secnet 0.3.2

Ian Jackson ijackson at
Thu Jun 26 20:39:03 BST 2014

Hash: SHA256

I am pleased to announce secnet 0.3.2.

0.3.2 contains bugfixes for links involving mobile sites, including an
important security fix for configurations which explicitly set the
site configuration parameter "mobile-peers-max" to 5 or more.

Sites which have no mobile peers and which are already running
0.3.1 have no compelling reason to upgrade.

0.3.2 can be found here:

0.3.2 should be backwards-compatibile with previous versions.  For
those on the SGO VPN: chiark is currently running an equivalent

For a summary of the changes see the changelog extract below.  For
full details see the git history.

There are no code changes from 0.3.2~beta3 to 0.3.2.

If you are upgrading from pre-0.3 secnet, you should make a change to
your secnet.conf file, as follows:
  -transform serpent256-cbc {
  -	max-sequence-skew 10;
  +transform eax-serpent { }, serpent256-cbc { };
The previously-specified transform "serpent256-cbc" has serious
security weaknesses.  If you make this change, your new secnet
will automatically negotiate the new "eax-serpent" transform with
suitably capable peers.

secnet (0.3.2) unstable; urgency=low

  * Release of 0.3.2.  No code changes since 0.3.1~beta1.

 -- Ian Jackson <ijackson at>  Thu, 26 Jun 2014 20:27:58 +0100

secnet (0.3.2~beta1) unstable; urgency=low

  For links involving mobile sites:
  * SECURITY: Properly update peer address array when it is full.
  * Do name-resolution on peer-initiated key setup too, when we are mobile
    (and other name-resolution improvements).

  Other minor improvements:
  * Log peer addresses on key exchange timeout.
  * When printing version (eg during startup), use value from git-describe
    and thus include git commit id where applicable.
  * Updates to release checklist in
  * Use C99 _Bool for bool_t.

 -- Ian Jackson <ijackson at>  Fri, 06 Jun 2014 01:17:54 +0100
Version: GnuPG v1.4.12 (GNU/Linux)


More information about the sgo-software-announce mailing list