Format: 1.8 Date: Thu, 24 Oct 2019 19:11:54 +0100 Binary: secnet Source: secnet Architecture: amd64 source Version: 0.5.0 Distribution: unstable Urgency: medium Maintainer: Ian Jackson Changed-By: Ian Jackson Description: secnet - VPN software for distributed networks Changes: secnet (0.5.0) unstable; urgency=medium . make-secnet-sites SECURITY FIX: * Do not blindly trust inputs; instead, check the syntax for sanity. Previous releases can be induced to run arbitrary code as the user invoking secnet (which might be root), if a secnet sites.conf is used that was generated from an untrustworthy sites file. * The userv invocation mode of make-secnet-sites seems to have been safe in itself, but it previously allowed hazardous data to be propagated into the master sites file. This is now prevented too. . make-secnet-sites overhaul work: * make-secnet-sites is now in the common subset of Python2 and Python3. The #! is python3 now, but it works with Python2.7 too. It will probably *not* work with old versions of Python2. * We no longer depend on the obsolete `ipaddr' library. We use `ipaddress' now. And this is onlo a Recommends in the .deb. * Ad-hoc argument parser been replaced with `argparse'. There should be no change to existing working invocations. * Bad address syntax error does not wrongly mention IPv6 scopes. * Minor refactoring to support forthcoming work. [Mark Wooding] . other bugfixes, improvements and changes to secnet itself: * Better logging of why we are sending NAK messages. * Correctly use the verified copy of the peer remote capabilities from MSG3. (Bug is not a vulnerability.) [Mark Wooding] * Significant internal rearrangements and refactorings, to support forthcoming key management work. [Mark Wooding and Ian Jackson] . build system etc.: * Completely overhaul release checklist; drop dist target. * Remove dependency on `libfl.a'. [Mark Wooding] * polypath.c: Fix missing include of . [Mark Wooding] * Add a Wireshark dissector `secnet-wireshark.lua'. It is not installed anywhere right now. [Mark Wooding] . documentation: * Improve documentation of capability negotiation in NOTES, secnet(8) and magic.h. [Mark Wooding] Checksums-Sha1: 00252faa1661348aa247372458ad21fe094eb274 679 secnet_0.5.0.dsc 7ee2432cbfd1d7a089b75072fb365c777976b774 303715 secnet_0.5.0.tar.gz cf8e0d0e22951e743de871978fda7488fefe708d 317388 secnet-dbgsym_0.5.0_amd64.deb 000502eb5d396099f2cca46c92e6b288c9ea52be 5966 secnet_0.5.0_amd64.buildinfo 481cde40948a9dd5d5a751ae2b93470ba0151c88 151744 secnet_0.5.0_amd64.deb Checksums-Sha256: f54106470a4b42159be2a83492aaa14416f5d03eaf86e39371046dc3cdac9ace 679 secnet_0.5.0.dsc 4519bfee367983d6c9b1ec23541b3f13952ae1736924abddf6172f7c2c693d4b 303715 secnet_0.5.0.tar.gz 5927ac63c1c3c1e148d5a336bf2794112775a1319218de79e8d1049c7a4774ee 317388 secnet-dbgsym_0.5.0_amd64.deb d4aef86744f7eee0102a9da3a761d67c5ee57e3e5c21346e9a45d6d268cf927e 5966 secnet_0.5.0_amd64.buildinfo 4e6f143c2d551781e5b961623bd5099e6e5eee5e18de78985ee157dc563400f5 151744 secnet_0.5.0_amd64.deb Files: 6949ea1a84b844fff08ef10eff6afb06 679 net extra secnet_0.5.0.dsc a8117c6022709d4d6f8d70b87cfeb4eb 303715 net extra secnet_0.5.0.tar.gz 03c0907e8cf8dbef32e7ebba07245fc4 317388 debug extra secnet-dbgsym_0.5.0_amd64.deb ea1bba16934986766fef493b1ba7d286 5966 net extra secnet_0.5.0_amd64.buildinfo 90cb040b2b0ba7dec13ba6c4b129e978 151744 net extra secnet_0.5.0_amd64.deb