OpenSSH 7.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Future deprecation notice ======================== We plan on retiring more legacy cryptography in the next release including: * Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits) * Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES. * MD5-based HMAC algorithms will be disabled by default. This list reflects our current intentions, but please check the final release notes for OpenSSH 7.1 when it is released. Changes since OpenSSH 7.0 ======================== This is a bugfix release. Security -------- * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas. Bugfixes -------- * ssh(1), sshd(8): add compatability workarounds for FuTTY * ssh(1), sshd(8): refine compatability workarounds for WinSCP * Fix a number of memory faults (double-free, free of uninitialised memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz Kocielski. Checksums: ========= - SHA1 (openssh-7.1.tar.gz) = 06c1db39f33831fe004726e013b2cf84f1889042 - SHA256 (openssh-7.1.tar.gz) = H7U1se9EoBmhkKi2i7lqpMX9QHdDTsgpu7kd5VZUGSY - SHA1 (openssh-7.1p1.tar.gz) = ed22af19f962262c493fcc6ed8c8826b2761d9b6 - SHA256 (openssh-7.1p1.tar.gz) = /AptLR0GPVxm3/2VJJPQzaJWytIE9oHeD4TvhbKthCg Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available as RELEASE_KEY.asc from the mirror sites. Reporting Bugs: ============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh at openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom.
I'm assuming the "deprecation notice" section should refer to 7.2 now, and not 7.1 ? Mark On Fri, Aug 21, 2015 at 8:11 AM, Damien Miller <djm at cvs.openbsd.org> wrote:> OpenSSH 7.1 has just been released. It will be available from the > mirrors listed at http://www.openssh.com/ shortly. > > OpenSSH is a 100% complete SSH protocol 2.0 implementation and > includes sftp client and server support. OpenSSH also includes > transitional support for the legacy SSH 1.3 and 1.5 protocols > that may be enabled at compile-time. > > Once again, we would like to thank the OpenSSH community for their > continued support of the project, especially those who contributed > code or patches, reported bugs, tested snapshots or donated to the > project. More information on donations may be found at: > http://www.openssh.com/donations.html > > Future deprecation notice > ========================> > We plan on retiring more legacy cryptography in the next release > including: > > * Refusing all RSA keys smaller than 1024 bits (the current minimum > is 768 bits) > > * Several ciphers will be disabled by default: blowfish-cbc, > cast128-cbc, all arcfour variants and the rijndael-cbc aliases > for AES. > > * MD5-based HMAC algorithms will be disabled by default. > > This list reflects our current intentions, but please check the final > release notes for OpenSSH 7.1 when it is released. > > Changes since OpenSSH 7.0 > ========================> > This is a bugfix release. > > Security > -------- > > * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin> prohibit-password/without-password that could, depending on > compile-time configuration, permit password authentication to > root while preventing other forms of authentication. This problem > was reported by Mantas Mikulenas. > > Bugfixes > -------- > > * ssh(1), sshd(8): add compatability workarounds for FuTTY > > * ssh(1), sshd(8): refine compatability workarounds for WinSCP > > * Fix a number of memory faults (double-free, free of uninitialised > memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz > Kocielski. > > Checksums: > =========> > - SHA1 (openssh-7.1.tar.gz) = 06c1db39f33831fe004726e013b2cf84f1889042 > - SHA256 (openssh-7.1.tar.gz) > H7U1se9EoBmhkKi2i7lqpMX9QHdDTsgpu7kd5VZUGSY> > - SHA1 (openssh-7.1p1.tar.gz) = ed22af19f962262c493fcc6ed8c8826b2761d9b6 > - SHA256 (openssh-7.1p1.tar.gz) > /AptLR0GPVxm3/2VJJPQzaJWytIE9oHeD4TvhbKthCg> > Please note that the SHA256 signatures are base64 encoded and not > hexadecimal (which is the default for most checksum tools). The PGP > key used to sign the releases is available as RELEASE_KEY.asc from > the mirror sites. > > Reporting Bugs: > ==============> > - Please read http://www.openssh.com/report.html > Security bugs should be reported directly to openssh at openssh.com > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, > Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and > Ben Lindstrom. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >-- Mark Janssen -- maniac(at)maniac.nl Unix / Linux Open-Source and Internet Consultant Maniac.nl Sig-IO.nl Vps.Stoned-IT.com
It refers to the future.> Am 21.08.2015 um 13:04 schrieb Mark Janssen <maniac.nl at gmail.com>: > > I'm assuming the "deprecation notice" section should refer to 7.2 now, and > not 7.1 ? > > Mark > >> On Fri, Aug 21, 2015 at 8:11 AM, Damien Miller <djm at cvs.openbsd.org> wrote: >> >> OpenSSH 7.1 has just been released. It will be available from the >> mirrors listed at http://www.openssh.com/ shortly. >> >> OpenSSH is a 100% complete SSH protocol 2.0 implementation and >> includes sftp client and server support. OpenSSH also includes >> transitional support for the legacy SSH 1.3 and 1.5 protocols >> that may be enabled at compile-time. >> >> Once again, we would like to thank the OpenSSH community for their >> continued support of the project, especially those who contributed >> code or patches, reported bugs, tested snapshots or donated to the >> project. More information on donations may be found at: >> http://www.openssh.com/donations.html >> >> Future deprecation notice >> ========================>> >> We plan on retiring more legacy cryptography in the next release >> including: >> >> * Refusing all RSA keys smaller than 1024 bits (the current minimum >> is 768 bits) >> >> * Several