File letmein.changes of Package letmein
-------------------------------------------------------------------
Mon Sep 15 16:23:59 UTC 2025 - Martin Hauke <mardnh@gmx.de>
- Update to version 10.4.0
New features
* A cryptographically secure checksum of the configuration file
is now transmitted to letmeinfwd and checked between the
letmeind and letmeinfwd daemons to ensure they have the same
view of the configuration.
* A timeout individual to resources has been added. See timeout
configuration option in resources.
* The generated nftables rules now have counter statements added.
This makes it easier to check/debug which rules are actually
executed.
* Support for specifying the resource ID instead of the port
number on the client side has been added.
Incompatible changes
* The length of the nftables chain name is now restricted to
64 bytes. If you have an nftables chan name length longer than
64 bytes, you should shorten it now. I believe that chain
names longer than 64 bytes are the exception. Therefore, I
think this incompatible change is Ok. This change is necessary
to make future changes possible. If you think different,
please open an issue.
- Update to version 10.3.0
New features
* Support for line-continuation has been added to the
configuration format parser. With this feature long
configuration lines can be split into multiple lines.
See the documentation for more information.
* From now on getpwnam_r and getgrnam_r from libc will be used
instead of parsing /etc/passwd and /etc/group directly. This
enables the use of letmein in scenarios with alternative user
handling (e.g. NSS).
- Update to version 10.2.1
Fixes
* Fix GHSA-jpv7-p47h-f43j.
* Fix confusing DNS resolver warning on single stack (IPv4-only)
setups.
- Update to version 10.2.0
* Minor maintenance changes.
- Update to version 10.1.0
New features
* Client: Added command line options to select DNS resolve mode.
-------------------------------------------------------------------
Sun Feb 2 11:14:44 UTC 2025 - Martin Hauke <mardnh@gmx.de>
- Update to version 10.0.0
Added
* Documentation of the wire protocol and the cryptographic
algorithms has been added.
* Hints for distribution packaging have been added to the
documentation.
Changed
* The MSRV has been bumped from 1.75 to 1.76 due to the nftables
dependency MSRV.
* The seccomp rules have been made more strict for the prlimit
syscall.
* The nftables.conf example has been simplified.
Removed
* Support for SIGHUP reloading of the daemons has been removed.
There are two reasons for this: First it wasn't implemented
correctly and didn't notify systemd. This will break with
future versions of systemd. Second is that it didn't work (by
design) with seccomp. Therefore, I decided to remove the
feature. I personally don't think it's important to have it.
Just restart the daemons instead of reloading them. If you
disagree with this and if you have a valid use case for SIGHUP
reloading that cannot easily be solved with restarting, open
an issue please.
-------------------------------------------------------------------
Mon Dec 30 20:26:58 UTC 2024 - Martin Hauke <mardnh@gmx.de>
- Update to version 9.0.0
* The nft executable can now be pinned in the letmeind.conf
configuration file to avoid $PATH searches from the
letmeinfwd daemon running as root.
* Use TCP_NODELAY for TCP connections to reduce knock latency.
- Add patch:
* letmein-set-nft-binary.patch
-------------------------------------------------------------------
Mon Dec 30 18:55:20 UTC 2024 - Martin Hauke <mardnh@gmx.de>
- Initial package, version 8.0.0
