secnet 0.3.2

Ian Jackson ijackson at chiark.greenend.org.uk
Thu Jun 26 20:39:03 BST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am pleased to announce secnet 0.3.2.

0.3.2 contains bugfixes for links involving mobile sites, including an
important security fix for configurations which explicitly set the
site configuration parameter "mobile-peers-max" to 5 or more.

Sites which have no mobile peers and which are already running
0.3.1 have no compelling reason to upgrade.


0.3.2 can be found here:

 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
 http://www.chiark.greenend.org.uk/~secnet/release/0.3.2/

0.3.2 should be backwards-compatibile with previous versions.  For
those on the SGO VPN: chiark is currently running an equivalent
version.

For a summary of the changes see the changelog extract below.  For
full details see the git history.

There are no code changes from 0.3.2~beta3 to 0.3.2.


If you are upgrading from pre-0.3 secnet, you should make a change to
your secnet.conf file, as follows:
  -transform serpent256-cbc {
  -	max-sequence-skew 10;
  -};
  +transform eax-serpent { }, serpent256-cbc { };
 
The previously-specified transform "serpent256-cbc" has serious
security weaknesses.  If you make this change, your new secnet
will automatically negotiate the new "eax-serpent" transform with
suitably capable peers.


secnet (0.3.2) unstable; urgency=low

  * Release of 0.3.2.  No code changes since 0.3.1~beta1.

 -- Ian Jackson <ijackson at chiark.greenend.org.uk>  Thu, 26 Jun 2014 20:27:58 +0100

secnet (0.3.2~beta1) unstable; urgency=low

  For links involving mobile sites:
  * SECURITY: Properly update peer address array when it is full.
  * Do name-resolution on peer-initiated key setup too, when we are mobile
    (and other name-resolution improvements).

  Other minor improvements:
  * Log peer addresses on key exchange timeout.
  * When printing version (eg during startup), use value from git-describe
    and thus include git commit id where applicable.
  * Updates to release checklist in Makefile.in.
  * Use C99 _Bool for bool_t.

 -- Ian Jackson <ijackson at chiark.greenend.org.uk>  Fri, 06 Jun 2014 01:17:54 +0100
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTrHasAAoJEOPjOSNItQ05NssH/RekbTy/Sf3uYBHbOXbza78n
6fYfPMz4aMI6O+ELsJGS3rRfkK+oWC2xQ10aisdDXnmT52nRzFZy68O4Q7u6wSGd
S3qWAgLoG65qzdKX8XiTe12GRSbt9Ja1YXXgDgkNB+eK7kZkMaLzjDhBM4WAZBpb
fNCnIcI05TIVO7MFBJe8YfvoHSkiQU3Q7ErBZS52RZJ8rWCrFmRSX/OMVUbYmbCZ
7TwK3YbNGZ2XKh75W5QOM6haeGuTIpJ0IzVaRsPkaVLWPskE+MU+dluqcMO5nCEy
F3ZGDl0scROZQC89od3CGNSCJ6gHgKVaQKONOLqhHPJSDHVgkbaE4Ryi7PUu840=
=PMhH
-----END PGP SIGNATURE-----

More information about the sgo-software-announce mailing list