ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/NEWS
(Generate patch)

Comparing gvpe/NEWS (file contents):
Revision 1.131 by root, Wed Nov 2 06:54:13 2016 UTC vs.
Revision 1.139 by root, Mon Apr 1 03:10:26 2019 UTC

1GVPE NEWS 1GVPE NEWS
2 2
3TODO: gvpectrl should not use default privatekey,. or maybe document it better 3 - update embedded liblzf.
4 - use liblzf with static hash table: lowers stack usage.
5 - do not initialise liblzf hash table for faster operation.
6 - use C++ variadic templates for callback.h, get rid of callback.pl.
7
83.1 Sat Oct 27 07:50:43 CEST 2018
9 - port to openssl 1.1 BUT SEE WARNING IN configure.ac. Do not use!
10 - tinc cruft removal: remove getopt.[ch], it's less portable to
11 have it then to not have it.
12 - tinc cruft removal: use pkg-config to detect libressl/openssl.
13 - minor cleanups.
14
153.0 Thu Nov 10 15:39:58 CET 2016
4 - INCOMPATIBLE CHANGE: core protocol version 1.0. 16 - INCOMPATIBLE CHANGE: core protocol version 1.0.
5 - INCOMPATIBLE CHANGE: node sections are now introduced 17 - INCOMPATIBLE CHANGE: node sections are now introduced
6 with "node nodename", not "node = nodename". 18 with "node nodename", not "node = nodename".
19 - INCOMPATIBLE CHANGE: gvpectrl -g will now generate a single
20 keypair, while -G will try to generate all keypairs as before.
7 - openssl 1.0.2 is the latest supported openssl release, 21 - openssl 1.0.2 is the latest supported openssl release,
8 openssl 1.1.0 is not supported at the moment as the work to 22 openssl 1.1.0 is not supported at the moment as the work to
9 make it compatible to both versions is just too much. a switch 23 make it compatible to both versions is just too much. a switch
10 to openssl 1.1 or another library will be done in a future release. 24 to openssl 1.1 or another library will be done in a future release.
11 - gvpectrl -g will now generate a single keypair, while -G 25 - update examples to not generate keys centrally, but locally on each
12 will try to generate all keypairs as before. 26 node.
13 - add workaround for temporary/rare ENOBUFS condition. 27 - add workaround for temporary/rare ENOBUFS condition.
14 - while individual packets couldn't be replayed, a whole session 28 - while individual packets couldn't be replayed, a whole session
15 could be replayed - this has been fixed by an extra key exchange. 29 could be replayed - this has been fixed by an extra key exchange.
16 - fix a delete vs. delete [] mismatch in the central logging function. 30 - fix a delete vs. delete [] mismatch in the central logging function.
17 - in addition to rsa key exchange and authentication, the handshake now 31 - in addition to rsa key exchange and authentication, the handshake now
40 of the config file. 54 of the config file.
41 - if-up scripts can now be specified with absolute paths. 55 - if-up scripts can now be specified with absolute paths.
42 - new global option: serial, to detect configuration mismatches. 56 - new global option: serial, to detect configuration mismatches.
43 - use HKDF as authentication proof, not HMAC or a plain hash 57 - use HKDF as authentication proof, not HMAC or a plain hash
44 (hint by Ilmari Karonen). 58 (hint by Ilmari Karonen).
45 - during rekeying or conenction establishments, hmac authentication 59 - during rekeying or connection establishments, hmac authentication
46 errors could occur and reset the connection. Transient hmac 60 errors could occur and reset the connection. Transient hmac
47 authentication errors are now being ignored for 3 seconds. 61 authentication errors are now being ignored for 3 seconds.
48 - log the reason for a conneciton loss. 62 - log the reason for a conneciton loss.
49 - use a (hopefully) constant time memcmp to compare internal secrets. 63 - use a (hopefully) constant time memcmp to compare internal secrets.
50 - fix a (harmless) errornous out of bounds stack read that would trigger 64 - fix a (harmless) errornous out of bounds stack read that would trigger

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines