1 tripe (1.5.3) experimental; urgency=medium
3 * tripe-peer-services (tripe-newpeers): Fix crash when the database
4 contains `user' records.
6 -- Mark Wooding <mdw@distorted.org.uk> Mon, 23 Sep 2019 11:10:20 +0100
8 tripe (1.5.2) experimental; urgency=medium
10 * tripe-wireshark: Dissector package is necessarily architecture
11 specific. Replace botched architecture-neutral version.
13 -- Mark Wooding <mdw@distorted.org.uk> Sun, 22 Sep 2019 16:22:19 +0100
15 tripe (1.5.1) experimental; urgency=medium
17 * tripe: Fix almost completely unusable AEAD support (brown paper bag
19 * tripe: Document the errors about unsuitable AEAD schemes.
20 * tripe: Support AEAD schemes with smaller nonce spaces (down to 40
23 -- Mark Wooding <mdw@distorted.org.uk> Sun, 22 Sep 2019 14:52:48 +0100
25 tripe (1.5.0) experimental; urgency=medium
27 * Big version bump, because this really isn't a prerelease anymore. And
28 there's lots of goodies in this version.
29 * New mobile-peer protocol `knock' is much faster and no longer requires
31 * Support transport over IPv6.
32 * Support Catacomb AEAD schemes for bulk crypto.
33 * python-tripe: Fixed `TripeCommandDispatcher.eping' to send the correct
35 * tripe-peer-services (connect): Report on connectivity statistics.
36 * tripe-wireshark: Replaced the old dissector with a new one written in
37 Lua, which understands the modern protocol. It's unfortunately
38 slower, but actually works and isn't a nightmare to maintain.
39 * tripe-ethereal: Deleted this ancient transition package.
41 -- Mark Wooding <mdw@distorted.org.uk> Sun, 22 Sep 2019 01:49:03 +0100
43 tripe (1.0.0pre19.1) experimental; urgency=medium
45 * Packaging fixes. (No code change.)
47 -- Mark Wooding <mdw@distorted.org.uk> Mon, 24 Dec 2018 15:53:35 +0000
49 tripe (1.0.0pre19) experimental; urgency=low
51 * tripe: Use Catacomb `rand_quick' to collect system-specific entropy,
52 e.g., from the x86 `rdrand' isntruction.
53 * tripe: Fix memory leak of key-data objects.
54 * tripe: Add new `naclbox' bulk-crypto transform based on Salsa20/ChaCha
56 * tripe: Support X25519 and X448 as key-exchange groups.
57 * tripe-keys: Support Ed25519 and Ed448 signature schemes.
58 * tripe-keys: Allow more control over key generation. In particular,
59 arbitrary attributes can now be set on master keys and key-exchange
61 * tripe-uslip: Clean up sockets on signal.
62 * A number of documentation fixes.
64 -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 18:18:17 +0100
66 tripe (1.0.0pre18) experimental; urgency=low
68 * general: Fixed some 64-bit portability bugs.
69 * debian: Improve the Debian packaging: there are now explicit versions
70 on dependencies; the build-depependencies are correct; and there are
71 separate build-dependencies for the (rather more demanding)
72 architecture-neutral packages.
73 * tests: Fixed the server test suite to remove spurious failures.
75 -- Mark Wooding <mdw@distorted.org.uk> Sat, 30 Apr 2016 18:13:31 +0100
77 tripe (1.0.0pre17.1) experimental; urgency=low
79 * tests: More warning suppressions.
81 -- Mark Wooding <mdw@distorted.org.uk> Mon, 11 May 2015 00:52:01 +0100
83 tripe (1.0.0pre17) experimental; urgency=low
85 * tripe-peer-services: The `tripe-newpeers' program now implements
86 multiple inheritance of configuration sections. See peers.in(5) for
88 * tripe-peer-services: The base configuration now has different timeouts
89 for active and passive dynamic peers. The thinking behind this is
90 explained in connect(8).
91 * tripe: The example `knock' script now works with OpenSSH forced-
92 commands, as well as custom shells.
93 * tripe: Include a configuration file for `sshsvc-mkauthkeys', to help
94 with setting up passive peers.
95 * tripe-peer-services: Fix a bug which broke the `connect' service's
97 * Attach a `tripe' suffix to most of the manpage names. Some of the
98 services, in particular, have rather generic names and it's only luck
99 that there haven't been conflicts yet.
100 * tripe: New `-W' option for `tripectl' to set the watch list.
102 -- Mark Wooding <mdw@distorted.org.uk> Fri, 08 May 2015 19:22:25 +0100
104 tripe (1.0.0pre16.2) experimental; urgency=low
106 * tripe-peer-services: `tripe-ifup' is now more tolerant of errors, and
107 more useful at reporting them.
108 * tripe-peer-services: `tripe-ifup' strips any explicit prefix length
109 from the remote internal address when adding routes naming it as a
111 * tripe-peer-services: `tripe-ifup' explicitly forces the sysctl setting
112 `net.ipv6.conf.IFACE.disable_ipv6' off before configuring an IPv6
113 address as a workaround for some devices which try to turn IPv6 off
114 globally if they can't get a route.
116 -- Mark Wooding <mdw@distorted.org.uk> Sat, 14 Mar 2015 19:35:18 +0000
118 tripe (1.0.0pre16.1) experimental; urgency=low
120 * tripe: Diagnose a mismatch between two peers' choice of bulk crypto
123 -- Mark Wooding <mdw@distorted.org.uk> Tue, 17 Feb 2015 21:33:47 +0000
125 tripe (1.0.0pre16) experimental; urgency=low
127 * pathmtu: Use `IP_PMTUDISC_PROBE' rather than `..._DO' when doing
128 Linux-specific probing: this prevents inexplicable `EMSGSIZE' failures
130 * tripe: New bulk-crypto transform `iiv', which (a) reduces encryption
131 overhead and (b) is fully deterministic, closing a possible
132 kleptographic channel.
