minor ChangeLog updates

2012-10-19 22:11:27 -04:00 · 2012-10-19 22:11:27 -04:00 · 95001b7da8
commit 95001b7da8
parent 54297086ba
1 changed files with 14 additions and 6 deletions
--- a/20
+++ b/20
@ -10,7 +10,7 @@ fwknop-2.0.4 (09/20/2012):
      under SPA message type validity test.  Support for command exec mode was
      also added to the test suite.
    - (Vlad Glagolev) Submitted an OpenBSD port for fwknop-2.0.3, and this has
-      been checked in under extras/openbsd/.
+      been checked in under the extras/openbsd/ directory.
    - [server] Bug fix to allow GPG_ALLOW_NO_PW to result in not also having
      to specify a Rijndael key.
    - [client] Added '-P udpraw' to allow the client to send SPA packets over
@ -19,17 +19,25 @@ fwknop-2.0.4 (09/20/2012):
      source IP.
    - [libfko] Added validation of NAT access strings in the various NAT
      modes.
+    - [libfko] Restricted usernames embedded in SPA packets to be
+      alpha-numeric along with "-" chars.
    - [server] Bug fix to accept SPA packets over ICMP if the fwknop client
      is executed with '-P icmp' and the user has the required privileges.
-    - Applied patch from Franck Joncourt to have the perl FKO module link
-      against libfko in the local directory (if it exists) so that it doesn't
-      have to have libfko completely installed in /usr/lib/.  This allows the
-      test suite to run FKO tests without installing libfko.
+    - [test suite] Applied patch from Franck Joncourt to have the perl FKO
+      module link against libfko in the local directory (if it exists) so that
+      it doesn't have to have libfko completely installed in the /usr/lib/
+      directory.  This allows the test suite to run FKO tests without
+      installing libfko.
+    - [test suite] Significant update to include a set of fuzzing SPA packets
+      that are built using a patched version of libfko.  These packets are
+      located in the test/fuzzing/bogus_spa_packets file, and are designed to
+      ensure proper validation of SPA packet data.  This validation is
+      performed in --enable-perl-module-checks mode via the perl FKO module.
    - [client] Added --icmp-type and --icmp-code arguments so the user can
      control the icmp type/code combination for spoofed SPA packets ('-P
      icmp') mode.
    - [client] Updated default TTL value to 64 for spoofed SPA packets.  This
-      closer to more OS default TTL values than the previous 255.
+      is closer to more OS default TTL values than the previous 255.

 fwknop-2.0.3 (09/03/2012):
    - [server] Fernando Arnaboldi from IOActive found several DoS/code