While here bl3ify.
Changes since previously packaged version (3.2.5):
2003-12-03 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.9.1.
* non-commercial: removed cert hash compat stuff, which broke
compilation.
2003-09-26 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.9.
* ssh2,sshd2: (by Patrick Irwin): Critical security fix: fixed
several bugs in ASN.1 decoding functionality, which were caused
by invalid assumptions on the format of input BER data.
Certificates malformed in certain ways could cause a crash or
buffer overflow. No known exploits at this time, but you are
strongly advised to upgrade.
Admins unwilling or unable to upgrade need to disable
certificates, but this may not be enough for "hostbased"
authentication. "publickey" auth should be safe even with the
old version with certificates disabled. Clients are probably
vulnerable against malicious servers in the initial key exchange
regardless of configuration.
Users of noncommercial version are not affected by this
vulnerability.
2003-09-25 Sami J. Lehtinen <sjl@ssh.com>
* sshd2, ssh2: Implemented DisableVersionFallback, with which you
can disable fallback compatibility code for older, or otherwise
incompatible versions of software. Don't disable unless you know
what you're doing. See sshd2_config(5) for details. For really
paranoid people (using this option will probably hurt usability
somewhat, especially in environments where multiple versions of
SSH are used from different vendors).
* sshd2, ssh2: Implemented Cert.RSA.Compat.HashScheme. Older SSH
Secure Shell clients and servers used hashes in an incoherent
manner (sometimes MD5, sometimes SHA-1). With this option, you
can set what hash is used. See sshd2_config(5) for details.
* Previous: ssh-3.2.8.
2003-08-07 Tomi Salo <ttsalo@ssh.com>
* Added a new general configuration option, MaxCRLSize. This sets
the maximum size for CRLs and CA certs used in validating
received certificates. (The size is the total size of all CRLs
and certs, not the maximum individual size.)
2003-06-11 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.7.
* ssh-signer2: Fixed a bug, which caused the application to
intermittently call fatal because the read() operation was
interrupted by a signal (SIGCHLD).
2003-06-04 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.6.
* SecurID certified binaries, no code changes.
Previous versions have a security issue. Please update!
Thanks to gendalia@ for testing.
Changes since version 3.2.2:
2003-05-09 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.5.
* Fixed a critical security bug with RSA signature
verification. Mitigating factors: DSA is used by default (not
vulnerable). Also, the attack requires that attacker has the
public key and the attacker needs to precompute the signature
data so, that it looks like a valid PKCS#1 signature. This is a
non-trivial task to perform without the private
key. Nonetheless, all users should update their servers and
clients as soon as convenient. Workarounds are to not use RSA
keys as host keys (though connecting to existing hosts with RSA
hostkeys poses a serious risk with a vulnerable client), and
disabling publickey authentication. Update your clients and
servers.
2003-04-22 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.4.
* sshd2: Binary (generated by us) is tagged as a "supported
binary" for SecurID. (no actual code changes)
* Previous: ssh-3.2.3.1.
2003-02-06 Sami J. Lehtinen <sjl@ssh.com>
* sftp2 (etc): Fixed a bug with readline jamming when pressing
backspace (etc) on AIX and some other platforms.
2003-01-12 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.3.
2003-01-03 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Removed broken special handling for SIGHUP, so that
"nohup" can again work.
* ssh2: Check whether we should ignore SIGQUIT, SIGINT, and do so,
if necessary. Thanks for J. Schilling for pointing this one out.
* ssh-add2: Make sure fgets() from pipe to ssh-askpass2 recovers
from if interrupted by signal, i.e. SIGCHLD.
* ssh2 (lib/sshsession/sshtty.c): As entry above, but for tcsetattr().
* During "make install", use default size of key instead of hardcoded
1024 when generating hostkey.
2002-12-18 Sami J. Lehtinen <sjl@ssh.com>
* scp2,sftp2: Print progress output to stdout, to make it
distinguishable from errors in cron jobs etc.
2002-12-17 Sami J. Lehtinen <sjl@ssh.com>
* apps/ssh/sshchsession.c: Fixed a bug which caused sshd2 child
server to jam occasionally after logging an event, if nsswitch had
been configured to use LDAP.
2002-12-13 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Previous (by Tomi Mickelsson): Fixed a bug where
specifying a local forwarding endpoint as an IP-address which was
unresolvable would result in a crash.
