X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fnews.texi;h=c96fdb9fc5674d16301ece4fcb7d2c82a033318f;hb=4b6010d63d3512094c7cef4a119a8d45cb1a7b18;hp=54d794428ac1d61eabaf435bf6f1157e7f78695a;hpb=68e0c647218f529318c07eb7be85f82034d9904a;p=govpn.git diff --git a/doc/news.texi b/doc/news.texi index 54d7944..c96fdb9 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -1,12 +1,37 @@ @node News -@cindex Releases -@cindex News @unnumbered News -@table @strong - -@item @anchor{Release_5.4} Release 5.4 -@cindex Release 5.4 +See also this page @ref{Новости, on russian}. + +@menu +* Release 5.4:: +* Release 5.3:: +* Release 5.2:: +* Release 5.1:: +* Release 5.0:: +* Release 4.2:: +* Release 4.1:: +* Release 4.0:: +* Release 3.5:: +* Release 3.4:: +* Release 3.3:: +* Release 3.2:: +* Release 3.1:: +* Release 3.0:: +* Release 2.4:: +* Release 2.3:: +* Release 2.2:: +* Release 2.1:: +* Release 2.0:: +* Release 1.5:: +* Release 1.4:: +* Release 1.3:: +* Release 1.1:: +* Release 1.0:: +@end menu + +@node Release 5.4 +@section Release 5.4 @itemize @item Added optional @ref{Timesync, time synchronization} requirement. It will add timestamps in handshake PRP authentication, disallowing to @@ -14,23 +39,23 @@ repeat captured packet and get reply from the server, making it visible to DPI. @end itemize -@item @anchor{Release_5.3} Release 5.3 -@cindex Release 5.3 +@node Release 5.3 +@section Release 5.3 @itemize -@item Fixed minor bug with @code{newclient.sh} that caught +@item Fixed minor bug with @command{newclient.sh} that caught "Passphrase:" prompt and inserted it into example YAML output. Just replaced stdout output to stderr for that prompt. @end itemize -@item @anchor{Release_5.2} Release 5.2 -@cindex Release 5.2 +@node Release 5.2 +@section Release 5.2 @itemize @item Ability to read passphrases directly from the terminal (user's -input) without using of keyfiles. @code{storekey.sh} utility removed. +input) without using of keyfiles. @command{storekey.sh} utility removed. @end itemize -@item @anchor{Release_5.1} Release 5.1 -@cindex Release 5.1 +@node Release 5.1 +@section Release 5.1 @itemize @item Server is configured using @url{http://yaml.org/, YAML} file. It is very convenient to have comments and templates, comparing to JSON. @@ -38,8 +63,8 @@ is very convenient to have comments and templates, comparing to JSON. with @emph{BLAKE2b} in handshake code. @end itemize -@item @anchor{Release_5.0} Release 5.0 -@cindex Release 5.0 +@node Release 5.0 +@section Release 5.0 @itemize @item New optional @ref{Encless, encryptionless mode} of operation. Technically no encryption functions are applied for outgoing packets, so @@ -49,18 +74,18 @@ encryption usage. @item Simplified payload padding scheme, saving one byte of data. @item Ability to specify TAP interface name explicitly without any up-scripts for convenience. -@item @code{govpn-verifier} utility also can use @ref{EGD}. +@item @command{govpn-verifier} utility also can use @ref{EGD}. @end itemize -@item @anchor{Release_4.2} Release 4.2 -@cindex Release 4.2 +@node Release 4.2 +@section Release 4.2 @itemize @item Fixed non-critical bug when server may fail if up-script is not executed successfully. @end itemize -@item @anchor{Release_4.1} Release 4.1 -@cindex Release 4.1 +@node Release 4.1 +@section Release 4.1 @itemize @item @url{https://password-hashing.net/#argon2, Argon2d} is used instead of PBKDF2 for password verifier hashing. @@ -68,8 +93,8 @@ of PBKDF2 for password verifier hashing. server-side configuration and the code. @end itemize -@item @anchor{Release_4.0} Release 4.0 -@cindex Release 4.0 +@node Release 4.0 +@section Release 4.0 @itemize @item Handshake messages can be noised: their messages lengths are hidden. Now they are indistinguishable from transport messages. @@ -78,8 +103,8 @@ hidden. Now they are indistinguishable from transport messages. @item Single JSON file server configuration. @end itemize -@item @anchor{Release_3.5} Release 3.5 -@cindex Release 3.5 +@node Release 3.5 +@section Release 3.5 @itemize @item Ability to use @ref{Network, TCP} network transport. Server can listen on both UDP and TCP sockets. @@ -90,43 +115,39 @@ for accessing the server. Server can also emulate HTTP proxy behaviour. reasons. @end itemize -@item @anchor{Release_3.4} Release 3.4 -@cindex Release 3.4 +@node Release 3.4 +@section Release 3.4 @itemize @item Ability to use external @ref{EGD}-compatible PRNGs. Now you are -able to use GoVPN even on systems with the bad @code{/dev/random}, +able to use GoVPN even on systems with the bad @file{/dev/random}, providing higher quality entropy from external sources. -@item Removed @code{-noncediff} option. It is replaced with in-memory +@item Removed @option{-noncediff} option. It is replaced with in-memory storage of seen nonces, thus eliminating possible replay attacks at all without performance degradation related to inbound packets reordering. @end itemize -@item @anchor{Release_3.3} Release 