FreeSWAN Release 1.93 ships!

Derek Atkins warlord at MIT.EDU
Mon Dec 10 10:21:26 PST 2001


Note that to compile FreeS/WAN on Red Hat using the Red Hat
kernel-source RPM you need to:
	rm include/linux/modules/*.ver
before you 'make dep'.  Otherwise you get module version
brokenness.

-derek

"Lucky Green" <shamrock at cypherpunks.to> writes:

> The big question is: will FreeS/WAN latest release after some 4 or 5
> years of development finally both compile and install cleanly on current
> versions of Red Hat Linux, FreeS/WAN's purported target platform?
> 
> --Lucky, who is bothered by the fact that most his Linux using friends
> so far have been unable to get FreeS/WAN to even compile into a working
> kernel, while just about every *BSD distribution - and for that matter
> Windows XP - ship with a working IPSec implementation out-of-the-box.
> 
> > -----Original Message-----
> > From: owner-cypherpunks at lne.com 
> > [mailto:owner-cypherpunks at lne.com] On Behalf Of Bill Stewart
> > Sent: Thursday, December 06, 2001 2:05 AM
> > To: cypherpunks at lne.com
> > Cc: cryptography at wasabisystems.com
> > Subject: FreeSWAN Release 1.93 ships!
> > 
> > 
> >  From Claudia Schmeing <claudia at freeswan.org>'s summary:
> >   <http://lists.freeswan.org/pipermail/briefs/>
> > =========
> > 
> > 1.  Release 1.93 ships!
> >      ===================
> >      1 post Dec 3
> >      
> > http://lists.freeswan.org/pipermail/users/2001-December/005632
> .html
> 
> A number of small improvements have been added to this release, which
> was shipped on-time.
> 
> Some highlights:
> 
> * Diffie-Hellman group 5 is now the first group proposed.
> * Two cases where fragmentation is needed will be handled better, thanks
>    to these two changes
> 
>         The code that decides whether to send an ICMP complaint back
> about
>         a packet which had to be fragmented, but couldn't be, has gotten
>         smart enough that we now feel comfortable enabling it by
> default.
>    and
> 
>         IKE (UDP/500) packets which were large enough to be fragmented
> used
>         to be mishandled, with some of the fragments failing to bypass
> IPsec
>         tunnels properly.  This has been fixed; our thanks to Hans
> Schultz.
> 
> * If Pluto gets more than one RSA key from DNS, it will now try each
> key.
>    This will help when a system administrator replaces a key.
> * There is preliminary support for building RPMs.
> * SMP support is better.
> * The team has eliminated a vulnerability that might permit a denial of 
> service
>    attack.
> 
> What can we expect from the next release? Henry Spencer writes:
> 
>      We are in the process of chasing down a couple of significant bugs
> (which
>      have been there since at least 1.92 and possibly earlier), and we
> *might*
>      ship another release quite shortly if we nail them down and fix
> them.  If
>      we don't, we won't.  Barring that possibility, the next release is
> planned
>      for the end of January; a more precise date will be announced
> shortly.
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list