This repository has been archived by the owner on May 1, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
131 lines (91 loc) · 4.25 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
2020-04-07, Version 0.11.1
* move away from GitHub to our own controlled domain, the new website can be
found at https://netsend.nl/wiresep and the repository can be cloned at
https://netsend.nl/wiresep.git
* support stable releases and distribute them through
https://netsend.nl/wiresep/archive
* minor nitpicks
2020-04-07, Version 0.11.0
* let wiresep-keygen(1) securely store keys in a file
* change default file extension of private keys from .key to .privkey
* fix initiator role on big-endian systems
* fix a crash because of a memory misalignment on sparc64
* fix premature exit with multiple configured interfaces
* various improvements to the documentation
* improve log messages seen with -v and -vv
* lower tunnel mtu from 1420 to 1408 to work better with DSL
2020-03-25, Version 0.10.1
* upstream OpenBSD package patches that fix some build issues on base-gcc
(32-bit) archs, patches thanks to Theo Buehler
2020-03-25, Version 0.10.0
* major effort to clarify all log messages
* fix all warnings and false positives reported by Clang Static Analyzer
* fix some warnings found with GCC 8.3
* enclave: fix byte order conversion of response sender id
* wiresep-keygen reorder output
* guard most memcpy(3) for OOB writes by using MIN
2020-03-18, Version 0.9.1
* fix crash on first packet in client-only mode
* fix an out-of-bound write when parsing an ipv4 listen address
* fix logging unknown destination ip6 addresses
* fix a warning in client-only mode about finding a suitable local port
2020-03-15, Version 0.9.0
* support client-only mode, the listen configuration directive is now optional
* greatly reduce IPC message size
* refactor local address selection, fixes race conditions and stability
* do not exit when a write to the peer socket fails
* shrink socket receive buffers from 524216 to 131054 bytes
* queue at most 50 packets instead of 1000
2019-11-20, Version 0.8.4
* default the user to "_wiresep" if omitted
* append to CFLAGS from environment and drop default -O0 -g
2019-11-18, Version 0.8.3
* don't change the process name, keep wiresep
* let resource limits take the configuration into account
* treat OOM errors in the main loop as transient
* don't notify proxy to destroy unsent sessions
2019-11-14, Version 0.8.2
* replace dropuser with setresuid(2)
* ensure that the log* functions don't change errno
* install example config in /usr/local/share/examples
* don't run makewhatis(8) on make install
* assorted improvements to the documentation
2019-11-03, Version 0.8.1
* avoid compiler error about duplicate enumeration
* debug address family mismatches and reason of inactive sessions
* don't exit on sendwgdatamsg() failure
2019-10-31, Version 0.8.0
* private and pre-shared keys should now be put in a separate file
* automatically look for a private key in /etc/wiresep/tunX.key
* automatically look for an optional pre-shared key in:
1. /etc/wiresep/global.psk
2. /etc/wiresep/tunX.psk
3. /etc/wiresep/tunX.peerY.psk
4. /etc/wiresep/peerY.psk
* override default paths with new privkeyfile and pskfile config setting
* loosen up permission requirements on config file now that it no longer
contains any secrets
* set tight resource limits on data and stack size and others
* updates to documentation and manpages
* add wiresep.conf.example
* move the default config file to /etc/wiresep/wiresep.conf
* fix some inconsistencies in parsing the config file
2019-10-13, Version 0.7.0
* completely reimplement session management to improve reliability and
conformance to the specification
* only malloc after a new session is authenticated and established
* support queueing of multiple packets
* log interface statistics on receiving a USR1 signal
* be silent on startup
* lot's of refinements
* raise status from alpha to beta
2019-08-08, Version 0.6.0
* lot's of small refinements and some code restructuring
* interface public key is no longer needed or allowed, only the private key
* improve DoS resistence in the proxy by looking up sessions in logarithmic time
* use gprof plus a new testing harness to measure the performance of the proxy
* increase socket receive buffers to eight maximum sized UDP packets
* proxy: collect stats and log on SIGUSR1
* improvements to wiresep-keygen(1)
2019-05-05, Version 0.5.0
* first public release