Tue Sep 16 22:35:00 GMT 2003
I've just updated the version of OpenSSH to 3.7p1-1.
This is an official new release as of yesterday. The Cygwin version
is from the vanilla sources with just one tiny patch (my bad).
Official Release Message:
OpenSSH 3.7 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or posters.
We have a new design of T-shirt available, more info on
For international orders use http://https.openbsd.org/cgi-bin/order
and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
All versions of OpenSSH's sshd prior to 3.7 contain a buffer
management error. It is uncertain whether this error is
potentially exploitable, however, we prefer to see bugs
OpenSSH 3.7 fixes this bug.
Changes since OpenSSH 3.6.1:
* The entire OpenSSH code-base has undergone a license review. As
a result, all non-ssh1.x code is under a BSD-style license with no
advertising requirement. Please refer to README in the source
distribution for the exact license terms.
* Rhosts authentication has been removed in ssh(1) and sshd(8).
* Changes in Kerberos support:
- KerberosV password support now uses a file cache instead of
a memory cache.
- KerberosIV and AFS support has been removed.
- KerberosV support has been removed from SSH protocol 1.
- KerberosV password authentication support remains for SSH
protocols 1 and 2.
- This release contains some GSSAPI user authentication support
to replace legacy KerberosV authentication support. At present
this code is still considered experimental and SHOULD NOT BE
* Changed order that keys are tried in public key authentication.
The ssh(1) client tries the keys in the following order:
1. ssh-agent(1) keys that are found in the ssh_config(5) file
2. remaining ssh-agent(1) keys
3. keys that are only listed in the ssh_config(5) file
This helps when an ssh-agent(1) has many keys, where the sshd(8)
server might close the connection before the correct key is tried.
* SOCKS5 support has been added to the dynamic forwarding mode
* Removed implementation barriers to operation of SSH over SCTP.
* sftp(1) client can now transfer files with quote characters in
* Replaced sshd(8)'s VerifyReverseMapping with UseDNS option.
When UseDNS option is on, reverse hostname lookups are always
* Fix a number of memory leaks.
* Support for sending tty BREAK over SSH protocol 2.
* Workaround for other vendor bugs in KEX guess handling.
* Support for generating KEX-GEX groups (/etc/moduli) in ssh-keygen(1).
* Automatic re-keying based on amount of data sent over connection.
* New AddressFamily option on client to select protocol to use (IPv4
* Experimental support for the "aes128-ctr", "aes192-ctr", and
"aes256-ctr" ciphers for SSH protocol 2.
* Experimental support for host keys in DNS (draft-ietf-secsh-dns-xx.txt).
Please see README.dns in the source distribution for details.
* Portable OpenSSH:
- Replace PAM password authentication kludge with a more correct
PAM challenge-response module from FreeBSD.
- PAM support may now be enabled/disabled at runtime using the
- Many improvements to the OpenSC smartcard support.
- Regression tests now work with portable OpenSSH.
Please refer to regress/README.regress in the source distribution.
- On platforms that support it, portable OpenSSH now honors the
UMASK, PATH and SUPATH attributes set in /etc/default/login.
- Deny access to locked accounts, regardless of authentication
method in use.
- MD5 (openssh-3.7.tgz) = 86864ecc276c5f75b06d4872a553fa70
- MD5 (openssh-3.7p1.tar.gz) = 77662801ba2a9cadc0ac10054bc6cb37
- please read http://www.openssh.com/report.html
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice.
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Once you've downloaded setup.exe, run it and select "Net" and
then click on the appropriate field until the above announced version
number appears if it is not displayed already.
If you have questions or comments, please send them to the Cygwin
mailing list at: firstname.lastname@example.org . I would appreciate it if you would
use this mailing list rather than emailing me directly. This includes
ideas and comments about the setup utility or Cygwin in general.
If you want to make a point or ask a question, the Cygwin mailing list
is the appropriate place.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at this URL.
I implore you to READ this information before sending email about how
you "tried everything" to unsubscribe. In 100% of the cases where
people were unable to unsubscribe, the problem was that they hadn't
actually read and comprehended the unsubscribe instructions.
If you need to unsubscribe from cygwin-announce or any other mailing
list, reading the instructions at the above URL is guaranteed to
provide you with the info that you need.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:email@example.com
Red Hat, Inc.
More information about the Cygwin-announce