WireSep release archive

1. WireSep
2. Archive

Release feed

WireSep v0.11.3 [SHA256] 2020-04-26

• many improvements in handling transient socket errors, i.e. no route to host no longer prevents us from trying to reconnect at a later time if the remote endpoint is known
• fix a possible deadlock when the queue runs full while a peer is not connected
• schedule a keepalive after receiving the first data packet in a responder role
• further improve log messages

WireSep v0.11.2 [SHA256] 2020-04-23

• fix endless loop on platforms where char is unsigned, e.g. macppc (fix by Klemens Nanni)
• print interface v6 address on -vv
• fix log message if no suitable address could be picked

WireSep v0.11.1 [SHA256] 2020-04-07

• move away from GitHub to our own controlled domain, the new website can be found at https://netsend.nl/wiresep and the repository can be cloned at https://netsend.nl/wiresep.git
• support stable releases and distribute them through https://netsend.nl/wiresep/archive
• minor nitpicks

WireSep v0.11.0 [SHA256] 2020-04-07

• let wiresep-keygen(1) securely store keys in a file
• change default file extension of private keys from .key to .privkey
• fix initiator role on big-endian systems
• fix a crash because of a memory misalignment on sparc64
• fix premature exit with multiple configured interfaces
• various improvements to the documentation
• improve log messages seen with -v and -vv
• lower tunnel mtu from 1420 to 1408 to work better with DSL

WireSep v0.10.1 [SHA256] 2020-03-25

• upstream OpenBSD package patches that fix some build issues on base-gcc (32-bit) archs, patches thanks to Theo Buehler

WireSep v0.10.0 [SHA256] 2020-03-25

• major effort to clarify all log messages
• fix all warnings and false positives reported by Clang Static Analyzer
• fix some warnings found with GCC 8.3
• enclave: fix byte order conversion of response sender id
• wiresep-keygen reorder output
• guard most memcpy(3) for OOB writes by using MIN

WireSep v0.9.1 [SHA256] 2020-03-18

• fix crash on first packet in client-only mode
• fix an out-of-bound write when parsing an ipv4 listen address
• fix logging unknown destination ip6 addresses
• fix a warning in client-only mode about finding a suitable local port

WireSep v0.9.0 [SHA256] 2020-03-15

• support client-only mode, the listen configuration directive is now optional
• greatly reduce IPC message size
• refactor local address selection, fixes race conditions and stability
• do not exit when a write to the peer socket fails
• shrink socket receive buffers from 524216 to 131054 bytes
• queue at most 50 packets instead of 1000

WireSep v0.8.4 [SHA256] 2019-11-20

• default the user to “_wiresep” if omitted
• append to CFLAGS from environment and drop default -O0 -g

WireSep v0.8.3 [SHA256] 2019-11-18

• don’t change the process name, keep wiresep
• let resource limits take the configuration into account
• treat OOM errors in the main loop as transient
• don’t notify proxy to destroy unsent sessions

WireSep v0.8.2 [SHA256] 2019-11-14

• replace dropuser with setresuid(2)
• ensure that the log* functions don’t change errno
• install example config in /usr/local/share/examples
• don’t run makewhatis(8) on make install
• assorted improvements to the documentation

WireSep v0.8.1 [SHA256] 2019-11-03

• avoid compiler error about duplicate enumeration
• debug address family mismatches and reason of inactive sessions
• don’t exit on sendwgdatamsg() failure

WireSep v0.8.0 [SHA256] 2019-10-31

• private and pre-shared keys should now be put in a separate file
• automatically look for a private key in /etc/wiresep/tunX.key
• automatically look for an optional pre-shared key in:
  1. /etc/wiresep/global.psk
  2. /etc/wiresep/tunX.psk
  3. /etc/wiresep/tunX.peerY.psk
  4. /etc/wiresep/peerY.psk
• override default paths with new privkeyfile and pskfile config setting
• loosen up permission requirements on config file now that it no longer contains any secrets
• set tight resource limits on data and stack size and others
• updates to documentation and manpages
• add wiresep.conf.example
• move the default config file to /etc/wiresep/wiresep.conf
• fix some inconsistencies in parsing the config file

WireSep v0.7.0 [SHA256] 2019-10-13

• completely reimplement session management to improve reliability and conformance to the specification
• only malloc after a new session is authenticated and established
• support queueing of multiple packets
• log interface statistics on receiving a USR1 signal
• be silent on startup
• lot’s of refinements
• raise status from alpha to beta

WireSep v0.6.0 [SHA256] 2019-08-08

• lot’s of small refinements and some code restructuring
• interface public key is no longer needed or allowed, only the private key
• improve DoS resistence in the proxy by looking up sessions in logarithmic time
• use gprof plus a new testing harness to measure the performance of the proxy
• increase socket receive buffers to eight maximum sized UDP packets
• proxy: collect stats and log on SIGUSR1
• improvements to wiresep-keygen(1)

WireSep v0.5.0 [SHA256] 2019-05-05

• first public release