Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 121191 - OpenSSH 4.3 has been released
Summary: OpenSSH 4.3 has been released
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo's Team for Core System packages
URL: http://www.mindrot.org/pipermail/open...
Whiteboard:
Keywords:
: 121246 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-02-01 08:50 UTC by Wolfram Schlich (RETIRED)
Modified: 2006-02-07 21:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
openssh-4.3_p1.ebuild (openssh-4.3_p1.ebuild,5.36 KB, text/plain)
2006-02-02 18:02 UTC, SpanKY 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfram Schlich (RETIRED) gentoo-dev 2006-02-01 08:50:11 UTC 
We need an updated ebuild :-)
Comment 1 SpanKY gentoo-dev 2006-02-01 10:23:48 UTC 
not really, the security issue has been fixed in the 4.2p1-r1 ebuild already

i'll throw 4.3 in once we get that ver in stable
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2006-02-01 12:12:47 UTC 
You're wrong there: openssh-4.3 also brings new features (quoted from http://www.mindrot.org/pipermail/openssh-unix-announce/2006-February/000084.html)

I'd really like to test the VPN stuff and give feedback in the forums (or write a howto, we'll see :))


Changes since OpenSSH 4.2:
============================ 

Security bugs resolved in this release:

 * CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
   subshell to perform local to local, and remote to remote copy
   operations. This subshell exposed filenames to shell expansion
   twice; allowing a local attacker to create filenames containing
   shell metacharacters that, if matched by a wildcard, could lead
   to execution of attacker-specified commands with the privilege of
   the user running scp (Bugzilla #1094)

This is primarily a bug-fix release, only one new feature has been
added: 

 * Add support for tunneling arbitrary network packets over a
   connection between an OpenSSH client and server via tun(4) virtual
   network interfaces. This allows the use of OpenSSH (4.3+) to create
   a true VPN between the client and server providing real network
   connectivity at layer 2 or 3. This feature is experimental and is 
   currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and 
   FreeBSD. Other operating systems with tun/tap interface capability 
   may be added in future portable OpenSSH releases. Please refer to 
   the README.tun file in the source distribution for further details
   and usage examples.
Comment 3 SpanKY gentoo-dev 2006-02-01 12:33:26 UTC 
thanks, i can read the NEWS file

my point was that 4.3 is not *needed* since the security fix is already in portage
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-02-02 00:28:57 UTC 
*** Bug 121246 has been marked as a duplicate of this bug. ***
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2006-02-02 01:17:19 UTC 
I just wanted to give complete information, no need to start getting inpolite.
I didn't talk about the security fix, but about new features - I think we just misunderstood each other a bit.

Anyway, thanks for writing the ebuilds :)
Comment 6 SpanKY gentoo-dev 2006-02-02 18:02:48 UTC 
Created attachment 78769 [details]
openssh-4.3_p1.ebuild

for those who are bored
Comment 7 SpanKY gentoo-dev 2006-02-07 21:23:41 UTC 
4.3 in portage now