Mailing-List: contact cygwin-announce-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-announce-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-announce/>
List-Post: <mailto:cygwin-announce AT cygwin DOT com>
List-Help: <mailto:cygwin-announce-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-announce-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-announce AT cygwin DOT com
Delivered-To: moderator for cygwin-announce AT cygwin DOT com
Date: Sat, 22 Jun 2002 15:17:29 +0200
From: Corinna Vinschen <vinschen AT redhat DOT com>
To: cygann <cygwin-announce AT cygwin DOT com>
Subject: Updated: OpenSSH-3.3p1-1
Message-ID: <20020622151729.Q22705@cygbert.vinschen.de>
Reply-To: cygwin <cygwin AT cygwin DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.22.1i

I've updated the version of OpenSSH to 3.3p1-1.

This is a official bug fix release. 

Important note for Cygwin:
====================================================================
This release introduces privilege separation (see official release
message below) as default setting.  Since privilege separation requires
the OS to be able to transmit file descriptors via sendmsg(2)/recvmsg(2),
this doesn't work in current Cygwin releases.  However, in Cygwin the
/etc/sshd_config file must contain the following line to let sshd work:

  UsePrivilegeSeparation no

I added a postinstall script which adds this line to /etc/sshd_config
so you should find this line after installing OpenSSH-3.3p1 using
setup.exe. 

*** Obviously this requires that the installing user has write
    permission on /etc/sshd_config ***

I suggest to *check* after installation, that this line has been
added correctly to /etc/sshd_config.

Questions as usual to mailto:cygwin AT cygwin DOT com
====================================================================


Official Release Message:
====================================================================
OpenSSH 3.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support and encouragement.


Changes since OpenSSH 3.2.3:
============================

Security Changes:
=================

- improved support for privilege separation:

        privilege separation is now enabled by default

  See UsePrivilegeSeparation in sshd_config(5)
  and http://www.citi.umich.edu/u/provos/ssh/privsep.html for more
  information.
- ssh no longer needs to be installed setuid root for protocol   
  version 2 hostbased authentication, see ssh-keysign(8).
  protocol version 1 rhosts-rsa authentication still requires privileges
  and is not recommended.

Other Changes:
==============

- documentation for the client and server configuration options have
  been moved to ssh_config(5) and sshd_config(5).
- the server now supports the Compression option, see sshd_config(5).
- the client options RhostsRSAAuthentication and RhostsAuthentication now
  default to no, see ssh_config(5).
- the client options FallBackToRsh and UseRsh are deprecated.
- ssh-agent now supports locking and timeouts for keys, see ssh-add(1).
- ssh-agent can now bind to unix-domain sockets given on the command line,
  see ssh-agent(1).
- fixes problems with valid RSA signatures from putty clients.

Reporting Bugs:
===============

- please read http://www.openssh.com/report.html  
  and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.
====================================================================

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/cygwin web page.  This downloads setup.exe
to your system.  The, run setup and answer all of the questions.

Note that we do not allow downloads from sources.redhat.com (aka
cygwin.com) due to bandwidth limitations.  This means that you will need
to find a mirror which has this update.

In the US, ftp://mirrors.rcn.net/mirrors/sources.redhat.com/cygwin/ is a
reliable high bandwidth connection.

In Germany,
ftp://ftp.uni-erlangen.de/pub/pc/gnuwin32/cygwin/mirrors/cygnus/ is
usually pretty good.

In the UK,
http://programming.ccp14.ac.uk/ftp-mirror/programming/cygwin/pub/cygwin/
is usually up-to-date within 48 hours.

If one of the above doesn't have the latest version of this package then
you can either wait for the site to be updated or find another mirror.

If you have questions or comments, please send them to the Cygwin
mailing list at:  cygwin AT sources DOT redhat DOT com .  I would appreciate
if you would use this mailing list rather than emailing me directly.
This includes ideas and comments about the setup utility or Cygwin
in general.

If you want to make a point or ask a question the Cygwin mailing list is
the appropriate place.

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe to the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.