secnet 0.6.0 - major overhaul incl to signature key handling code

Ian Jackson ijackson at chiark.greenend.org.uk
Sun Feb 16 13:00:23 GMT 2020 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am pleased to announce secnet 0.6.0.

secnet 0.6.0 contains major changes.  However, there is probably no
particular point in upgrading for most sites.  The exceptions are:

(i) Mobile sites may wish to upgrade to get a fix affecting use
    on IPv6 public networks;

(ii) Sites which specify the use of `md5' anywhere should upgrade
    and/or abolish all mentions of `md5' (which there was never any
    good reason to specify with secnet).  Users who wish to to use
    both `md5' and `sha1' in the same secnet process should read
       https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=secnet.git;a=commit;h=7487a709d0f0cadafba68008ddf99278d55e625b

(iii) Obviously I would like people to test this version.
    And if you wish to control the timing of any possible breakage
    then upgrading to 0.6.x at your convenience may be preferable to
    waiting for a future criitcal security fix to be published only on
    the 0.6.x series.

secnet 0.6.0 contains a overhaul of long-term signature key handling;
this is in support of plans for provision of more modern algorithms,
and for automatic key rollover.  Right now, these new facilities are
not that useful, although in principle they could be used as part of a
manual key rollover process.

There are three bugfixes - the two mentioned above and one fix to some
error messages from make-secnet-sites.

Additionally there are logging and debugging improvements, significant
build system fixes, and substantial improvements to testing.

There is one known bug: on startup on a mobile site, secnet prints
some uninteresting log messages to stderr.

0.6.0 can be found here:
  https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
  https://www.chiark.greenend.org.uk/~secnet/release/0.6.0/

SHA-256 checksums are listed below.

The .deb is from Debian amd64 stretch (oldstable) and should work on
more recent versions of Debian.  The source is known to build on
jessie i386.


secnet (0.6.0) unstable; urgency=medium

  Bugfixes:
  * mobile sites: Do not ever expire peer addresses.  In practice
    this fixes transitions between IPv6-only and IPv4-only networks.
  * make-secnet-sites: Tainted: Fix a lot of bad return values
    (which would result in assertions rather than nice error messages).
  * Fix hash algo confusion in mixed sha1/md5 configurations (see below).

  Incompatible changes:
  * site: Always advertise all capabilities, even in MSG1.  This is
    incompatible with secnets earlier than 0.3.0 (September 2013), which
    are all quite badly broken and should have been upgraded long ago.
  * Drop support for using the same loaded rsa key with multiple different
    hash algorithms (which was broken in 0.5.0).  Right now we support
    only `sha1' and `md5' so everyone should be using `sha1'.
    Installations which specified `md5' anywhere may need config changes.

  Major new featureset (use of which is not adviseable yet):
  * New facilities for negotiating about the signing keys to use for
    authentication during key setup, and selecting and using the
    appropriate keys.  (``key-cache'/`privcache' and `peer-keys').
    Using these new facilities for keyrollover now is in principle
    possible but rather complex.  Further machinery is planned;
    for now, retain your existing config which should keep working.
    In summary:
       - secnet: new `privcache' closure;
       - secnet: `key-cache' and `peer-keys' keys on site closures;
       - secnet: new file format for peer public keysets;
       - secnet: new `make-public' config operator;
       - make-secnet-sites `pub', `pkg', `serial', etc. keywords;
       - make-secnet-sites --filter, --pubkeys-*, --output-version.

  More minor (logging) improvements:
  * Make stderr line buffered and log to it by default.
  * Do not log differently with --nodetach.
  * New `prefix' option to `logfile' closure.
  * Tidy and simplify some messages.

  Supporting changes:
  * Many substantial internal refactorings in secnet.
  * Many substantial internal refactorings in make-secnet-sites.
  * make-secnet-sites option parsing totally replaced.
  * Imported subtrees for base91-c and base91-python.
  * New portablity code, etc.: osdep.[ch], fmemopen reimplementation.
  * Explicitly define oddly-rotated dh padding arrangement (write_mpbin).

  Build system and packaging:
  * Do not fail to build from git when HEAD refers to a packed ref.
  * Update to subdirmk 0.3.
  * Many makefile fixes (esp. to clean and cdeps).
  * configure.ac: Drop or suppress some very obsolete checks.
  * autogen.sh: Write a comment about need for autoheader.
  * dir-locals: Provide python-indent-offset too.

  Test suite bugfixes:
  * stest: Use stderr, not tty, for logging.
  * stest/udp-preload.c: Fix error handling of sun_prep.
  * stest: Fix breakage if nproc is not installed.

  Test suite improvements:
  * New tests, including tests for new features.
  * Existing tests (especially stest) generally made more thorough.
  * New comprehensive-test and pretest-to-tested convenience scripts.
  * Arrangements for testing with (user-provided) old secnet.
  * parallel-test.*: scripts to help with parallelised bisection.
  * stest: Print a lot more output about what we are doing.
  * stest: Better support for cwd with longish pathname.
  * stest: More flexibility, env var hooks, etc.

 -- Ian Jackson <ijackson at chiark.greenend.org.uk>  Sun, 16 Feb 2020 12:48:13 +0000


c69de0bc1027d5953cbee9525923e5e273c4780d16b90a254d7d4b1e20d3c456  secnet_0.6.0.dsc
870016c7554528bbff87b7b86a676ae57511bc6a652b3c667ac8d17b2f9d7d41  secnet_0.6.0.tar.gz
95ca671212d6a83438bc5cf9bd28e694810b52609bd63179ca9e9d0960013639  secnet-dbgsym_0.6.0_amd64.deb
11f7b9f71a4afd048899f86c62285d2770fe93741ed824fab82dfa28a4fa47ef  secnet_0.6.0_amd64.buildinfo
ce894699ebb4fe83d93ee905dc868e171321de5f2dd5df4f893f12a684097866  secnet_0.6.0_amd64.deb
3802586dd964a583a93c0c41063a853ca9822c46a9e9d3d52b155017eca6170b  secnet_0.6.0_multi.changes

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAl5JPIcACgkQ4+M5I0i1
DTnwKwf9HKA89AQqaFZE7nM0wo2vcVPbmPrtzQI4tYPuVWaHTIiXg5QuwUxbnQu9
dNDbAVZLqLOGWxnXm/6B86zkze/tP34dfvbtRvyvRq0uKflknXMbl9BrGEoiCGuM
C36xJdrQNFfSLVzhplX3KIG5YOntboilafhIQdwi6rPXZKcrm1zk7ON14xTpHgi0
+Z1qjWfvo70bYAWNnyau6f867FzXUYO94G9SEna1LSTAZ7MGuXUDaygRK7bqIEBV
jCwt9DRUOSrf5DJa6J9gSynPbxdSqeXlnkfV7Wo8kejYAniCAYTDXaXWtnPvH2rw
qUedvpBJCSHdY6/XyswzXCrI7CqDnA==
=EoI8
-----END PGP SIGNATURE-----

-- 
Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

More information about the sgo-software-announce mailing list