| 1 | secnet (0.4.0~~iwj~) UNRELEASED; urgency=low |
| 2 | |
| 3 | New features: |
| 4 | * Support transport over IPv6. (We do not yet carry IPv6 in the private |
| 5 | network.) IPv6 support depends on IPv6-capable adns (adns 1.5.x). |
| 6 | * New polypath comm, which can duplicate packets so as to send them via |
| 7 | multiple routes over the public network, for increased |
| 8 | reliability/performance (but increased cost). Currently Linux-only |
| 9 | but should be fairly easy to port. |
| 10 | * Support multiple public addresses for peers. |
| 11 | * Discard previously-received packets (by default). |
| 12 | |
| 13 | Logging improvements: |
| 14 | * Report (each first) transmission and reception success and failure. |
| 15 | * Log reason for DNS reolution failure. |
| 16 | * Log unexpected kinds of death from userv. |
| 17 | * Log authbind exit status as errno value (if appropriate). |
| 18 | |
| 19 | Configuration adjustments: |
| 20 | * Adjust default number of mobile peer addresses to store when a peer |
| 21 | public address is also configured. |
| 22 | * Make specifying peer public port optional. This avoids making special |
| 23 | arrangements to bind to a port for in mobile sites with no public |
| 24 | stable address. |
| 25 | |
| 26 | Bugfixes: |
| 27 | * Hackypar children will die if they get a terminating signal. |
| 28 | * Fix signal dispositions inherited by secnet's child processes. |
| 29 | * Fix off-by-one error which prevented setting transport-peers-max to 5. |
| 30 | |
| 31 | Test, build and internal improvements: |
| 32 | * Use conventional IP address handling library ipaddr.py. |
| 33 | * Provide a fuzzer for the slip decoder. |
| 34 | * Build system improvements. |
| 35 | * Many source code cleanups. |
| 36 | |
| 37 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 09 Oct 2014 19:19:05 +0100 |
| 38 | |
| 39 | secnet (0.3.4) unstable; urgency=low |
| 40 | |
| 41 | SECURITY FIX: |
| 42 | * The previous security fix to buffer handling was entirely wrong. This |
| 43 | one is better. Thanks to Simon Tatham for the report and the patch. |
| 44 | |
| 45 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 22 Sep 2014 16:16:11 +0100 |
| 46 | |
| 47 | secnet (0.3.3) unstable; urgency=high |
| 48 | |
| 49 | SECURITY FIXES: |
| 50 | * Pass correct size argument to recvfrom. This is a serious security |
| 51 | problem which may be exploitable from outside the VPN. |
| 52 | * Fix a memory leak in some error logging. |
| 53 | |
| 54 | Other related fixes: |
| 55 | * Two other latent bugs in buffer length handling found and fixed. |
| 56 | * Non-critical stylistic improvements to buffer length handling, to make |
| 57 | the code clearer and to assist audit. |
| 58 | |
| 59 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 23:50:45 +0100 |
| 60 | |
| 61 | secnet (0.3.3~beta1) unstable; urgency=low |
| 62 | |
| 63 | Installation compatibility fix: |
| 64 | * In make-secnet-sites, always use our own ipaddr.py even if the |
| 65 | incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb). |
| 66 | (Future versions of secnet are going to need that Python module to be |
| 67 | installed.) |
| 68 | |
| 69 | For links involving mobile sites: |
| 70 | * Use source of NAK packets as hint for peer transport address. |
| 71 | * When initiating rekey, make use of data transport peer addresses. |
| 72 | |
| 73 | Build fix: |
| 74 | * Provide clean target in test-example/Makefile. |
| 75 | |
| 76 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 19 Sep 2014 00:11:44 +0100 |
| 77 | |
| 78 | secnet (0.3.2) unstable; urgency=low |
| 79 | |
| 80 | * Release of 0.3.2. No code changes since 0.3.1~beta1. |
| 81 | |
| 82 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 26 Jun 2014 20:27:58 +0100 |
| 83 | |
| 84 | secnet (0.3.2~beta1) unstable; urgency=low |
| 85 | |
| 86 | For links involving mobile sites: |
| 87 | * SECURITY: Properly update peer address array when it is full. |
| 88 | * Do name-resolution on peer-initiated key setup too, when we are mobile |
| 89 | (and other name-resolution improvements). |
| 90 | |
| 91 | Other minor improvements: |
| 92 | * Log peer addresses on key exchange timeout. |
| 93 | * When printing version (eg during startup), use value from git-describe |
| 94 | and thus include git commit id where applicable. |
| 95 | * Updates to release checklist in Makefile.in. |
| 96 | * Use C99 _Bool for bool_t. |
| 97 | |
| 98 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 06 Jun 2014 01:17:54 +0100 |
| 99 | |
| 100 | secnet (0.3.1) unstable; urgency=low |
| 101 | |
| 102 | * Release of 0.3.1. No code changes since 0.3.1~beta3. |
| 103 | |
