From djm at mindrot.org Fri Jan 7 18:43:39 2000 From: djm at mindrot.org (Damien Miller) Date: Fri, 7 Jan 2000 18:43:39 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.1pre25 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.2.1pre25 is out. Please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html The following mirrors already have it: ftp://ftp.localhost.ca/pub/openssh/files/ ftp://thermo.stat.ncsu.edu/pub/openssh/files/ http://www.firedrake.org/openssh/files/ Changes: - - "Corrupted check bytes on input" when using triple DES has been fixed - - Added support for directory based lastlogs. This should make Irix as functional as the other platforms. - - Compilation fixes - - Documentation updates - - ssh-agent now properly cleans up after itself. - - Beginnings of SCO support Open Issues: - - manpages on Solaris and other platforms - - AIX status is unknown - - snprintf for NeXT and older Solaris systems - - Older Linux systems lack the poll() function. Replacement needed. - - Connection stalls over forwarded connections - - Hang on logout. Refer to TODO for details. Detailed changelog: 20000107 - New config.sub and config.guess to fix problems on SCO. Supplied by Gary E. Miller - SCO build fix from Gary E. Miller 20000106 - Documentation update & cleanup - Better KrbIV / AFS detection, based on patch from: Holger Trapp 20000105 - Fixed annoying DES corruption problem. libcrypt has been overriding symbols in libcrypto. Removed libcrypt and crypt.h altogether (libcrypto includes its own crypt(1) replacement) - Added platform-specific rules for Irix 6.x. Included warning that they are untested. 20000103 - Add explicit make rules for files proccessed by fixpaths. - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori - Removed "nullok" directive from default PAM configuration files. Added information on enabling EmptyPasswords on openssh+PAM in UPGRADING file. - OpenBSD CVS updates - [ssh-agent.c] cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and dgaudet at arctic.org - [sshconnect.c] compare correct version for 1.3 compat mode 20000102 - Prevent multiple inclusion of config.h and defines.h. Suggested by Andre Lucas - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet 19991231 - Added support for directory-based lastlogs - Really fix typedefs, patch from Ben Taylor Regards, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4dZkvormJ9RG1dI8RAoTzAJ4nkp65WW8hNO0alIrE8My0Rci0xQCglQ6m Ls3xdOymKybAU+p795e4XnE= =RWBk -----END PGP SIGNATURE----- From djm at mindrot.org Sun Jan 16 17:59:08 2000 From: djm at mindrot.org (Damien Miller) Date: Sun, 16 Jan 2000 17:59:08 +1100 (EST) Subject: ANNOUNCE: 1.2.1pre26 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have uploaded openssh-1.2.1pre26. Please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html Major changes: - IPv6 support. I have merged the IPv6 support from OpenBSD CVS and the function replacements from KIKUCHI Takahiro . It compiles and works OK for me on Redhat Linux 6.1 (which has the necessary functions) and 5.2 (which uses the replacement functions). This is a big change and is likely to break some of the other platforms. Please test. - OpenBSD cvs updates (including portforwarding fixes). - Change auth-skey.c to use OpenSSH SHA1 functions - Use __snprintf and friends if they are present and snprintf is not. - Portability fixes - Add --with-xauth=FILE and --with-pid-dir=PATH configure options Detailed changes: 20000116 - Renamed --with-xauth-path to --with-xauth - Added --with-pid-dir option - Released 1.2.1pre26 20000115 - Add --with-xauth-path configure directive and explicit test for /usr/openwin/bin/xauth for Solaris systems. Report from Anders Nordby - Fix incorrect detection of /dev/ptmx on Linux systems that lack openpty. Report from John Seifarth - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in sys/types.h. Fixes problems on SCO, report from Gary E. Miller - Use __snprintf and __vnsprintf if they are found where snprintf and vnsprintf are lacking. Suggested by Ben Taylor and others. 