Hi all, fwknop-2.0.0rc4 is ready for download:
http://www.cipherdyne.org/fwknop/download/ This is a fairly significant update that includes several things: - Removed the dependency on gdbm/ndbm for SPA replay detection via digest tracking. A new simple linked list + ascii digest.cache file mechanism has been implemented. - Fixed an issue on Linux systems to ensure that any fwknop jump rule from one of the built-in iptables chains is re-created if it got deleted. (Other scripts and such that manage iptables policies don't necessarily know anything about fwknop.) - Added many compile-time security options, -fstack-protector, D_FORTIFY_SOURCE, position independent executable (PIE), read-only relocations, and immediate binding protection. On ubuntu, this means that looking at the fwknop or fwknopd binaries passes the "hardening-check" script written by Kees Cook. - Added gcc -Wall to enable all compilation warnings by default, and made some minor code restructuring to fix compilation warnings. - Fixed an issue on FreeBSD systems where the ipfw 'set' used by fwknopd was attempted to be deleted regardless of whether it exists and this caused fwknopd to exit. - Because the number of supported devices and operating systems is increasing (Android, OpenWRT, etc.), I've added in the python/ and perl/ directories into the .tar source distributions. Not doing that would require several different .tar distributions, and I would like people to be able to get all of the sources in one download (and not necessarily have to run git for this). We'll get binary packages posted though too. One of the main things I'm interested in for this release is whether things work on Mac OS X systems (since I don't have one so I can't test). A couple of compile time security options had to be removed on FreeBSD, so something similar may have to be done on Mac OS X. As usual, the complete history is available via git: http://cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=summary Here is the ChangeLog (which is now built from git commit messages): http://cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=blob;f=ChangeLog-v2.0.0;h=0f75ddf9758f78c7b38c78cb7cdc0a82f455d202;hb=17beb2d348a076aa86a5732b9b572b21c1fcb594 Please let me know if there are any issues. --Mike ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
