Call for release testing

The Doctor doctor at doctor.nl2k.ab.ca
Tue Aug 23 22:44:26 EST 2005


On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote:
> Hi,
> 
> We would like to make one of our periodic releases shortly, so once
> again we are asking for readers of this list (or anyone else) to
> download and test a CVS snapshot of OpenSSH on your favourite
> platforms.
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable snapshots are available the mirrors listed at
> http://www.openssh.com/portable.html#ftp in the snapshots/
> subdirectory
> 
> Please test! Running the regression tests supplied with Portable does
> not require installation and is a simply:
> 
> $ ./configure && make tests
> 
> Testing on suitable non-production systems is also appreciated. Please
> send reports of success or failure to openssh-unix-dev at mindrot.org.
> 
> Also, OpenSSH Portable has a (completely voluntary) configuration
> survey. It will collect information about the platform and the
> options OpenSSH was configured with and mail it to an archive. We
> tried to be careful not to collect anything that might be considered
> sensitive, however if anyone has any issues with the data collected
> then please let us know).
> 
> The raw data will be available only to the development team, however
> we may publish summary data at some point in the future. This data
> will help us to better support your platforms.
> 
> You can view the data that is collected by running "make survey" and
> looking at the file "survey" in the build dir. The data is not sent
> until you explicitly request it ("make send-survey"). If you have any
> doubts at all then ask us (or just don't send it).
> 
> Some of the changes in the coming release include:
> 
>   - Add a new compression method that delays the start of zlib
>     compression until the user has been authenticated successfully. The
>     new method "Compression=delayed" is on by default in the server.
>     This eliminates the risk of another zlib vulnerability leading to
>     a compromise of the server by a user without authentication
>     credentials.
> 
>     NB. Older OpenSSH (<3.5) version have a bug which will cause them
>     to refuse to connect to any server that does not offer compression
>     when the client has compression requested. Since the new "delayed"
>     server mode isn't supported by these older clients, they will
>     refuse to connect to a new server unless compression is disabled
>     (on the client end) or the original compression method is enabled
>     on the server ("Compression=yes" in sshd_config)
> 
>   - Another round of proactive changes for signed vs unsigned integer
>     bugs has been completed, including changing the atomicio() API to
>     encourage safer programming. As a result of these changes, OpenSSH
>     is now "gcc -Wsign-compare" clean on most platforms.
> 
>   - Added support for the improved arcfour cipher modes from
>     draft-harris-ssh-arcfour-fixes-02. The improves the cipher's
>     resistance to a number of attacks by discarding early keystream
>     output.
> 
>   - Increase the default size of new RSA/DSA keys generated by
>     ssh-keygen from 1024 to 2048 bits.
> 
>   - Many bugfixes and improvements to connection multiplexing,
>     including:
> 
>     - Added ControlMaster=auto/autoask options to support opportunistic
>       multiplexing (see the ssh_config(5) manpage for details).
> 
>     - The client will now gracefully fallback to starting a new TCP
>       connection if it cannot connect to a specified multiplexing
>       control socket
> 
>     - Added %h (target hostname), %p (target port) and %r (remote
>       username) expansion sequences to ControlPath. Also allow
>       ControlPath=none to disable connection multiplexing.
> 
>     - Implemented support for X11 and agent forwarding over multiplexed
>       connections. Because of protocol limitations, the slave
>       connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather
>       than distinctly forwarding their own.
> 
>   - The following bugs from http://bugzilla.mindrot.org/ were closed:
> 
>      #1025 - Correctly handle disabled special character in ttymodes
>      #1054 - Don't terminate connection on getpeername() failure
>      #1046 - AIX 5.3 Garbage on Login
>      #623  - Don't use $HOME in manpages
>      #829  - Don't allocate a tty if -n option is set
>      #471  - Misleading error message if /dev/tty perms wrong
>      #1033 - Fix compile-time warnings
> 
>   - Lots of other improvements and fixes. Please refer to the ChangeLog
>     for details
> 
> Thanks to everyone who has contributed patches, problem or test reports.
> 
> Regards,
> Damien Miller


Damien,  BSD/OS 4.3.1 and FreeBSD 4.X running current Zlib and
Opensll 0.9.8a are all doing fine thank you.

-- 
Member - Liberal International	
This is doctor at nl2k.ab.ca	Ici doctor at nl2k.ab.ca
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.




More information about the openssh-unix-dev mailing list