This is the mail archive of the
mailing list for the Cygwin project.
Re: Updated: OpenSSH-3.7p1-1
- From: "Tony Schmitt" <tonyschmitt2 at aol dot com>
- To: "The Cygwin Mailing List" <cygwin at cygwin dot com>
- Date: Tue, 16 Sep 2003 23:01:16 -0400
- Subject: Re: Updated: OpenSSH-3.7p1-1
- References: <20030916223204.GX9981@cygbert.vinschen.de>
Corinna Vinschen wrote on 9/16/2003, 6:32 PM:
> I've just updated the version of OpenSSH to 3.7p1-1.
> This is an official new release as of yesterday. The Cygwin version
> is from the vanilla sources with just one tiny patch (my bad).
> Official Release Message:
> OpenSSH 3.7 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.
> OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
> implementation and includes sftp client and server support.
> We would like to thank the OpenSSH community for their continued
> support to the project, especially those who contributed source and
> bought T-shirts or posters.
> We have a new design of T-shirt available, more info on
> For international orders use http://https.openbsd.org/cgi-bin/order
> and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
> Security Changes:
> All versions of OpenSSH's sshd prior to 3.7 contain a buffer
> management error. It is uncertain whether this error is
> potentially exploitable, however, we prefer to see bugs
> fixed proactively.
> OpenSSH 3.7 fixes this bug.
> Changes since OpenSSH 3.6.1:
> * The entire OpenSSH code-base has undergone a license review. As
> a result, all non-ssh1.x code is under a BSD-style license with no
> advertising requirement. Please refer to README in the source
> distribution for the exact license terms.
> * Rhosts authentication has been removed in ssh(1) and sshd(8).
> * Changes in Kerberos support:
> - KerberosV password support now uses a file cache instead of
> a memory cache.
> - KerberosIV and AFS support has been removed.
> - KerberosV support has been removed from SSH protocol 1.
> - KerberosV password authentication support remains for SSH
> protocols 1 and 2.
> - This release contains some GSSAPI user authentication support
> to replace legacy KerberosV authentication support. At present
> this code is still considered experimental and SHOULD NOT BE
> * Changed order that keys are tried in public key authentication.
> The ssh(1) client tries the keys in the following order:
> 1. ssh-agent(1) keys that are found in the ssh_config(5) file
> 2. remaining ssh-agent(1) keys
> 3. keys that are only listed in the ssh_config(5) file
> This helps when an ssh-agent(1) has many keys, where the sshd(8)
> server might close the connection before the correct key is tried.
> * SOCKS5 support has been added to the dynamic forwarding mode
> in ssh(1).
> * Removed implementation barriers to operation of SSH over SCTP.
> * sftp(1) client can now transfer files with quote characters in
> their filenames.
> * Replaced sshd(8)'s VerifyReverseMapping with UseDNS option.
> When UseDNS option is on, reverse hostname lookups are always
> * Fix a number of memory leaks.
> * Support for sending tty BREAK over SSH protocol 2.
> * Workaround for other vendor bugs in KEX guess handling.
> * Support for generating KEX-GEX groups (/etc/moduli) in ssh-keygen(1).
> * Automatic re-keying based on amount of data sent over connection.
> * New AddressFamily option on client to select protocol to use (IPv4
> or IPv6).
> * Experimental support for the "aes128-ctr", "aes192-ctr", and
> "aes256-ctr" ciphers for SSH protocol 2.
> * Experimental support for host keys in DNS
> Please see README.dns in the source distribution for details.
> * Portable OpenSSH:
> - Replace PAM password authentication kludge with a more correct
> PAM challenge-response module from FreeBSD.
> - PAM support may now be enabled/disabled at runtime using the
> UsePAM directive.
> - Many improvements to the OpenSC smartcard support.
> - Regression tests now work with portable OpenSSH.
> Please refer to regress/README.regress in the source distribution.
> - On platforms that support it, portable OpenSSH now honors the
> UMASK, PATH and SUPATH attributes set in /etc/default/login.
> - Deny access to locked accounts, regardless of authentication
> method in use.
> - MD5 (openssh-3.7.tgz) = 86864ecc276c5f75b06d4872a553fa70
> - MD5 (openssh-3.7p1.tar.gz) = 77662801ba2a9cadc0ac10054bc6cb37
> Reporting Bugs:
> - please read http://www.openssh.com/report.html
> and http://bugzilla.mindrot.org/
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
> Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice.
> To update your installation, click on the "Install Cygwin now" link on
> the http://cygwin.com/ web page. This downloads setup.exe to your
> system. Once you've downloaded setup.exe, run it and select "Net" and
> then click on the appropriate field until the above announced version
> number appears if it is not displayed already.
> If you have questions or comments, please send them to the Cygwin
> mailing list at: firstname.lastname@example.org . I would appreciate it if you would
> use this mailing list rather than emailing me directly. This includes
> ideas and comments about the setup utility or Cygwin in general.
> If you want to make a point or ask a question, the Cygwin mailing list
> is the appropriate place.
> *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
> If you want to unsubscribe from the cygwin-announce mailing list, look
> at the "List-Unsubscribe: " tag in the email header of this message.
> Send email to the address specified there. It will be in the format:
> If you need more information on unsubscribing, start reading here:
> Please read *all* of the information on unsubscribing that is available
> starting at this URL.
> I implore you to READ this information before sending email about how
> you "tried everything" to unsubscribe. In 100% of the cases where
> people were unable to unsubscribe, the problem was that they hadn't
> actually read and comprehended the unsubscribe instructions.
> If you need to unsubscribe from cygwin-announce or any other mailing
> list, reading the instructions at the above URL is guaranteed to
> provide you with the info that you need.
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Developer mailto:email@example.com
> Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html