ciphers will be disabled by default: blowfish-cbc, >> cast128-cbc, all arcfour variants and the rijndael-cbc aliases >> for AES. >> >> * MD5-based HMAC algorithms will be disabled by default. >> >> This list reflects our current intentions, but please check the final >> release notes for OpenSSH 7.1 when it is released. >> >> Changes since OpenSSH 7.0 >> ========================>> >> This is a bugfix release. >> >> Security >> -------- >> >> * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin>> prohibit-password/without-password that could, depending on >> compile-time configuration, permit password authentication to >> root while preventing other forms of authentication. This problem >> was reported by Mantas Mikulenas. >> >> Bugfixes >> -------- >> >> * ssh(1), sshd(8): add compatability workarounds for FuTTY >> >> * ssh(1), sshd(8): refine compatability workarounds for WinSCP >> >> * Fix a number of memory faults (double-free, free of uninitialised >> memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz >> Kocielski. >> >> Checksums: >> =========>> >> - SHA1 (openssh-7.1.tar.gz) = 06c1db39f33831fe004726e013b2cf84f1889042 >> - SHA256 (openssh-7.1.tar.gz) >> H7U1se9EoBmhkKi2i7lqpMX9QHdDTsgpu7kd5VZUGSY>> >> - SHA1 (openssh-7.1p1.tar.gz) = ed22af19f962262c493fcc6ed8c8826b2761d9b6 >> - SHA256 (openssh-7.1p1.tar.gz) >> /AptLR0GPVxm3/2VJJPQzaJWytIE9oHeD4TvhbKthCg>> >> Please note that the SHA256 signatures are base64 encoded and not >> hexadecimal (which is the default for most checksum tools). The PGP >> key used to sign the releases is available as RELEASE_KEY.asc from >> the mirror sites. >> >> Reporting Bugs: >> ==============>> >> - Please read http://www.openssh.com/report.html >> Security bugs should be reported directly to openssh at openssh.com >> >> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, >> Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and >> Ben Lindstrom. >> >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > > -- > Mark Janssen -- maniac(at)maniac.nl > Unix / Linux Open-Source and Internet Consultant > Maniac.nl Sig-IO.nl Vps.Stoned-IT.com > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
yes, that's a typo On Fri, 21 Aug 2015, Mark Janssen wrote:> I'm assuming the "deprecation notice" section should refer to 7.2 now, and > not 7.1 ? > Mark > > On Fri, Aug 21, 2015 at 8:11 AM, Damien Miller <djm at cvs.openbsd.org> wrote: > OpenSSH 7.1 has just been released. It will be available from > the > mirrors listed at http://www.openssh.com/ shortly. > > OpenSSH is a 100% complete SSH protocol 2.0 implementation and > includes sftp client and server support. OpenSSH also includes > transitional support for the legacy SSH 1.3 and 1.5 protocols > that may be enabled at compile-time. > > Once again, we would like to thank the OpenSSH community for > their > continued support of the project, especially those who > contributed > code or patches, reported bugs, tested snapshots or donated to > the > project. More information on donations may be found at: > http://www.openssh.com/donations.html > > Future deprecation notice > ========================> > We plan on retiring more legacy cryptography in the next release > including: > > * Refusing all RSA keys smaller than 1024 bits (the current > minimum > is 768 bits) > > * Several ciphers will be disabled by default: blowfish-cbc, > cast128-cbc, all arcfour variants and the rijndael-cbc > aliases > for AES. > > * MD5-based HMAC algorithms will be disabled by default. > > This list reflects our current intentions, but please check the > final > release notes for OpenSSH 7.1 when it is released. > > Changes since OpenSSH 7.0 > ========================> > This is a bugfix release. > > Security > -------- > > * sshd(8): OpenSSH 7.0 contained a logic error in > PermitRootLogin> prohibit-password/without-password that could, depending on > compile-time configuration, permit password authentication to > root while preventing other forms of authentication. This > problem > was reported by Mantas Mikulenas. > > Bugfixes > -------- > > * ssh(1), sshd(8): add compatability workarounds for FuTTY > > * ssh(1), sshd(8): refine compatability workarounds for WinSCP > > * Fix a number of memory faults (double-free, free of > uninitialised > memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz > Kocielski. > > Checksums: > =========> > - SHA1 (openssh-7.1.tar.gz) > 06c1db39f33831fe004726e013b2cf84f1889042 > - SHA256 (openssh-7.1.tar.gz) > H7U1se9EoBmhkKi2i7lqpMX9QHdDTsgpu7kd5VZUGSY> > - SHA1 (openssh-7.1p1.tar.gz) > ed22af19f962262c493fcc6ed8c8826b2761d9b6 > - SHA256 (openssh-7.1p1.tar.gz) > /AptLR0GPVxm3/2VJJPQzaJWytIE9oHeD4TvhbKthCg> > Please note that the SHA256 signatures are base64 encoded and > not > hexadecimal (which is the default for most checksum tools). The > PGP > key used to sign the releases is available as RELEASE_KEY.asc > from > the mirror sites. > > Reporting Bugs: > ==============> > - Please read http://www.openssh.com/report.html > Security bugs should be reported directly to > openssh at openssh.com > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo > de Raadt, > Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim > Rice and > Ben Lindstrom. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > > > -- > Mark Janssen -- maniac(at)maniac.nl > Unix / Linux Open-Source and Internet Consultant > Maniac.nl Sig-IO.nl Vps.Stoned-IT.com > > >
On Fri, Aug 21, 2015 at 12:11:02AM -0600, Damien Miller wrote:> OpenSSH 7.1 has just been released. It will be available from the > mirrors listed at http://www.openssh.com/ shortly.For those using my TCP Wrapper patch, you can use the 7.0p1 patch against 7.1p1. --mancha -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150828/10731f14/attachment-0001.bin>