secnet 0.3.1

[Ian Jackson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am pleased to announce secnet 0.3.1.

0.3.1 is a new upstream version containing mostly bugfixes, including
security fixes.  (The vulnerabilities are only exposed to the vpn, not
the global internet, and consist of DoS bugs and a trivial packet
header information leak.)

Many of the bugfixes relate to MTU handling and fragmentation.
0.3.1 also has a new MTU negotiation feature which should improve MTU
handling in deployments where site administrators have configured
differing MTUs.

0.3.1 is backward compatible with previous versions.


secnet 0.3.1 can be found here:

 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
 http://www.chiark.greenend.org.uk/~secnet/release/0.3.1/


If you are upgrading from pre-0.3 secnet, you should make a change to
your secnet.conf file, as follows:
  -transform serpent256-cbc {
  -	max-sequence-skew 10;
  -};
  +transform eax-serpent { }, serpent256-cbc { };
 
The previously-specified transform "serpent256-cbc" has serious
security weaknesses.  If you make this change, your new secnet
will automatically negotiate the new "eax-serpent" transform with
suitably capable peers.


For full details see the git history.

There are no code changes from 0.3.1~beta3 to 0.3.1.


Here are the distribution files' SHA-256 checksums:

694ecf313b1dbf8a367ffb7c217aa3ce6cc51e8541c2f242ea640de03eaaac24  secnet-0.3.1.tar.gz
92d5e5f2e8d7eca2a5295d849d739b3d582dbdede9c51c184e0a8411e90609bc  secnet_0.3.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTdAmxAAoJEOPjOSNItQ05ZFMH/REDV9sh7TdSVUUD0l0lNQus
lbP8rtG8PxEuS5Nxj8zbqrUUmAl1ICtHbrN7Wsn4gVoMl/R8bYOtUewhkJ19t7aQ
XFz8eiF/yFRjit10Q/B005ctSZaDeCO81S+gnOR7Psekd4gLN0RRAnQEx01cDRV7
JT5hhfr9bXZyC/cVrjx2FHH2oI5VODiQu358HUqIPcuFLviOEKDoD4JaYJuojgn9
0q1hHP1VAGu+taAFM4k9Iq72f0kjjuHjmpuuBhD1MnJwLwAoEqqBCz2CI6rBMneZ
w+LDtq3F5XF+Xb5Zf23z62bjzzsvwoLGmalxtXWx/iF2pa5l6dCB+8SmnFJ+N7Q=
=YQio
-----END PGP SIGNATURE-----