Announce: portable OpenSSH 2.1.1p3

Damien Miller djm at mindrot.org
Wed Jul 12 21:51:41 EST 2000


The 2.1.1p3 release of portable OpenSSH has been uploaded to the
OpenBSD ftp master site. In a few hours it will be available from one
of the many mirrors listed at:

http://www.openssh.com/portable.html

This release fixes several bugs reported since the previous release
and extends portability to NeXT and Reliant Unix.

As usual, the OpenBSD team has been hard at work further polishing and
enhancing OpenSSH. This release brings a new configuration directive
"MaxStartups" which mitigates connection flooding attacks, further
details are in the sshd man-page.

Another noteworthy difference from previous releases is that
'FallBackToRsh' now defaults to 'no'. Users of this feature may need
to edit their /etc/ssh_config or ~/.ssh/config files to achieve the
same behavior.

Again, thanks to those who reported bugs, tested the snapshot and sent
fixes.

Regards,
Damien Miller

------------------ Changelog

20000712
 - (djm) Remove -lresolve for Reliant Unix
 - (djm) OpenBSD CVS Updates:
   - deraadt at cvs.openbsd.org 2000/07/11 02:11:34
     [session.c sshd.c ]
     make MaxStartups code still work with -d; djm
   - deraadt at cvs.openbsd.org 2000/07/11 13:17:45
     [readconf.c ssh_config]
     disable FallBackToRsh by default
 - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
   Ben Lindstrom <mouring at pconline.com>
 - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
   spec file.
 - (djm) Released 2.1.1p3

20000711
 - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
   <tbert at abac.com>
 - (djm) ReliantUNIX support from Udo Schweigert <ust at cert.siemens.de>
 - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom 
   <mouring at pconline.com>
 - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report 
   from Jim Watt <jimw at peisj.pebio.com>
 - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
   to compile on more platforms (incl NeXT).
 - (djm) Added bsd-inet_aton and configure support for NeXT
 - (djm) Misc NeXT fixes from Ben Lindstrom <mouring at pconline.com>
 - (djm) OpenBSD CVS updates:
   - markus at cvs.openbsd.org  2000/06/26 03:22:29
     [authfd.c]
     cleanup, less cut&paste
   - markus at cvs.openbsd.org  2000/06/26 15:59:19
     [servconf.c servconf.h session.c sshd.8 sshd.c]
     MaxStartups: limit number of unauthenticated connections, work by 
     theo and me
   - deraadt at cvs.openbsd.org 2000/07/05 14:18:07
     [session.c]
     use no_x11_forwarding_flag correctly; provos ok
   - provos at cvs.openbsd.org  2000/07/05 15:35:57
     [sshd.c]
     typo
   - aaron at cvs.openbsd.org   2000/07/05 22:06:58
     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
     Insert more missing .El directives. Our troff really should identify 
     these and spit out a warning.
   - todd at cvs.openbsd.org    2000/07/06 21:55:04
     [auth-rsa.c auth2.c ssh-keygen.c]
     clean code is good code
   - deraadt at cvs.openbsd.org 2000/07/07 02:14:29
     [serverloop.c]
     sense of port forwarding flag test was backwards
   - provos at cvs.openbsd.org  2000/07/08 17:17:31
     [compat.c readconf.c]
     replace strtok with strsep; from David Young <dyoung at onthejob.net>
   - deraadt at cvs.openbsd.org 2000/07/08 19:21:15
     [auth.h]
     KNF
   - ho at cvs.openbsd.org      2000/07/08 19:27:33
     [compat.c readconf.c]
     Better conditions for strsep() ending.
   - ho at cvs.openbsd.org      2000/07/10 10:27:05
     [readconf.c]
     Get the correct message on errors. (niels@ ok)
   - ho at cvs.openbsd.org      2000/07/10 10:30:25
     [cipher.c kex.c servconf.c]
     strtok() --> strsep(). (niels@ ok)
 - (djm) Fix problem with debug mode and MaxStartups
 - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
   builds)
 - (djm) Add strsep function from OpenBSD libc for systems that lack it

20000709
 - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
   Kevin Steves <stevesk at sweden.hp.com>
 - (djm) Match prototype and function declaration for rresvport_af.
   Problem report from Niklas Edmundsson <nikke at ing.umu.se>
 - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM 
   builds. Problem report from Gregory Leblanc <GLeblanc at cu-portland.edu>
 - (djm) Replace ut_name with ut_user. Patch from Jim Watt
   <jimw at peisj.pebio.com>
 - (djm) Fix pam sprintf fix
 - (djm) Cleanup entropy collection code a little more. Split initialisation
   from seeding, perform intialisation immediatly at start, be careful with
   uids. Based on problem report from Jim Watt <jimw at peisj.pebio.com>
 - (djm) More NeXT compatibility from Ben Lindstrom <mouring at pconline.com>
   Including sigaction() et al. replacements
 - (djm) AIX getuserattr() session initialisation from Tom Bertelson 
   <tbert at abac.com>

20000708
 - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from 
   Aaron Hopkins <aaron at die.net>
 - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
   Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
 - (djm) Fixed undefined variables for OSF SIA. Report from 
   Baars, Henk <Hendrik.Baars at nl.origin-it.com>
 - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c 
   Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess at DET.AMEDD.ARMY.MIL>
 - (djm) Don't use inet_addr. 

20000702
 - (djm) Fix brace mismatch from Corinna Vinschen <vinschen at cygnus.com>
 - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
   on fix from HARUYAMA Seigo <haruyama at nt.phys.s.u-tokyo.ac.jp>
 - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
   Chris, the Young One <cky at pobox.com>
 - (djm) Fix scp progress meter on really wide terminals. Based on patch 
   from James H. Cloos Jr. <cloos at jhcloos.com>

------------------

-- 
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)








More information about the openssh-unix-dev mailing list