Date: Sun, 11 Feb 1996 22:21:27 +0200 From: Tatu Ylonen To: ssh@clinet.fi, ssh-announce@clinet.fi Subject: ssh-1.2.13 now available Ssh-1.2.13 is now available in ftp.cs.hut.fi:/pub/ssh, and should propagate to other ftp sites in a couple of days. A PGP signature is also available. Note that there have been some changes in the server config file (/etc/sshd_config). I recommend running the new sshd with -d the first time to verify that the config file parses ok. It should be safe to enable RhostsRSAAuthentication again after installing this release. This release contains important changes from 1.2.12: - fixes all known security problems - prevents core dumps and attaching with gdb - eliminates problems caused by 1.2.12a emergency fix - prevents user guessing his/her own session key - checks for expired accounts on AIX - runs /etc/sshrc and .ssh/rc with user's shell, not /bin/sh - fixes checking of socket options (e.g. source routing) in canohost.c - eliminated all uid-swapping code - user-owned files now manipulated by a separate process that runs with the user's privileges - copying policy changed (permission now required to sell ssh commercially, use is still permitted for any purpose) - new, much faster make-ssh-known-hosts - new target "hostinstall": generates host key and installs config files. Useful on networked machines with shared binaries. - several minor Makefile fixes - configure: bindir, sbindir, mandir etc. now separately configurable - configure: error if found rsh is actually ssh - ssh falls back to rsh, slogin falls back to rlogin - configure: error if linux with libg.sa missing (gives instructions to fix) - add $(bindir) to default path automatically, so scp will always be found on the remote machine - scp: should no longer corrupt files if copying onto itself - log connection closes and read errors at a lower priority as they are not important events - pty.c: use revoke() if it exists - randoms.c: take data from /dev/random no more often than every 5 minutes (ssh used to exhaust /dev/random) - changes to ssh-askpass - changed ssh -f to wait until all forwardings have been established before forking - elimiminated the rc4 cipher. Added new cipher arcfour, which is believed to be equivalent with rc4. RC4 is a trademark of RSA Data Security. - added a message to limit packet sizes. This will be helpful for Windows clients. - New server config option PidFile. - Recognize -8, but ignore it (ssh connections are always 8-bit clean) - reduced memory usage - improved debugging messages to ease problem solving - documentation changes - fixed problems with OSF/1 C2 security password authentication - ultrix fixes, support for Ultrix enhanced security - no vhangup on MachTen - merged SysVr4 (Solaris) utmp patches - fixed unix-domain X11 display name on HPUX - Cray pty fixes - call setsid also for non-pty logins (BSD 4.4 needs this) - Dynix/ptx: add -linet - SunOS: check for libshadow.a Tatu