From a8f415e67fd316d929f9b9e6661e0d3d66fc197b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 8 Nov 2003 15:29:40 +0000 Subject: [PATCH] Release notes for 1.0.2 --- NEWS | 15 +++++++++++++++ README | 12 ++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 4c7c9397..897719c3 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,18 @@ +version 1.0.2 Nov 8 2003 + +* Fix address and hostname resolving under Windows. + +* Remove warnings about non-existing scripts and unsupported address families. + +* Use the event logger under Windows. + +* Fix quoting of filenames and command line arguments under Windows. + +* Strict checks for length incoming network packets and return values of + cryptographic functions, + +* Fix a bug in metadata handling that made the tinc daemon abort. + version 1.0.1 Aug 14 2003 * Allow empty lines in config files. diff --git a/README b/README index 1024d608..243f0efe 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.0.1. Installation +This is the README file for tinc version 1.0.2. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2003 by: @@ -31,6 +31,14 @@ launch a denial of service attack by replaying intercepted packets. The current version adds sequence numbers and message authentication codes to prevent such attacks. +On September the 15th of 2003, Peter Gutmann contacted us and showed us a +writeup describing various security issues in several VPN daemons. He showed +that tinc lacks perfect forward security, the connection authentication could +be done more properly, that the sequence number we use as an IV is not the best +practice and that the default length of the HMAC for packets is too short in +his opinion. We do not know of a way to exploit these weaknesses, but we will +address these issues in tinc 2.0. + Cryptography is a hard thing to get right. We cannot make any guarantees. Time, review and feedback are the only things that can prove the security of any cryptographic product. If you wish to review @@ -47,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into Compatibility ------------- -Version 1.0.1 is compatible with 1.0 and 1.0pre8 but not with older versions +Version 1.0.2 is compatible with 1.0.1, 1.0 and 1.0pre8 but not with older versions of tinc. -- 2.39.5