Package Release Info

govpn-7.4-bp150.2.5

Update Info: Base Release
Available in Package Hub : 15

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

govpn
govpn-server

Change Logs

* Thu Nov 23 2017 sor.alexei@meowr.ru
- Update to version 7.4:
  * Tiny refactoring. Go 1.9 is a minimal required version.
  * Dependant cryptographic libraries are updated.
- Add govpn-go-1.7-compat.patch: Restore Go 1.7 compatibility.
  Apply it on openSUSE older than Leap 15.0.
* Thu May 11 2017 jengelh@inai.de
- Do not suppress errors from user/group creation
- Fix grammar problems in description, and drop filler wording.
* Tue May 09 2017 sor.alexei@meowr.ru
- Update to version 7.3 (changes since 5.10):
  * Argon2d is replaced with Balloon hashing. Found Argon2
    libraries written on pure Go have various problems. Moreover
    Argon2i should be used instead, but it has some possible
    cryptographic defects (http://eprint.iacr.org/2016/027).
    So it is replaced with much more simpler (and seems even
    cryptographically better) Balloon hashing
    (https://crypto.stanford.edu/balloon/).
  * (X)Salsa20 is replaced with ChaCha20. Theoretically it should
    be faster and more secure. Previous versions are not compatible
    with it!
  * Ability to use TUN-interfaces under GNU/Linux.
  * Fix a bug in client?s identity generation and detection code:
    simultaneous clients may be incorrectly identified, preventing
    their connection establishing and allowing DPI to detect GoVPN
    packets.
  * Fix seldom possible segmentation fault on the server during
    rehandshake.
  * Dependant cryptographic libraries are updated.
* Sat Jul 23 2016 sor.alexei@meowr.ru
- Update to version 5.10 (changes since 5.8):
  * Client reconnects in the loop when connection is lost.
    Optionally you can disable that behaviour: client will exit
    immediately, as it previously did.
  * -version option added, printing application version.
* Sat May 28 2016 sor.alexei@meowr.ru
- Update to version 5.8:
  * Optional ability to use syslog for logging, with RFC 5424-like
    structured records.
  * XTEA algorithm is not used anymore for nonce obfuscation, but
    BLAKE2b-MAC instead. Encryptionless mode now really does not
    depend on encryption functions.
* Thu Mar 17 2016 sor.alexei@meowr.ru
- Update to 5.7:
  * TAP interface name and remote peer's address are passed to up-
    and down- scripts through environment variables.
  * Update Argon2 library to use version 1.3 of the algorithm.
* Thu Feb 11 2016 sor.alexei@meowr.ru
- Update to 5.6 (changes since 5.2):
  * Ability to read passphrases directly from the terminal (user's
    input) without using of keyfiles. storekey.sh utility removed.
  * Fix minor bug with newclient.sh that caught "Passphrase:"
    prompt and inserted it into example YAML output.
    Just replaced stdout output to stderr for that prompt.
  * Add optional Timesync requirement.
    It will add timestamps in handshake PRP authentication,
    disallowing to repeat captured packet and get reply from the
    server, making it visible to DPI.
  * Ability to work on 32-bit platforms. sync library has some
    specific issues that caused panics on previous versions.
  * Add up/down example script for replacing default route.
  * Fix documentation bug: .info was not being installed.
* Fri Jan 15 2016 sor.alexei@meowr.ru
- Update to 5.2 (changes since 4.2):
  * New optional encryptionless mode of operation.
    Technically no encryption functions are applied for outgoing
    packets, so you can not be forced to reveal your encryption
    keys or sued for encryption usage.
  * MTUs are configured on per-user basis.
  * Simplified payload padding scheme, saving one byte of data.
  * Ability to specify TAP interface name explicitly without any
    up-scripts for convenience.
  * govpn-verifier utility now also can use EGD.
  * Server is configured using YAML file. It is very convenient to
    have comments and templates, comparing to JSON.
  * Incompatible with previous versions replacement of HSalsa20
    with BLAKE2b in handshake code.
  * Ability to read passphrases directly from the terminal (user's
    input) without using of keyfiles. storekey.sh utility removed.
* Fri Nov 20 2015 sor.alexei@meowr.ru
- Update to 4.2 (changes since 4.0):
  * Argon2d is used instead of PBKDF2 for password verifier hashing.
  * Client's identity is stored inside the verifier, so it
    simplifies server-side configuration and the code.
  * Fix non-critical bug when server may fail if up-script is not
    executed successfully.
* Sun Sep 20 2015 sor.alexei@meowr.ru
- Initial package.