File govpn.changes of Package govpn

-------------------------------------------------------------------
Wed Jul 24 09:21:48 UTC 2019 - matthias.gerstner@suse.com

- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
  firewalld, see [1].

  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html

-------------------------------------------------------------------
Sat Oct 20 17:19:16 UTC 2018 - sor.alexei@meowr.ru

- Update to version 7.5:
  * Dependant cryptographic libraries are updated for compatibility
    with Go 1.11.
- Remove govpn-go-1.7-compat.patch.

-------------------------------------------------------------------
Thu Nov 23 10:47:49 UTC 2017 - sor.alexei@meowr.ru

- Update to version 7.4:
  * Tiny refactoring. Go 1.9 is a minimal required version.
  * Dependant cryptographic libraries are updated.
- Add govpn-go-1.7-compat.patch: Restore Go 1.7 compatibility.
  Apply it on openSUSE older than Leap 15.0.

-------------------------------------------------------------------
Thu May 11 09:48:42 UTC 2017 - jengelh@inai.de

- Do not suppress errors from user/group creation
- Fix grammar problems in description, and drop filler wording.

-------------------------------------------------------------------
Tue May  9 16:45:47 UTC 2017 - sor.alexei@meowr.ru

- Update to version 7.3 (changes since 5.10):
  * Argon2d is replaced with Balloon hashing. Found Argon2
    libraries written on pure Go have various problems. Moreover
    Argon2i should be used instead, but it has some possible
    cryptographic defects (http://eprint.iacr.org/2016/027).
    So it is replaced with much more simpler (and seems even
    cryptographically better) Balloon hashing
    (https://crypto.stanford.edu/balloon/).
  * (X)Salsa20 is replaced with ChaCha20. Theoretically it should
    be faster and more secure. Previous versions are not compatible
    with it!
  * Ability to use TUN-interfaces under GNU/Linux.
  * Fix a bug in client’s identity generation and detection code:
    simultaneous clients may be incorrectly identified, preventing
    their connection establishing and allowing DPI to detect GoVPN
    packets.
  * Fix seldom possible segmentation fault on the server during
    rehandshake.
  * Dependant cryptographic libraries are updated.

-------------------------------------------------------------------
Sat Jul 23 16:15:39 UTC 2016 - sor.alexei@meowr.ru

- Update to version 5.10 (changes since 5.8):
  * Client reconnects in the loop when connection is lost.
    Optionally you can disable that behaviour: client will exit
    immediately, as it previously did.
  * -version option added, printing application version.

-------------------------------------------------------------------
Sat May 28 15:43:12 UTC 2016 - sor.alexei@meowr.ru

- Update to version 5.8:
  * Optional ability to use syslog for logging, with RFC 5424-like
    structured records.
  * XTEA algorithm is not used anymore for nonce obfuscation, but
    BLAKE2b-MAC instead. Encryptionless mode now really does not
    depend on encryption functions.

-------------------------------------------------------------------
Wed Mar 17 15:07:34 UTC 2016 - sor.alexei@meowr.ru

- Update to 5.7:
  * TAP interface name and remote peer's address are passed to up-
    and down- scripts through environment variables.
  * Update Argon2 library to use version 1.3 of the algorithm.

-------------------------------------------------------------------
Thu Feb 11 16:26:54 UTC 2016 - sor.alexei@meowr.ru

- Update to 5.6 (changes since 5.2):
  * Ability to read passphrases directly from the terminal (user's
    input) without using of keyfiles. storekey.sh utility removed.
  * Fix minor bug with newclient.sh that caught "Passphrase:"
    prompt and inserted it into example YAML output.
    Just replaced stdout output to stderr for that prompt.
  * Add optional Timesync requirement.
    It will add timestamps in handshake PRP authentication,
    disallowing to repeat captured packet and get reply from the
    server, making it visible to DPI.
  * Ability to work on 32-bit platforms. sync library has some
    specific issues that caused panics on previous versions.
  * Add up/down example script for replacing default route.
  * Fix documentation bug: .info was not being installed.

-------------------------------------------------------------------
Fri Jan 15 17:45:17 UTC 2016 - sor.alexei@meowr.ru

- Update to 5.2 (changes since 4.2):
  * New optional encryptionless mode of operation.
    Technically no encryption functions are applied for outgoing
    packets, so you can not be forced to reveal your encryption
    keys or sued for encryption usage.
  * MTUs are configured on per-user basis.
  * Simplified payload padding scheme, saving one byte of data.
  * Ability to specify TAP interface name explicitly without any
    up-scripts for convenience.
  * govpn-verifier utility now also can use EGD.
  * Server is configured using YAML file. It is very convenient to
    have comments and templates, comparing to JSON.
  * Incompatible with previous versions replacement of HSalsa20
    with BLAKE2b in handshake code.
  * Ability to read passphrases directly from the terminal (user's
    input) without using of keyfiles. storekey.sh utility removed.

-------------------------------------------------------------------
Fri Nov 20 08:32:20 UTC 2015 - sor.alexei@meowr.ru

- Update to 4.2 (changes since 4.0):
  * Argon2d is used instead of PBKDF2 for password verifier hashing.
  * Client's identity is stored inside the verifier, so it
    simplifies server-side configuration and the code.
  * Fix non-critical bug when server may fail if up-script is not
    executed successfully.

-------------------------------------------------------------------
Sun Sep 20 10:32:01 UTC 2015 - sor.alexei@meowr.ru

- Initial package.