X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/4b4308136a7fd26e5250fcbb6ea7e0c661632655..6c23d95c113c39a34c4a031618c19adef2060389:/debian/changelog

diff --git a/debian/changelog b/debian/changelog
index 7fac0e8..e688c7f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,15 +1,71 @@
-secnet (0.3.2~~) unstable; urgency=low
+secnet (0.4.0~~iwj~) UNRELEASED; urgency=low
 
+  * wip.fuzz-slip-decoder branch
+  * wip.ipv6-3 branch
+  * wip.polypath branch
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 09 Oct 2014 19:19:05 +0100
+
+secnet (0.3.4) unstable; urgency=low
+
+  SECURITY FIX:
+  * The previous security fix to buffer handling was entirely wrong.  This
+    one is better.  Thanks to Simon Tatham for the report and the patch.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 22 Sep 2014 16:16:11 +0100
+
+secnet (0.3.3) unstable; urgency=high
+
+  SECURITY FIXES:
+  * Pass correct size argument to recvfrom.  This is a serious security
+    problem which may be exploitable from outside the VPN.
+  * Fix a memory leak in some error logging.
+
+  Other related fixes:
+  * Two other latent bugs in buffer length handling found and fixed.
+  * Non-critical stylistic improvements to buffer length handling, to make
+    the code clearer and to assist audit.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 19 Sep 2014 23:50:45 +0100
+
+secnet (0.3.3~beta1) unstable; urgency=low
+
+  Installation compatibility fix:
+  * In make-secnet-sites, always use our own ipaddr.py even if the
+    incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb).
+    (Future versions of secnet are going to need that Python module to be
+    installed.)
+
+  For links involving mobile sites:
+  * Use source of NAK packets as hint for peer transport address.
+  * When initiating rekey, make use of data transport peer addresses.
+
+  Build fix:
+  * Provide clean target in test-example/Makefile.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 19 Sep 2014 00:11:44 +0100
+
+secnet (0.3.2) unstable; urgency=low
+
+  * Release of 0.3.2.  No code changes since 0.3.1~beta1.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 26 Jun 2014 20:27:58 +0100
+
+secnet (0.3.2~beta1) unstable; urgency=low
+
+  For links involving mobile sites:
   * SECURITY: Properly update peer address array when it is full.
+  * Do name-resolution on peer-initiated key setup too, when we are mobile
+    (and other name-resolution improvements).
+
+  Other minor improvements:
   * Log peer addresses on key exchange timeout.
   * When printing version (eg during startup), use value from git-describe
     and thus include git commit id where applicable.
   * Updates to release checklist in Makefile.in.
   * Use C99 _Bool for bool_t.
-  * Do name-resolution on peer-initiated key setup too (and
-    other name-resolution improvements).
 
- --
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Fri, 06 Jun 2014 01:17:54 +0100
 
 secnet (0.3.1) unstable; urgency=low