Commit | Line | Data |
---|---|---|
9a8968eb MW |
1 | tripe (1.5.3) experimental; urgency=medium |
2 | ||
3 | * tripe-peer-services (tripe-newpeers): Fix crash when the database | |
4 | contains `user' records. | |
5 | ||
6 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 23 Sep 2019 11:10:20 +0100 | |
7 | ||
44ff6556 MW |
8 | tripe (1.5.2) experimental; urgency=medium |
9 | ||
10 | * tripe-wireshark: Dissector package is necessarily architecture | |
11 | specific. Replace botched architecture-neutral version. | |
12 | ||
13 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 22 Sep 2019 16:22:19 +0100 | |
14 | ||
a7f8e86f MW |
15 | tripe (1.5.1) experimental; urgency=medium |
16 | ||
17 | * tripe: Fix almost completely unusable AEAD support (brown paper bag | |
18 | moment). | |
19 | * tripe: Document the errors about unsuitable AEAD schemes. | |
20 | * tripe: Support AEAD schemes with smaller nonce spaces (down to 40 | |
21 | bits). | |
22 | ||
23 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 22 Sep 2019 14:52:48 +0100 | |
24 | ||
861f6222 MW |
25 | tripe (1.5.0) experimental; urgency=medium |
26 | ||
27 | * Big version bump, because this really isn't a prerelease anymore. And | |
28 | there's lots of goodies in this version. | |
29 | * New mobile-peer protocol `knock' is much faster and no longer requires | |
30 | complex SSH setup. | |
31 | * Support transport over IPv6. | |
32 | * Support Catacomb AEAD schemes for bulk crypto. | |
33 | * python-tripe: Fixed `TripeCommandDispatcher.eping' to send the correct | |
34 | command. | |
35 | * tripe-peer-services (connect): Report on connectivity statistics. | |
36 | * tripe-wireshark: Replaced the old dissector with a new one written in | |
37 | Lua, which understands the modern protocol. It's unfortunately | |
38 | slower, but actually works and isn't a nightmare to maintain. | |
39 | * tripe-ethereal: Deleted this ancient transition package. | |
40 | ||
41 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 22 Sep 2019 01:49:03 +0100 | |
42 | ||
1d7e0455 MW |
43 | tripe (1.0.0pre19.1) experimental; urgency=medium |
44 | ||
45 | * Packaging fixes. (No code change.) | |
46 | ||
47 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 24 Dec 2018 15:53:35 +0000 | |
48 | ||
045fdc20 MW |
49 | tripe (1.0.0pre19) experimental; urgency=low |
50 | ||
51 | * tripe: Use Catacomb `rand_quick' to collect system-specific entropy, | |
52 | e.g., from the x86 `rdrand' isntruction. | |
53 | * tripe: Fix memory leak of key-data objects. | |
54 | * tripe: Add new `naclbox' bulk-crypto transform based on Salsa20/ChaCha | |
55 | and Poly1305. | |
56 | * tripe: Support X25519 and X448 as key-exchange groups. | |
57 | * tripe-keys: Support Ed25519 and Ed448 signature schemes. | |
58 | * tripe-keys: Allow more control over key generation. In particular, | |
59 | arbitrary attributes can now be set on master keys and key-exchange | |
60 | keys. | |
61 | * tripe-uslip: Clean up sockets on signal. | |
62 | * A number of documentation fixes. | |
63 | ||
64 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 14 May 2017 18:18:17 +0100 | |
65 | ||
6c959b6c MW |
66 | tripe (1.0.0pre18) experimental; urgency=low |
67 | ||
68 | * general: Fixed some 64-bit portability bugs. | |
69 | * debian: Improve the Debian packaging: there are now explicit versions | |
70 | on dependencies; the build-depependencies are correct; and there are | |
71 | separate build-dependencies for the (rather more demanding) | |
72 | architecture-neutral packages. | |
73 | * tests: Fixed the server test suite to remove spurious failures. | |
74 | ||
75 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 30 Apr 2016 18:13:31 +0100 | |
76 | ||
51ff73dc MW |
77 | tripe (1.0.0pre17.1) experimental; urgency=low |
78 | ||
79 | * tests: More warning suppressions. | |
80 | ||
81 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 11 May 2015 00:52:01 +0100 | |
82 | ||
8e68649c MW |
83 | tripe (1.0.0pre17) experimental; urgency=low |
84 | ||
85 | * tripe-peer-services: The `tripe-newpeers' program now implements | |
86 | multiple inheritance of configuration sections. See peers.in(5) for | |
87 | the details. | |
