Re: Call for release testing
This is a discussion on Re: Call for release testing within the OpenSSH Development forums, part of the Networking and Network Related category; On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote: > Hi, > > We would like ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-23-2005
|
|||
|
|||
Re: Call for release testing
On Mon, Aug 22, 2005 at 08:41:01PM +1000, Damien Miller wrote:
> Hi, > > We would like to make one of our periodic releases shortly, so once > again we are asking for readers of this list (or anyone else) to > download and test a CVS snapshot of OpenSSH on your favourite > platforms. > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable snapshots are available the mirrors listed at > http://www.openssh.com/portable.html#ftp in the snapshots/ > subdirectory > > Please test! Running the regression tests supplied with Portable does > not require installation and is a simply: > > $ ./configure && make tests > > Testing on suitable non-production systems is also appreciated. Please > send reports of success or failure to openssh-unix-dev@mindrot.org. > > Also, OpenSSH Portable has a (completely voluntary) configuration > survey. It will collect information about the platform and the > options OpenSSH was configured with and mail it to an archive. We > tried to be careful not to collect anything that might be considered > sensitive, however if anyone has any issues with the data collected > then please let us know). > > The raw data will be available only to the development team, however > we may publish summary data at some point in the future. This data > will help us to better support your platforms. > > You can view the data that is collected by running "make survey" and > looking at the file "survey" in the build dir. The data is not sent > until you explicitly request it ("make send-survey"). If you have any > doubts at all then ask us (or just don't send it). > > Some of the changes in the coming release include: > > - Add a new compression method that delays the start of zlib > compression until the user has been authenticated successfully. The > new method "Compression=delayed" is on by default in the server. > This eliminates the risk of another zlib vulnerability leading to > a compromise of the server by a user without authentication > credentials. > > NB. Older OpenSSH (<3.5) version have a bug which will cause them > to refuse to connect to any server that does not offer compression > when the client has compression requested. Since the new "delayed" > server mode isn't supported by these older clients, they will > refuse to connect to a new server unless compression is disabled > (on the client end) or the original compression method is enabled > on the server ("Compression=yes" in sshd_config) > > - Another round of proactive changes for signed vs unsigned integer > bugs has been completed, including changing the atomicio() API to > encourage safer programming. As a result of these changes, OpenSSH > is now "gcc -Wsign-compare" clean on most platforms. > > - Added support for the improved arcfour cipher modes from > draft-harris-ssh-arcfour-fixes-02. The improves the cipher's > resistance to a number of attacks by discarding early keystream > output. > > - Increase the default size of new RSA/DSA keys generated by > ssh-keygen from 1024 to 2048 bits. > > - Many bugfixes and improvements to connection multiplexing, > including: > > - Added ControlMaster=auto/autoask options to support opportunistic > multiplexing (see the ssh_config(5) manpage for details). > > - The client will now gracefully fallback to starting a new TCP > connection if it cannot connect to a specified multiplexing > control socket > > - Added %h (target hostname), %p (target port) and %r (remote > username) expansion sequences to ControlPath. Also allow > ControlPath=none to disable connection multiplexing. > > - Implemented support for X11 and agent forwarding over multiplexed > connections. Because of protocol limitations, the slave > connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather > than distinctly forwarding their own. > > - The following bugs from http://bugzilla.mindrot.org/ were closed: > > #1025 - Correctly handle disabled special character in ttymodes > #1054 - Don't terminate connection on getpeername() failure > #1046 - AIX 5.3 Garbage on Login > #623 - Don't use $HOME in manpages > #829 - Don't allocate a tty if -n option is set > #471 - Misleading error message if /dev/tty perms wrong > #1033 - Fix compile-time warnings > > - Lots of other improvements and fixes. Please refer to the ChangeLog > for details > > Thanks to everyone who has contributed patches, problem or test reports. > > Regards, > Damien Miller Damien, BSD/OS 4.3.1 and FreeBSD 4.X running current Zlib and Opensll 0.9.8a are all doing fine thank you. -- Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
