[openssh-unix-announce] Call for release testing

Kevin Mack kmack at sgi.sk.ca
Wed Aug 24 07:17:39 EST 2005 

Successful build on Sparc Solaris 8, gcc 3.4.4
 
 
>>>Damien Miller <djm at mindrot.org> 08/22 10:41 am >>> 
Hi, 
 
We would like to make one of our periodic releases shortly, so once 
again we are asking for readers of this list (or anyone else) to 
download and test a CVS snapshot of OpenSSH on your favourite 
platforms. 
 
The OpenBSD version is available in CVS HEAD: 
http://www.openbsd.org/anoncvs.html 
 
Portable snapshots are available the mirrors listed at 
http://www.openssh.com/portable.html#ftp in the snapshots/ 
subdirectory 
 
Please test! Running the regression tests supplied with Portable does 
not require installation and is a simply: 
 
$ ./configure && make tests 
 
Testing on suitable non-production systems is also appreciated. Please 
send reports of success or failure to openssh-unix-dev at mindrot.org. 
 
Also, OpenSSH Portable has a (completely voluntary) configuration 
survey. It will collect information about the platform and the 
options OpenSSH was configured with and mail it to an archive. We 
tried to be careful not to collect anything that might be considered 
sensitive, however if anyone has any issues with the data collected 
then please let us know). 
 
The raw data will be available only to the development team, however 
we may publish summary data at some point in the future. This data 
will help us to better support your platforms. 
 
You can view the data that is collected by running "make survey" and 
looking at the file "survey" in the build dir. The data is not sent 
until you explicitly request it ("make send-survey"). If you have any 
doubts at all then ask us (or just don't send it). 
 
Some of the changes in the coming release include: 
 
 - Add a new compression method that delays the start of zlib 
   compression until the user has been authenticated successfully. The 
   new method "Compression=delayed" is on by default in the server. 
   This eliminates the risk of another zlib vulnerability leading to 
   a compromise of the server by a user without authentication 
   credentials. 
 
   NB. Older OpenSSH (<3.5) version have a bug which will cause them 
   to refuse to connect to any server that does not offer compression 
   when the client has compression requested. Since the new "delayed" 
   server mode isn't supported by these older clients, they will 
   refuse to connect to a new server unless compression is disabled 
   (on the client end) or the original compression method is enabled 
   on the server ("Compression=yes" in sshd_config) 
 
 - Another round of proactive changes for signed vs unsigned integer 
   bugs has been completed, including changing the atomicio() API to 
   encourage safer programming. As a result of these changes, OpenSSH 
   is now "gcc -Wsign-compare" clean on most platforms. 
 
 - Added support for the improved arcfour cipher modes from 
   draft-harris-ssh-arcfour-fixes-02. The improves the cipher's 
   resistance to a number of attacks by discarding early keystream 
   output. 
 
 - Increase the default size of new RSA/DSA keys generated by 
   ssh-keygen from 1024 to 2048 bits. 
 
 - Many bugfixes and improvements to connection multiplexing, 
   including: 
 
   - Added ControlMaster=auto/autoask options to support opportunistic 
     multiplexing (see the ssh_config(5) manpage for details). 
 
   - The client will now gracefully fallback to starting a new TCP 
     connection if it cannot connect to a specified multiplexing 
     control socket 
 
   - Added %h (target hostname), %p (target port) and %r (remote 
     username) expansion sequences to ControlPath. Also allow 
     ControlPath=none to disable connection multiplexing. 
 
   - Implemented support for X11 and agent forwarding over multiplexed 
     connections. Because of protocol limitations, the slave 
     connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather 
     than distinctly forwarding their own. 
 
 - The following bugs from http://bugzilla.mindrot.org/ were closed: 
 
    #1025 - Correctly handle disabled special character in ttymodes 
    #1054 - Don't terminate connection on getpeername() failure 
    #1046 - AIX 5.3 Garbage on Login 
    #623  - Don't use $HOME in manpages 
    #829  - Don't allocate a tty if -n option is set 
    #471  - Misleading error message if /dev/tty perms wrong 
    #1033 - Fix compile-time warnings 
 
 - Lots of other improvements and fixes. Please refer to the ChangeLog 
   for details 
 
Thanks to everyone who has contributed patches, problem or test reports.

 
Regards, 
Damien Miller 
 
 
openssh-unix-announce mailing list 
openssh-unix-announce at mindrot.org 
http://www.mindrot.org/mailman/listinfo/openssh-unix-announce 
************DISCLAIMER*************
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.  If you are not the named addressee, please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that using, disclosing, copying or distributing the contents of this information is strictly prohibited.
************DISCLAIMER*************

More information about the openssh-unix-dev mailing list