Thanks! Corinna Vinschen wrote on 9/16/2003, 6:32 PM:
> I've just updated the version of OpenSSH to 3.7p1-1. > > This is an official new release as of yesterday. The Cygwin version > is from the vanilla sources with just one tiny patch (my bad). > > Official Release Message: > ==================================================================== > OpenSSH 3.7 has just been released. It will be available from the > mirrors listed at http://www.openssh.com/ shortly. > > OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 > implementation and includes sftp client and server support. > > We would like to thank the OpenSSH community for their continued > support to the project, especially those who contributed source and > bought T-shirts or posters. > > We have a new design of T-shirt available, more info on > http://www.openbsd.org/tshirts.html#18 > > For international orders use http://https.openbsd.org/cgi-bin/order > and for European orders, use http://https.openbsd.org/cgi-bin/order.eu > > Security Changes: > ================= > > All versions of OpenSSH's sshd prior to 3.7 contain a buffer > management error. It is uncertain whether this error is > potentially exploitable, however, we prefer to see bugs > fixed proactively. > > OpenSSH 3.7 fixes this bug. > > Changes since OpenSSH 3.6.1: > ============================ > > * The entire OpenSSH code-base has undergone a license review. As > a result, all non-ssh1.x code is under a BSD-style license with no > advertising requirement. Please refer to README in the source > distribution for the exact license terms. > > * Rhosts authentication has been removed in ssh(1) and sshd(8). > > * Changes in Kerberos support: > > - KerberosV password support now uses a file cache instead of > a memory cache. > > - KerberosIV and AFS support has been removed. > > - KerberosV support has been removed from SSH protocol 1. > > - KerberosV password authentication support remains for SSH > protocols 1 and 2. > > - This release contains some GSSAPI user authentication support > to replace legacy KerberosV authentication support. At present > this code is still considered experimental and SHOULD NOT BE > USED. > > * Changed order that keys are tried in public key authentication. > The ssh(1) client tries the keys in the following order: > > 1. ssh-agent(1) keys that are found in the ssh_config(5) file > 2. remaining ssh-agent(1) keys > 3. keys that are only listed in the ssh_config(5) file > > This helps when an ssh-agent(1) has many keys, where the sshd(8) > server might close the connection before the correct key is tried. > > * SOCKS5 support has been added to the dynamic forwarding mode > in ssh(1). > > * Removed implementation barriers to operation of SSH over SCTP. > > * sftp(1) client can now transfer files with quote characters in > their filenames. > > * Replaced sshd(8)'s VerifyReverseMapping with UseDNS option. > When UseDNS option is on, reverse hostname lookups are always > performed. > > * Fix a number of memory leaks. > > * Support for sending tty BREAK over SSH protocol 2. > > * Workaround for other vendor bugs in KEX guess handling. > > * Support for generating KEX-GEX groups (/etc/moduli) in ssh-keygen(1). > > * Automatic re-keying based on amount of data sent over connection. > > * New AddressFamily option on client to select protocol to use (IPv4 > or IPv6). > > * Experimental support for the "aes128-ctr", "aes192-ctr", and > "aes256-ctr" ciphers for SSH protocol 2. > > * Experimental support for host keys in DNS > (draft-ietf-secsh-dns-xx.txt). > Please see README.dns in the source distribution for details. > > * Portable OpenSSH: > > - Replace PAM password authentication kludge with a more correct > PAM challenge-response module from FreeBSD. > > - PAM support may now be enabled/disabled at runtime using the > UsePAM directive. > > - Many improvements to the OpenSC smartcard support. > > - Regression tests now work with portable OpenSSH. > Please refer to regress/README.regress in the source distribution. > > - On platforms that support it, portable OpenSSH now honors the > UMASK, PATH and SUPATH attributes set in /etc/default/login. > > - Deny access to locked accounts, regardless of authentication > method in use. > > Checksums: > ========== > > - MD5 (openssh-3.7.tgz) = 86864ecc276c5f75b06d4872a553fa70 > - MD5 (openssh-3.7p1.tar.gz) = 77662801ba2a9cadc0ac10054bc6cb37 > > > Reporting Bugs: > =============== > > - please read http://www.openssh.com/report.html > and http://bugzilla.mindrot.org/ > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, > Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice. > ==================================================================== > > To update your installation, click on the "Install Cygwin now" link on > the http://cygwin.com/ web page. This downloads setup.exe to your > system. Once you've downloaded setup.exe, run it and select "Net" and > then click on the appropriate field until the above announced version > number appears if it is not displayed already. > > If you have questions or comments, please send them to the Cygwin > mailing list at: [EMAIL PROTECTED] . I would appreciate it if you would > use this mailing list rather than emailing me directly. This includes > ideas and comments about the setup utility or Cygwin in general. > > If you want to make a point or ask a question, the Cygwin mailing list > is the appropriate place. > > *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** > > If you want to unsubscribe from the cygwin-announce mailing list, look > at the "List-Unsubscribe: " tag in the email header of this message. > Send email to the address specified there. It will be in the format: > > [EMAIL PROTECTED] > > If you need more information on unsubscribing, start reading here: > > http://sources.redhat.com/lists.html#unsubscribe-simple > > Please read *all* of the information on unsubscribing that is available > starting at this URL. > > I implore you to READ this information before sending email about how > you "tried everything" to unsubscribe. In 100% of the cases where > people were unable to unsubscribe, the problem was that they hadn't > actually read and comprehended the unsubscribe instructions. > > If you need to unsubscribe from cygwin-announce or any other mailing > list, reading the instructions at the above URL is guaranteed to > provide you with the info that you need. > > -- > Corinna Vinschen Please, send mails regarding Cygwin to > Cygwin Developer mailto:[EMAIL PROTECTED] > Red Hat, Inc. > -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
