From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17190 invoked by alias); 18 Oct 2013 10:41:12 -0000 Mailing-List: contact cygwin-announce-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-announce-owner@cygwin.com Reply-To: The Cygwin Mailing List Mail-Followup-To: cygwin-announce@cygwin.com Received: (qmail 15085 invoked by uid 89); 18 Oct 2013 10:38:45 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.9 required=5.0 tests=AWL,BAYES_50,UNSUBSCRIBE_BODY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Date: Fri, 18 Oct 2013 10:41:00 -0000 From: Corinna Vinschen To: cygwin-announce@cygwin.com Subject: Updated: OpenSSH-6.3p1-1 Message-ID: <20131018103841.GI23477@calimero.vinschen.de> Mail-Followup-To: cygwin-announce@cygwin.com MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-SW-Source: 2013-10/txt/msg00011.txt.bz2 I've just updated the Cygwin version of OpenSSH to 6.3p1-1. The official upstream release message for 6.3p1: ==================================================================== Changes since OpenSSH 6.2 ========================= This release is predominantly a bugfix release: Features: * sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too. Including all relevant information on a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. * ssh(1): add the ability to query which ciphers, MAC algorithms, key types and key exchange methods are supported in the binary. * ssh(1): support ProxyCommand=- to allow support cases where stdin and stdout already point to the proxy. * ssh(1): allow IdentityFile=none * ssh(1)/sshd(8): add -E option to ssh and sshd to append debugging logs to a specified file instead of stderr or syslog. * sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option. * ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives. * sshd(8): add support for submethods to be appended to required authentication methods listed via AuthenticationMethods. Bugfixes: * sshd(8): fix refusal to accept certificate if a key of a different type to the CA key appeared in authorized_keys before the CA key. * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps. * sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108 * ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125 * ssh(1): reset the order in which public keys are tried after partial authentication success. * ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#2120 * ssh(1) and others: avoid confusing error messages in the case of broken system resolver configurations; bz#2122 * ssh(1): set TCP nodelay for connections started with -N; bz#2124 * ssh(1): correct manual for permission requirements on ~/.ssh/config; bz#2078 * ssh(1): fix ControlPersist timeout not triggering in cases where TCP connections have hung. bz#1917 * ssh(1): properly deatch a ControlPersist master from its controlling terminal. * sftp(1): avoid crashes in libedit when it has been compiled with multi- byte character support. bz#1990 * sshd(8): when running sshd -D, close stderr unless we have explicitly requested logging to stderr. bz#1976, * ssh(1): fix incomplete bzero; bz#2100 * sshd(8): log and error and exit if ChrootDirectory is specified and running without root privileges. * Many improvements to the regression test suite. In particular log files are now saved from ssh and sshd after failures. * Fix a number of memory leaks. bz#1967 bz#2096 and others * sshd(8): fix public key authentication when a :style is appended to the requested username. * ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened. bz#2079 Portable OpenSSH: * Major overhaul of contrib/cygwin/README * Fix unaligned accesses in umac.c for strict-alignment architectures. bz#2101 * Enable -Wsizeof-pointer-memaccess if the compiler supports it. bz#2100 * Fix broken incorrect commandline reporting errors. bz#1448 * Only include SHA256 and ECC-based key exchange methods if libcrypto has the required support. * Fix crash in SOCKS5 dynamic forwarding code on strict-alignment architectures. * A number of portability fixes for Android: * Don't try to use lastlog on Android; bz#2111 * Fall back to using openssl's DES_crypt function on platorms that don't have a native crypt() function; bz#2112 * Test for fd_mask, howmany and NFDBITS rather than trying to enumerate the plaforms that don't have them. bz#2085 * Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. bz#2085 * Add a null implementation of endgrent for platforms that don't have it (eg Android) bz#2087 * Support platforms, such as Android, that lack struct passwd.pw_gecos. bz#2086 Checksums: ========== - SHA1 (openssh-6.3.tar.gz) = 8a6ef99ffc80c19e9afe9fe1e857370f6adcf450 - SHA1 (openssh-6.3p1.tar.gz) = 70845ca79474258cab29dbefae13d93e41a83ccb Reporting Bugs: =============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom. ==================================================================== To update your installation, click on the "Install Cygwin now" link on the http://cygwin.com/ web page. This downloads setup.exe to your system. Then, run setup and answer all of the questions. *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=3D3Dyourdomain.com@cygwin.com If you need more information on unsubscribing, start reading here: http://sourceware.org/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL. -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat