pkgsrc-changes: CVS commit: pkgsrc/security/ssh2

Subject: CVS commit: pkgsrc/security/ssh2
To: None <pkgsrc-changes@NetBSD.org>
From: Stoned Elipot <seb@netbsd.org>
List: pkgsrc-changes
Date: 03/12/2004 16:40:09
Module Name:	pkgsrc
Committed By:	seb
Date:		Fri Mar 12 16:40:09 UTC 2004

Modified Files:
	pkgsrc/security/ssh2: Makefile.common distinfo

Log Message:
Update to version 3.2.9.1.

While here bl3ify.

Changes since previously packaged version (3.2.5):

2003-12-03  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-3.2.9.1.

	* non-commercial: removed cert hash compat stuff, which broke
	  compilation.

2003-09-26  Sami J. Lehtinen  <sjl@ssh.com>
	* ssh-3.2.9.
	* ssh2,sshd2: (by Patrick Irwin): Critical security fix: fixed
	  several bugs in ASN.1 decoding functionality, which were caused
	  by invalid assumptions on the format of input BER data.
	  Certificates malformed in certain ways could cause a crash or
	  buffer overflow. No known exploits at this time, but you are
	  strongly advised to upgrade.

	  Admins unwilling or unable to upgrade need to disable
	  certificates, but this may not be enough for "hostbased"
	  authentication. "publickey" auth should be safe even with the
	  old version with certificates disabled. Clients are probably
	  vulnerable against malicious servers in the initial key exchange
	  regardless of configuration.

	  Users of noncommercial version are not affected by this
	  vulnerability.

2003-09-25  Sami J. Lehtinen  <sjl@ssh.com>

	* sshd2, ssh2: Implemented DisableVersionFallback, with which you
	  can disable fallback compatibility code for older, or otherwise
	  incompatible versions of software. Don't disable unless you know
	  what you're doing. See sshd2_config(5) for details. For really
	  paranoid people (using this option will probably hurt usability
	  somewhat, especially in environments where multiple versions of
	  SSH are used from different vendors).

	* sshd2, ssh2: Implemented Cert.RSA.Compat.HashScheme. Older SSH
	  Secure Shell clients and servers used hashes in an incoherent
	  manner (sometimes MD5, sometimes SHA-1). With this option, you
	  can set what hash is used. See sshd2_config(5) for details.

	* Previous: ssh-3.2.8.

2003-08-07  Tomi Salo  <ttsalo@ssh.com>

	* Added a new general configuration option, MaxCRLSize. This sets
	  the maximum size for CRLs and CA certs used in validating
	  received certificates. (The size is the total size of all CRLs
	  and certs, not the maximum individual size.)

2003-06-11  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-3.2.7.

	* ssh-signer2: Fixed a bug, which caused the application to
	  intermittently call fatal because the read() operation was
	  interrupted by a signal (SIGCHLD).

2003-06-04  Sami J. Lehtinen  <sjl@ssh.com>

	* ssh-3.2.6.

	* SecurID certified binaries, no code changes.


To generate a diff of this commit:
cvs rdiff -r1.6 -r1.7 pkgsrc/security/ssh2/Makefile.common
cvs rdiff -r1.5 -r1.6 pkgsrc/security/ssh2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.