[arch-dev-public] [signoff] openssh 5.0p1
New and improved ssh I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited. Should be in testing for both arches
Aaron Griffin schrieb:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
The vulnerability is not that big: http://www.heise-online.co.uk/news/OpenSSH-developers-up-the-ante-with-versi...
On Tue, Apr 8, 2008 at 2:13 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
Ping. I did find this from Pierre (thanks): http://www.openssh.com/txt/release-4.9 http://www.openssh.com/txt/release-5.0
2008/4/9, Aaron Griffin <aaronmgriffin@gmail.com>:
On Tue, Apr 8, 2008 at 2:13 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
Ping.
I did find this from Pierre (thanks): http://www.openssh.com/txt/release-4.9 http://www.openssh.com/txt/release-5.0
Hmm.. pacman created /etc/ssh/sshd_config.pacnew, but I didn't modify sshd_config, so I wonder why pacman didn't just overwrite it. :-/ -- Roman Kyrylych (Роман Кирилич)
On Thu, Apr 10, 2008 at 9:23 AM, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
Hmm.. pacman created /etc/ssh/sshd_config.pacnew, but I didn't modify sshd_config, so I wonder why pacman didn't just overwrite it. :-/
Could you keep your /etc/ssh/sshd_config file, downgrade openssh to the older version, then check the output of pacman -Qii openssh ? And check the md5sum manually if needed. If it tells you sshd_config is indeed not modified, try upgrading again, using --debug this time, and check the debug output of pacman.
2008/4/9, Aaron Griffin <aaronmgriffin@gmail.com>:
On Tue, Apr 8, 2008 at 2:13 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
Ping.
I did find this from Pierre (thanks): http://www.openssh.com/txt/release-4.9 http://www.openssh.com/txt/release-5.0
Works as usual. Signed off (i686). Moved the discussion of .pacnew issue to pacman-dev. -- Roman Kyrylych (Роман Кирилич)
On Fri, Apr 11, 2008 at 2:53 AM, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
2008/4/9, Aaron Griffin <aaronmgriffin@gmail.com>:
On Tue, Apr 8, 2008 at 2:13 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
Ping.
I did find this from Pierre (thanks): http://www.openssh.com/txt/release-4.9 http://www.openssh.com/txt/release-5.0
Works as usual. Signed off (i686). Moved the discussion of .pacnew issue to pacman-dev.
Still need at least another x86_64 signoff, but I'd like more than that just to be safe.
On Mon, 14 Apr 2008, Aaron Griffin wrote:
On Fri, Apr 11, 2008 at 2:53 AM, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
2008/4/9, Aaron Griffin <aaronmgriffin@gmail.com>:
On Tue, Apr 8, 2008 at 2:13 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
Ping.
I did find this from Pierre (thanks): http://www.openssh.com/txt/release-4.9 http://www.openssh.com/txt/release-5.0
Works as usual. Signed off (i686). Moved the discussion of .pacnew issue to pacman-dev.
Still need at least another x86_64 signoff, but I'd like more than that just to be safe.
I've been using scp for the last few days and it works fine. If that's enough, consider it signed off for x86_64. Otherwise, I could test the ssh client and server tonight. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
On Mon, Apr 14, 2008 at 11:13 AM, Eric Belanger <belanger@astro.umontreal.ca> wrote:
On Mon, 14 Apr 2008, Aaron Griffin wrote:
On Fri, Apr 11, 2008 at 2:53 AM, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
2008/4/9, Aaron Griffin <aaronmgriffin@gmail.com>:
On Tue, Apr 8, 2008 at 2:13 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
Ping.
I did find this from Pierre (thanks): http://www.openssh.com/txt/release-4.9 http://www.openssh.com/txt/release-5.0
Works as usual. Signed off (i686). Moved the discussion of .pacnew issue to pacman-dev.
Still need at least another x86_64 signoff, but I'd like more than that just to be safe.
I've been using scp for the last few days and it works fine. If that's enough, consider it signed off for x86_64. Otherwise, I could test the ssh client and server tonight.
It'd be nice if you can test the server. I don't want it to randomly make remote machines unreachable. 8)
On Mon, 14 Apr 2008, Aaron Griffin wrote:
On Mon, Apr 14, 2008 at 11:13 AM, Eric Belanger <belanger@astro.umontreal.ca> wrote:
On Mon, 14 Apr 2008, Aaron Griffin wrote:
On Fri, Apr 11, 2008 at 2:53 AM, Roman Kyrylych <roman.kyrylych@gmail.com> wrote:
2008/4/9, Aaron Griffin <aaronmgriffin@gmail.com>:
On Tue, Apr 8, 2008 at 2:13 AM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
New and improved ssh
I haven't been able to find a comprehensive upstream change log (busy with devtools/dbscripts changes), but I know this has some large security fixes, and also contains the new-fangled chroot ability. That's right, sshd should not have the ability to chroot users built in. I know I'm excited.
Should be in testing for both arches
Ping.
I did find this from Pierre (thanks): http://www.openssh.com/txt/release-4.9 http://www.openssh.com/txt/release-5.0
Works as usual. Signed off (i686). Moved the discussion of .pacnew issue to pacman-dev.
Still need at least another x86_64 signoff, but I'd like more than that just to be safe.
I've been using scp for the last few days and it works fine. If that's enough, consider it signed off for x86_64. Otherwise, I could test the ssh client and server tonight.
It'd be nice if you can test the server. I don't want it to randomly make remote machines unreachable. 8)
Signing off both arches. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Aaron Griffin schrieb:
Works as usual. Signed off (i686). Moved the discussion of .pacnew issue to pacman-dev.
Still need at least another x86_64 signoff, but I'd like more than that just to be safe.
ssh working fine (I use it all the time), and I received several GB of data with sshd and sftp, so I think I can sign off. If the ssh client would break, you would hear me crying and shouting from Aachen to Chicago anyway.
Am Montag, 14. April 2008 18:17:16 schrieb Aaron Griffin:
Still need at least another x86_64 signoff, but I'd like more than that just to be safe.
signoff for both arches. tested ssh and sshd. -- archlinux.de
participants (6)
-
Aaron Griffin
-
Eric Belanger
-
Pierre Schmitz
-
Roman Kyrylych
-
Thomas Bächler
-
Xavier