Subject: CVS commit: pkgsrc/security/ssh2
To: None <>
From: Stoned Elipot <>
List: pkgsrc-changes
Date: 08/12/2003 19:09:00
Module Name:	pkgsrc
Committed By:	seb
Date:		Tue Aug 12 19:09:00 UTC 2003

Modified Files:
	pkgsrc/security/ssh2: Makefile.common PLIST distinfo
	pkgsrc/security/ssh2/patches: patch-aa patch-ab patch-ac patch-ad
	    patch-ae patch-af patch-ag
Removed Files:
	pkgsrc/security/ssh2/patches: patch-ah

Log Message:
Update to version 3.2.5

Previous versions have a security issue. Please update!

Thanks to gendalia@ for testing.

Changes since version 3.2.2:

2003-05-09  Sami J. Lehtinen  <>

	* ssh-3.2.5.

	* Fixed a critical security bug with RSA signature
	  verification. Mitigating factors: DSA is used by default (not
	  vulnerable). Also, the attack requires that attacker has the
	  public key and the attacker needs to precompute the signature
	  data so, that it looks like a valid PKCS#1 signature. This is a
	  non-trivial task to perform without the private
	  key. Nonetheless, all users should update their servers and
	  clients as soon as convenient. Workarounds are to not use RSA
	  keys as host keys (though connecting to existing hosts with RSA
	  hostkeys poses a serious risk with a vulnerable client), and
	  disabling publickey authentication. Update your clients and

2003-04-22  Sami J. Lehtinen  <>

	* ssh-3.2.4.

	* sshd2: Binary (generated by us) is tagged as a "supported
	  binary" for SecurID. (no actual code changes)

	* Previous: ssh-

2003-02-06  Sami J. Lehtinen  <>

	* sftp2 (etc): Fixed a bug with readline jamming when pressing
	  backspace (etc) on AIX and some other platforms.

2003-01-12  Sami J. Lehtinen  <>

	* ssh-3.2.3.

2003-01-03  Sami J. Lehtinen  <>

	* scp2: Removed broken special handling for SIGHUP, so that
	  "nohup" can again work.

	* ssh2: Check whether we should ignore SIGQUIT, SIGINT, and do so,
	  if necessary. Thanks for J. Schilling for pointing this one out.

	* ssh-add2: Make sure fgets() from pipe to ssh-askpass2 recovers
	  from if interrupted by signal, i.e. SIGCHLD.

	* ssh2 (lib/sshsession/sshtty.c): As entry above, but for tcsetattr().

	* During "make install", use default size of key instead of hardcoded
	  1024 when generating hostkey.

2002-12-18  Sami J. Lehtinen  <>

	* scp2,sftp2: Print progress output to stdout, to make it
	  distinguishable from errors in cron jobs etc.

2002-12-17  Sami J. Lehtinen  <>

	* apps/ssh/sshchsession.c: Fixed a bug which caused sshd2 child
	  server to jam occasionally after logging an event, if nsswitch had
	  been configured to use LDAP.

2002-12-13  Sami J. Lehtinen  <>

	* sshd2: Previous (by Tomi Mickelsson): Fixed a bug where
	  specifying a local forwarding endpoint as an IP-address which was
	  unresolvable would result in a crash.

2002-12-12  Sami J. Lehtinen  <>

	* scp2: Fixed a bug/missing feature from scp2. It now reports
	  information also when run when there is no tty. Also implemented
	  --statistics=[no,yes,simple], where "yes" is old-style, "no" is
	  analogous to "-Q" command-line option, and "simple" is the way
	  the statistics are printed when there is no tty (no intermittent
	  reporting, file size, transfer time and full file name are printed
	  after the transfer for the specific file is finished).

2002-12-11  Sami J. Lehtinen  <>

	* ssh-keygen2: respect "-P" and "-p" options when converting

2002-12-10  Sami J. Lehtinen  <>

	* lib/sshutil/sshcore/sshdebug.c: Fixed a compilation problem
	  manifested on older AIX and debugging enabled (as is default).

	* scp2: You can now specify the newline convention when using the
	  "-a" option. See manual page scp2(1).

