| 1 | tripe (1.0.0pre13) experimental; urgency=low |
| 2 | |
| 3 | * Compare MAC tags in constant time. (Fixes a timing attack performed |
| 4 | by an adversary who can watch the timestamp on the server log.) |
| 5 | |
| 6 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 May 2013 22:58:31 +0100 |
| 7 | |
| 8 | tripe (1.0.0pre12.2) experimental; urgency=low |
| 9 | |
| 10 | * New `tripe-keys' command: `check' reports on keys which will expire |
| 11 | soon, so that someone remembers to refresh them. |
| 12 | |
| 13 | -- Mark Wooding <mdw@distorted.org.uk> Thu, 07 Feb 2013 10:37:01 +0000 |
| 14 | |
| 15 | tripe (1.0.0pre12.1) experimental; urgency=low |
| 16 | |
| 17 | * Extract Wireshark version number from `wireshark-common' rather than |
| 18 | `wireshark': the latter need not be installed. |
| 19 | |
| 20 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 12 Jan 2013 22:30:32 +0000 |
| 21 | |
| 22 | tripe (1.0.0pre12) experimental; urgency=low |
| 23 | |
| 24 | * tripe-peer-services: Add machinery for notifying a peer that we no |
| 25 | longer require its services. |
| 26 | |
| 27 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 05 Jan 2013 07:50:33 +0000 |
| 28 | |
| 29 | tripe (1.0.0pre11.1) experimental; urgency=low |
| 30 | |
| 31 | * tripe: Fix segfault from PEERINFO command. |
| 32 | * tripe: Include missing documentation of ADD command's `-priv' option. |
| 33 | * tripe: Fix warning message which didn't match documentation. |
| 34 | |
| 35 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 Dec 2012 14:14:36 +0000 |
| 36 | |
| 37 | tripe (1.0.0pre11) experimental; urgency=low |
| 38 | |
| 39 | * Fix log/permissions foul-up. Move the logs to /var/log/tripe, and |
| 40 | arrange for that directory to exist with the correct permissions. |
| 41 | Don't try to open the log until after dropping privileges, so as to |
| 42 | provide a check that we can reopen them later. |
| 43 | * New peer option `mobile' can be set in peers.d files to indicate that |
| 44 | the peer's IP address and/or port are highly volatile and the server |
| 45 | should try to keep up with changes by attempting to decrypt incoming |
| 46 | packets using any available mobile keys. |
| 47 | * tripe: Mobile peers: track changes in remote address automatically. |
| 48 | * pathmtu: New mode uses raw sockets for portability. |
| 49 | * tripe-peer-services: Support IPv6 interface configuration. (There's |
| 50 | still no support for sending encrypted packets over IPv6.) |
| 51 | * tripe: Randomize exponential backoff for retransmission. [mdw/backoff] |
| 52 | * tripe: Support multiple private keys and cipher suites in the same |
| 53 | server. |
| 54 | |
| 55 | -- Mark Wooding <mdw@distorted.org.uk> Tue, 18 Sep 2012 03:39:52 +0100 |
| 56 | |
| 57 | tripe (1.0.0pre10) experimental; urgency=low |
| 58 | |
| 59 | * Overhaul SLIP error handling. |
| 60 | * Have conntrack tear VPN down in some networks. |
| 61 | |
| 62 | -- Mark Wooding <mdw@distorted.org.uk> Fri, 22 Apr 2011 16:48:31 +0100 |
| 63 | |
| 64 | tripe (1.0.0pre9) experimental; urgency=low |
| 65 | |
| 66 | * Make conntrack rather more robust against errors. |
| 67 | * Logically separate key tags from peer names. |
| 68 | |
| 69 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 17 May 2010 20:27:33 +0100 |
| 70 | |
| 71 | tripe (1.0.0pre8.1) experimental; urgency=low |
| 72 | |
| 73 | * Whoops. conntrack was almost completely broken. Fix it a lot. |
| 74 | |
| 75 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 May 2010 20:06:12 +0100 |
| 76 | |
| 77 | tripe (1.0.0pre8) experimental; urgency=low |
| 78 | |
| 79 | * Many changes, enhancements and bug fixes. Like, way too many to list |
| 80 | here. |
| 81 | |
| 82 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 09 May 2010 15:32:30 +0100 |
| 83 | |
| 84 | tripe (1.0.0pre7) experimental; urgency=low |
| 85 | |
| 86 | * Support SLIP encapsulation. |
| 87 | |
| 88 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 4 Sep 2005 00:52:56 +0100 |
| 89 | |
| 90 | tripe (1.0.0pre6) experimental; urgency=low |
| 91 | |
| 92 | * Debianization! |
| 93 | * Don't report uninteresting errors when accepting connections. |
| 94 | * Support elliptic curve keys. |
| 95 | * Allow user selection of symmetric crypto algorithms. |
| 96 | |
| 97 | -- Mark Wooding <mdw@nsict.org> Mon, 19 Apr 2004 08:44:00 +0100 |