20000114 - Merged OpenBSD IPv6 patch: - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1] [scp.c packet.h packet.c login.c log.c canohost.c channels.c] [hostfile.c sshd_config] ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new features: sshd allows multiple ListenAddress and Port options. note that libwrap is not IPv6-ready. (based on patches from fujiwara at rcac.tdi.co.jp) - [ssh.c canohost.c] more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, from itojun@ - [channels.c] listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE) - [packet.h] allow auth-kerberos for IPv4 only - [scp.1 sshd.8 servconf.h scp.c] document -4, -6, and 'ssh -L 2022/::1/22' - [ssh.c] 'ssh @host' is illegal (null user name), from karsten at gedankenpolizei.de - [sshconnect.c] better error message - [sshd.c] allow auth-kerberos for IPv4 only - Big IPv6 merge: - Cleanup overrun in sockaddr copying on RHL 6.1 - Replacements for getaddrinfo, getnameinfo, etc based on versions from patch from KIKUCHI Takahiro - Replacement for missing structures on systems that lack IPv6 - record_login needed to know about AF_INET6 addresses - Borrowed more code from OpenBSD: rresvport_af and requisites 20000110 - Fixes to auth-skey to enable it to use the standard OpenSSL libraries Regards, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4gWxAormJ9RG1dI8RAg1VAKDRJm+naPjh0mp81FeG0fmULtGEzgCdEyRb Ahg8A459AGPSPy0rboC1hlo= =ql+U -----END PGP SIGNATURE----- From djm at mindrot.org Mon Jan 17 13:50:28 2000 From: djm at mindrot.org (Damien Miller) Date: Mon, 17 Jan 2000 13:50:28 +1100 (EST) Subject: AANOUNCE: openssh-1.2.1pre27 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A couple of silly errors, and one dangerous bug were in the pre26 release. This release corrects them. http://violet.ibs.com.au/openssh/files/openssh-1.2.1pre27.tar.gz If you want RPMs or any of the other files, please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html Changes: - Using __snprintf is *NOT SAFE* on old Solaris. These functions do not behave the same as "normal" snprintf. The compatiblity change has been reverted. Thanks to Theo de Raadt for the warning. (this means we need to adapt the another snprintf implementation to replace the one in bsd-snprintf.c. Has anyone cleaned up the PostgreSQL version that was posted here a month or so ago?) - Compile fixes for systems lacking IPv6 support. - Compile fixes for Linux systems with /dev/ptmx but lacking openpty() - Cleaned up bugs in bsd-bindresvport.c - Fix X11 forwarding on Linux w/o IPv6 Changelog: 20000117 - Clean up bsd-bindresvport.c. Use arc4random() for picking initial port, ignore EINVAL errors (Linux) when searching for free port. - Revert __snprintf -> snprintf aliasing. Apparently Solaris __snprintf isn't. Report from Theo de Raadt - Document location of Redhat PAM file in INSTALL. - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6 INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to deliver (no IPv6 kernel kernel support) - Released 1.2.1pre27 20000116 - Compilation fix from Kiyokazu SUTO - Fixed broken bugfix for /dev/ptmx on Linux systems which lack openpty(). Report from Kiyokazu SUTO - -dm - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4goN4ormJ9RG1dI8RArXIAKC3l60ufV4otRvX6OPEcPQhEfq2BACeOb/a gcACH0b/NeKHaOmLU64ecKE= =85fx -----END PGP SIGNATURE----- From djm at mindrot.org Thu Jan 27 16:12:59 2000 From: djm at mindrot.org (Damien Miller) Date: Thu, 27 Jan 2000 16:12:59 +1100 (EST) Subject: ANNOUNCE: openssh-1.2.2 Message-ID: It gives me no little pleasure to announce the first stable release of the Unix port of OpenSSH. It is available in tar.gz and RPM format from one of the mirrors listed at: http://violet.ibs.com.au/openssh/files/MIRRORS.html This release fixes all known issues and is known to compile and function on (at least) recent releases on Linux, Solaris, HPUX and SCO Unixware. Please review the ChangeLog[1] for details on what has changed since the last release. I am holding off on a wider announcement until the mirrors have updated. Thanks to everyone who assisted with testing, bug reports, success stories and most of all, patches :) Special thanks to the OpenBSD developers for giving us OpenSSH to begin with. Regards, Damien Miller [1] http://violet.ibs.com.au/openssh/files/ChangeLog -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)