Changes since OpenSSH 4.3:
============================
Security bugs resolved in this release:
* Fix a pre-authentication denial of service found by Tavis Ormandy,
that would cause sshd(8) to spin until the login grace time
expired.
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote.
* On portable OpenSSH, fix a GSSAPI authentication abort that could
be used to determine the validity of usernames on some platforms.
This release includes the following new functionality and fixes:
* Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of post-
authentication options are supported and more are expected to be
added in future releases.
* Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
* Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
* Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
* Add optional logging of transactions to sftp-server(8).
* ssh(1) will now record port numbers for hosts stored in
~/.ssh/authorized_keys when a non-standard port has been requested.
* Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
a non-zero exit code) when requested port forwardings could not be
established.
* Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
* Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
* Many manpage fixes and improvements
* New portable OpenSSH-specific features:
- Add optional support for SELinux, controlled using the
--with-selinux configure option (experimental)
- Add optional support for Solaris process contracts, enabled
using the --with-solaris-contracts configure option (experimental)
This option will also include SMF metadata in Solaris packages
built using the "make package" target
- Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
* Bugs from http://bugzilla.mindrot.org fixed:
#482 - readconf doesn't accept paths with spaces in them.
#906 - syslog messages from sshd [net] lost.
#975 - Kerberos authentication timing can leak information
about account validity.
#981 - Flow stop in SSH2.
#1102 - C program 'write' with zero length hangs.
#1129 - sshd hangs for command-only invocations due to
fork/child signals.
#1131 - error "buffer_append_space:alloc not supported"
#1138 - Passphrase asked for (but ignored) if key file permissions
too liberal..
#1156 - Closes connection after C-c is pressed on QNX.
#1157 - ssh-keygen doesn't handle DOS line breaks.
#1159 - %u and %h not handled in IdentityFile.
#1161 - scp -r fails.
#1162 - Inappropriate sequence of syslog messages.
#1166 - openssh-4.3p1 has some issues compiling.
#1171 - configure can't always figure out LLONG_MAX..
#1173 - scp reports lost connection for very large files.
#1177 - Incorrect sshrc file location in Makefile.in.
#1179 - sshd incorrectly rejects connections due to IP options.
#1181 - configure should detect when openssl-0.9.8x needs -ldl.
#1186 - ssh tries multiple times to open unprotected keys.
#1188 - keyboard-interactive should not allow retry after
pam_acct_mgmt fails.
#1193 - Open ssh will not allow changing of passwords on usernames
greater than 8 characters..
#1201 - Bind address information is not specified in command line
help messages.
#1203 - configure.ac is missing an open [.
#1207 - sshd does not clear unsuccessful login count on
non-interactive logins.
#1218 - GSSAPI client code permits SPNEGO usage.
#1221 - Banner only suppressed at log level = QUIET (used to be
at log level < INFO).
* Fixes to memory and file descriptor leaks reported by the Coverity
static analysis tool
* Fixes to inconsistent pointer checks reported by the Stanford
SATURN tool
Thanks to everyone who has contributed patches, reported bugs and
tested releases.
Checksums:
==========
- SHA1 (openssh-4.4.tar.gz) = 2294b5e5a591420aa05ff607c1890ab622ace878
- SHA1 (openssh-4.4p1.tar.gz) = 6a52b1dee1c2c9862923c0008d201d98a7fd9d6c
Reporting Bugs:
===============
- please read http://www.openssh.com/report.html
and http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