2002-11-08  Sami J. Lehtinen  <>

	* Removed ssh-pubkeymgr and ssh-chrootmgr from the distribution
	  (they didn't work too well).

	* apps/ssh/lib/sshproto/trcommon.c: Fixed a crash if hostkey
	  algorithms or kex-methods couldn't be negotiated.

2002-11-05  Sami J. Lehtinen  <>

	* lib/sshapputil/sshuserfile.c: Changed to use
	  lib/sshsession/sigchld.c, instead of using wait() directly. This
	  fixes the bug where the number of connections would slowly rise to
	  the maximum when using MaxConnections and tcp-wrappers (it was a

	* lib/sshsession/sigchld.c: Sigchld now keeps a list of recently
	  exited children. This fixes a race condition, where the child
	  process could exit before the mother process had registered a
	  handler for it.

	* lib/sshsession: Fixed NetBSD 1.6 compilation. Also, NetBSD 1.6
	  supports openpty style ptys, so fixed check to actually detect
	  them on NetBSD. Don't use utmpx on NetBSD, as it doesn't seem to
	  work (at least not in the way we use it).

	* lib/sshsession/sshunixuser.c: Make sure we have room for the
	  NULL pointer in the groups array.

	* ssh2 (ssh1-emulation): Fixed a bug, which in some cases caused
	  an assertion failure later.

2002-10-29  Sami J. Lehtinen  <>

	* configure: Added /usr/X11R6/bin and /usr/X11/bin to search PATH
	  for xauth to ease installation on pristine systems.

2002-10-22  Sami J. Lehtinen  <>

	* lib/sshutil/sshnet/sshtcp.c: (by Tomi Ollila) Fixed a bug with
	  SOCKS handling.

2002-10-01  Sami J. Lehtinen  <>

	* lib/sshutil/sshpacketstream/sshpacketwrapper.c: (by Tomi Kause)
	  Fixed a latent (in ssh2) bug, when writing to the stream from the

	* lib/sshutil/sshnet/sshsocks.c: (by Tomi Ollila) Decode
	  ipv6-mapped-ipv4-addresses when doing SOCKS4, as SOCKS4 only
	  supports plain ipv4-addresses.

	* scp2: Implemented --overwrite, which controls whether to
	  overwrite the destination file(s). Default is "yes",
	  i.e. to overwrite.

	* scp2: Implemented interactive mode, i.e. you can make scp2
	  prompt you whether to overwrite an existing destination
	  file. Works by giving --interactive (-I) on the command-line.

2002-08-15  Sami J. Lehtinen  <>

	* sshd2: Fixed a bug with originator-pat with ForwardACLs.

2002-08-02  Sami J. Lehtinen  <>

	* scp2, sftp2: Fixed a bug, which caused file transfer to stall,
	  if trying to transfer a zero sized file with ascii transfer
	  (newline mangling).

2002-07-21  Sami J. Lehtinen  <>

	* sftp2: Added option "S" and "r" to "ls" (for sorting by size and
	  reversing the sort order, respectively).

	* sftp2: "ls" works much better now. Tab completion understand
	  directories (appends a '/', for easier directory traversal).

	* sftp2, scp2: Extensive rewrite of SshFileCopy, and as a
	  consequence, of both scp2 and sftp2 core functionality.

2002-06-13  Sami J. Lehtinen  <>

	* ssh2: Fixed a bug with one-shot forwarding.

To generate a diff of this commit:
cvs rdiff -r1.4 -r1.5 pkgsrc/security/ssh2/Makefile.common \
cvs rdiff -r1.2 -r1.3 pkgsrc/security/ssh2/PLIST
cvs rdiff -r1.2 -r1.3 pkgsrc/security/ssh2/patches/patch-aa \
    pkgsrc/security/ssh2/patches/patch-ab \
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/security/ssh2/patches/patch-ac \
    pkgsrc/security/ssh2/patches/patch-ad \
cvs rdiff -r1.3 -r1.4 pkgsrc/security/ssh2/patches/patch-af
cvs rdiff -r1.1.1.1 -r0 pkgsrc/security/ssh2/patches/patch-ah

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.