+Version 1.0.36 August 26 2019
+
+ * Fix compiling tinc with certain versions of the OpenSSL library.
+ * Fix parsing some IPv6 addresses with :: in them.
+ * Fix GraphDumpFile output to handle node names starting with a digit.
+ * Fix a potential segmentation fault when fragmenting packets.
+
+Thanks to Rosen Penev, Quentin Rameau and Werner Schreiber for their
+contributions to this version of tinc.
+
+Version 1.0.35 October 5 2018
+
+ * Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
+ * Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
+ * Minor fixes in the documentation.
+
+Thanks to Amine Amri and Rafael Sadowski for their contributions to this
+version of tinc.
+
+Version 1.0.34 June 12 2018
+
+ * Fix a potential segmentation fault when connecting to an IPv6 peer via a
+ proxy.
+ * Minor improvements to the build system.
+ * Make the systemd service file identical to the one from the 1.1 branch.
+ * Fix a potential problem causing IPv4 sockets to not work on macOS.
+
+Thanks to Maximilian Stein and Wang Liu Shuai for their contributions to this
+version of tinc.
+
+Version 1.0.33 November 4 2017
+
+ * Allow compilation from a build directory.
+ * Source code cleanups.
+ * Fix some options specified on the command line not surviving a HUP signal.
+ * Handle tun/tap device returning EPERM or EBUSY.
+ * Disable PMTUDiscovery when TCPOnly is used.
+ * Support the --runstatedir option of the autoconf 2.70.
+
+Thanks to Rafael Sadowski and Pierre-Olivier Mercier for their contributions to
+this version of tinc.
+
+Version 1.0.32 September 2 2017
+
+ * Fix segmentation fault when using Cipher = none.
+ * Fix Proxy = exec.
+ * Support PriorityInheritance for IPv6 packets.
+ * Fixes for Solaris tun/tap support.
+ * Bind outgoing TCP sockets when ListenAddress is used.
+
+Thanks to Vittorio Gambaletta for his contribution to this version of tinc.
+
+Version 1.0.31 January 15 2017
+
+ * Remove ExecStop in tinc@.service.
+
+Thanks to Élie Bouttier for his contribution to this version of tinc.
+
+Version 1.0.30 October 30 2016
+
+ * Fix troubles connecting to some HTTP proxies.
+
+ * Add mitigations for the Sweet32 attack when using a 64-bit block cipher.
+
+ * Use AES256 and SHA256 as the default encryption and digest algorithms.
+
+Version 1.0.29 October 9 2016
+
+ * Fix UDP communication with peers with link-local IPv6 addresses.
+
+ * Ensure compatibility with OpenSSL 1.1.0.
+
+ * Ensure autoreconf can be run without requiring autoconf-archive.
+
+ * Log warnings about dropped packets only at debug level 5.
+
+Version 1.0.28 April 10 2016
+
+ * Fix compilation on BSD platforms.
+
+ * Add systemd service files.
+
+Version 1.0.27 April 10 2016
+
+ * When using Proxy, let the proxy resolve hostnames if tinc can't.
+
+ * Fixes and improvements of the DecrementTTL option.
+
+ * Fixed the $NAME variable in subnet-up/down scripts for the local Subnets.
+
+ * Fixed potentially wrong checksum generation when clamping the MSS.
+
+ * Properly choose between the system's or our own copy of getopt.
+
+ * Fixed compiling tinc for Cygwin with MinGW installed.
+
+ * Added support for OS X utun interfaces.
+
+ * Documentation updates and minor fixes.
+
+Thanks to Vittorio Gambaletta, LunarShaddow, Florian Weik and Nathan Stratton
+Treadway for their contributions to this version of tinc.
+
+Version 1.0.26 July 5 2015
+
+ * Tinc now forces glibc to reload /etc/resolv.conf for every hostname lookup.
+
+ * Fixed --logfile without a filename on Windows.
+
+ * Ensure tinc can be compiled when using musl libc.
+
+Thanks to Jo-Philipp Wich for his contribution to this version of tinc.
+
+Version 1.0.25 December 22 2014
+
+ * Documentation updates.
+
+ * Support linking against -lresolv on Mac OS X.
+
+ * Fix scripts on Windows when using the ScriptsInterpreter option.
+
+ * Allow a minimum reconnect timeout to be specified.
+
+ * Support PriorityInheritance on IPv6 sockets.
+
+Thanks to David Pflug, Baptiste Jonglez, Alexis Hildebrandt, Borg, Jochen Voss,
+Tomislav Čohar and VittGam for their contributions to this version of tinc.
