| 1 | tripe (1.0.0pre19) experimental; urgency=low |
| 2 | |
| 3 | * tripe: Use Catacomb `rand_quick' to collect system-specific entropy, |
| 4 | e.g., from the x86 `rdrand' isntruction. |
| 5 | * tripe: Fix memory leak of key-data objects. |
| 6 | * tripe: Add new `naclbox' bulk-crypto transform based on Salsa20/ChaCha |
| 7 | and Poly1305. |
| 8 | * tripe: Support X25519 and X448 as key-exchange groups. |
| 9 | * tripe-keys: Support Ed25519 and Ed448 signature schemes. |
| 10 | * tripe-keys: Allow more control over key generation. In particular, |
| 11 | arbitrary attributes can now be set on master keys and key-exchange |
| 12 | keys. |
| 13 | * tripe-uslip: Clean up sockets on signal. |
| 14 | * A number of documentation fixes. |
| 15 | |
| 16 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 18:18:17 +0100 |
| 17 | |
| 18 | tripe (1.0.0pre18) experimental; urgency=low |
| 19 | |
| 20 | * general: Fixed some 64-bit portability bugs. |
| 21 | * debian: Improve the Debian packaging: there are now explicit versions |
| 22 | on dependencies; the build-depependencies are correct; and there are |
| 23 | separate build-dependencies for the (rather more demanding) |
| 24 | architecture-neutral packages. |
| 25 | * tests: Fixed the server test suite to remove spurious failures. |
| 26 | |
| 27 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 30 Apr 2016 18:13:31 +0100 |
| 28 | |
| 29 | tripe (1.0.0pre17.1) experimental; urgency=low |
| 30 | |
| 31 | * tests: More warning suppressions. |
| 32 | |
| 33 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 11 May 2015 00:52:01 +0100 |
| 34 | |
| 35 | tripe (1.0.0pre17) experimental; urgency=low |
| 36 | |
| 37 | * tripe-peer-services: The `tripe-newpeers' program now implements |
| 38 | multiple inheritance of configuration sections. See peers.in(5) for |
| 39 | the details. |
| 40 | * tripe-peer-services: The base configuration now has different timeouts |
| 41 | for active and passive dynamic peers. The thinking behind this is |
| 42 | explained in connect(8). |
| 43 | * tripe: The example `knock' script now works with OpenSSH forced- |
| 44 | commands, as well as custom shells. |
| 45 | * tripe: Include a configuration file for `sshsvc-mkauthkeys', to help |
| 46 | with setting up passive peers. |
| 47 | * tripe-peer-services: Fix a bug which broke the `connect' service's |
| 48 | `KICK' command. |
| 49 | * Attach a `tripe' suffix to most of the manpage names. Some of the |
| 50 | services, in particular, have rather generic names and it's only luck |
| 51 | that there haven't been conflicts yet. |
| 52 | * tripe: New `-W' option for `tripectl' to set the watch list. |
| 53 | |
| 54 | -- Mark Wooding <mdw@distorted.org.uk> Fri, 08 May 2015 19:22:25 +0100 |
| 55 | |
| 56 | tripe (1.0.0pre16.2) experimental; urgency=low |
| 57 | |
| 58 | * tripe-peer-services: `tripe-ifup' is now more tolerant of errors, and |
| 59 | more useful at reporting them. |
| 60 | * tripe-peer-services: `tripe-ifup' strips any explicit prefix length |
| 61 | from the remote internal address when adding routes naming it as a |
| 62 | gateway. |
| 63 | * tripe-peer-services: `tripe-ifup' explicitly forces the sysctl setting |
| 64 | `net.ipv6.conf.IFACE.disable_ipv6' off before configuring an IPv6 |
| 65 | address as a workaround for some devices which try to turn IPv6 off |
| 66 | globally if they can't get a route. |
| 67 | |
| 68 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 14 Mar 2015 19:35:18 +0000 |
| 69 | |
| 70 | tripe (1.0.0pre16.1) experimental; urgency=low |
| 71 | |
| 72 | * tripe: Diagnose a mismatch between two peers' choice of bulk crypto |
| 73 | transforms. |
| 74 | |
| 75 | -- Mark Wooding <mdw@distorted.org.uk> Tue, 17 Feb 2015 21:33:47 +0000 |
| 76 | |
| 77 | tripe (1.0.0pre16) experimental; urgency=low |
| 78 | |
| 79 | * pathmtu: Use `IP_PMTUDISC_PROBE' rather than `..._DO' when doing |
| 80 | Linux-specific probing: this prevents inexplicable `EMSGSIZE' failures |
| 81 | from write(2). |
| 82 | * tripe: New bulk-crypto transform `iiv', which (a) reduces encryption |
| 83 | overhead and (b) is fully deterministic, closing a possible |
| 84 | kleptographic channel. |
| 85 | * tripe: Improve logging options in the client and startup scripts. |
| 86 | * tripe: Ship experimental systemd units as examples. |
| 87 | * tripe-peer-services: `conntrack' supports newer GLib bindings. |
| 88 | * tripe-peer-services: `connect' now only polls its database once a minute |
| 89 | (rather than once a second). |
| 90 | * tripemon: Support for newer Gtk bindings. |
| 91 | * tripemon: More distinctive highlighting of entry fields with invalid |
| 92 | contents. |
| 93 | * tripemon: Show per-peer crypto details in info sheet. |
| 94 | * tripemon: Support new options in `Add peer' dialogue. |
| 95 | |
| 96 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 20 Jul 2014 21:48:23 +0100 |
| 97 | |
| 98 | tripe (1.0.0pre15) experimental; urgency=low |
| 99 | |
| 100 | * Allow network masks in the `laddr' and `raddr' lists. |
