File govpn.changes of Package govpn
-------------------------------------------------------------------
Wed Jul 24 09:21:48 UTC 2019 - matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
-------------------------------------------------------------------
Sat Oct 20 17:19:16 UTC 2018 - sor.alexei@meowr.ru
- Update to version 7.5:
* Dependant cryptographic libraries are updated for compatibility
with Go 1.11.
- Remove govpn-go-1.7-compat.patch.
-------------------------------------------------------------------
Thu Nov 23 10:47:49 UTC 2017 - sor.alexei@meowr.ru
- Update to version 7.4:
* Tiny refactoring. Go 1.9 is a minimal required version.
* Dependant cryptographic libraries are updated.
- Add govpn-go-1.7-compat.patch: Restore Go 1.7 compatibility.
Apply it on openSUSE older than Leap 15.0.
-------------------------------------------------------------------
Thu May 11 09:48:42 UTC 2017 - jengelh@inai.de
- Do not suppress errors from user/group creation
- Fix grammar problems in description, and drop filler wording.
-------------------------------------------------------------------
Tue May 9 16:45:47 UTC 2017 - sor.alexei@meowr.ru
- Update to version 7.3 (changes since 5.10):
* Argon2d is replaced with Balloon hashing. Found Argon2
libraries written on pure Go have various problems. Moreover
Argon2i should be used instead, but it has some possible
cryptographic defects (http://eprint.iacr.org/2016/027).
So it is replaced with much more simpler (and seems even
cryptographically better) Balloon hashing
(https://crypto.stanford.edu/balloon/).
* (X)Salsa20 is replaced with ChaCha20. Theoretically it should
be faster and more secure. Previous versions are not compatible
with it!
* Ability to use TUN-interfaces under GNU/Linux.
* Fix a bug in client’s identity generation and detection code:
simultaneous clients may be incorrectly identified, preventing
their connection establishing and allowing DPI to detect GoVPN
packets.
* Fix seldom possible segmentation fault on the server during
rehandshake.
* Dependant cryptographic libraries are updated.
-------------------------------------------------------------------
Sat Jul 23 16:15:39 UTC 2016 - sor.alexei@meowr.ru
- Update to version 5.10 (changes since 5.8):
* Client reconnects in the loop when connection is lost.
Optionally you can disable that behaviour: client will exit
immediately, as it previously did.
* -version option added, printing application version.
-------------------------------------------------------------------
Sat May 28 15:43:12 UTC 2016 - sor.alexei@meowr.ru
- Update to version 5.8:
* Optional ability to use syslog for logging, with RFC 5424-like
structured records.
* XTEA algorithm is not used anymore for nonce obfuscation, but
BLAKE2b-MAC instead. Encryptionless mode now really does not
depend on encryption functions.
-------------------------------------------------------------------
Wed Mar 17 15:07:34 UTC 2016 - sor.alexei@meowr.ru
- Update to 5.7:
* TAP interface name and remote peer's address are passed to up-
and down- scripts through environment variables.
* Update Argon2 library to use version 1.3 of the algorithm.
-------------------------------------------------------------------
Thu Feb 11 16:26:54 UTC 2016 - sor.alexei@meowr.ru
- Update to 5.6 (changes since 5.2):
* Ability to read passphrases directly from the terminal (user's
input) without using of keyfiles. storekey.sh utility removed.
* Fix minor bug with newclient.sh that caught "Passphrase:"
prompt and inserted it into example YAML output.
Just replaced stdout output to stderr for that prompt.
* Add optional Timesync requirement.
It will add timestamps in handshake PRP authentication,
disallowing to repeat captured packet and get reply from the
server, making it visible to DPI.
* Ability to work on 32-bit platforms. sync library has some
specific issues that caused panics on previous versions.
* Add up/down example script for replacing default route.
* Fix documentation bug: .info was not being installed.
-------------------------------------------------------------------
Fri Jan 15 17:45:17 UTC 2016 - sor.alexei@meowr.ru
- Update to 5.2 (changes since 4.2):
* New optional encryptionless mode of operation.
Technically no encryption functions are applied for outgoing
packets, so you can not be forced to reveal your encryption
keys or sued for encryption usage.
* MTUs are configured on per-user basis.
* Simplified payload padding scheme, saving one byte of data.
* Ability to specify TAP interface name explicitly without any
up-scripts for convenience.
* govpn-verifier utility now also can use EGD.
* Server is configured using YAML file. It is very convenient to
have comments and templates, comparing to JSON.
* Incompatible with previous versions replacement of HSalsa20
with BLAKE2b in handshake code.
* Ability to read passphrases directly from the terminal (user's
input) without using of keyfiles. storekey.sh utility removed.
-------------------------------------------------------------------
Fri Nov 20 08:32:20 UTC 2015 - sor.alexei@meowr.ru
- Update to 4.2 (changes since 4.0):
* Argon2d is used instead of PBKDF2 for password verifier hashing.
* Client's identity is stored inside the verifier, so it
simplifies server-side configuration and the code.
* Fix non-critical bug when server may fail if up-script is not
executed successfully.
-------------------------------------------------------------------
Sun Sep 20 10:32:01 UTC 2015 - sor.alexei@meowr.ru
- Initial package.
