0.48 progress

--HG-- extra : convert_revision : 23abf9a27f91b8191c12b24a8b2557e5e8750c21
mkj · Mar 9, 2006 · 94b28e4 · 94b28e4
1 parent 9368e4d
commit 94b28e4
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 10,824 deletions.
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,26 @@
+0.48 - 
+
+- Check that the circular buffer is properly empty before
+  closing a channel, which could cause truncated transfers
+  (thanks to Tomas Vanek for helping track it down)
+
+- Implement per-IP pre-authentication connection limits 
+  (after some poking from Pablo Fernandez)
+
+- Exit gracefully if trying to connect to as SSH v1 server 
+  (reported by Rushi Lala)
+
+- Only read /dev/random once at startup when in non-inetd mode
+
+- Allow ctrl-c to close a dbclient password prompt (may
+  still have to press enter on some platforms)
+
+- Merged in uClinux patch for inetd mode
+
+- Updated to scp from OpenSSH 4.3p2 - fixes a security issue
+  where use of system() could cause users to execute arbitrary
+  code through malformed filenames, ref CVE-2006-0225
+
 0.47 - Thurs Dec 8 2005
 
 - SECURITY: fix for buffer allocation error in server code, could potentially

diff --git a/README b/README
@@ -25,7 +25,7 @@ the key entries in that file. They should be of the form:
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
 
 You must make sure that ~/.ssh, and the key file, are only writable by the
-user.
+user. Beware of editors that split the key into multiple lines.
 
 NOTE: Dropbear ignores authorized_keys options such as those described in the
 OpenSSH sshd manpage, and will not allow a login for these keys. 

diff --git a/TODO b/TODO
@@ -6,16 +6,13 @@ Things which might need doing:
 
 - Make options.h generated from configure perhaps?
 
-- Improved queueing of unauthed connections
-
 - handle /etc/environment in AIX
 
 - check that there aren't timing issues with valid/invalid user authentication
   feedback.
 
 - Binding to different interfaces
 
-- check PRNG
 - CTR mode
 - SSH_MSG_IGNORE sending to improve CBC security
 - DH Group Exchange possibly, or just add group14 (whatever it's called today)