| 101 | |
| 102 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 19 Apr 2014 14:34:22 +0100 |
| 103 | |
| 104 | tripe (1.0.0pre14) experimental; urgency=low |
| 105 | |
| 106 | * Abolish the `watch' service. Its functionality has been absorbed into |
| 107 | `connect', and the postinst script now attempts to remove the obsolete |
| 108 | symbolic link from /etc/tripe/services. |
| 109 | * Many internal build changes. |
| 110 | |
| 111 | -- Mark Wooding <mdw@distorted.org.uk> Tue, 28 Jan 2014 15:39:24 +0000 |
| 112 | |
| 113 | tripe (1.0.0pre13) experimental; urgency=low |
| 114 | |
| 115 | * Compare MAC tags in constant time. (Fixes a timing attack performed |
| 116 | by an adversary who can watch the timestamp on the server log.) |
| 117 | |
| 118 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 May 2013 22:58:31 +0100 |
| 119 | |
| 120 | tripe (1.0.0pre12.2) experimental; urgency=low |
| 121 | |
| 122 | * New `tripe-keys' command: `check' reports on keys which will expire |
| 123 | soon, so that someone remembers to refresh them. |
| 124 | |
| 125 | -- Mark Wooding <mdw@distorted.org.uk> Thu, 07 Feb 2013 10:37:01 +0000 |
| 126 | |
| 127 | tripe (1.0.0pre12.1) experimental; urgency=low |
| 128 | |
| 129 | * Extract Wireshark version number from `wireshark-common' rather than |
| 130 | `wireshark': the latter need not be installed. |
| 131 | |
| 132 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 12 Jan 2013 22:30:32 +0000 |
| 133 | |
| 134 | tripe (1.0.0pre12) experimental; urgency=low |
| 135 | |
| 136 | * tripe-peer-services: Add machinery for notifying a peer that we no |
| 137 | longer require its services. |
| 138 | |
| 139 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 05 Jan 2013 07:50:33 +0000 |
| 140 | |
| 141 | tripe (1.0.0pre11.1) experimental; urgency=low |
| 142 | |
| 143 | * tripe: Fix segfault from PEERINFO command. |
| 144 | * tripe: Include missing documentation of ADD command's `-priv' option. |
| 145 | * tripe: Fix warning message which didn't match documentation. |
| 146 | |
| 147 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 Dec 2012 14:14:36 +0000 |
| 148 | |
| 149 | tripe (1.0.0pre11) experimental; urgency=low |
| 150 | |
| 151 | * Fix log/permissions foul-up. Move the logs to /var/log/tripe, and |
| 152 | arrange for that directory to exist with the correct permissions. |
| 153 | Don't try to open the log until after dropping privileges, so as to |
| 154 | provide a check that we can reopen them later. |
| 155 | * New peer option `mobile' can be set in peers.d files to indicate that |
| 156 | the peer's IP address and/or port are highly volatile and the server |
| 157 | should try to keep up with changes by attempting to decrypt incoming |
| 158 | packets using any available mobile keys. |
| 159 | * tripe: Mobile peers: track changes in remote address automatically. |
| 160 | * pathmtu: New mode uses raw sockets for portability. |
| 161 | * tripe-peer-services: Support IPv6 interface configuration. (There's |
| 162 | still no support for sending encrypted packets over IPv6.) |
| 163 | * tripe: Randomize exponential backoff for retransmission. [mdw/backoff] |
| 164 | * tripe: Support multiple private keys and cipher suites in the same |
| 165 | server. |
| 166 | |
| 167 | -- Mark Wooding <mdw@distorted.org.uk> Tue, 18 Sep 2012 03:39:52 +0100 |
| 168 | |
| 169 | tripe (1.0.0pre10) experimental; urgency=low |
| 170 | |
| 171 | * Overhaul SLIP error handling. |
| 172 | * Have conntrack tear VPN down in some networks. |
| 173 | |
| 174 | -- Mark Wooding <mdw@distorted.org.uk> Fri, 22 Apr 2011 16:48:31 +0100 |
| 175 | |
| 176 | tripe (1.0.0pre9) experimental; urgency=low |
| 177 | |
| 178 | * Make conntrack rather more robust against errors. |
| 179 | * Logically separate key tags from peer names. |
| 180 | |
| 181 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 17 May 2010 20:27:33 +0100 |
| 182 | |
| 183 | tripe (1.0.0pre8.1) experimental; urgency=low |
| 184 | |
| 185 | * Whoops. conntrack was almost completely broken. Fix it a lot. |
| 186 | |
| 187 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 May 2010 20:06:12 +0100 |
| 188 | |
| 189 | tripe (1.0.0pre8) experimental; urgency=low |
| 190 | |
| 191 | * Many changes, enhancements and bug fixes. Like, way too many to list |
| 192 | here. |
| 193 | |
| 194 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 09 May 2010 15:32:30 +0100 |
| 195 | |
| 196 | tripe (1.0.0pre7) experimental; urgency=low |
| 197 | |
| 198 | * Support SLIP encapsulation. |
| 199 | |
| 200 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 4 Sep 2005 00:52:56 +0100 |
| 201 | |
| 202 | tripe (1.0.0pre6) experimental; urgency=low |
| 203 | |
| 204 | * Debianization! |
| 205 | * Don't report uninteresting errors when accepting connections. |
| 206 | * Support elliptic curve keys. |
| 207 | * Allow user selection of symmetric crypto algorithms. |
| 208 | |
| 209 | -- Mark Wooding <mdw@nsict.org> Mon, 19 Apr 2004 08:44:00 +0100 |