This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Updated: OpenSSH-3.7p1-1
- From: "Tony Schmitt" <tonyschmitt2 at aol dot com>
- To: "The Cygwin Mailing List" <cygwin at cygwin dot com>
- Date: Tue, 16 Sep 2003 23:01:16 -0400
- Subject: Re: Updated: OpenSSH-3.7p1-1
- References: <20030916223204.GX9981@cygbert.vinschen.de>
Thanks!
Corinna Vinschen wrote on 9/16/2003, 6:32 PM:
> I've just updated the version of OpenSSH to 3.7p1-1.
>
> This is an official new release as of yesterday. The Cygwin version
> is from the vanilla sources with just one tiny patch (my bad).
>
> Official Release Message:
> ====================================================================
> OpenSSH 3.7 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.
>
> OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
> implementation and includes sftp client and server support.
>
> We would like to thank the OpenSSH community for their continued
> support to the project, especially those who contributed source and
> bought T-shirts or posters.
>
> We have a new design of T-shirt available, more info on
> http://www.openbsd.org/tshirts.html#18
>
> For international orders use http://https.openbsd.org/cgi-bin/order
> and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
>
> Security Changes:
> =================
>
> All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> management error. It is uncertain whether this error is
> potentially exploitable, however, we prefer to see bugs
> fixed proactively.
>
> OpenSSH 3.7 fixes this bug.
>
> Changes since OpenSSH 3.6.1:
> ============================
>
> * The entire OpenSSH code-base has undergone a license review. As
> a result, all non-ssh1.x code is under a BSD-style license with no
> advertising requirement. Please refer to README in the source
> distribution for the exact license terms.
>
> * Rhosts authentication has been removed in ssh(1) and sshd(8).
>
> * Changes in Kerberos support:
>
> - KerberosV password support now uses a file cache instead of
> a memory cache.
>
> - KerberosIV and AFS support has been removed.
>
> - KerberosV support has been removed from SSH protocol 1.
>
> - KerberosV password authentication support remains for SSH
> protocols 1 and 2.
>
> - This release contains some GSSAPI user authentication support
> to replace legacy KerberosV authentication support. At present
> this code is still considered experimental and SHOULD NOT BE
> USED.
>
> * Changed order that keys are tried in public key authentication.
> The ssh(1) client tries the keys in the following order:
>
> 1. ssh-agent(1) keys that are found in the ssh_config(5) file
> 2. remaining ssh-agent(1) keys
> 3. keys that are only listed in the ssh_config(5) file
>
> This helps when an ssh-agent(1) has many keys, where the sshd(8)
> server might close the connection before the correct key is tried.
>
> * SOCKS5 support has been added to the dynamic forwarding mode
> in ssh(1).
>
> * Removed implementation barriers to operation of SSH over SCTP.
>
> * sftp(1) client can now transfer files with quote characters in
> their filenames.
>
> * Replaced sshd(8)'s VerifyReverseMapping with UseDNS option.
> When UseDNS option is on, reverse hostname lookups are always
> performed.
>
> * Fix a number of memory leaks.
>
> * Support for sending tty BREAK over SSH protocol 2.
>
> * Workaround for other vendor bugs in KEX guess handling.
>
> * Support for generating KEX-GEX groups (/etc/moduli) in ssh-keygen(1).
>
> * Automatic re-keying based on amount of data sent over connection.
>
> * New AddressFamily option on client to select protocol to use (IPv4
> or IPv6).
>
> * Experimental support for the "aes128-ctr", "aes192-ctr", and
> "aes256-ctr" ciphers for SSH protocol 2.
>
> * Experimental support for host keys in DNS
> (draft-ietf-secsh-dns-xx.txt).
> Please see README.dns in the source distribution for details.
>
> * Portable OpenSSH:
>
> - Replace PAM password authentication kludge with a more correct
> PAM challenge-response module from FreeBSD.
>
> - PAM support may now be enabled/disabled at runtime using the
> UsePAM directive.
>
> - Many improvements to the OpenSC smartcard support.
>
> - Regression tests now work with portable OpenSSH.
> Please refer to regress/README.regress in the source distribution.
>
> - On platforms that support it, portable OpenSSH now honors the
> UMASK, PATH and SUPATH attributes set in /etc/default/login.
>
> - Deny access to locked accounts, regardless of authentication
> method in use.
>
> Checksums:
> ==========
>
> - MD5 (openssh-3.7.tgz) = 86864ecc276c5f75b06d4872a553fa70
> - MD5 (openssh-3.7p1.tar.gz) = 77662801ba2a9cadc0ac10054bc6cb37
>
>
> Reporting Bugs:
> ===============
>
> - please read http://www.openssh.com/report.html
> and http://bugzilla.mindrot.org/
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
> Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice.
> ====================================================================
>
> To update your installation, click on the "Install Cygwin now" link on
> the http://cygwin.com/ web page. This downloads setup.exe to your
> system. Once you've downloaded setup.exe, run it and select "Net" and
> then click on the appropriate field until the above announced version
> number appears if it is not displayed already.
>
> If you have questions or comments, please send them to the Cygwin
> mailing list at: cygwin@cygwin.com . I would appreciate it if you would
> use this mailing list rather than emailing me directly. This includes
> ideas and comments about the setup utility or Cygwin in general.
>
> If you want to make a point or ask a question, the Cygwin mailing list
> is the appropriate place.
>
> *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
>
> If you want to unsubscribe from the cygwin-announce mailing list, look
> at the "List-Unsubscribe: " tag in the email header of this message.
> Send email to the address specified there. It will be in the format:
>
> cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com
>
> If you need more information on unsubscribing, start reading here:
>
> http://sources.redhat.com/lists.html#unsubscribe-simple
>
> Please read *all* of the information on unsubscribing that is available
> starting at this URL.
>
> I implore you to READ this information before sending email about how
> you "tried everything" to unsubscribe. In 100% of the cases where
> people were unable to unsubscribe, the problem was that they hadn't
> actually read and comprehended the unsubscribe instructions.
>
> If you need to unsubscribe from cygwin-announce or any other mailing
> list, reading the instructions at the above URL is guaranteed to
> provide you with the info that you need.
>
> --
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Developer mailto:cygwin@cygwin.com
> Red Hat, Inc.
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/