From djm at mindrot.org Sat Jul 1 20:22:36 2000 From: djm at mindrot.org (Damien Miller) Date: Sat, 1 Jul 2000 20:22:36 +1000 (EST) Subject: Announce: OpenSSH 2.1.1p2 Message-ID: Announcing the release of portable OpenSSH 2.1.1p2. This release primarily contains fixes to the bugs that have been reported over the last month, in particular: - Invalid time bring written to utmp/wtmp on systems using bash2 - Several lastlog fixes - AIX, SCO, Irix portability fixes - Avoid failures on PAM systems when using PAM authentication modules which require a tty. - Entropy collection fixes for Solaris. - EGD robustness improvements - Fixes and enhancements from the OpenBSD team: - Fixed options processing in authorized_keys2 file - Compatibility with commercial SSH 2.0.13 and 2.2.0 - Numerous minor fixes There are also a couple of new features: - Shadow password expiry support (no password change support yet) - Irix 6.x array sessions, project IDs and system audit trail IDs - Beginnings of Tru64 / OSF SIA (Security Integration Architecture) support - Beginnings of NeXT support Version 2.1.1p2 will be available from the mirrors listed at http://www.openssh.com/portable.html (as soon as they update). Many thanks to all those who tested the snapshots and/or contributed bug reports and patches Regards, Damien Miller -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) From djm at mindrot.org Wed Jul 12 21:51:41 2000 From: djm at mindrot.org (Damien Miller) Date: Wed, 12 Jul 2000 21:51:41 +1000 (EST) Subject: Announce: portable OpenSSH 2.1.1p3 Message-ID: The 2.1.1p3 release of portable OpenSSH has been uploaded to the OpenBSD ftp master site. In a few hours it will be available from one of the many mirrors listed at: http://www.openssh.com/portable.html This release fixes several bugs reported since the previous release and extends portability to NeXT and Reliant Unix. As usual, the OpenBSD team has been hard at work further polishing and enhancing OpenSSH. This release brings a new configuration directive "MaxStartups" which mitigates connection flooding attacks, further details are in the sshd man-page. Another noteworthy difference from previous releases is that 'FallBackToRsh' now defaults to 'no'. Users of this feature may need to edit their /etc/ssh_config or ~/.ssh/config files to achieve the same behavior. Again, thanks to those who reported bugs, tested the snapshot and sent fixes. Regards, Damien Miller ------------------ Changelog 20000712 - (djm) Remove -lresolve for Reliant Unix - (djm) OpenBSD CVS Updates: - deraadt at cvs.openbsd.org 2000/07/11 02:11:34 [session.c sshd.c ] make MaxStartups code still work with -d; djm - deraadt at cvs.openbsd.org 2000/07/11 13:17:45 [readconf.c ssh_config] disable FallBackToRsh by default - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from Ben Lindstrom - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM spec file. - (djm) Released 2.1.1p3 20000711 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson - (djm) ReliantUNIX support from Udo Schweigert - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report from Jim Watt - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known to compile on more platforms (incl NeXT). - (djm) Added bsd-inet_aton and configure support for NeXT - (djm) Misc NeXT fixes from Ben Lindstrom - (djm) OpenBSD CVS updates: - markus at cvs.openbsd.org 2000/06/26 03:22:29 [authfd.c] cleanup, less cut&paste - markus at cvs.openbsd.org 2000/06/26 15:59:19 [servconf.c servconf.h session.c sshd.8 sshd.c] MaxStartups: limit number of unauthenticated connections, work by theo and me - deraadt at cvs.openbsd.org 2000/07/05 14:18:07 [session.c] use no_x11_forwarding_flag correctly; provos ok - provos at cvs.openbsd.org 2000/07/05 15:35:57 [sshd.c] typo - aaron at cvs.openbsd.org 2000/07/05 22:06:58 [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8] Insert