badvpn/ChangeLog

- NCD: fix regex_replace() semantics. It was very broken because it did a complete replacement pass for every regex on the list, so it would match parts that have already been replaced, producing unexpected results.

- NCD: small performance improvement

Version 1.999.121:

- NCD: improve error handling semantics; see http://code.google.com/p/badvpn/source/detail?r=1376

- NCD: fix assertion failure in sys.evdev() if a device error occurs (e.g. device unplugged) while an event is being processed. Similar fix in some other modules, but these may not be reproducable.

- NCD: some more performance improvements

- NCD: some performance improvements (~30% faster interpretation of cpu-bound code)

- NCD: implemented If..elif..else clause.

- NCD: net.backend.wpa_supplicant: fix to work with wpa_supplicant>=1.0

Version 1.999.115:

- NCD: Many improvements; new statements, including call(), alias(), foreach(), choose().

Version 1.999.113:

- NCD: when starting child processes, make sure that file descriptors for standard
  streams are always open in the child, by opening /dev/null if they are not.

- Improve build system to allow selective building of components.
  By default, everything is built, unless -DBUILD_NOTHING_BY_DEFAULT=1 is given.
  Individual components can then be enabled or disabled using -DBUILD_COMPONENT=1
  and -DBUILD_COMPONENT=0.

- When starting any BadVPN program, make sure that file descriptors for standard
  streams are always open in the child, by opening /dev/null if they are not.

- NCD: net.backend.wpa_supplicant(): add 'bssid' and 'ssid' variables to allow
  determining what wireless network wpa_supplicant connected to.

- NCD: net.backend.wpa_supplicant(): do not require the user to start wpa_supplicant via
  stdbuf, but do it automatically.

Version 1.999.111:

- Improved protocol such that peers can use SSL when comminicating via the server. This
  improves security, as compromising the server will not allow the attacker to see secret
  data shared by peers (in particular, encryption keys and OTP seeds when in UDP mode).

  Compatibility is preserved if an only if the following conditions are met:
  - The server is using the latest version.
  - If the network is using SSL, all clients using the new version are using the
    "--allow-peer-talk-without-ssl" command line option.

  Be aware, however, that using the "--allow-peer-talk-without-ssl" option negates the
  security benefits of the new SSL support - not only between pairs of peers where one
  peer is using the old version, but also between pairs where both peers are capable
  of SSL. This is because the server can re-initialize the pair, telling them not to use
  SSL.

Version 1.999.107:

- Added Windows IOCP support, removing the limitation on ~64 connections. This is important
  for tun2socks, which may have to handle several hundred connections.

Version 1.999.105.2:

- Fixed an assertion failure in tun2socks related to sending data to SOCKS.

Version 1.999.101.3:

- Fixed UDP transport on Windows 7 which didn't work (was only tested on XP).

Version 1.999.101:

- Fixed a protocol issue present in versions <=1.999.100.3. Compatibility is preserved in
  case of a new server and old clients, but it is not possible to connect to an old server
  with a new client.