HP-UX Secure Shell A.05.10.006,A.05.10.007, and A.05.10.008 Release Notes HP-UX 11i v1, 11i v2, and 11i v3
Table 1-2 Defects Fixed in OpenSSH5.1p1 (continued)
Defect FixDefect Identifier
https://bugzilla.mindrot.org/show_bug.cgi?id=1432
Background Information: Fix MaxAuthTries tests to disallow a free authentication
try to clients that skipped the protocol 2 "none" authentication method.
Bugzilla #1432
https://bugzilla.mindrot.org/show_bug.cgi?id=1433
Background Information: Ensure that sshd(8)'s umask disallows at least group and
world write, even if a more permissive one has been inherited.
Bugzilla #1433
https://bugzilla.mindrot.org/show_bug.cgi?id=1443
Background Information: ssh(1) and sshd(8) now send terminate protocol banners
with CR+LF for protocol 2 to comply with RFC 4253. Previously they were terminated
with CR alone. Protocol 1 banners remain CR terminated
Bugzilla #1443
https://bugzilla.mindrot.org/show_bug.cgi?id=1447
Background Information: Fall back to racy rename if link returns EXDEV. Modern
versions of OpenSSH do not allow users to rename files in AFS across directories.
Since OpenAFS only allows hard links in the parent directory, you can rename in the
same directory but not across directory boundaries.
Bugzilla #1447
https://bugzilla.mindrot.org/show_bug.cgi?id=1461
Background Information: Suppress the warning message from sshd(8) when changing
to a non-existent user home directory after chrooting.
Bugzilla #1461
https://bugzilla.mindrot.org/show_bug.cgi?id=1462
Background Information: Fix an UMAC alignment problem that manifested on Itanium
platforms.
Bugzilla #1462
https://bugzilla.mindrot.org/show_bug.cgi?id=1463
Background Information: Avoid a sshd(8) hang-on-exit caused by depending on the
success of isatty() on a PTY master (undefined behaviour). Nohupping a process will
not allow user to disconnect with SSH.
Bugzilla #1463
https://bugzilla.mindrot.org/show_bug.cgi?id=1465
Background Information: Fix protocol keepalive timeouts - in some cases, keepalive
packets were being sent, but the connection was not being closed when the limit for
missing replies was exceeded.
Bugzilla #1465
https://bugzilla.mindrot.org/show_bug.cgi?id=1466
Background Information: Mention that scp(1) follows symlinks when performing
recursive copies.
Bugzilla #1466
https://bugzilla.mindrot.org/show_bug.cgi?id=1467
Background Information: Explicitly handle EWOULDBLOCK wherever we handle
EAGAIN, on some platforms (HP nonstop) it is a distinct errno.
Bugzilla #1467
https://bugzilla.mindrot.org/show_bug.cgi?id=1488
Background Information: The sftp-server(8) manual now describes the requirements
for transfer logging in chroot environments.
Bugzilla #1488
ssh(1) now reports multiplexing errors via the multiplex slave's stderr where possible (subject to LogLevel in the
mux master).
Background Information: For the previous OpenSSH versions, if requesting multiplex channels failed, it did nothing
but silently failed. OpenSSH5.1 onwards it will report errors subject to the LogLevel in the mux master.
ssh(1) will now exit with a non-zero exit status if ExitOnForwardFailure was set and forwardings were disabled
due to a failed host key check.
Background Information: Since OpenSSH5.1, if host key changes, ssh adds the code to deal with the situation that
ExitOnForwardFailure was set and forwarding was disabled.
sshd(8) has been audited to eliminate fd leaks and calls to fatal() in conditions of file descriptor exhaustion.
Background Information: Since OpenSSH5.1, audit sshd ensures that it does not leak fds on error paths, and make
it fail gracefully on out-of-fd conditions, sending channel errors instead of exiting with fatal().
OpenSSH 5.1p1 also includes fixes for some security vulnerabilities.
For more information on these defect fixes, see the Bugzilla Website at: http://bugzilla.mindrot.org.
8 HP-UX Secure Shell A.05.10.006, A.05.10.007, and A.05.10.008