133 * tripe: Improve logging options in the client and startup scripts.
134 * tripe: Ship experimental systemd units as examples.
135 * tripe-peer-services: `conntrack' supports newer GLib bindings.
136 * tripe-peer-services: `connect' now only polls its database once a minute
137 (rather than once a second).
138 * tripemon: Support for newer Gtk bindings.
139 * tripemon: More distinctive highlighting of entry fields with invalid
141 * tripemon: Show per-peer crypto details in info sheet.
142 * tripemon: Support new options in `Add peer' dialogue.
144 -- Mark Wooding <mdw@distorted.org.uk> Sun, 20 Jul 2014 21:48:23 +0100
146 tripe (1.0.0pre15) experimental; urgency=low
148 * Allow network masks in the `laddr' and `raddr' lists.
150 -- Mark Wooding <mdw@distorted.org.uk> Sat, 19 Apr 2014 14:34:22 +0100
152 tripe (1.0.0pre14) experimental; urgency=low
154 * Abolish the `watch' service. Its functionality has been absorbed into
155 `connect', and the postinst script now attempts to remove the obsolete
156 symbolic link from /etc/tripe/services.
157 * Many internal build changes.
159 -- Mark Wooding <mdw@distorted.org.uk> Tue, 28 Jan 2014 15:39:24 +0000
161 tripe (1.0.0pre13) experimental; urgency=low
163 * Compare MAC tags in constant time. (Fixes a timing attack performed
164 by an adversary who can watch the timestamp on the server log.)
166 -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 May 2013 22:58:31 +0100
168 tripe (1.0.0pre12.2) experimental; urgency=low
170 * New `tripe-keys' command: `check' reports on keys which will expire
171 soon, so that someone remembers to refresh them.
173 -- Mark Wooding <mdw@distorted.org.uk> Thu, 07 Feb 2013 10:37:01 +0000
175 tripe (1.0.0pre12.1) experimental; urgency=low
177 * Extract Wireshark version number from `wireshark-common' rather than
178 `wireshark': the latter need not be installed.
180 -- Mark Wooding <mdw@distorted.org.uk> Sat, 12 Jan 2013 22:30:32 +0000
182 tripe (1.0.0pre12) experimental; urgency=low
184 * tripe-peer-services: Add machinery for notifying a peer that we no
185 longer require its services.
187 -- Mark Wooding <mdw@distorted.org.uk> Sat, 05 Jan 2013 07:50:33 +0000
189 tripe (1.0.0pre11.1) experimental; urgency=low
191 * tripe: Fix segfault from PEERINFO command.
192 * tripe: Include missing documentation of ADD command's `-priv' option.
193 * tripe: Fix warning message which didn't match documentation.
195 -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 Dec 2012 14:14:36 +0000
197 tripe (1.0.0pre11) experimental; urgency=low
199 * Fix log/permissions foul-up. Move the logs to /var/log/tripe, and
200 arrange for that directory to exist with the correct permissions.
201 Don't try to open the log until after dropping privileges, so as to
202 provide a check that we can reopen them later.
203 * New peer option `mobile' can be set in peers.d files to indicate that
204 the peer's IP address and/or port are highly volatile and the server
205 should try to keep up with changes by attempting to decrypt incoming
206 packets using any available mobile keys.
207 * tripe: Mobile peers: track changes in remote address automatically.
208 * pathmtu: New mode uses raw sockets for portability.
209 * tripe-peer-services: Support IPv6 interface configuration. (There's
210 still no support for sending encrypted packets over IPv6.)
211 * tripe: Randomize exponential backoff for retransmission. [mdw/backoff]
212 * tripe: Support multiple private keys and cipher suites in the same
215 -- Mark Wooding <mdw@distorted.org.uk> Tue, 18 Sep 2012 03:39:52 +0100
217 tripe (1.0.0pre10) experimental; urgency=low
219 * Overhaul SLIP error handling.
220 * Have conntrack tear VPN down in some networks.
222 -- Mark Wooding <mdw@distorted.org.uk> Fri, 22 Apr 2011 16:48:31 +0100
224 tripe (1.0.0pre9) experimental; urgency=low
226 * Make conntrack rather more robust against errors.
227 * Logically separate key tags from peer names.
229 -- Mark Wooding <mdw@distorted.org.uk> Mon, 17 May 2010 20:27:33 +0100
231 tripe (1.0.0pre8.1) experimental; urgency=low
233 * Whoops. conntrack was almost completely broken. Fix it a lot.
235 -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 May 2010 20:06:12 +0100
237 tripe (1.0.0pre8) experimental; urgency=low
239 * Many changes, enhancements and bug fixes. Like, way too many to list
242 -- Mark Wooding <mdw@distorted.org.uk> Sun, 09 May 2010 15:32:30 +0100
244 tripe (1.0.0pre7) experimental; urgency=low
246 * Support SLIP encapsulation.
248 -- Mark Wooding <mdw@distorted.org.uk> Sun, 4 Sep 2005 00:52:56 +0100
250 tripe (1.0.0pre6) experimental; urgency=low
253 * Don't report uninteresting errors when accepting connections.
254 * Support elliptic curve keys.
255 * Allow user selection of symmetric crypto algorithms.
257 -- Mark Wooding <mdw@nsict.org> Mon, 19 Apr 2004 08:44:00 +0100
~mdw / tripe / blob