148 | * Many source code cleanups. | |
6c23d95c | 149 | |
537ff1ad | 150 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 15:28:31 +0000 |
6c23d95c | 151 | |
5d8fc5c0 IJ |
152 | secnet (0.3.4) unstable; urgency=low |
153 | ||
154 | SECURITY FIX: | |
155 | * The previous security fix to buffer handling was entirely wrong. This | |
156 | one is better. Thanks to Simon Tatham for the report and the patch. | |
157 | ||
158 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 22 Sep 2014 16:16:11 +0100 | |
159 | ||
3c35339b IJ |
160 | secnet (0.3.3) unstable; urgency=high |
161 | ||
162 | SECURITY FIXES: | |
163 | * Pass correct size argument to recvfrom. This is a serious security | |
164 | problem which may be exploitable from outside the VPN. | |
165 | * Fix a memory leak in some error logging. | |
166 | ||
167 | Other related fixes: | |
168 | * Two other latent bugs in buffer length handling found and fixed. | |
169 | * Non-critical stylistic improvements to buffer length handling, to make | |
170 | the code clearer and to assist audit. | |
171 | ||
172 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 23:50:45 +0100 | |
173 | ||
cad61687 IJ |
174 | secnet (0.3.3~beta1) unstable; urgency=low |
175 | ||
176 | Installation compatibility fix: | |
177 | * In make-secnet-sites, always use our own ipaddr.py even if the | |
178 | incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb). | |
179 | (Future versions of secnet are going to need that Python module to be | |
180 | installed.) | |
181 | ||
182 | For links involving mobile sites: | |
183 | * Use source of NAK packets as hint for peer transport address. | |
184 | * When initiating rekey, make use of data transport peer addresses. | |
185 | ||
186 | Build fix: | |
187 | * Provide clean target in test-example/Makefile. | |
188 | ||
189 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 00:11:44 +0100 | |
190 | ||
79c6c87c IJ |
191 | secnet (0.3.2) unstable; urgency=low |
192 | ||
193 | * Release of 0.3.2. No code changes since 0.3.1~beta1. | |
194 | ||
195 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 26 Jun 2014 20:27:58 +0100 | |
196 | ||
27ee084e | 197 | secnet (0.3.2~beta1) unstable; urgency=low |
af0869f5 | 198 | |
27ee084e | 199 | For links involving mobile sites: |
f09b3955 | 200 | * SECURITY: Properly update peer address array when it is full. |
27ee084e IJ |
201 | * Do name-resolution on peer-initiated key setup too, when we are mobile |
202 | (and other name-resolution improvements). | |
203 | ||
204 | Other minor improvements: | |
f09b3955 | 205 | * Log peer addresses on key exchange timeout. |
e4cfe537 IJ |
206 | * When printing version (eg during startup), use value from git-describe |
207 | and thus include git commit id where applicable. | |
af0869f5 | 208 | * Updates to release checklist in Makefile.in. |
09aecaa2 | 209 | * Use C99 _Bool for bool_t. |
af0869f5 | 210 | |
27ee084e | 211 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 06 Jun 2014 01:17:54 +0100 |
af0869f5 | 212 | |
88356888 IJ |
213 | secnet (0.3.1) unstable; urgency=low |
214 | ||
215 | * Release of 0.3.1. No code changes since 0.3.1~beta3. | |
216 | ||
217 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 15 May 2014 01:08:30 +0100 | |
218 | ||
c1e8412b IJ |
219 | secnet (0.3.1~beta3) unstable; urgency=low |
220 | ||
221 | * Build fixes for non-i386 architectures and gcc 4.8.2. | |
222 | ||
223 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 08 May 2014 19:53:43 +0100 | |
224 | ||
2368720d IJ |
225 | secnet (0.3.1~beta2) unstable; urgency=low |
226 | ||
227 | Fix relating to new fragmentation / ICMP functionality: | |
228 | * Generate ICMP packets correctly in point-to-point configurations. | |
229 | ||
230 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 03 May 2014 18:58:09 +0100 | |
231 | ||
d3dd9ddc | 232 | secnet (0.3.1~beta1) unstable; urgency=low |
1ca0593d | 233 | |
d3dd9ddc | 234 | Security fixes (vulnerabilities are to inside attackers only): |
32240a83 | 235 | * SECURITY: Fixes to MTU and fragmentation handling. |
