Subject: Re: openssh and login_cap(3)
To: Chris Jones <chris@cjones.org>
From: None <itojun@iijlab.net>
List: tech-security
Date: 02/15/2001 01:58:51
>> openssh shipped with 1.5 (/usr/sbin/sshd) has the fix to
>> http://razor.bindview.com/publish/advisories/adv_ssh1crc.html.
>> the version number seems to older than the advisory, but
>> the fix is there.
>Excellent. But our users don't know that, because we haven't made any
>announcement (unless I missed it).
we are working on it. sorry for delays, please hold.
>If there are new features (or especially bug fixes) in pkgsrc openssh
>(2.3) that aren't in 1.5's openssh (2.2), then we should make sure
>that pkgsrc openssh can install on a 1.5 system.
(i think i have wrote similar item couple of times)
current situation is like this:
current: 2.3.2 as of 2/14
1.5: 2.2.0 with patch against razor advisory
pkgsrc/security/openssh: portable openssh 2.3.0p1
pkgsrc/security/ssh: ssh.com ssh 1.2.27 + patch against razor advisory
i've requested a pullup from current to 1.5 branch.
>If there are no such new features, then pkgsrc openssh should refuse
>to install on a 1.5 system, and it should give a clear explanation of
>why, to avoid confusion.
i'm not sure about this. pkgsrc/security/openssh uses portable openssh
distribution. usr.bin/ssh uses non-portable (original from openbsd).
i can think of people who wants to install pkgsrc version for some
reason.
itojun