Mailing-List: contact cygwin-announce-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-announce-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-announce/>
List-Post: <mailto:cygwin-announce AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-announce-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-announce-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin-announce AT sources DOT redhat DOT com
Delivered-To: moderator for cygwin-announce AT sources DOT redhat DOT com
Date: Mon, 26 Mar 2001 12:18:23 +0200
From: Corinna Vinschen <vinschen AT redhat DOT com>
To: cygann <cygwin-announce AT cygwin DOT com>
Subject: Updated: OpenSSH-2.5.2p2-1
Message-ID: <20010326121823.A1688@cygbert.vinschen.de>
Reply-To: cygwin <cygwin AT cygwin DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i

I've updated the version of OpenSSH in cygwin/latest to 2.5.2p2-1.

This version adds the following:

Security related changes:
        Improved countermeasure against "Passive Analysis of SSH
        (Secure Shell) Traffic"
        http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt

        The countermeasures introduced in earlier OpenSSH-2.5.x versions
        caused interoperability problems with some other implementations.   

        Improved countermeasure against "SSH protocol 1.5 session
        key recovery vulnerability"
        http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm  

New options:
        permitopen authorized_keys option to restrict portforwarding.

        PreferredAuthentications allows client to specify the order in which
        authentication methods are tried.

Sftp:
        sftp client supports globbing (get *, put *).

        Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).

        Batch file (-b) support for automated transfers

Performance:
        Speedup DH exchange. OpenSSH should now be significantly faster when
        connecting use SSH protocol 2.

        Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
        much faster throughput in a well scrutinised cipher.

Bugfixes:
        stderr handling fixes in SSH protocol 2.

        Improved interoperability.

Client:
        The client no longer asks for the the passphrase if the key
        will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)

Miscellaneous:
        scp should now work for files > 2GB

        ssh-keygen can now generate fingerprints in the "bubble babble"
        format for exchanging fingerprints with SSH.COM's SSH protocol 2
        implementation.

Portable version:
        Better support for the PRNGd[1] entropy collection daemon. The
        --with-egd-pool configure option has been deprecated in favour
        of --with-prngd-socket and the new --with-prngd-port options. 
        The latter allows collection of entropy from a localhost
        socket.

        configure ensures that scp is in the $PATH set by the server
        (unless a custom path is specified).

There's still a Cygwin specific bug left. If you have a running
scp session to an Cygwin sshd server and you brake the scp by
Ctrl-C, the `scp' on the Windows server side will remain in memory,
doing nothing. It has to be killed explicitely. Hints or fixes
welcome.

===================================================================
PLEASE READ THE README FILE: /usr/doc/Cygwin/openssh-2.5.2p2.README
===================================================================

The mirror sites will get this version at least tomorrow.
 
To update your installation, click on the "Install Cygwin now" link on
the http://sources.redhat.com/cygwin web page.  This downloads setup.exe
to your system.

Run setup and answer all of the questions.  PLEASE, PLEASE, PLEASE
choose a mirror site for your download.  The 'sources.redhat.com' site
is badly overloaded.

Note that if this is the first time that you've run the new GUI version
of setup, it will currently download the whole cygwin net release again.
After this point it will only download what is needed.

If you have questions or comments, please send them to the Cygwin
mailing list at:  cygwin AT sources DOT redhat DOT com .  I would appreciate
if you would use this mailing list rather than emailing me directly.
This includes ideas and comments about the setup utility or Cygwin
in general.

If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe to the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.