X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/642bde67079fab056c51ce194df34a40a6821917..e01eeb5e1fe7060ac6ef734194de0bf74b20f865:/debian/changelog diff --git a/debian/changelog b/debian/changelog index f4bd9774..367ec339 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,73 @@ +tripe (1.0.0pre13) experimental; urgency=low + + * Compare MAC tags in constant time. (Fixes a timing attack performed + by an adversary who can watch the timestamp on the server log.) + + -- Mark Wooding Mon, 27 May 2013 22:58:31 +0100 + +tripe (1.0.0pre12.2) experimental; urgency=low + + * New `tripe-keys' command: `check' reports on keys which will expire + soon, so that someone remembers to refresh them. + + -- Mark Wooding Thu, 07 Feb 2013 10:37:01 +0000 + +tripe (1.0.0pre12.1) experimental; urgency=low + + * Extract Wireshark version number from `wireshark-common' rather than + `wireshark': the latter need not be installed. + + -- Mark Wooding Sat, 12 Jan 2013 22:30:32 +0000 + +tripe (1.0.0pre12) experimental; urgency=low + + * tripe-peer-services: Add machinery for notifying a peer that we no + longer require its services. + + -- Mark Wooding Sat, 05 Jan 2013 07:50:33 +0000 + +tripe (1.0.0pre11.1) experimental; urgency=low + + * tripe: Fix segfault from PEERINFO command. + * tripe: Include missing documentation of ADD command's `-priv' option. + * tripe: Fix warning message which didn't match documentation. + + -- Mark Wooding Sat, 15 Dec 2012 14:14:36 +0000 + +tripe (1.0.0pre11) experimental; urgency=low + + * Fix log/permissions foul-up. Move the logs to /var/log/tripe, and + arrange for that directory to exist with the correct permissions. + Don't try to open the log until after dropping privileges, so as to + provide a check that we can reopen them later. + * New peer option `mobile' can be set in peers.d files to indicate that + the peer's IP address and/or port are highly volatile and the server + should try to keep up with changes by attempting to decrypt incoming + packets using any available mobile keys. + * tripe: Mobile peers: track changes in remote address automatically. + * pathmtu: New mode uses raw sockets for portability. + * tripe-peer-services: Support IPv6 interface configuration. (There's + still no support for sending encrypted packets over IPv6.) + * tripe: Randomize exponential backoff for retransmission. [mdw/backoff] + * tripe: Support multiple private keys and cipher suites in the same + server. + + -- Mark Wooding Tue, 18 Sep 2012 03:39:52 +0100 + +tripe (1.0.0pre10) experimental; urgency=low + + * Overhaul SLIP error handling. + * Have conntrack tear VPN down in some networks. + + -- Mark Wooding Fri, 22 Apr 2011 16:48:31 +0100 + +tripe (1.0.0pre9) experimental; urgency=low + + * Make conntrack rather more robust against errors. + * Logically separate key tags from peer names. + + -- Mark Wooding Mon, 17 May 2010 20:27:33 +0100 + tripe (1.0.0pre8.1) experimental; urgency=low * Whoops. conntrack was almost completely broken. Fix it a lot.