Announce: OpenSSH 7.1 released
Damien Miller
djm at mindrot.org
Sat Aug 22 09:24:55 AEST 2015
yes, that's a typo
On Fri, 21 Aug 2015, Mark Janssen wrote:
> I'm assuming the "deprecation notice" section should refer to 7.2 now, and
> not 7.1 ?
> Mark
>
> On Fri, Aug 21, 2015 at 8:11 AM, Damien Miller <djm at cvs.openbsd.org> wrote:
> OpenSSH 7.1 has just been released. It will be available from
> the
> mirrors listed at http://www.openssh.com/ shortly.
>
> OpenSSH is a 100% complete SSH protocol 2.0 implementation and
> includes sftp client and server support. OpenSSH also includes
> transitional support for the legacy SSH 1.3 and 1.5 protocols
> that may be enabled at compile-time.
>
> Once again, we would like to thank the OpenSSH community for
> their
> continued support of the project, especially those who
> contributed
> code or patches, reported bugs, tested snapshots or donated to
> the
> project. More information on donations may be found at:
> http://www.openssh.com/donations.html
>
> Future deprecation notice
> =========================
>
> We plan on retiring more legacy cryptography in the next release
> including:
>
> * Refusing all RSA keys smaller than 1024 bits (the current
> minimum
> is 768 bits)
>
> * Several ciphers will be disabled by default: blowfish-cbc,
> cast128-cbc, all arcfour variants and the rijndael-cbc
> aliases
> for AES.
>
> * MD5-based HMAC algorithms will be disabled by default.
>
> This list reflects our current intentions, but please check the
> final
> release notes for OpenSSH 7.1 when it is released.
>
> Changes since OpenSSH 7.0
> =========================
>
> This is a bugfix release.
>
> Security
> --------
>
> * sshd(8): OpenSSH 7.0 contained a logic error in
> PermitRootLogin=
> prohibit-password/without-password that could, depending on
> compile-time configuration, permit password authentication to
> root while preventing other forms of authentication. This
> problem
> was reported by Mantas Mikulenas.
>
> Bugfixes
> --------
>
> * ssh(1), sshd(8): add compatability workarounds for FuTTY
>
> * ssh(1), sshd(8): refine compatability workarounds for WinSCP
>
> * Fix a number of memory faults (double-free, free of
> uninitialised
> memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz
> Kocielski.
>
> Checksums:
> ==========
>
> - SHA1 (openssh-7.1.tar.gz) =
> 06c1db39f33831fe004726e013b2cf84f1889042
> - SHA256 (openssh-7.1.tar.gz) =
> H7U1se9EoBmhkKi2i7lqpMX9QHdDTsgpu7kd5VZUGSY=
>
> - SHA1 (openssh-7.1p1.tar.gz) =
> ed22af19f962262c493fcc6ed8c8826b2761d9b6
> - SHA256 (openssh-7.1p1.tar.gz) =
> /AptLR0GPVxm3/2VJJPQzaJWytIE9oHeD4TvhbKthCg=
>
> Please note that the SHA256 signatures are base64 encoded and
> not
> hexadecimal (which is the default for most checksum tools). The
> PGP
> key used to sign the releases is available as RELEASE_KEY.asc
> from
> the mirror sites.
>
> Reporting Bugs:
> ===============
>
> - Please read http://www.openssh.com/report.html
> Security bugs should be reported directly to
> openssh at openssh.com
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo
> de Raadt,
> Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim
> Rice and
> Ben Lindstrom.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
>
>
> --
> Mark Janssen -- maniac(at)maniac.nl
> Unix / Linux Open-Source and Internet Consultant
> Maniac.nl Sig-IO.nl Vps.Stoned-IT.com
>
>
>
More information about the openssh-unix-dev
mailing list