88 | * tripe-peer-services: The base configuration now has different timeouts | |
89 | for active and passive dynamic peers. The thinking behind this is | |
90 | explained in connect(8). | |
91 | * tripe: The example `knock' script now works with OpenSSH forced- | |
92 | commands, as well as custom shells. | |
93 | * tripe: Include a configuration file for `sshsvc-mkauthkeys', to help | |
94 | with setting up passive peers. | |
95 | * tripe-peer-services: Fix a bug which broke the `connect' service's | |
96 | `KICK' command. | |
97 | * Attach a `tripe' suffix to most of the manpage names. Some of the | |
98 | services, in particular, have rather generic names and it's only luck | |
99 | that there haven't been conflicts yet. | |
100 | * tripe: New `-W' option for `tripectl' to set the watch list. | |
101 | ||
102 | -- Mark Wooding <mdw@distorted.org.uk> Fri, 08 May 2015 19:22:25 +0100 | |
103 | ||
da475541 MW |
104 | tripe (1.0.0pre16.2) experimental; urgency=low |
105 | ||
106 | * tripe-peer-services: `tripe-ifup' is now more tolerant of errors, and | |
107 | more useful at reporting them. | |
108 | * tripe-peer-services: `tripe-ifup' strips any explicit prefix length | |
109 | from the remote internal address when adding routes naming it as a | |
110 | gateway. | |
111 | * tripe-peer-services: `tripe-ifup' explicitly forces the sysctl setting | |
112 | `net.ipv6.conf.IFACE.disable_ipv6' off before configuring an IPv6 | |
113 | address as a workaround for some devices which try to turn IPv6 off | |
114 | globally if they can't get a route. | |
115 | ||
116 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 14 Mar 2015 19:35:18 +0000 | |
117 | ||
a9c69a6f MW |
118 | tripe (1.0.0pre16.1) experimental; urgency=low |
119 | ||
120 | * tripe: Diagnose a mismatch between two peers' choice of bulk crypto | |
121 | transforms. | |
122 | ||
123 | -- Mark Wooding <mdw@distorted.org.uk> Tue, 17 Feb 2015 21:33:47 +0000 | |
124 | ||
472fc6bd MW |
125 | tripe (1.0.0pre16) experimental; urgency=low |
126 | ||
127 | * pathmtu: Use `IP_PMTUDISC_PROBE' rather than `..._DO' when doing | |
128 | Linux-specific probing: this prevents inexplicable `EMSGSIZE' failures | |
129 | from write(2). | |
130 | * tripe: New bulk-crypto transform `iiv', which (a) reduces encryption | |
131 | overhead and (b) is fully deterministic, closing a possible | |
132 | kleptographic channel. | |
133 | * tripe: Improve logging options in the client and startup scripts. | |
134 | * tripe: Ship experimental systemd units as examples. | |
135 | * tripe-peer-services: `conntrack' supports newer GLib bindings. | |
136 | * tripe-peer-services: `connect' now only polls its database once a minute | |
137 | (rather than once a second). | |
138 | * tripemon: Support for newer Gtk bindings. | |
139 | * tripemon: More distinctive highlighting of entry fields with invalid | |
140 | contents. | |
141 | * tripemon: Show per-peer crypto details in info sheet. | |
142 | * tripemon: Support new options in `Add peer' dialogue. | |
143 | ||
144 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 20 Jul 2014 21:48:23 +0100 | |
145 | ||
8886c0f9 MW |
146 | tripe (1.0.0pre15) experimental; urgency=low |
147 | ||
148 | * Allow network masks in the `laddr' and `raddr' lists. | |
149 | ||
150 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 19 Apr 2014 14:34:22 +0100 | |
151 | ||
cf035d96 MW |
152 | tripe (1.0.0pre14) experimental; urgency=low |
153 | ||
154 | * Abolish the `watch' service. Its functionality has been absorbed into | |
155 | `connect', and the postinst script now attempts to remove the obsolete | |
156 | symbolic link from /etc/tripe/services. | |
157 | * Many internal build changes. | |
158 | ||
159 | -- Mark Wooding <mdw@distorted.org.uk> Tue, 28 Jan 2014 15:39:24 +0000 | |
160 | ||
04ed79b8 MW |
161 | tripe (1.0.0pre13) experimental; urgency=low |
162 | ||
163 | * Compare MAC tags in constant time. (Fixes a timing attack performed | |
164 | by an adversary who can watch the timestamp on the server log.) | |
165 | ||
166 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 27 May 2013 22:58:31 +0100 | |
167 | ||
c2f28e4b MW |
168 | tripe (1.0.0pre12.2) experimental; urgency=low |
169 | ||