+
+Version 1.0.24 May 11 2014
+
+ * Various compiler hardening flags are enabled by default.
+
+ * Updated support for Solaris, allowing switch mode on Solaris 11.
+
+ * Configuration will now also be read from a conf.d directory.
+
+ * Various updates to the documentation.
+
+ * Tinc now forces glibc to reload /etc/resolv.conf after it receives SIGALRM.
+
+ * Fixed a potential routing loop when IndirectData or TCPOnly is used and
+ broadcast packets are being sent.
+
+ * Improved security with constant time memcmp and stricter use of OpenSSL's
+ RNG functions.
+
+ * Fixed all issues found by Coverity.
+
+Thanks to Florent Clairambault, Vilbrekin, luckyhacky, Armin Fisslthaler, Loïc
+Dachary and Steffan Karger for their contributions to this version of tinc.
+
+Version 1.0.23 October 19 2013
+
+ * Start authentication immediately on outgoing connections (useful for sslh).
+
+ * Fixed segfault when Name = $HOST but $HOST is not set.
+
+ * Updated the build system and the documentation.
+
+ * Clean up child processes left over from Proxy = exec.
+
+Version 1.0.22 August 13 2013
+
+ * Fixed the combination of Mode = router and DeviceType = tap.
+
+ * The $NAME variable is now set in subnet-up/down scripts.
+
+ * Tinc now gives an error when unknown options are given on the command line.
+
+ * Tinc now correctly handles a space between a short command line option and
+ an optional argument.
+
+Thanks to Etienne Dechamps for his contribution to this version of tinc.
+
+Version 1.0.21 April 22 2013
+
+ * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
+
+Thanks to Martin Schobert for auditing tinc and reporting this vulnerability.
+
+Version 1.0.20 March 03 2013
+
+ * Use /dev/tap0 by default on FreeBSD and NetBSD when using switch mode.
+
+ * Minor improvements and clarifications in the documentation.
+
+ * Allow tinc to be cross-compiled with Android's NDK.
+
+ * The discovered PMTU is now also applied to VLAN tagged traffic.
+
+ * The LocalDiscovery option now makes use of all addresses tinc is bound to.
+
+ * Fixed support for tunemu on iOS devices.
+
+ * The PriorityInheritance option now also works with switch mode.
+
+ * Fixed tinc crashing when using a SOCKS5 proxy.
+
+Thanks to Mesar Hameed, Vilbrekin and Martin Schürrer for their contributions
+to this version of tinc.
+
+Version 1.0.19 June 25 2012
+
+ * Allow :: notation in IPv6 Subnets.
+
+ * Add support for systemd style socket activation.
+
+ * Allow environment variables to be used for the Name option.
+
+ * Add basic support for SOCKS proxies, HTTP proxies, and proxying through an
+ external command.
+
+Thanks to Anthony G. Basile and Michael Tokarev for their contributions to
+this version of tinc.
+
+Version 1.0.18 March 25 2012
+
+ * Fixed IPv6 in switch mode by turning off DecrementTTL by default.
+
+ * Allow a port number to be specified in BindToAddress, which also allows tinc
+ to listen on multiple ports.
+
+ * Add support for multicast communication with UML/QEMU/KVM.
+
+Version 1.0.17 March 10 2012
+
+ * The DeviceType option can now be used to select dummy, raw socket, UML and
+ VDE devices without needing to recompile tinc.
+
+ * Allow multiple BindToAddress statements.
+
+ * Decrement TTL value of IPv4 and IPv6 packets.
+
+ * Add LocalDiscovery option allowing tinc to detect peers that are behind the
+ same NAT.
+
+ * Accept Subnets passed with the -o option when StrictSubnets = yes.
+
+ * Disabling old RSA keys when generating new ones now also works properly on
+ Windows.
+
+Thanks to Nick Hibma for his contribution to this version of tinc.
+
+Version 1.0.16 July 23 2011
+
+ * Fixed a performance issue with TCP communication under Windows.
+
+ * Fixed code that, during network outages, would cause tinc to exit when it
+ thought two nodes with identical Names were on the VPN.
+
+Version 1.0.15 June 24 2011
+
+ * Improved logging to file.
+
+ * Reduced amount of process wakeups on platforms which support pselect().
+
+ * Fixed ProcessPriority option under Windows.
+
+Version 1.0.14 May 8 2011
+
+ * Fixed reading configuration files that do not end with a newline. Again.
+
+ * Allow arbitrary configuration options being specified on the command line.
+
+ * Allow all options in both tinc.conf and the local host config file.
