This is the mail archive of the
cygwin-announce
mailing list for the Cygwin project.
Updated: OpenSSH-6.3p1-1
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin-announce at cygwin dot com
- Date: Fri, 18 Oct 2013 12:38:41 +0200
- Subject: Updated: OpenSSH-6.3p1-1
- Authentication-results: sourceware.org; auth=none
- Reply-to: The Cygwin Mailing List <cygwin at cygwin dot com>
I've just updated the Cygwin version of OpenSSH to 6.3p1-1.
The official upstream release message for 6.3p1:
====================================================================
Changes since OpenSSH 6.2
=========================
This release is predominantly a bugfix release:
Features:
* sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards.
* ssh(1)/sshd(8): allow optional time-based rekeying via a second argument
to the existing RekeyLimit option. RekeyLimit is now supported in
sshd_config as well as on the client.
* sshd(8): standardise logging of information during user authentication.
The presented key/cert and the remote username (if available) is now
logged in the authentication success/failure message on the same log
line as the local username, remote host/port and protocol in use.
Certificates contents and the key fingerprint of the signing CA are
logged too.
Including all relevant information on a single line simplifies log
analysis as it is no longer necessary to relate information scattered
across multiple log entries.
* ssh(1): add the ability to query which ciphers, MAC algorithms, key
types and key exchange methods are supported in the binary.
* ssh(1): support ProxyCommand=- to allow support cases where stdin and
stdout already point to the proxy.
* ssh(1): allow IdentityFile=none
* ssh(1)/sshd(8): add -E option to ssh and sshd to append debugging logs
to a specified file instead of stderr or syslog.
* sftp(1): add support for resuming partial downloads using the "reget"
command and on the sftp commandline or on the "get" commandline using
the "-a" (append) option.
* ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives.
* sshd(8): add support for submethods to be appended to required
authentication methods listed via AuthenticationMethods.
Bugfixes:
* sshd(8): fix refusal to accept certificate if a key of a different type
to the CA key appeared in authorized_keys before the CA key.
* ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so
that things like keepalives and rekeying will work properly over clock
steps.
* sftp(1): update progressmeter when data is acknowledged, not when it's
sent. bz#2108
* ssh(1)/ssh-keygen(1): improve error messages when the current user does
not exist in /etc/passwd; bz#2125
* ssh(1): reset the order in which public keys are tried after partial
authentication success.
* ssh-agent(1): clean up socket files after SIGINT when in debug mode;
bz#2120
* ssh(1) and others: avoid confusing error messages in the case of broken
system resolver configurations; bz#2122
* ssh(1): set TCP nodelay for connections started with -N; bz#2124
* ssh(1): correct manual for permission requirements on ~/.ssh/config;
bz#2078
* ssh(1): fix ControlPersist timeout not triggering in cases where TCP
connections have hung. bz#1917
* ssh(1): properly deatch a ControlPersist master from its controlling
terminal.
* sftp(1): avoid crashes in libedit when it has been compiled with multi-
byte character support. bz#1990
* sshd(8): when running sshd -D, close stderr unless we have explicitly
requested logging to stderr. bz#1976,
* ssh(1): fix incomplete bzero; bz#2100
* sshd(8): log and error and exit if ChrootDirectory is specified and
running without root privileges.
* Many improvements to the regression test suite. In particular log files
are now saved from ssh and sshd after failures.
* Fix a number of memory leaks. bz#1967 bz#2096 and others
* sshd(8): fix public key authentication when a :style is appended to
the requested username.
* ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened. bz#2079
Portable OpenSSH:
* Major overhaul of contrib/cygwin/README
* Fix unaligned accesses in umac.c for strict-alignment architectures.
bz#2101
* Enable -Wsizeof-pointer-memaccess if the compiler supports it. bz#2100
* Fix broken incorrect commandline reporting errors. bz#1448
* Only include SHA256 and ECC-based key exchange methods if libcrypto has
the required support.
* Fix crash in SOCKS5 dynamic forwarding code on strict-alignment
architectures.
* A number of portability fixes for Android:
* Don't try to use lastlog on Android; bz#2111
* Fall back to using openssl's DES_crypt function on platorms that don't
have a native crypt() function; bz#2112
* Test for fd_mask, howmany and NFDBITS rather than trying to enumerate
the plaforms that don't have them. bz#2085
* Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.
bz#2085
* Add a null implementation of endgrent for platforms that don't have
it (eg Android) bz#2087
* Support platforms, such as Android, that lack struct passwd.pw_gecos.
bz#2086
Checksums:
==========
- SHA1 (openssh-6.3.tar.gz) = 8a6ef99ffc80c19e9afe9fe1e857370f6adcf450
- SHA1 (openssh-6.3p1.tar.gz) = 70845ca79474258cab29dbefae13d93e41a83ccb
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.
====================================================================
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=3D3Dyourdomain.com@cygwin.com
If you need more information on unsubscribing, start reading here:
http://sourceware.org/lists.html#unsubscribe-simple
Please read *all* of the information on unsubscribing that is available
starting at this URL.
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat