server: Compare MAC tags in constant time.

[tripe] / debian / changelog

tripe (1.0.0pre13) experimental; urgency=low

  * Compare MAC tags in constant time.  (Fixes a timing attack performed
    by an adversary who can watch the timestamp on the server log.)

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 27 May 2013 22:58:31 +0100

tripe (1.0.0pre12.2) experimental; urgency=low

  * New `tripe-keys' command: `check' reports on keys which will expire
    soon, so that someone remembers to refresh them.

 -- Mark Wooding <mdw@distorted.org.uk>  Thu, 07 Feb 2013 10:37:01 +0000

tripe (1.0.0pre12.1) experimental; urgency=low

  * Extract Wireshark version number from `wireshark-common' rather than
    `wireshark': the latter need not be installed.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 12 Jan 2013 22:30:32 +0000

tripe (1.0.0pre12) experimental; urgency=low

  * tripe-peer-services: Add machinery for notifying a peer that we no
    longer require its services.
 
 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 05 Jan 2013 07:50:33 +0000

tripe (1.0.0pre11.1) experimental; urgency=low

  * tripe: Fix segfault from PEERINFO command.
  * tripe: Include missing documentation of ADD command's `-priv' option.
  * tripe: Fix warning message which didn't match documentation.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 15 Dec 2012 14:14:36 +0000

tripe (1.0.0pre11) experimental; urgency=low

  * Fix log/permissions foul-up.  Move the logs to /var/log/tripe, and
    arrange for that directory to exist with the correct permissions.
    Don't try to open the log until after dropping privileges, so as to
    provide a check that we can reopen them later.
  * New peer option `mobile' can be set in peers.d files to indicate that
    the peer's IP address and/or port are highly volatile and the server
    should try to keep up with changes by attempting to decrypt incoming
    packets using any available mobile keys.
  * tripe: Mobile peers: track changes in remote address automatically.
  * pathmtu: New mode uses raw sockets for portability.
  * tripe-peer-services: Support IPv6 interface configuration.  (There's
    still no support for sending encrypted packets over IPv6.)
  * tripe: Randomize exponential backoff for retransmission. [mdw/backoff]
  * tripe: Support multiple private keys and cipher suites in the same
    server.

 -- Mark Wooding <mdw@distorted.org.uk>  Tue, 18 Sep 2012 03:39:52 +0100

tripe (1.0.0pre10) experimental; urgency=low

  * Overhaul SLIP error handling.
  * Have conntrack tear VPN down in some networks.

 -- Mark Wooding <mdw@distorted.org.uk>  Fri, 22 Apr 2011 16:48:31 +0100

tripe (1.0.0pre9) experimental; urgency=low

  * Make conntrack rather more robust against errors.
  * Logically separate key tags from peer names.

 -- Mark Wooding <mdw@distorted.org.uk>  Mon, 17 May 2010 20:27:33 +0100

tripe (1.0.0pre8.1) experimental; urgency=low

  * Whoops.  conntrack was almost completely broken.  Fix it a lot.

 -- Mark Wooding <mdw@distorted.org.uk>  Sat, 15 May 2010 20:06:12 +0100

tripe (1.0.0pre8) experimental; urgency=low

  * Many changes, enhancements and bug fixes.  Like, way too many to list
    here.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun, 09 May 2010 15:32:30 +0100

tripe (1.0.0pre7) experimental; urgency=low

  * Support SLIP encapsulation.

 -- Mark Wooding <mdw@distorted.org.uk>  Sun,  4 Sep 2005 00:52:56 +0100

tripe (1.0.0pre6) experimental; urgency=low

  * Debianization!
  * Don't report uninteresting errors when accepting connections.
  * Support elliptic curve keys.
  * Allow user selection of symmetric crypto algorithms.

 -- Mark Wooding <mdw@nsict.org>  Mon, 19 Apr 2004 08:44:00 +0100