This is a discussion on Re: Call for release testing - openssh ; On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote: > Hi, > > We would like to make one of our periodic releases shortly, so once > again we are asking for readers of this list (or anyone ...
On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote:
> We would like to make one of our periodic releases shortly, so once
> again we are asking for readers of this list (or anyone else) to
> download and test a CVS snapshot of OpenSSH on your favourite
> The OpenBSD version is available in CVS HEAD:
> Portable snapshots are available the mirrors listed at
> http://www.openssh.com/portable.html#ftp in the snapshots/
> Please test! Running the regression tests supplied with Portable does
> not require installation and is a simply:
> $ ./configure && make tests
> Testing on suitable non-production systems is also appreciated. Please
> send reports of success or failure to email@example.com.
> Also, OpenSSH Portable has a (completely voluntary) configuration
> survey. It will collect information about the platform and the
> options OpenSSH was configured with and mail it to an archive. We
> tried to be careful not to collect anything that might be considered
> sensitive, however if anyone has any issues with the data collected
> then please let us know).
> The raw data will be available only to the development team, however
> we may publish summary data at some point in the future. This data
> will help us to better support your platforms.
> You can view the data that is collected by running "make survey" and
> looking at the file "survey" in the build dir. The data is not sent
> until you explicitly request it ("make send-survey"). If you have any
> doubts at all then ask us (or just don't send it).
> Some of the changes in the coming release include:
> - Add a new compression method that delays the start of zlib
> compression until the user has been authenticated successfully. The
> new method "Compression=delayed" is on by default in the server.
> This eliminates the risk of another zlib vulnerability leading to
> a compromise of the server by a user without authentication
> NB. Older OpenSSH (<3.5) version have a bug which will cause them
> to refuse to connect to any server that does not offer compression
> when the client has compression requested. Since the new "delayed"
> server mode isn't supported by these older clients, they will
> refuse to connect to a new server unless compression is disabled
> (on the client end) or the original compression method is enabled
> on the server ("Compression=yes" in sshd_config)
> - Another round of proactive changes for signed vs unsigned integer
> bugs has been completed, including changing the atomicio() API to
> encourage safer programming. As a result of these changes, OpenSSH
> is now "gcc -Wsign-compare" clean on most platforms.
> - Added support for the improved arcfour cipher modes from
> draft-harris-ssh-arcfour-fixes-02. The improves the cipher's
> resistance to a number of attacks by discarding early keystream
> - Increase the default size of new RSA/DSA keys generated by
> ssh-keygen from 1024 to 2048 bits.
> - Many bugfixes and improvements to connection multiplexing,
> - Added ControlMaster=auto/autoask options to support opportunistic
> multiplexing (see the ssh_config(5) manpage for details).
> - The client will now gracefully fallback to starting a new TCP
> connection if it cannot connect to a specified multiplexing
> control socket
> - Added %h (target hostname), %p (target port) and %r (remote
> username) expansion sequences to ControlPath. Also allow
> ControlPath=none to disable connection multiplexing.
> - Implemented support for X11 and agent forwarding over multiplexed
> connections. Because of protocol limitations, the slave
> connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather
> than distinctly forwarding their own.
> - The following bugs from http://bugzilla.mindrot.org/ were closed:
> #1025 - Correctly handle disabled special character in ttymodes
> #1054 - Don't terminate connection on getpeername() failure
> #1046 - AIX 5.3 Garbage on Login
> #623 - Don't use $HOME in manpages
> #829 - Don't allocate a tty if -n option is set
> #471 - Misleading error message if /dev/tty perms wrong
> #1033 - Fix compile-time warnings
> - Lots of other improvements and fixes. Please refer to the ChangeLog
> for details
> Thanks to everyone who has contributed patches, problem or test reports.
> Damien Miller
Damien, BSD/OS 4.3.1 and FreeBSD 4.X running current Zlib and
Opensll 0.9.8a are all doing fine thank you.
Member - Liberal International
This is firstname.lastname@example.org Ici email@example.com
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.
openssh-unix-dev mailing list