OpenSSH 5.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We have also recently completed another Internet SSH usage scan, the 
results of which may be found at http://www.openssh.com/usage.html

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

The focus of this release has been on bugfixes as the previous
openssh-5.1 release introduced many new features and made some
invasive changes.

Changes since OpenSSH 5.1
=========================

Security:

 * This release changes the default cipher order to prefer the AES CTR
   modes and the revised "arcfour256" mode to CBC mode ciphers that are
   susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".

 * This release also adds countermeasures to mitigate CPNI-957037-style
   attacks against the SSH protocol's use of CBC-mode ciphers. Upon
   detection of an invalid packet length or Message Authentication
   Code, ssh/sshd will continue reading up to the maximum supported
   packet length rather than immediately terminating the connection.
   This eliminates most of the known differences in behaviour that
   leaked information about the plaintext of injected data which formed
   the basis of this attack. We believe that these attacks are rendered
   infeasible by these changes.

New features:

 * Added a -y option to ssh(1) to force logging to syslog rather than
   stderr, which is useful when running daemonised (ssh -f)

 * The sshd_config(5) ForceCommand directive now accepts commandline
   arguments for the internal-sftp server.

 * The ssh(1) ~C escape commandline now support runtime creation of
   dynamic (-D) port forwards.

 * Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
   (bz#1482)

 * Support remote port forwarding with a listen port of '0'. This
   informs the server that it should dynamically allocate a listen
   port and report it back to the client. (bz#1003)

 * sshd(8) now supports setting PermitEmptyPasswords and
   AllowAgentForwarding in Match blocks

Bug and documentation fixes

 * Repair a ssh(1) crash introduced in openssh-5.1 when the client is
   sent a zero-length banner (bz#1496)

 * Due to interoperability problems with certain
   broken SSH implementations, the eow@openssh.com and
   no-more-sessions@openssh.com protocol extensions are now only sent
   to peers that identify themselves as OpenSSH.

 * Make ssh(1) send the correct channel number for
   SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
   avoid triggering 'Non-public channel' error messages on sshd(8) in
   openssh-5.1.

 * Avoid printing 'Non-public channel' warnings in sshd(8), since the
   ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
   a behaviour introduced in openssh-5.1).

 * Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)

 * Correct fail-on-error behaviour in sftp(1) batchmode for remote
   stat operations. (bz#1541)

 * Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
   connections. (bz#1543)

 * Avoid hang in ssh(1) when attempting to connect to a server that
   has MaxSessions=0 set.

 * Multiple fixes to sshd(8) configuration test (-T) mode

 * Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
   1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540

 * Many manual page improvements.

Checksums:
==========

 - SHA1 (openssh-5.2.tar.gz) = 260074ed466e95f054ac05a4406f613d08575217
 - SHA1 (openssh-5.2p1.tar.gz) = 8273a0237db98179fbdc412207ff8eb14ff3d6de

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We are proud to announce the first stable release of the 2009 Q1
branch of MediaWiki, version 1.14.0.

We are also releasing MediaWiki 1.13.5. This is a maintenance release
which corrects some bugs in the installer, introduced during the hasty
security release of 1.13.4. It is not necessary to upgrade if you do
not intend on using the installer.

Thanks to our localisation community at translatewiki.net, MediaWiki
1.14.0 now has 311,000 localised interface text fragments spread
across 298 languages, that's 17% more than in 1.13.0.

MediaWiki is now using a "continuous integration" development model
with quarterly snapshot releases. The latest development code is
always kept "ready to run", and in fact runs our own sites on Wikipedia.

Release branches will continue to receive security updates for about a
year from first release, but nonessential bugfixes and feature
developments will be made on the development trunk and appear in the
next quarterly release.

Those wishing to use the latest code instead of a branch release can
obtain it from source control:
<http://www.mediawiki.org/wiki/Download_from_SVN>


Upgrade FAQ:
http://www.mediawiki.org/wiki/Manual:FAQ#Upgrading

Full release notes:
<http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_14_0/phase3/RELEASE-NOTES>
<http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_13_5/phase3/RELEASE-NOTES>


**********************************************************************
    MEDIAWIKI 1.14.0
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.0.tar.gz

Patch to previous version (1.14.0rc1), without interface text:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.0.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-i18n-1.14.0.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.0.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.14/mediawiki-1.14.0.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.14/mediawiki-i18n-1.14.0.patch.gz.sig

Public keys:
https://secure.wikimedia.org/keys.html


**********************************************************************
    MEDIAWIKI 1.13.5
**********************************************************************
Download:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.5.tar.gz

Patch to previous version (1.13.4), without interface text:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.5.patch.gz
Interface text changes:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.5.patch.gz

GPG signatures:
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.5.tar.gz.sig
http://download.wikimedia.org/mediawiki/1.13/mediawiki-1.13.5.patch.gz.sig
http://download.wikimedia.org/mediawiki/1.13/mediawiki-i18n-1.13.5.patch.gz.sig

Public keys:
https://secure.wikimedia.org/keys.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmhN3EACgkQ8F4kYQ4+MpMbYQCgmf6RwCUEo9RRw3hfzNz15B+a
MT0An1BqeA6wUOQnIFZJ4mRBjJJw37Gc
=ac1p
-----END PGP SIGNATURE-----


_______________________________________________
MediaWiki announcements mailing list
To unsubscribe, go to: 
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce