#2499 closed task (fixed)
OpenSSH-5.1p1
| Reported by: | Randy McMurchy | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Version increment to 4.9p1
http://openssh.org/portable.html
I *briefly* read through the changes and didn't see anything for security other than some enhancements for the program. I didn't see security fixes.
Not sure if this can wait until after 6.3.
Need some input from others. I would like to postpone until after 6.3, but it's been 6 months since a release.
Change History (9)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
I just had a quick look at http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openssh - for the specified versions, latest is "before 4.7" so I see no reason to upgrade this in 6.3.
comment:4 by , 16 years ago
| Summary: | OpenSSH-4.9p1 → OpenSSH-5.0p1 |
|---|
Version increment to 5.0p1
Also, I think the book's instructions should be revised in several places:
1.The net-tools and sysstat packages should be moved to a separate section of dependencies (along with adding the JDK to this list as well) which point out that the tools in these packages are only used to gather entropy, and aren't used for anythin else.
- The word 'startup' should be changed to 'start up'.
- The sed for the Heimdal support can be removed, but a note
in the command section needs to be added which shows that you must include Heimdal on the configure command by including the path to the installed krb5-config program. (--with-kerberos5=/usr)
- I'm not real keen with how we present to add an 'scp'
command to the installation to run the test suite. I'd like it if we did a better check for an existing one, and instead of copying scp to /usr/bin, I'd like to symlink in /usr/bin which points to the scp in the build tree. Additionally, I think we should only provide text about this, and not actual commands. I feel it is too intrusive to be modifying the reader's setup (removing files) in /usr/bin just to run one of many tests.
- Though I didn't say anything at the time we added it, I
really don't care for the xauth line in our configure command. Nowhere else do we add something to configure for an identified dependency that isn't installed. Additionally, I'd bet most first time readers don't even know what 'xauth' is or what how it gets installed. The command explanation section needs to be more clear about this. I'd like to see this configure switch removed from the default configure, and moved into just the 'command explanations' section.
- The installed directories list needs to be updated to
(at a minimum) include the /usr/lib/ssh directory.
comment:5 by , 16 years ago
| Milestone: | future → 6.4 |
|---|---|
| Summary: | OpenSSH-5.0p1 → OpenSSH-5.1p1 |
Version increment to 5.1p1
comment:6 by , 15 years ago
The string in the book needs to be fixed:
Additionally, the testsuite requires an installed copy of scp to complete the >> mulitplexing << tests. To run the test suite, issue the following >> commnds << as the root user:
comment:7 by , 15 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
IMO, punt it. I think most people err on the conservative side for ssh.