| 104 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 15 May 2014 01:08:30 +0100 |
| 105 | |
| 106 | secnet (0.3.1~beta3) unstable; urgency=low |
| 107 | |
| 108 | * Build fixes for non-i386 architectures and gcc 4.8.2. |
| 109 | |
| 110 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 08 May 2014 19:53:43 +0100 |
| 111 | |
| 112 | secnet (0.3.1~beta2) unstable; urgency=low |
| 113 | |
| 114 | Fix relating to new fragmentation / ICMP functionality: |
| 115 | * Generate ICMP packets correctly in point-to-point configurations. |
| 116 | |
| 117 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 03 May 2014 18:58:09 +0100 |
| 118 | |
| 119 | secnet (0.3.1~beta1) unstable; urgency=low |
| 120 | |
| 121 | Security fixes (vulnerabilities are to inside attackers only): |
| 122 | * SECURITY: Fixes to MTU and fragmentation handling. |
| 123 | * SECURITY: Correctly set "unused" ICMP header field. |
| 124 | * SECURITY: Fix IP length check not to crash on very short packets. |
| 125 | |
| 126 | New feature: |
| 127 | * Make the inter-site MTU configurable, and negotiate it with the peer. |
| 128 | |
| 129 | Bugfixes etc.: |
| 130 | * Fix netlink SEGV on clientless netlinks (i.e. configuration error). |
| 131 | * Fix formatting error in p-t-p startup message. |
| 132 | * Do not send ICMP errors in response to unknown incoming ICMP. |
| 133 | * Fix formatting error in secnet.8 manpage. |
| 134 | * Internal code rearrangements and improvements. |
| 135 | |
| 136 | Packaging improvements: |
| 137 | * Updates to release checklist in Makefile.in. |
| 138 | * Additions to the test-example suite. |
| 139 | |
| 140 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100 |
| 141 | |
| 142 | secnet (0.3.0) unstable; urgency=low |
| 143 | |
| 144 | * Release of 0.3.0. No code changes since 0.3.0~beta3. |
| 145 | * Update release checklist. |
| 146 | |
| 147 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 01 Sep 2013 20:27:48 +0100 |
| 148 | |
| 149 | secnet (0.3.0~beta3) unstable; urgency=low |
| 150 | |
| 151 | * New upstream version. |
| 152 | - Stability bugfix: properly initialise site's scratch buffer. |
| 153 | |
| 154 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 05 Aug 2013 11:54:09 +0100 |
| 155 | |
| 156 | secnet (0.3.0~beta2) unstable; urgency=low |
| 157 | |
| 158 | * New upstream version. |
| 159 | - SECURITY FIX: RSA public modulus and exponent buffer overflow. |
| 160 | - SECURITY FIX: Use constant-time memcmp for message authentication. |
| 161 | - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac. |
| 162 | - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm. |
| 163 | - SECURITY FIX: Fix site name checking when site name A is prefix of B. |
| 164 | - SECURITY FIX: Safely reject too-short IP packets. |
| 165 | - Better robustness for mobile sites (proper user of NAKs, new PROD msg). |
| 166 | - Better robustness against SLIP decoding errors. |
| 167 | - Fix bugs which caused routes to sometimes not be advertised. |
| 168 | - Protocol capability negotiation mechanism. |
| 169 | - Improvements and fixes to protocol and usage documentation. |
| 170 | - Other bugfixes and code tidying up. |
| 171 | |
| 172 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 25 Jul 2013 18:26:01 +0100 |
| 173 | |
| 174 | secnet (0.3.0~beta1) unstable; urgency=low |
| 175 | |
| 176 | * New upstream version. |
| 177 | - SECURITY FIX: avoid crashes (or buffer overrun) on short packets. |
| 178 | - Bugfixes relating to packet loss during key exchange. |
| 179 | - Bugfixes relating to link up/down status. |
| 180 | - Bugfixes relating to logging. |
| 181 | - make-secnet-sites made more sophisticated to support two vpns on chiark. |
| 182 | - Documentation improvements. |
| 183 | - Build system improvements. |
| 184 | * Debian packaging improvements: |
| 185 | - Native package. |
| 186 | - Maintainer / uploaders. |
| 187 | - init script requires $remove_fs since we're in /usr. |
| 188 | |
| 189 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 12 Jul 2012 20:18:16 +0100 |
| 190 | |
| 191 | secnet (0.2.1-1) unstable; urgency=low |
| 192 | |
| 193 | * New upstream version. (authbind endianness fix) |
| 194 | |
| 195 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 11 Dec 2011 13:14:57 +0000 |
| 196 | |
| 197 | secnet (0.2.0-1) unstable; urgency=low |
| 198 | |
| 199 | * New upstream version. |
| 200 | |
| 201 | -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 10 Dec 2011 22:44:41 +0000 |
| 202 | |
| 203 | secnet (0.1.18-1) unstable; urgency=low |
| 204 | |
| 205 | * New upstream version. |
| 206 | |
| 207 | -- Stephen Early <steve@greenend.org.uk> Tue, 18 Mar 2008 17:45:00 +0000 |