[Bug 1658268] Re: Please update to 3.0

Mattia Rizzolo mattia at mapreri.org
Sat Jan 21 09:41:59 UTC 2017


** Changed in: gvpe (Ubuntu)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1658268

Title:
  Please update to 3.0

Status in gvpe package in Ubuntu:
  Fix Committed

Bug description:
  This is a backwards incompatible release, but better security by
  default (keys are 3072 bit and configurable now.)

  
  Upstream changelog:

  3.0  Thu Nov 10 15:39:58 CET 2016
          - INCOMPATIBLE CHANGE: core protocol version 1.0.
          - INCOMPATIBLE CHANGE: node sections are now introduced
            with "node nodename", not "node = nodename".
          - INCOMPATIBLE CHANGE: gvpectrl -g will now generate a single
            keypair, while -G will try to generate all keypairs as before.
          - openssl 1.0.2 is the latest supported openssl release,
            openssl 1.1.0 is not supported at the moment as the work to
            make it compatible to both versions is just too much. a switch
            to openssl 1.1 or another library will be done in a future release.
          - update examples to not generate keys centrally, but locally on each
            node.
          - add workaround for temporary/rare ENOBUFS condition.
          - while individual packets couldn't be replayed, a whole session
            could be replayed - this has been fixed by an extra key exchange.
          - fix a delete vs. delete [] mismatch in the central logging function.
          - in addition to rsa key exchange and authentication, the handshake now
            adds a diffie-hellman key exchange (using curve25119) for perfect
            forward secrecy. mac and cipher keys are derived using HKDF.
          - rsa key sizes are now configurable and larger (default is 3072).
            correspondingly, the minimum mtu is no longer 296 but 576.
          - fixed a potential (unverified) buffer overrun on rsa decryption.
          - new per-node low-power setting that tries to reduce cpu/network usage.
          - router reconnects could cause excessive rekeying on other connections.
          - gvpectrl no longer generates all missing public keys, but
            only missing private keys. private keys are also put
            into the configured location.
          - the pid-file now accepts %s as nodename as elsewhere.
          - switch to counter mode (only aes supported at the moment in
            openssl). this gets rid of the need to generate a random iv,
            is likely more secure (and, as a side effect, gets rid of
            slow randomness generation. counter mode is often faster
            then cbc mode as well, and packets are smaller).
          - no longer use RAND_bytes to generate session keys - you NEED
            a real source of entropy now (e.g. egd or /dev/random - see the
            openssl documentation).
          - multiple node statements for the same node are now supported
            and will be merged.
          - a new directive "global" switches back to the global section
            of the config file.
          - if-up scripts can now be specified with absolute paths.
          - new global option: serial, to detect configuration mismatches.
          - use HKDF as authentication proof, not HMAC or a plain hash
            (hint by Ilmari Karonen).
          - during rekeying or connection establishments, hmac authentication
            errors could occur and reset the connection. Transient hmac
            authentication errors are now being ignored for 3 seconds.
          - log the reason for a conneciton loss.
          - use a (hopefully) constant time memcmp to compare internal secrets.
          - fix a (harmless) errornous out of bounds stack read that would trigger
            gcc's -fsanitize=address.
          - bump old packet window size from 512 to 65536.
          - update for big changes in openssl 1.1 API, wrap primitives
            to make further changes easier.
          - correctly check return values for openssl 1.0.0 and later.
          - check for both public and private key file when deciding whether
            to skip generating a key to avoid accidental overwrites.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gvpe/+bug/1658268/+subscriptions



More information about the Ubuntu-sponsors mailing list