+
+ * Configurable replay window, UDP send and receive buffers for performance tuning.
+
+ * Try harder to get UDP communication back after falling back to TCP.
+
+ * Initial support for attaching tinc to a VDE switch.
+
+ * DragonFly BSD support.
+
+ * Allow linking with OpenSSL 1.0.0.
+
+ Thanks to Brandon Black, Julien Muchembled, Michael Tokarev, Rumko and Timothy
+ Redaelli for their contributions to this version of tinc.
+
+Version 1.0.13 Apr 11 2010
+
+ * Allow building tinc without LZO and/or Zlib.
+
+ * Clamp MSS of TCP packets in both directions.
+
+ * Experimental StrictSubnets, Forwarding and DirectOnly options,
+ giving more control over information and packets received from/sent to other
+ nodes.
+
+ * Ensure tinc never sends symbolic names for ports over the wire.
+
+Version 1.0.12 Feb 3 2010
+
+ * Really allow fast roaming of hosts to other nodes in a switched VPN.
+
+ * Fixes missing or incorrect environment variables when calling host-up/down
+ and subnet-up/down scripts in some cases.
+
+ * Allow port to be specified in Address statements.
+
+ * Clamp MSS of TCP packets to the discovered path MTU.
+
+ * Let two nodes behind NAT learn each others current UDP address and port via
+ a third node, potentially allowing direct communications in a similar way to
+ STUN.
+
+Version 1.0.11 Nov 1 2009
+
+ * Fixed potential crash when the HUP signal is sent.
+
+ * Fixes handling of weighted Subnets in switch and hub modes, preventing
+ unnecessary broadcasts.
+
+ * Works around a MinGW bug that caused packets to Windows nodes to always be
+ sent via TCP.
+
+ * Improvements to the PMTU discovery code, especially on Windows.
+
+ * Use UDP again in certain cases where 1.0.10 was too conservative and fell
+ back to TCP unnecessarily.
+
+ * Allow fast roaming of hosts to other nodes in a switched VPN.
+
+Version 1.0.10 Oct 18 2009
+
+ * Fixed potential crashes during shutdown and (in rare conditions) when other
+ nodes disconnected from the VPN.
+
+ * Improved NAT handling: tinc now copes with mangled port numbers, and will
+ automatically fall back to TCP if direct UDP connection between nodes is not
+ possible. The TCPOnly option should not have to be used anymore.
+
+ * Allow configuration files with CRLF line endings to be read on UNIX.
+
+ * Disable old RSA keys when generating new ones, and raise the default size of
+ new RSA keys to 2048 bits.
+
+ * Many fixes in the path MTU discovery code, especially when Compression is
+ being used.
+
+ * Tinc can now drop privileges and/or chroot itself.
+
+ * The TunnelServer code now just ignores information from clients instead of
+ disconnecting them.
+
+ * Improved performance on Windows by using the new ProcessPriority option and
+ by making the handling of packets received from the TAP-Win32 adapter more
+ efficient.
+
+ * Code cleanups: tinc now follows the C99 standard, copyright headers have
+ been updated to include patch authors, checkpoint tracing and localisation
+ features have been removed.
+
+ * Support for (jailbroken) iPhone and iPod Touch has been added.
+
+ Thanks to Florian Forster, Grzegorz Dymarek and especially Michael Tokarev for
+ their contributions to this version of tinc.
+
+Version 1.0.9 Dec 26 2008
+
+ * Fixed tinc as a service under Windows 2003.
+
+ * Fixed reading configuration files that do not end with a newline.
+
+ * Fixed crashes in situations where hostnames could not be resolved or hosts
+ would disconnect at the same time as session keys were exchanged.
+
+ * Improved default settings of tun and tap devices on BSD platforms.
+
+ * Make IPv6 sockets bind only to IPv6 on Linux.
+
+ * Enable path MTU discovery by default.
+
+ * Fixed a memory leak that occurred when connections were closed.
+
+ Thanks to Max Rijevski for his contributions to this version of tinc.
+
+Version 1.0.8 May 16 2007
+
+ * Fixed some memory and resource leaks.
+
+ * Made network sockets non-blocking under Windows.
+
+ Thanks to Scott Lamb and "dnk" for their contributions to this version of tinc.
+
Version 1.0.7 Jan 5 2007
* Fixed a bug that caused slow network speeds on Windows.
* Support LZO 2.0 and later.
+ Thanks to Scott Lamb for his contributions to this version of tinc.
+
version 1.0.4 May 4 2005
* Fix switch and hub modes.
projects / oweals / tinc.git / blobdiff