Releasing 1.0.30.

diff --git a/NEWS b/NEWS
index 73a4a6220689568317ea113e9350236384242e65..5c547d13938f88dc1c795783e7eb491932df2b56 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,11 @@
+Version 1.0.30               October 30 2016
+
+ * Fix troubles connecting to some HTTP proxies.
+
+ * Add mitigations for the Sweet32 attack when using a 64-bit block cipher.
+
+ * Use AES256 and SHA256 as the default encryption and digest algorithms.
+
 Version 1.0.29               October 9 2016
 
  * Fix UDP communication with peers with link-local IPv6 addresses.

diff --git a/README b/README
index e0e5817ff27fa08f889f36ca627b3ad133d96704..b86063c1a5528788b8a709313cab6479d8e08c8d 100644 (file)
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-This is the README file for tinc version 1.0.29. Installation
+This is the README file for tinc version 1.0.30. Installation
 instructions may be found in the INSTALL file.
 
 tinc is Copyright (C) 1998-2016 by:
@@ -39,6 +39,8 @@ practice and that the default length of the HMAC for packets is too short in
 his opinion. We do not know of a way to exploit these weaknesses, but these
 issues are being addressed in the tinc 1.1 branch.
 
+The Sweet32 attack affects versions of tinc prior to 1.0.30.
+
 Cryptography is a hard thing to get right. We cannot make any
 guarantees. Time, review and feedback are the only things that can
 prove the security of any cryptographic product. If you wish to review
@@ -52,22 +54,25 @@ Some configuration variables have different names now. Most notably "TapDevice"
 should be changed into "Device", and "Device" should be changed into
 "BindToDevice".
 
+
 Compatibility
 -------------
 
-Version 1.0.29 is compatible with 1.0pre8, 1.0 and later, but not with older
-versions of tinc.
+Version 1.0.30 is compatible with 1.0pre8, 1.0 and later, but not with older
+versions of tinc. Note that since version 1.0.30, tinc requires all nodes in
+the VPN to be compiled with a version of LibreSSL or OpenSSL that supports the
+AES256 and SHA256 algorithms.
 
 
 Requirements
 ------------
 
-Since 1.0pre3, we use OpenSSL for all cryptographic functions.  So you
-need to install this library first; grab it from
-http://www.openssl.org/.  You will need version 0.9.7 or later.  If
-this library is not installed on you system, configure will fail.  The
-manual in doc/tinc.texi contains more detailed information on how to
-install this library.
+Since 1.0pre3, we use OpenSSL for all cryptographic functions.  So you need to
+install this library first; grab it from http://www.openssl.org/. You will
+need version 1.0.1 or later with support for AES256 and SHA256 enabled. If
+this library is not installed on you system, configure will fail. The manual
+in doc/tinc.texi contains more detailed information on how to install this
+library. Alternatively, you may also use LibreSSL.
 
 Since 1.0pre6, the zlib library is used for optional compression. You can
 find it at http://www.gzip.org/zlib/. Because of a possible exploit in

diff --git a/configure.ac b/configure.ac
index 3ec50683a73de472659f1a0d066bd5238b12ea31..0f31b01cab56e0f72f5f31c203709fdc1f62441d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1,7 +1,7 @@
 dnl Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([tinc], [1.0.29])
+AC_INIT([tinc], [1.0.30])
 AC_CONFIG_SRCDIR([src/tincd.c])
 AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
 AC_CONFIG_HEADERS([config.h])

diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in
index b0d6c77639260cfaf8522e0292fab03c8cb0fd9f..40ea1cc70918e31b4053f848fcc0b4b6866b4193 100644 (file)
--- a/doc/tinc.conf.5.in
+++ b/doc/tinc.conf.5.in
@@ -1,4 +1,4 @@
-.Dd 2016-04-10
+.Dd 2016-10-29
 .Dt TINC.CONF 5
 .\" Manual page created by:
 .\" Ivo Timmermans

diff --git a/src/connection.c b/src/connection.c
index 8966d65dac02fc591b45d4a60aa32db40a9dd59f..d27e6fd3ca72dee5c2cb362ba75eb18c70da8928 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -1,6 +1,6 @@
 /*
     connection.c -- connection list management
-    Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
                   2008      Max Rijevski <maksuf@gmail.com>
 

diff --git a/src/connection.h b/src/connection.h
index 0922fbeab71963aede15d75eabd7ffe1881ce76d..099d9d3b3ee81f02d5413674c4724e3492f7d569 100644 (file)
--- a/src/connection.h
+++ b/src/connection.h
@@ -1,6 +1,6 @@
 /*
     connection.h -- header for connection.c
-    Copyright (C) 2000-2012 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
 
     This program is free software; you can redistribute it and/or modify

diff --git a/src/meta.c b/src/meta.c
index 63f565fe5dbf195997027fa28bca3c4e15083e5b..09c063d35bac3a7c48f25b5f46e78f1c9006588b 100644 (file)
--- a/src/meta.c
+++ b/src/meta.c
@@ -1,6 +1,6 @@
 /*
     meta.c -- handle the meta communication
-    Copyright (C) 2000-2015 Guus Sliepen <guus@tinc-vpn.org>,
+    Copyright (C) 2000-2016 Guus Sliepen <guus@tinc-vpn.org>,
                   2000-2005 Ivo Timmermans
                   2006      Scott Lamb <slamb@slamb.org>
 

diff --git a/src/proxy.c b/src/proxy.c
index 32cb7973ffcb51e9a928b7f20d62e5d9c44722cb..52682721072cc64a561e556d02c163aa2d965a5d 100644 (file)
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -1,6 +1,6 @@
 /*
     proxy.c -- Proxy handling functions.
-    Copyright (C) 2015 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2015-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by