Softpedia >Windows >Internet >Secure Browsing / VPN >tinc >  Changelog

tinc Changelog

What's new in tinc 1.0.36

Aug 26, 2019
  • Fix compiling tinc with certain versions of the OpenSSL library.
  • Fix parsing some IPv6 addresses with :: in them.
  • Fix GraphDumpFile output to handle node names starting with a digit.
  • Fix a potential segmentation fault when fragmenting packets.

New in tinc 1.0.35 (Oct 9, 2018)

  • Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
  • Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).

New in tinc 1.0.34 (Jun 12, 2018)

  • Fix a potential segmentation fault when connecting to an IPv6 peer via a proxy.
  • Minor improvements to the build system.
  • Make the systemd service file identical to the one from the 1.1 branch.

New in tinc 1.1pre15 (Nov 6, 2017)

  • Detect when the machine is resuming from suspension or hibernation.
  • When an old PID file is found, check whether the old daemon is still alive.
  • Remember scope_id for IPv6 addresses when sending UDP packets to link-local addresses.
  • Ensure compatibility with OpenSSL 1.1.
  • Only log about dropped packets with debug level 5.
  • Warn when trying to generate RSA keys less than 2048 bits.
  • Use AES256 and SHA256 as the default encryption and digest algorithms.
  • Add DeviceType = fd to support tinc on Android without requiring root.
  • Support PriorityInheritance for IPv6 packets.
  • Fixes for Solaris tun/tap support.
  • Add a configurable expiration time for invitations.
  • Store invitation data after a succesful join.
  • Exit gracefully when the tun/tap device is in a bad state.
  • Add the LogLevel option.
  • AutoConnect now actively tries to heal split networks.

New in tinc 1.0.33 (Nov 6, 2017)

  • Allow compilation from a build directory.
  • Source code cleanups.
  • Fix some options specified on the command line not surviving a HUP signal.
  • Handle tun/tap device returning EPERM or EBUSY.
  • Disable PMTUDiscovery when TCPOnly is used.
  • Support the —runstatedir option of the autoconf 2.70.

New in tinc 1.1pre14 (Feb 8, 2017)

  • Add tinc.service back.

New in tinc 1.0.31 (Feb 8, 2017)

New in tinc 1.1 Pre10 (May 12, 2014)

  • Added a benchmark tool (sptps_speed) for the new protocol.
  • Fixed a crash when using Name = $HOST while $HOST is not set.
  • Use AES-256-GCM for the new protocol.
  • Updated support for Solaris.
  • Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set.
  • Enable various compiler hardening flags by default.
  • Added support for a “conf.d” configuration directory.
  • Fix tinc-gui on Windows, also allowing it to connect to a 32-bits tincd when tinc-gui is run in a 64-bits Python environment.
  • Added a “ListenAddress” option, which like BindToAddress adds more listening address/ports, but doesn’t bind to them for outgoing sockets.
  • Make invitations work better when the “invite” and “join” commands are not run interactively.
  • When creating meta-connections to a node for which no Address statement is specified, try to use addresses learned from other nodes.

New in tinc 1.0.24 (May 12, 2014)

  • Various compiler hardening flags are enabled by default.
  • Updated support for Solaris, allowing switch mode on Solaris 11.
  • Configuration will now also be read from a conf.d directory.
  • Various updates to the documentation.
  • Tinc now forces glibc to reload /etc/resolv.conf after it receives SIGALRM.
  • Fixed a potential routing loop when IndirectData or TCPOnly is used and broadcast packets are being sent.
  • Improved security with constant time memcmp and stricter use of OpenSSL’s RNG functions.
  • Fixed all issues found by Coverity.

New in tinc 1.0.20 (Mar 5, 2013)

  • Use /dev/tap0 by default on FreeBSD and NetBSD when using switch mode.
  • Minor improvements and clarifications in the documentation.
  • Allow tinc to be cross-compiled with Android’s NDK.
  • The discovered PMTU is now also applied to VLAN tagged traffic.
  • The LocalDiscovery option now makes use of all addresses tinc is bound to.
  • Fixed support for tunemu on iOS devices.
  • The PriorityInheritance option now also works with switch mode.
  • Fixed tinc crashing when using a SOCKS5 proxy.

New in tinc 1.1 Pre2 (Mar 26, 2012)

  • cookie files are renamed to .pid files, which are compatible with 1.0.x.
  • Experimental protocol enhancements that can be enabled with the option ExperimentalProtocol = yes:
  • Ephemeral ECDH key exchange will be used for both the meta protocol and UDP session keys.
  • Key exchanges are signed with ECDSA.
  • ECDSA public keys are automatically exchanged after RSA authentication if nodes do not know each other’s ECDSA public key yet.

New in tinc 1.0.18 (Mar 26, 2012)

  • Fixed IPv6 in switch mode by turning off DecrementTTL by default.
  • Allow a port number to be specified in BindToAddress, which also allows tinc to listen on multiple ports.
  • Add support for multicast communication with UML/QEMU/KVM.