secnet 0.6.1 - bugfixes

Ian Jackson ijackson at chiark.greenend.org.uk
Sun May 24 22:50:40 BST 2020 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am pleased to announce secnet 0.6.1.

secnet 0.6.1 is a bugfix release, containing mostly fixes for bugs
introduced in 0.6.0 and 0.5.x.

Users trying to set up 0.6.0 will want to upgrade.
Users with a working 0.6.0 might as well stick with it.

Users with 0.4.x and earlier should upgrade, especially when
using make-secnet-sites on not-wholly-trusted input.

Users with 0.5.x: 0.6.x has a fix affecting mobile sites on IPv6
public networks amongst its many substantial changes.  See the 0.6.0
release announcement for full details:
  https://www.chiark.greenend.org.uk/pipermail/sgo-software-announce/2020/000048.html

0.6.0 can be found here:
  https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
  https://www.chiark.greenend.org.uk/~secnet/release/0.6.0/

SHA-256 checksums are listed below.

The .deb is from Debian amd64 stretch (oldstable) and should work on
more recent versions of Debian and on many Debian derivatives.


secnet (0.6.1) unstable; urgency=medium

  Logging bugfixes:
  * Fix completely broken startup logging.  Config errors would not
    be repoorted other than via the exit status!  (Broken in 0.6.0.)
  * Suppress various uninteresting messages during startup, to
    avoid noise during successful startup.
  * Move "starting" message earlier.
  
  make-secnet-sites bugfixes:
  * Fix error handling if caller is in wrong group.
  * Fix regressions in handling of delegated sites file fragments
    (especially wrt the optional group parameter to `location').
    Broken since security fixes in 0.5.0.

  Fixes to example config file:
  * Use new name-prefixed format for map(site...) runes.  Old runes
    were desupported by make-secnet-sites security fix (in 0.5.0).
  * Fix "transform" syntax (broken since 0.3.0).

  Other bugfixes and improvements:
  * rsa: Do not crash if private key file is not accessible when
    running --just-check-config.  (Broken since 0.6.0.)
  * rsa: Print errno value if we fail to open key file.
  * config parsing: When closure is of wrong type, give details.
  * Use CLOCK_MONOTONIC for all our timing needs (but only when
    built against an as-yet-unpublished adns feature).

  Supporting changes:
  * Tests for some of the changes.
  * Minor internal refactorings and improvements.
  * Merge subdirmk 1.0.

 -- Ian Jackson <ijackson at chiark.greenend.org.uk>  Sun, 24 May 2020 22:14:26 +0100


9d732b280fbd9f33447e7e6498549c20ad3199e120d88a5e24457a2baf87d763  secnet_0.6.1.dsc
526ffdf56182f8e232a17cd94066a8c10d094ac12e382f49fe5989ea148017dd  secnet_0.6.1.tar.gz
eaf976d0a413f53e09a5240c5a0801d785b1c1f6a2b3e5c9bf2f492ba78172a1  secnet-dbgsym_0.6.1_amd64.deb
e99f0ef12ccd04d534d527175a6055d13f5a6ba1fb0a7d9c698b6667ded1f176  secnet_0.6.1_amd64.buildinfo
e1adb7536aaae0cfe6aa5aa2206eee08f71250882343fd07a90d35eea781f3a8  secnet_0.6.1_amd64.deb
fb91ba019fb51573190f02d6aedeaa81b7edf75ab079efc39d26b21230a66368  secnet_0.6.1_multi.changes
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAl7K68oACgkQ4+M5I0i1
DTlrMQf9FXvGJQIcdnrd97s9RUZpLHq/3cNxiiDsxANg+f/0tpwnL/FJHPnhnmbq
vksHsHUv2/kWT20eLnV7ci1AbZP/cjqZFafSFGYBWzGtHemIyiqhs+ylyFMAgKQ1
lyOTmwulCgPlgNLFQQSE/gUT5hSLjPNh9KDdTxa7uaqeU4x5URItuJQEsymdHGbp
+CRL+u5geohpIbcYGYOTUPCGI7M4qug2bAlVrVDrNmBwx3aoWFc5aDegiuaj62l+
fJgqx5M8b+PyHbvGVIUXHRDhqOL+34uh9QPujP0ADNv7lchg0+pwoCwCou7E7iA2
tyO6sLXxINwEpaitx0ucBOlPH9OYLA==
=3gN4
-----END PGP SIGNATURE-----

More information about the sgo-software-announce mailing list