secnet 0.3.3 - IMPORTANT SECURITY FIX

Ian Jackson ijackson at chiark.greenend.org.uk
Sat Sep 20 00:42:09 BST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am pleased to announce secnet 0.3.3~beta1.

0.3.3 contains a bugfix relevant on sites with the now-conventional
`ipaddr.py' Python module (as found in Debian's python-ipaddr
pacakge): on such systems earlier versions of make-secnet-site would
fail.

This bugfix is going to be important in the future: a version of
secnet capable of transport over IPv6 is in the works, and that will
have a dependency on the conventional modern ipaddr module.  0.3.3 is
provided in part to make the upgrade transition easier.

0.3.3 also has minor improvements to mobile site transport address
handling and a minor build system improvement.


0.3.3~beta1 can be found here:

 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
 http://www.chiark.greenend.org.uk/~secnet/release/0.3.3~beta1/

0.3.3 should be backwards-compatibile with previous versions.  For
those on the SGO VPN: chiark is currently running an equivalent
version.

For a summary of the changes see the changelog extract below.  For
full details see the git history.


secnet (0.3.3~beta1) unstable; urgency=low

  Installation compatibility fix:
  * In make-secnet-sites, always use our own ipaddr.py even if the
    incompatible modern ipaddr.py is installed (eg via python-ipaddr.deb).
    (Future versions of secnet are going to need that Python module to be
    installed.)

  For links involving mobile sites:
  * Use source of NAK packets as hint for peer transport address.
  * When initiating rekey, make use of data transport peer addresses.

  Build fix:
  * Provide clean target in test-example/Makefile.

 -- Ian Jackson <ijackson at chiark.greenend.org.uk>  Fri, 19 Sep 2014 00:11:44 +0100


$ sha256sum secnet_0.3.3~beta1*
70f5f782b91971f8303fc477b3b947f08da204510005137bb20c1cff8e71c848  secnet_0.3.3~beta1.dsc
9130551924d636330be79519841ae6a7678a6c25a2ee07d0eec88efc793429cf  secnet_0.3.3~beta1_i386.build
0c93c451662d561c82f8d0ab15696e7236d05ae946f20e0ad6cae3659c90c21f  secnet_0.3.3~beta1_i386.changes
c8658e9109ea34614a8f69f62d9feb5d425ef9daeef6de329726e14c54bc2d34  secnet_0.3.3~beta1_i386.deb
c2814895f06950acac0cb6c8240ddfb9be0d35415fffae27085960a4a9ed5056  secnet_0.3.3~beta1.tar.gz
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJUG2xcAAoJEOPjOSNItQ05tasH/2WfTVznofNbSFpPTskLJhQu
3SdJGCb5IrPvVu7WWKVNkClDrGFw7HsXLhlnBYlTEgo1BWoPrO0VWVgZfIWOvFoc
NlfVdtYsHqz9OXapfRF+lf3JPiy1E1ECfMJwxEP+ME/wiqTF77YbrZLlXBUK/4m4
lMSoqEEy4pzOBiGfU3x5KYJAb6LQE1l7//OUdQzq616NKAksBrY6aTvjz1XstLUK
nvByDahYIkNPLG1vzDmCyQ4aXfOCv7eu8qDqEFfzqw81MQxHH+2GeCIHqPi5Wfgt
adrfqSutoVnOREdkyituOzsPuMo6NS3ATN/VFadNkLqS1OyVhk15238LVCWamUI=
=H/Z5
-----END PGP SIGNATURE-----

More information about the sgo-software-announce mailing list