From djm at mindrot.org  Thu Mar  1 11:41:11 2001
From: djm at mindrot.org (Damien Miller)
Date: Thu, 1 Mar 2001 11:41:11 +1100 (EST)
Subject: Portable OpenSSH 2.5.1p2
Message-ID: <Pine.LNX.4.30.0103011121280.21426-100000@mothra.mindrot.org>


Portable OpenSSH 2.5.1p2 has just been uploaded and will be making its
way to the mirror sites (http://www.openssh.com/portable.html) in due
course.

This release contains primarily bug-fixes over 2.5.1p1 but an upgrade is
recommended. Specific bug-fixes include:

 - Fixed endianess issue causing failues when usin Rijndael/AES cipher
 - Fix PAM failures on Solaris and Linux
 - Fix RPM spec file for Redhat systems
 - Fixed several compatibility functions
 - Fix entropy collection code for SCO3 and NeXTStep
 - Many other minor fixes (see Changelog for details)

This release includes Mark Roth's mdoc2man.pl script which can be used
to fix up the manpages on systems that lack the full andoc set of
macros (e.g. Solaris). A future release of portable OpenSSH will automate
this scripts use for systems that require it.

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer





From djm at mindrot.org  Thu Mar 22 21:43:56 2001
From: djm at mindrot.org (Damien Miller)
Date: Thu, 22 Mar 2001 21:43:56 +1100 (EST)
Subject: Portable OpenSSH-2.5.2p2
Message-ID: <Pine.LNX.4.30.0103222129420.19326-100000@mothra.mindrot.org>

Portable OpenSSH 2.5.2p2 is now available from the mirror sites
listed at http://www.openssh.com/portable.html

Security related changes:
	Improved countermeasure against "Passive Analysis of SSH
	(Secure Shell) Traffic"
	http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt

	The countermeasures introduced in earlier OpenSSH-2.5.x versions
	caused interoperability problems with some other implementations.

	Improved countermeasure against "SSH protocol 1.5 session
	key recovery vulnerability"
	http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm

New options:
	permitopen authorized_keys option to restrict portforwarding.

	PreferredAuthentications allows client to specify the order in which
	authentication methods are tried.

Sftp:
	sftp client supports globbing (get *, put *).

	Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).

	Batch file (-b) support for automated transfers

Performance:
	Speedup DH exchange. OpenSSH should now be significantly faster when
	connecting use SSH protocol 2.

	Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
	much faster throughput in a well scrutinised cipher.

Bugfixes:
	stderr handling fixes in SSH protocol 2.

	Improved interoperability.

Client:
	The client no longer asks for the the passphrase if the key
	will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)

Miscellaneous:
	scp should now work for files > 2GB

	ssh-keygen can now generate fingerprints in the "bubble babble"
	format for exchanging fingerprints with SSH.COM's SSH protocol 2
	implementation.

Portable version:
	Better support for the PRNGd[1] entropy collection daemon. The
	--with-egd-pool configure option has been deprecated in favour
	of --with-prngd-socket and the new --with-prngd-port options.
	The latter allows collection of entropy from a localhost
	socket.

	configure ensures that scp is in the $PATH set by the server
	(unless a custom path is specified).

-d

[1] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html


-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan Geer