X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/f0b0f54918621c9a12c21c63f037471f7a961a64..2368720d4c08f50a41abb784c709e3e60a71984c:/debian/changelog

diff --git a/debian/changelog b/debian/changelog
index cabe3f9..8a813e6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,47 @@
+secnet (0.3.1~beta2) unstable; urgency=low
+
+  Fix relating to new fragmentation / ICMP functionality:
+  * Generate ICMP packets correctly in point-to-point configurations.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sat, 03 May 2014 18:58:09 +0100
+
+secnet (0.3.1~beta1) unstable; urgency=low
+
+  Security fixes (vulnerabilities are to inside attackers only):
+  * SECURITY: Fixes to MTU and fragmentation handling.
+  * SECURITY: Correctly set "unused" ICMP header field.
+  * SECURITY: Fix IP length check not to crash on very short packets.
+
+  New feature:
+  * Make the inter-site MTU configurable, and negotiate it with the peer.
+
+  Bugfixes etc.:
+  * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
+  * Fix formatting error in p-t-p startup message.
+  * Do not send ICMP errors in response to unknown incoming ICMP.
+  * Fix formatting error in secnet.8 manpage.
+  * Internal code rearrangements and improvements.
+
+  Packaging improvements:
+  * Updates to release checklist in Makefile.in.
+  * Additions to the test-example suite.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 01 May 2014 19:02:56 +0100
+
+secnet (0.3.0) unstable; urgency=low
+
+  * Release of 0.3.0.  No code changes since 0.3.0~beta3.
+  * Update release checklist.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Sun, 01 Sep 2013 20:27:48 +0100
+
+secnet (0.3.0~beta3) unstable; urgency=low
+
+  * New upstream version.
+   - Stability bugfix: properly initialise site's scratch buffer.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Mon, 05 Aug 2013 11:54:09 +0100
+
 secnet (0.3.0~beta2) unstable; urgency=low
 
   * New upstream version.
@@ -6,6 +50,7 @@ secnet (0.3.0~beta2) unstable; urgency=low
    - SECURITY FIX: Provide a new transform, eax-serpent, to replace cbcmac.
    - SECURITY FIX: No longer send NAKs for NAKs, avoiding NAK storm.
    - SECURITY FIX: Fix site name checking when site name A is prefix of B.
+   - SECURITY FIX: Safely reject too-short IP packets.
    - Better robustness for mobile sites (proper user of NAKs, new PROD msg).
    - Better robustness against SLIP decoding errors.
    - Fix bugs which caused routes to sometimes not be advertised.