Subject: CVS commit: pkgsrc/security/openssh
To: None <pkgsrc-changes@NetBSD.org>
From: Jan Schaumann <jschauma@netbsd.org>
List: pkgsrc-changes
Date: 09/23/2003 17:52:36
Module Name:	pkgsrc
Committed By:	jschauma
Date:		Tue Sep 23 17:52:35 UTC 2003

Modified Files:
	pkgsrc/security/openssh: Makefile distinfo
	pkgsrc/security/openssh/patches: patch-aa
Removed Files:
	pkgsrc/security/openssh/patches: patch-ai

Log Message:
Update to 3.7.1p2:
Most important chcanges: security relevant bug fixes in new PAM authentication code

Changes since OpenSSH 3.7.1p1:
==============================

* This release disables PAM by default. To enable it, set "UsePAM yes" in
  sshd_config. Due to complexity, inconsistencies in the specification and
  differences between vendors' PAM implementations we recommend that PAM
  be left disabled in sshd_config unless there is a need for its use.
  Sites using only public key or simple password authentication usually
  have little need to enable PAM support.

* This release now requires zlib 1.1.4 to build correctly. Previous
  versions have security problems.

* Fix compilation for versions of OpenSSL before 0.9.6. Some cipher modes
  are not supported for older OpenSSL versions.

* Fix compilation problems on systems with a missing or lacking inet_ntoa()
  function.

* Workaround problems related to unimplemented or broken setresuid/setreuid
  functions on several platforms.

* Fix compilation on older OpenBSD systems.

* Fix handling of password-less authentication (PermitEmptyPasswords=yes)
  that has not worked since the 3.7p1 release.


To generate a diff of this commit:
cvs rdiff -r1.114 -r1.115 pkgsrc/security/openssh/Makefile
cvs rdiff -r1.28 -r1.29 pkgsrc/security/openssh/distinfo
cvs rdiff -r1.29 -r1.30 pkgsrc/security/openssh/patches/patch-aa
cvs rdiff -r1.4 -r0 pkgsrc/security/openssh/patches/patch-ai

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.