secnet 0.3.0
Ian Jackson
ijackson at chiark.greenend.org.uk
Sun Sep 1 20:59:08 BST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I am pleased to announce secnet 0.3.0.
0.3.0 is a new upstream version with substantial changes from 0.2.1,
including important security and stability fixes. It is backwards-
compatibile with previous versions. You are advised to upgrade.
For those on the SGO VPN: chiark is already running this version.
secnet 0.3.0 can be found here:
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
http://www.chiark.greenend.org.uk/~secnet/release/0.3.0/
When you have upgraded, you should make a change to your secnet.conf
file, as follows:
-transform serpent256-cbc {
- max-sequence-skew 10;
-};
+transform eax-serpent { }, serpent256-cbc { };
The previously-specified transform "serpent256-cbc" has serious
security weaknesses. If you make this change, your new secnet
will automatically negotiate the new "eax-serpent" transform with
suitably capable peers.
The changes between 0.2.1 and 0.3.0 are too extensive to list here,
but here is a summary of the most important changes:
* New EAX-based encryption (old transform was insecure)
* Eliminate many remotely-triggerable DOS bugs
* New "mobile sites" feature for sites with unstable public addresses
* Many bugfixes
For full details see the git history.
There are no code changes from 0.3.0~beta3 to 0.3.0.
Here are the distribution files' SHA-256 checksums:
c79eb8c8099fd7abb32ebdb89598da9324d30a9bc30dac341e9c3dcd09103c44 secnet-0.3.0.tar.gz
c6388d22d370aa28d36242111503825070c644d2ae638a2c18e1af3d722f8144 secnet-0.3.0.tar.gz.sig
b0eb5bda51f96827da2a22aba16e3a2c5c2b6100f9cdce52bcc954682ecd1869 secnet_0.3.0_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCAAGBQJSI5xSAAoJEOPjOSNItQ05GZQH/2ETz53P7L3+AIduWzdqqi3h
4X7GT/WNXFvc10I58c7uPel75Ytd3pDFT0kDERmnUBt//T8KU7gCDZjICRcDDyRG
Lohw3ECi4NdFJZuK8SZeXcDEaJZh3YYTZsGzqRphlBjAA+3H6IqfDY+LgIzllJTL
hfm+66B1RSPUduRzYH2r17ktxItOaRHJQ/WG7DRqnz1DWtueObLDlm5TGDAooZO6
1hmk+d0aPTqjsZn3pfWGEr5f0yCzImqjZHbVrhyn49rhu/Lo78U0rbVPOz2eEi1m
zwQxMIdDwYt9JKO/AF6mC4epCBOgKUucnwGEW2JjAZSaRiZKBKptLff4vQXB820=
=1mXS
-----END PGP SIGNATURE-----
More information about the sgo-software-announce
mailing list