3.3 -@cindex Release 3.3 +@node Release 3.3 +@section Release 3.3 @itemize @item Compatibility with an old GNU Make 3.x. Previously only BSD Make and GNU Make 4.x were supported. -@item /dev/urandom is used for correct client identity generation under -GNU/Linux systems. Previously /dev/random can produce less than required -128-bits of random. -@item Updated user manual examples. +@item @file{/dev/urandom} is used for correct client identity generation +under GNU/Linux systems. Previously @file{/dev/random} can produce less +than required 128-bits of random. @end itemize -@item @anchor{Release_3.2} Release 3.2 -@cindex Release 3.2 +@node Release 3.2 +@section Release 3.2 @itemize -@item -Deterministic building: dependent libraries source code commits are -fixed in our makefiles. -@item -No Internet connection is needed for building the source code: all +@item Deterministic building: dependent libraries source code commits +are fixed in our makefiles. +@item No Internet connection is needed for building the source code: all required libraries are included in release tarballs. -@item -FreeBSD Make compatibility. GNU Make is not necessary anymore. +@item FreeBSD Make compatibility. GNU Make is not necessary anymore. @end itemize -@item @anchor{Release_3.1} Release 3.1 -@cindex Release 3.1 +@node Release 3.1 +@section Release 3.1 @itemize @item Diffie-Hellman public keys are encoded with Elligator algorithm when @@ -136,8 +157,8 @@ passwords (that are used to create DSA public keys). But this will consume twice entropy for DH key generation in average. @end itemize -@item @anchor{Release_3.0} Release 3.0 -@cindex Release 3.0 +@node Release 3.0 +@section Release 3.0 @itemize @item EKE protocol is replaced by Augmented-EKE and static symmetric (both @@ -165,88 +186,80 @@ maximal MTU size. Ability to hide underlying packets appearance rate, by generating Constant Packet Rate traffic. This includes noise generation too. @item -Per-peer @code{-timeout}, @code{-noncediff}, @code{-noise} and -@code{-cpr} configuration options for server. +Per-peer @option{-timeout}, @option{-noncediff}, @option{-noise} and +@option{-cpr} configuration options for server. @end itemize -@item @anchor{Release_2.4} Release 2.4 -@cindex Release 2.4 +@node Release 2.4 +@section Release 2.4 @itemize -@item -Added ability to optionally run built-in HTTP-server responding with -JSON of all known connected peers information. Real-time client's +@item Added ability to optionally run built-in HTTP-server responding +with JSON of all known connected peers information. Real-time client's statistics. - -@item -Documentation is explicitly licenced under GNU FDL 1.3+. +@item Documentation is explicitly licenced under GNU FDL 1.3+. @end itemize -@item @anchor{Release_2.3} Release 2.3 -@cindex Release 2.3 +@node Release 2.3 +@section Release 2.3 @itemize -@item -Handshake packets became indistinguishable from the random. -Now all GoVPN's traffic is the noise for men in the middle. +@item Handshake packets became indistinguishable from the random. Now +all GoVPN's traffic is the noise for men in the middle. -@item -Handshake messages are smaller (16% traffic reduce). +@item Handshake messages are smaller (16% traffic reduce). -@item -Adversary now can not create malicious fake handshake packets that +@item Adversary now can not create malicious fake handshake packets that will force server to generate private DH key, preventing entropy consuming and resource heavy computations. @end itemize -@item @anchor{Release_2.2} Release 2.2 -@cindex Release 2.2 +@node Release 2.2 +@section Release 2.2 @itemize @item Fixed several possible channel deadlocks. @end itemize -@item @anchor{Release_2.1} Release 2.1 -@cindex Release 2.1 +@node Release 2.1 +@section Release 2.1 @itemize @item Fixed Linux-related building. @end itemize -@item @anchor{Release_2.0} Release 2.0 -@cindex Release 2.0 +@node Release 2.0 +@section Release 2.0 @itemize @item Added clients identification. @item Simultaneous several clients support by server. @item Per-client up/down scripts. @end itemize -@item @anchor{Release_1.5} Release 1.5 -@cindex Release 1.5 +@node Release 1.5 +@section Release 1.5 @itemize @item Nonce obfuscation/encryption. @end itemize -@item @anchor{Release_1.4} Release 1.4 -@cindex Release 1.4 +@node Release 1.4 +@section Release 1.4 @itemize @item Performance optimizations. @end itemize -@item @anchor{Release_1.3} Release 1.3 -@cindex Release 1.3 +@node Release 1.3 +@section Release 1.3 @itemize @item Heartbeat feature. @item Rehandshake feature. -@item up- and down- optinal scripts. +@item up- and down- optional scripts. @end itemize -@item @anchor{Release_1.1} Release 1.1 -@cindex Release 1.1 +@node Release 1.1 +@section Release 1.1 @itemize @item FreeBSD support. @end itemize -@item @anchor{Release_1.0} Release 1.0 -@cindex Release 1.0 +@node Release 1.0 +@section Release 1.0 @itemize @item Initial stable release. @end itemize - -@end table