One of the reasons we have not installed SSH2 at the 'U of T' is because
of the restrictions which were placed on that particular version. We
didn't have a chance to look at SSH-1.2.28 but if the terms are similar to
the license terms in SSH2, then most likely Universities will not use your
software. I too agree that if there is a new addition to this legal
license, it would be a good idea to let us know about this sort of thing.
Can someone confirm that Universities are still able to use SSH1.2.28 -
legally ?
Many thanks to those that notified us about this major change.
-----Original Message-----
From: Carl J. Nobile [SMTP:[EMAIL PROTECTED]]
Sent: Friday, June 30, 2000 10:49 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: ssh-1.2.28
Hi Atro,
I would assume this also fixes the problem with krb5_xfree() and the
renamed libcrypto.x to libk5crypto.x. I posted a patch for this about 2
weeks ago.
Carl
On 30-Jun-00 Atro Tossavainen wrote:
> Dear Sami,
>
>> We released a new version of ssh1, ssh-1.2.28. This has the latest
>> Kerberos related security fixes.
>
> A few other recent fixes come to mind that should also be there, but
> aren't:
>
> - disallowing access via unsupported ciphers (particularly "none") from
> malicious clients in sshd.c, as discovered and patched by Markus
> Friedl
> in a Dec 1999 post to Bugtraq and forwarded to the ssh list by Jean
> Chouanard on Dec 14, 1999?;
>
> - not hogging syslog file handles (to guard against potential problems
> on large multi-user IRIX machines), as discovered and patched?
> (against 1.2.26!) by James Barlow in February 1999;
>
> - making sure scp's don't miss data at the ends of files; I am sorry
> I can't attribute this change to anybody (please stand up!) and I
> didn't find the patch on any search engines or the list archive
> either, but it's been patched in March 2000, it's a few lines in
> serverloop.c, around line 429, and essentially adds checking for
> file descriptor EOF in two places.
>
> ? <URL:http://www.cs.hut.fi/ssh-archive/messages/991214-211116-6383>
>
> ?
> <URL:http://www.ncsa.uiuc.edu/General/CC/ssh/patch_repository/descriptio
> ns/syslog_open_handle.html>
>
> --
> Atro Tossavainen (Mr.), Systems Analyst, contact info at URL,
> +358-9-19158939
> Institute of Biotechnology, University of Helsinki, Finland
> My opinions may freely be shared by my employers if they want to.
> < URL : http : / / www . iki . fi / atro . tossavainen / >
------------------------------------------------------------------------
E-Mail: Carl J. Nobile <[EMAIL PROTECTED]>
Date: 30-Jun-00 Phone: 315-453-2912 Ex. 5336
Time: 13:16:31 Fax: 315-479-0859
Software Engineering Group -- AppliedTheory Corp.
224 Harrison Street, 6th Floor, Syracuse, NY 13202
------------------------------------------------------------------------