170 | * New `tripe-keys' command: `check' reports on keys which will expire | |
171 | soon, so that someone remembers to refresh them. | |
172 | ||
173 | -- Mark Wooding <mdw@distorted.org.uk> Thu, 07 Feb 2013 10:37:01 +0000 | |
174 | ||
b2a72eca MW |
175 | tripe (1.0.0pre12.1) experimental; urgency=low |
176 | ||
177 | * Extract Wireshark version number from `wireshark-common' rather than | |
178 | `wireshark': the latter need not be installed. | |
179 | ||
180 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 12 Jan 2013 22:30:32 +0000 | |
181 | ||
d3731285 MW |
182 | tripe (1.0.0pre12) experimental; urgency=low |
183 | ||
184 | * tripe-peer-services: Add machinery for notifying a peer that we no | |
185 | longer require its services. | |
186 | ||
187 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 05 Jan 2013 07:50:33 +0000 | |
188 | ||
791a8698 MW |
189 | tripe (1.0.0pre11.1) experimental; urgency=low |
190 | ||
191 | * tripe: Fix segfault from PEERINFO command. | |
192 | * tripe: Include missing documentation of ADD command's `-priv' option. | |
193 | * tripe: Fix warning message which didn't match documentation. | |
194 | ||
195 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 Dec 2012 14:14:36 +0000 | |
196 | ||
87c06f6b | 197 | tripe (1.0.0pre11) experimental; urgency=low |
1a372224 MW |
198 | |
199 | * Fix log/permissions foul-up. Move the logs to /var/log/tripe, and | |
200 | arrange for that directory to exist with the correct permissions. | |
201 | Don't try to open the log until after dropping privileges, so as to | |
202 | provide a check that we can reopen them later. | |
8743c776 MW |
203 | * New peer option `mobile' can be set in peers.d files to indicate that |
204 | the peer's IP address and/or port are highly volatile and the server | |
205 | should try to keep up with changes by attempting to decrypt incoming | |
206 | packets using any available mobile keys. | |
87c06f6b MW |
207 | * tripe: Mobile peers: track changes in remote address automatically. |
208 | * pathmtu: New mode uses raw sockets for portability. | |
209 | * tripe-peer-services: Support IPv6 interface configuration. (There's | |
210 | still no support for sending encrypted packets over IPv6.) | |
211 | * tripe: Randomize exponential backoff for retransmission. [mdw/backoff] | |
212 | * tripe: Support multiple private keys and cipher suites in the same | |
213 | server. | |
1a372224 | 214 | |
87c06f6b | 215 | -- Mark Wooding <mdw@distorted.org.uk> Tue, 18 Sep 2012 03:39:52 +0100 |
1a372224 | 216 | |
550edef7 MW |
217 | tripe (1.0.0pre10) experimental; urgency=low |
218 | ||
219 | * Overhaul SLIP error handling. | |
220 | * Have conntrack tear VPN down in some networks. | |
221 | ||
222 | -- Mark Wooding <mdw@distorted.org.uk> Fri, 22 Apr 2011 16:48:31 +0100 | |
223 | ||
29b6a378 MW |
224 | tripe (1.0.0pre9) experimental; urgency=low |
225 | ||
226 | * Make conntrack rather more robust against errors. | |
227 | * Logically separate key tags from peer names. | |
228 | ||
229 | -- Mark Wooding <mdw@distorted.org.uk> Mon, 17 May 2010 20:27:33 +0100 | |
230 | ||
642bde67 MW |
231 | tripe (1.0.0pre8.1) experimental; urgency=low |
232 | ||
233 | * Whoops. conntrack was almost completely broken. Fix it a lot. | |
234 | ||
235 | -- Mark Wooding <mdw@distorted.org.uk> Sat, 15 May 2010 20:06:12 +0100 | |
236 | ||
06007586 MW |
237 | tripe (1.0.0pre8) experimental; urgency=low |
238 | ||
239 | * Many changes, enhancements and bug fixes. Like, way too many to list | |
240 | here. | |
241 | ||
242 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 09 May 2010 15:32:30 +0100 | |
243 | ||
d36eda2a | 244 | tripe (1.0.0pre7) experimental; urgency=low |
245 | ||
246 | * Support SLIP encapsulation. | |
247 | ||
82c75bd9 | 248 | -- Mark Wooding <mdw@distorted.org.uk> Sun, 4 Sep 2005 00:52:56 +0100 |
d36eda2a | 249 | |
ef4a1ab7 | 250 | tripe (1.0.0pre6) experimental; urgency=low |
251 | ||
252 | * Debianization! | |
52c03a2a | 253 | * Don't report uninteresting errors when accepting connections. |
254 | * Support elliptic curve keys. | |
c55f55af | 255 | * Allow user selection of symmetric crypto algorithms. |
ef4a1ab7 | 256 | |
c55f55af | 257 | -- Mark Wooding <mdw@nsict.org> Mon, 19 Apr 2004 08:44:00 +0100 |