Release 1.5.2.

[tripe] / debian / changelog

tripe (1.5.2) experimental; urgency=medium

  * tripe-wireshark: Dissector package is necessarily architecture
    specific.  Replace botched architecture-neutral version.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 22 Sep 2019 16:22:19 +0100

tripe (1.5.1) experimental; urgency=medium

  * tripe: Fix almost completely unusable AEAD support (brown paper bag
    moment).
  * tripe: Document the errors about unsuitable AEAD schemes.
  * tripe: Support AEAD schemes with smaller nonce spaces (down to 40
    bits).

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 22 Sep 2019 14:52:48 +0100

tripe (1.5.0) experimental; urgency=medium

  * Big version bump, because this really isn't a prerelease anymore.  And
    there's lots of goodies in this version.
  * New mobile-peer protocol `knock' is much faster and no longer requires
    complex SSH setup.
  * Support transport over IPv6.
  * Support Catacomb AEAD schemes for bulk crypto.
  * python-tripe: Fixed `TripeCommandDispatcher.eping' to send the correct
    command.
  * tripe-peer-services (connect): Report on connectivity statistics.
  * tripe-wireshark: Replaced the old dissector with a new one written in
    Lua, which understands the modern protocol.  It's unfortunately
    slower, but actually works and isn't a nightmare to maintain.
  * tripe-ethereal: Deleted this ancient transition package.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 22 Sep 2019 01:49:03 +0100

tripe (1.0.0pre19.1) experimental; urgency=medium

  * Packaging fixes.  (No code change.)

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 24 Dec 2018 15:53:35 +0000

tripe (1.0.0pre19) experimental; urgency=low

  * tripe: Use Catacomb `rand_quick' to collect system-specific entropy,
    e.g., from the x86 `rdrand' isntruction.
  * tripe: Fix memory leak of key-data objects.
  * tripe: Add new `naclbox' bulk-crypto transform based on Salsa20/ChaCha
    and Poly1305.
  * tripe: Support X25519 and X448 as key-exchange groups.
  * tripe-keys: Support Ed25519 and Ed448 signature schemes.
  * tripe-keys: Allow more control over key generation.  In particular,
    arbitrary attributes can now be set on master keys and key-exchange
    keys.
  * tripe-uslip: Clean up sockets on signal.
  * A number of documentation fixes.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 14 May 2017 18:18:17 +0100

tripe (1.0.0pre18) experimental; urgency=low

  * general: Fixed some 64-bit portability bugs.
  * debian: Improve the Debian packaging: there are now explicit versions
    on dependencies; the build-depependencies are correct; and there are
    separate build-dependencies for the (rather more demanding)
    architecture-neutral packages.
  * tests: Fixed the server test suite to remove spurious failures.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 30 Apr 2016 18:13:31 +0100

tripe (1.0.0pre17.1) experimental; urgency=low

  * tests: More warning suppressions.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 11 May 2015 00:52:01 +0100

tripe (1.0.0pre17) experimental; urgency=low

  * tripe-peer-services: The `tripe-newpeers' program now implements
    multiple inheritance of configuration sections.  See peers.in(5) for
    the details.
  * tripe-peer-services: The base configuration now has different timeouts
    for active and passive dynamic peers.  The thinking behind this is
    explained in connect(8).
  * tripe: The example `knock' script now works with OpenSSH forced-
    commands, as well as custom shells.
  * tripe: Include a configuration file for `sshsvc-mkauthkeys', to help
    with setting up passive peers.
  * tripe-peer-services: Fix a bug which broke the `connect' service's
    `KICK' command.
  * Attach a `tripe' suffix to most of the manpage names.  Some of the
    services, in particular, have rather generic names and it's only luck
    that there haven't been conflicts yet.
  * tripe: New `-W' option for `tripectl' to set the watch list.

 -- Mark Wooding <mdw@distorted.org.uk>  Fri, 08 May 2015 19:22:25 +0100

tripe (1.0.0pre16.2) experimental; urgency=low

  * tripe-peer-services: `tripe-ifup' is now more tolerant of errors, and
    more useful at reporting them.
  * tripe-peer-services: `tripe-ifup' strips any explicit prefix length
    from the remote internal address when adding routes naming it as a
    gateway.
  * tripe-peer-services: `tripe-ifup' explicitly forces the sysctl setting
    `net.ipv6.conf.IFACE.disable_ipv6' off before configuring an IPv6
    address as a workaround for some devices which try to turn IPv6 off
    globally if they can't get a route.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 14 Mar 2015 19:35:18 +0000

tripe (1.0.0pre16.1) experimental; urgency=low

  * tripe: Diagnose a mismatch between two peers' choice of bulk crypto
    transforms.