cfd79482 | 236 | * SECURITY: Correctly set "unused" ICMP header field. |
e8b1adac | 237 | * SECURITY: Fix IP length check not to crash on very short packets. |
d3dd9ddc IJ |
238 | |
239 | New feature: | |
3ed1846a | 240 | * Make the inter-site MTU configurable, and negotiate it with the peer. |
1ca0593d | 241 | |
d3dd9ddc IJ |
242 | Bugfixes etc.: |
243 | * Fix netlink SEGV on clientless netlinks (i.e. configuration error). | |
244 | * Fix formatting error in p-t-p startup message. | |
245 | * Do not send ICMP errors in response to unknown incoming ICMP. | |
246 | * Fix formatting error in secnet.8 manpage. | |
247 | * Internal code rearrangements and improvements. | |
248 | ||
249 | Packaging improvements: | |
250 | * Updates to release checklist in Makefile.in. | |
251 | * Additions to the test-example suite. | |
252 | ||
253 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100 | |
1ca0593d | 254 | |
53dea2fb IJ |
255 | secnet (0.3.0) unstable; urgency=low |
256 | ||
257 | * Release of 0.3.0. No code changes since 0.3.0~beta3. | |
258 | * Update release checklist. | |
259 | ||
260 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 01 Sep 2013 20:27:48 +0100 | |
261 | ||
74f85762 | 262 | secnet (0.3.0~beta3) unstable; urgency=low |
8aaaa634 IJ |
263 | |
264 | * New upstream version. | |
265 | - Stability bugfix: properly initialise site's scratch buffer. | |
266 | ||
74f85762 | 267 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 05 Aug 2013 11:54:09 +0100 |
8aaaa634 | 268 | |
f0b0f549 IJ |
269 | secnet (0.3.0~beta2) unstable; urgency=low |
270 | ||
271 | * New upstream version. | |
272 | - SECURITY FIX: RSA public modulus and exponent buffer overflow. | |
273 | - SECURITY FIX: Use constant-time memcmp for message authentication. | |
274 | - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac. | |
275 | - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm. | |
276 | - SECURITY FIX: Fix site name checking when site name A is prefix of B. | |
663d9d5f | 277 | - SECURITY FIX: Safely reject too-short IP packets. |
f0b0f549 IJ |
278 | - Better robustness for mobile sites (proper user of NAKs, new PROD msg). |
279 | - Better robustness against SLIP decoding errors. | |
280 | - Fix bugs which caused routes to sometimes not be advertised. | |
281 | - Protocol capability negotiation mechanism. | |
282 | - Improvements and fixes to protocol and usage documentation. | |
283 | - Other bugfixes and code tidying up. | |
284 | ||
285 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 25 Jul 2013 18:26:01 +0100 | |
286 | ||
e42d5acf IJ |
287 | secnet (0.3.0~beta1) unstable; urgency=low |
288 | ||
289 | * New upstream version. | |
290 | - SECURITY FIX: avoid crashes (or buffer overrun) on short packets. | |
291 | - Bugfixes relating to packet loss during key exchange. | |
292 | - Bugfixes relating to link up/down status. | |
293 | - Bugfixes relating to logging. | |
294 | - make-secnet-sites made more sophisticated to support two vpns on chiark. | |
295 | - Documentation improvements. | |
296 | - Build system improvements. | |
f2376399 IJ |
297 | * Debian packaging improvements: |
298 | - Native package. | |
299 | - Maintainer / uploaders. | |
300 | - init script requires $remove_fs since we're in /usr. | |
e42d5acf IJ |
301 | |
302 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 12 Jul 2012 20:18:16 +0100 | |
303 | ||
37b5bdcf IJ |
304 | secnet (0.2.1-1) unstable; urgency=low |
305 | ||
306 | * New upstream version. (authbind endianness fix) | |
307 | ||
308 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 11 Dec 2011 13:14:57 +0000 | |
309 | ||
9ee89d42 IJ |
310 | secnet (0.2.0-1) unstable; urgency=low |
311 | ||
312 | * New upstream version. | |
313 | ||
4253701c | 314 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 10 Dec 2011 22:44:41 +0000 |
9ee89d42 | 315 | |
ca58ee48 | 316 | secnet (0.1.18-1) unstable; urgency=low |
9d3a4132 SE |
317 | |
318 | * New upstream version. | |
319 | ||
ca58ee48 | 320 | -- Stephen Early <steve@greenend.org.uk> Tue, 18 Mar 2008 17:45:00 +0000 |