FreeSWAN Release 1.93 ships!
Derek Atkins
warlord at MIT.EDU
Mon Dec 10 10:21:26 PST 2001
Note that to compile FreeS/WAN on Red Hat using the Red Hat
kernel-source RPM you need to:
rm include/linux/modules/*.ver
before you 'make dep'. Otherwise you get module version
brokenness.
-derek
"Lucky Green" <shamrock at cypherpunks.to> writes:
> The big question is: will FreeS/WAN latest release after some 4 or 5
> years of development finally both compile and install cleanly on current
> versions of Red Hat Linux, FreeS/WAN's purported target platform?
>
> --Lucky, who is bothered by the fact that most his Linux using friends
> so far have been unable to get FreeS/WAN to even compile into a working
> kernel, while just about every *BSD distribution - and for that matter
> Windows XP - ship with a working IPSec implementation out-of-the-box.
>
> > -----Original Message-----
> > From: owner-cypherpunks at lne.com
> > [mailto:owner-cypherpunks at lne.com] On Behalf Of Bill Stewart
> > Sent: Thursday, December 06, 2001 2:05 AM
> > To: cypherpunks at lne.com
> > Cc: cryptography at wasabisystems.com
> > Subject: FreeSWAN Release 1.93 ships!
> >
> >
> > From Claudia Schmeing <claudia at freeswan.org>'s summary:
> > <http://lists.freeswan.org/pipermail/briefs/>
> > =========
> >
> > 1. Release 1.93 ships!
> > ===================
> > 1 post Dec 3
> >
> > http://lists.freeswan.org/pipermail/users/2001-December/005632
> .html
>
> A number of small improvements have been added to this release, which
> was shipped on-time.
>
> Some highlights:
>
> * Diffie-Hellman group 5 is now the first group proposed.
> * Two cases where fragmentation is needed will be handled better, thanks
> to these two changes
>
> The code that decides whether to send an ICMP complaint back
> about
> a packet which had to be fragmented, but couldn't be, has gotten
> smart enough that we now feel comfortable enabling it by
> default.
> and
>
> IKE (UDP/500) packets which were large enough to be fragmented
> used
> to be mishandled, with some of the fragments failing to bypass
> IPsec
> tunnels properly. This has been fixed; our thanks to Hans
> Schultz.
>
> * If Pluto gets more than one RSA key from DNS, it will now try each
> key.
> This will help when a system administrator replaces a key.
> * There is preliminary support for building RPMs.
> * SMP support is better.
> * The team has eliminated a vulnerability that might permit a denial of
> service
> attack.
>
> What can we expect from the next release? Henry Spencer writes:
>
> We are in the process of chasing down a couple of significant bugs
> (which
> have been there since at least 1.92 and possibly earlier), and we
> *might*
> ship another release quite shortly if we nail them down and fix
> them. If
> we don't, we won't. Barring that possibility, the next release is
> planned
> for the end of January; a more precise date will be announced
> shortly.
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list