 -- Mark Wooding <mdw@distorted.org.uk>  Tue, 17 Feb 2015 21:33:47 +0000

tripe (1.0.0pre16) experimental; urgency=low

  * pathmtu: Use `IP_PMTUDISC_PROBE' rather than `..._DO' when doing
    Linux-specific probing: this prevents inexplicable `EMSGSIZE' failures
    from write(2).
  * tripe: New bulk-crypto transform `iiv', which (a) reduces encryption
    overhead and (b) is fully deterministic, closing a possible
    kleptographic channel.
  * tripe: Improve logging options in the client and startup scripts.
  * tripe: Ship experimental systemd units as examples.
  * tripe-peer-services: `conntrack' supports newer GLib bindings.
  * tripe-peer-services: `connect' now only polls its database once a minute
    (rather than once a second).
  * tripemon: Support for newer Gtk bindings.
  * tripemon: More distinctive highlighting of entry fields with invalid
    contents.
  * tripemon: Show per-peer crypto details in info sheet.
  * tripemon: Support new options in `Add peer' dialogue.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 20 Jul 2014 21:48:23 +0100

tripe (1.0.0pre15) experimental; urgency=low

  * Allow network masks in the `laddr' and `raddr' lists.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 19 Apr 2014 14:34:22 +0100

tripe (1.0.0pre14) experimental; urgency=low

  * Abolish the `watch' service.  Its functionality has been absorbed into
    `connect', and the postinst script now attempts to remove the obsolete
    symbolic link from /etc/tripe/services.
  * Many internal build changes.

 -- Mark Wooding <mdw@distorted.org.uk>  Tue, 28 Jan 2014 15:39:24 +0000

tripe (1.0.0pre13) experimental; urgency=low

  * Compare MAC tags in constant time.  (Fixes a timing attack performed
    by an adversary who can watch the timestamp on the server log.)

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 27 May 2013 22:58:31 +0100

tripe (1.0.0pre12.2) experimental; urgency=low

  * New `tripe-keys' command: `check' reports on keys which will expire
    soon, so that someone remembers to refresh them.

 -- Mark Wooding <mdw@distorted.org.uk>  Thu, 07 Feb 2013 10:37:01 +0000

tripe (1.0.0pre12.1) experimental; urgency=low

  * Extract Wireshark version number from `wireshark-common' rather than
    `wireshark': the latter need not be installed.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 12 Jan 2013 22:30:32 +0000

tripe (1.0.0pre12) experimental; urgency=low

  * tripe-peer-services: Add machinery for notifying a peer that we no
    longer require its services.
 
 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 05 Jan 2013 07:50:33 +0000

tripe (1.0.0pre11.1) experimental; urgency=low

  * tripe: Fix segfault from PEERINFO command.
  * tripe: Include missing documentation of ADD command's `-priv' option.
  * tripe: Fix warning message which didn't match documentation.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 15 Dec 2012 14:14:36 +0000

tripe (1.0.0pre11) experimental; urgency=low

  * Fix log/permissions foul-up.  Move the logs to /var/log/tripe, and
    arrange for that directory to exist with the correct permissions.
    Don't try to open the log until after dropping privileges, so as to
    provide a check that we can reopen them later.
  * New peer option `mobile' can be set in peers.d files to indicate that
    the peer's IP address and/or port are highly volatile and the server
    should try to keep up with changes by attempting to decrypt incoming
    packets using any available mobile keys.
  * tripe: Mobile peers: track changes in remote address automatically.
  * pathmtu: New mode uses raw sockets for portability.
  * tripe-peer-services: Support IPv6 interface configuration.  (There's
    still no support for sending encrypted packets over IPv6.)
  * tripe: Randomize exponential backoff for retransmission. [mdw/backoff]
  * tripe: Support multiple private keys and cipher suites in the same
    server.

 -- Mark Wooding <mdw@distorted.org.uk>  Tue, 18 Sep 2012 03:39:52 +0100

tripe (1.0.0pre10) experimental; urgency=low

  * Overhaul SLIP error handling.
  * Have conntrack tear VPN down in some networks.

 -- Mark Wooding <mdw@distorted.org.uk>  Fri, 22 Apr 2011 16:48:31 +0100

tripe (1.0.0pre9) experimental; urgency=low

  * Make conntrack rather more robust against errors.
  * Logically separate key tags from peer names.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 17 May 2010 20:27:33 +0100

tripe (1.0.0pre8.1) experimental; urgency=low

  * Whoops.  conntrack was almost completely broken.  Fix it a lot.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 15 May 2010 20:06:12 +0100

tripe (1.0.0pre8) experimental; urgency=low

  * Many changes, enhancements and bug fixes.  Like, way too many to list
    here.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 09 May 2010 15:32:30 +0100

tripe (1.0.0pre7) experimental; urgency=low

  * Support SLIP encapsulation.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun,  4 Sep 2005 00:52:56 +0100

tripe (1.0.0pre6) experimental; urgency=low

  * Debianization!
  * Don't report uninteresting errors when accepting connections.
  * Support elliptic curve keys.
  * Allow user selection of symmetric crypto algorithms.

 -- Mark Wooding <mdw@nsict.org>  Mon, 19 Apr 2004 08:44:00 +0100