more missing .El directives. Our troff really should identify these and spit out a warning. - todd at cvs.openbsd.org 2000/07/06 21:55:04 [auth-rsa.c auth2.c ssh-keygen.c] clean code is good code - deraadt at cvs.openbsd.org 2000/07/07 02:14:29 [serverloop.c] sense of port forwarding flag test was backwards - provos at cvs.openbsd.org 2000/07/08 17:17:31 [compat.c readconf.c] replace strtok with strsep; from David Young - deraadt at cvs.openbsd.org 2000/07/08 19:21:15 [auth.h] KNF - ho at cvs.openbsd.org 2000/07/08 19:27:33 [compat.c readconf.c] Better conditions for strsep() ending. - ho at cvs.openbsd.org 2000/07/10 10:27:05 [readconf.c] Get the correct message on errors. (niels@ ok) - ho at cvs.openbsd.org 2000/07/10 10:30:25 [cipher.c kex.c servconf.c] strtok() --> strsep(). (niels@ ok) - (djm) Fix problem with debug mode and MaxStartups - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM builds) - (djm) Add strsep function from OpenBSD libc for systems that lack it 20000709 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from Kevin Steves - (djm) Match prototype and function declaration for rresvport_af. Problem report from Niklas Edmundsson - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM builds. Problem report from Gregory Leblanc - (djm) Replace ut_name with ut_user. Patch from Jim Watt - (djm) Fix pam sprintf fix - (djm) Cleanup entropy collection code a little more. Split initialisation from seeding, perform intialisation immediatly at start, be careful with uids. Based on problem report from Jim Watt - (djm) More NeXT compatibility from Ben Lindstrom Including sigaction() et al. replacements - (djm) AIX getuserattr() session initialisation from Tom Bertelson 20000708 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from Aaron Hopkins - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from Lutz Jaenicke - (djm) Fixed undefined variables for OSF SIA. Report from Baars, Henk - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c Fix from Marquess, Steve Mr JMLFDC - (djm) Don't use inet_addr. 20000702 - (djm) Fix brace mismatch from Corinna Vinschen - (djm) Stop shadow expiry checking from preventing logins with NIS. Based on fix from HARUYAMA Seigo - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from Chris, the Young One - (djm) Fix scp progress meter on really wide terminals. Based on patch from James H. Cloos Jr. ------------------ -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) From djm at mindrot.org Sun Jul 16 16:07:44 2000 From: djm at mindrot.org (Damien Miller) Date: Sun, 16 Jul 2000 16:07:44 +1000 (EST) Subject: Announce: portable OpenSSH 2.1.1p4 Message-ID: I have just uploaded portable OpenSSH 2.1.1p4, it should be making its way to the mirrors listed at http://www.openssh.com/portable.html soon. This release contains several bugfixes from the OpenBSD team, primarily the config file parsing problem reported by Ralf Engelschall Regards, Damien Miller --------------- Changelog: 20000716 - Release 2.1.1p4 20000715 - (djm) OpenBSD CVS updates - provos at cvs.openbsd.org 2000/07/13 16:53:22 [aux.c readconf.c servconf.c ssh.h] allow multiple whitespace but only one '=' between tokens, bug report from Ralf S. Engelschall but different fix. okay deraadt@ - provos at cvs.openbsd.org 2000/07/13 17:14:09 [clientloop.c] typo; todd at fries.net - provos at cvs.openbsd.org 2000/07/13 17:19:31 [scp.c] close can fail on AFS, report error; from Greg Hudson - markus at cvs.openbsd.org 2000/07/14 16:59:46 [readconf.c servconf.c] allow leading whitespace. ok niels - djm at cvs.openbsd.org 2000/07/14 22:01:38 [ssh-keygen.c ssh.c] Always create ~/.ssh with mode 700; ok Markus - Fixes for SunOS 4.1.4 from Gordon Atwood - Include floatingpoint.h for entropy.c - strerror replacement --------------- -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)