[secnet] / debian / changelog

secnet (0.3.1~~unstable) unstable; urgency=low

  * Updates to release checklist in Makefile.in.
  * Fix formatting error in secnet.8 manpage.
  * Internal code rearrangements and improvements.
  * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
  * Fix formatting error in p-t-p startup message.
  * Additions to the test-example suite.
  * SECURITY: Fixes to MTU and fragmentation handling.
  * SECURITY: Correctly set "unused" ICMP header field.
  * Do not send ICMP errors in response to unknown incoming ICMP.
  * SECURITY: Fix IP length check not to crash on very short packets.
  * Make the inter-site MTU configurable, and negotiate it with the peer.

 --

secnet (0.3.0) unstable; urgency=low

  * Release of 0.3.0.  No code changes since 0.3.0~beta3.
  * Update release checklist.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 01 Sep 2013 20:27:48 +0100

secnet (0.3.0~beta3) unstable; urgency=low

  * New upstream version.
   - Stability bugfix: properly initialise site's scratch buffer.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 05 Aug 2013 11:54:09 +0100

secnet (0.3.0~beta2) unstable; urgency=low

  * New upstream version.
   - SECURITY FIX: RSA public modulus and exponent buffer overflow.
   - SECURITY FIX: Use constant-time memcmp for message authentication.
   - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
   - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
   - SECURITY FIX: Fix site name checking when site name A is prefix of B.
   - SECURITY FIX: Safely reject too-short IP packets.
   - Better robustness for mobile sites (proper user of NAKs, new PROD msg).
   - Better robustness against SLIP decoding errors.
   - Fix bugs which caused routes to sometimes not be advertised.
   - Protocol capability negotiation mechanism.
   - Improvements and fixes to protocol and usage documentation.
   - Other bugfixes and code tidying up.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 25 Jul 2013 18:26:01 +0100

secnet (0.3.0~beta1) unstable; urgency=low

  * New upstream version.
   - SECURITY FIX: avoid crashes (or buffer overrun) on short packets.
   - Bugfixes relating to packet loss during key exchange.
   - Bugfixes relating to link up/down status.
   - Bugfixes relating to logging.
   - make-secnet-sites made more sophisticated to support two vpns on chiark.
   - Documentation improvements.
   - Build system improvements.
  * Debian packaging improvements:
   - Native package.
   - Maintainer / uploaders.
   - init script requires $remove_fs since we're in /usr.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 12 Jul 2012 20:18:16 +0100

secnet (0.2.1-1) unstable; urgency=low

  * New upstream version.  (authbind endianness fix)

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 11 Dec 2011 13:14:57 +0000

secnet (0.2.0-1) unstable; urgency=low

  * New upstream version.

 -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 10 Dec 2011 22:44:41 +0000

secnet (0.1.18-1) unstable; urgency=low

  * New upstream version.

 -- Stephen Early <steve@greenend.org.uk>  Tue,  18 Mar 2008 17:45:00 +0000
Commit	Line	Data
1ca0593d IJ	1	secnet (0.3.1~~unstable) unstable; urgency=low
	2
	3	* Updates to release checklist in Makefile.in.
161f20c2	4	* Fix formatting error in secnet.8 manpage.
7b6abafa	5	* Internal code rearrangements and improvements.
55bc97e6	6	* Fix netlink SEGV on clientless netlinks (i.e. configuration error).
34d3bf4c	7	* Fix formatting error in p-t-p startup message.
abf665fc	8	* Additions to the test-example suite.
32240a83	9	* SECURITY: Fixes to MTU and fragmentation handling.
cfd79482	10	* SECURITY: Correctly set "unused" ICMP header field.
686b7f1d	11	* Do not send ICMP errors in response to unknown incoming ICMP.
e8b1adac	12	* SECURITY: Fix IP length check not to crash on very short packets.
3ed1846a	13	* Make the inter-site MTU configurable, and negotiate it with the peer.
1ca0593d	14
161f20c2	15	--
1ca0593d	16
53dea2fb IJ	17	secnet (0.3.0) unstable; urgency=low
	18
	19	* Release of 0.3.0. No code changes since 0.3.0~beta3.
	20	* Update release checklist.
	21
	22	-- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 01 Sep 2013 20:27:48 +0100
	23
74f85762	24	secnet (0.3.0~beta3) unstable; urgency=low
8aaaa634 IJ	25
	26	* New upstream version.
	27	- Stability bugfix: properly initialise site's scratch buffer.
	28
74f85762	29	-- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 05 Aug 2013 11:54:09 +0100
8aaaa634	30
f0b0f549 IJ	31	secnet (0.3.0~beta2) unstable; urgency=low
	32
	33	* New upstream version.
	34	- SECURITY FIX: RSA public modulus and exponent buffer overflow.
	35	- SECURITY FIX: Use constant-time memcmp for message authentication.
	36	- SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
	37	- SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
	38	- SECURITY FIX: Fix site name checking when site name A is prefix of B.
663d9d5f	39	- SECURITY FIX: Safely reject too-short IP packets.
f0b0f549 IJ	40	- Better robustness for mobile sites (proper user of NAKs, new PROD msg).
	41	- Better robustness against SLIP decoding errors.
	42	- Fix bugs which caused routes to sometimes not be advertised.
	43	- Protocol capability negotiation mechanism.
	44	- Improvements and fixes to protocol and usage documentation.
	45	- Other bugfixes and code tidying up.
	46
	47	-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 25 Jul 2013 18:26:01 +0100
	48
e42d5acf IJ	49	secnet (0.3.0~beta1) unstable; urgency=low
	50
	51	* New upstream version.
	52	- SECURITY FIX: avoid crashes (or buffer overrun) on short packets.
	53	- Bugfixes relating to packet loss during key exchange.
	54	- Bugfixes relating to link up/down status.
	55	- Bugfixes relating to logging.
	56	- make-secnet-sites made more sophisticated to support two vpns on chiark.
	57	- Documentation improvements.
	58	- Build system improvements.
f2376399 IJ	59	* Debian packaging improvements:
	60	- Native package.
	61	- Maintainer / uploaders.
	62	- init script requires $remove_fs since we're in /usr.
e42d5acf IJ	63
	64	-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 12 Jul 2012 20:18:16 +0100
	65
37b5bdcf IJ	66	secnet (0.2.1-1) unstable; urgency=low
	67
	68	* New upstream version. (authbind endianness fix)
	69
	70	-- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 11 Dec 2011 13:14:57 +0000
	71
9ee89d42 IJ	72	secnet (0.2.0-1) unstable; urgency=low
	73
	74	* New upstream version.
	75
4253701c	76	-- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 10 Dec 2011 22:44:41 +0000
9ee89d42	77
ca58ee48	78	secnet (0.1.18-1) unstable; urgency=low
9d3a4132 SE	79
	80	* New upstream version.
	81
ca58ee48	82	-- Stephen Early <steve@greenend.org.uk> Tue, 18 Mar 2008 17:45:00 +0000