From owner-freebsd-security  Mon Dec 31 22:32:22 2001
Delivered-To: freebsd-security@freebsd.org
Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58])
	by hub.freebsd.org (Postfix) with ESMTP id 7C73C37B422
	for <freebsd-security@FreeBSD.ORG>; Mon, 31 Dec 2001 22:32:10 -0800 (PST)
Received: (from jhay@localhost)
	by zibbi.icomtek.csir.co.za (8.11.6/8.11.6) id g016Va856231;
	Tue, 1 Jan 2002 08:31:36 +0200 (SAT)
	(envelope-from jhay)
From: John Hay <jhay@icomtek.csir.co.za>
Message-Id: <200201010631.g016Va856231@zibbi.icomtek.csir.co.za>
Subject: Re: openssh version
In-Reply-To: <20011231214724.A2275@gohan.cjclark.org> from "Crist J. Clark" at "Dec 31, 2001 09:47:24 pm"
To: cjclark@alum.mit.edu
Date: Tue, 1 Jan 2002 08:31:36 +0200 (SAT)
Cc: randy@psg.com (Randy Bush), freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> On Mon, Dec 31, 2001 at 01:12:50PM -0800, Randy Bush wrote:
> > i did a cvsup of -stable (4.5-prerelease) yesterday.  it seems to have
> > OpenSSH_2.9 as opposed to 3.0.x.  for a number of reasons, this is a bit
> > unsettling.
> 
> What would those reasons be?

I can think of two:

If you check the version number that ours report and then go to the OpenSSH
security page, http://www.openssh.org/security.html, it makes you wonder. I
know at least some of those things were fixed in our tree, but it is
confusing.

There were bug fixes made in the meantime. I have run into one of them, if
you use bitkeeper over ssh it would hang on exit under certain conditions.
The hang would be forever or until you did a "^C". Except it is a little
difficult to press "^C" in a cron script. This was tracked to a problem
fixed in OpenSSH 2.9.9. They now ship with this in their relnotes:

==============================================================================
OpenSSH version 2.9 has a bug which can cause lost EOF errors when used as
a BitKeeper transport, especially over slow links.  We've confirmed that
the problem has been fixed as of version 2.9.9; get an update at
http://www.openssh.com/portable.html
==============================================================================

My solution is to use the ports version. Maybe we should remove the in-tree
version and just get sysinstall to install the ports version by default? Or
otherwise maybe get the guy that maintain the ports version to also do the
in-tree version? He seems quite quick in updating the ports version.

John
-- 
John Hay -- John.Hay@icomtek.csir.co.za

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message