2002-12-12 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Fixed a bug/missing feature from scp2. It now reports
information also when run when there is no tty. Also implemented
--statistics=[no,yes,simple], where "yes" is old-style, "no" is
analogous to "-Q" command-line option, and "simple" is the way
the statistics are printed when there is no tty (no intermittent
reporting, file size, transfer time and full file name are printed
after the transfer for the specific file is finished).
2002-12-11 Sami J. Lehtinen <sjl@ssh.com>
* ssh-keygen2: respect "-P" and "-p" options when converting
ssh1-keys.
2002-12-10 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshcore/sshdebug.c: Fixed a compilation problem
manifested on older AIX and debugging enabled (as is default).
* scp2: You can now specify the newline convention when using the
"-a" option. See manual page scp2(1).
2002-11-08 Sami J. Lehtinen <sjl@ssh.com>
* Removed ssh-pubkeymgr and ssh-chrootmgr from the distribution
(they didn't work too well).
* apps/ssh/lib/sshproto/trcommon.c: Fixed a crash if hostkey
algorithms or kex-methods couldn't be negotiated.
2002-11-05 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshapputil/sshuserfile.c: Changed to use
lib/sshsession/sigchld.c, instead of using wait() directly. This
fixes the bug where the number of connections would slowly rise to
the maximum when using MaxConnections and tcp-wrappers (it was a
race-condition).
* lib/sshsession/sigchld.c: Sigchld now keeps a list of recently
exited children. This fixes a race condition, where the child
process could exit before the mother process had registered a
handler for it.
* lib/sshsession: Fixed NetBSD 1.6 compilation. Also, NetBSD 1.6
supports openpty style ptys, so fixed check to actually detect
them on NetBSD. Don't use utmpx on NetBSD, as it doesn't seem to
work (at least not in the way we use it).
* lib/sshsession/sshunixuser.c: Make sure we have room for the
NULL pointer in the groups array.
* ssh2 (ssh1-emulation): Fixed a bug, which in some cases caused
an assertion failure later.
2002-10-29 Sami J. Lehtinen <sjl@ssh.com>
* configure: Added /usr/X11R6/bin and /usr/X11/bin to search PATH
for xauth to ease installation on pristine systems.
2002-10-22 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshnet/sshtcp.c: (by Tomi Ollila) Fixed a bug with
SOCKS handling.
2002-10-01 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshpacketstream/sshpacketwrapper.c: (by Tomi Kause)
Fixed a latent (in ssh2) bug, when writing to the stream from the
received_cb.
* lib/sshutil/sshnet/sshsocks.c: (by Tomi Ollila) Decode
ipv6-mapped-ipv4-addresses when doing SOCKS4, as SOCKS4 only
supports plain ipv4-addresses.
* scp2: Implemented --overwrite, which controls whether to
overwrite the destination file(s). Default is "yes",
i.e. to overwrite.
* scp2: Implemented interactive mode, i.e. you can make scp2
prompt you whether to overwrite an existing destination
file. Works by giving --interactive (-I) on the command-line.
2002-08-15 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Fixed a bug with originator-pat with ForwardACLs.
2002-08-02 Sami J. Lehtinen <sjl@ssh.com>
* scp2, sftp2: Fixed a bug, which caused file transfer to stall,
if trying to transfer a zero sized file with ascii transfer
(newline mangling).
2002-07-21 Sami J. Lehtinen <sjl@ssh.com>
* sftp2: Added option "S" and "r" to "ls" (for sorting by size and
reversing the sort order, respectively).
* sftp2: "ls" works much better now. Tab completion understand
directories (appends a '/', for easier directory traversal).
* sftp2, scp2: Extensive rewrite of SshFileCopy, and as a
consequence, of both scp2 and sftp2 core functionality.
2002-06-13 Sami J. Lehtinen <sjl@ssh.com>
* ssh2: Fixed a bug with one-shot forwarding.
Changes since 3.2.0:
2002-10-15 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.2 (on Unix this time).
* sshd2: Fixed a security problem with setsid() use. Now we call
it every time, if we need to run a new process on the user's
privileges (command, subsystem or shell). Previously, it was only
run if the user had requested a tty (for a shell, for example).
Special thanks to Logan Gabriel for finding this problem.
2002-10-01 Sami J. Lehtinen <sjl@ssh.com>
* configure: Previous: Check for /dev/pts was broken.
2002-08-08 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.2 (only Windows client, no *nix changes).
2002-07-26 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.1.
2002-07-24 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Fixed a bug with setpcred() usage (on AIX), which caused
that chroot() was not done.
This package provides Secure Shell client and server for V.2 SSH protocol
from SSH Communications Security.
Based on PR 15358 from Greg A. Woods <woods@planix.com>.
