From mouse Sat Apr 10 07:28:12 2010 Return-Path: Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id HAA00624; Sat, 10 Apr 2010 07:28:12 -0400 (EDT) From: der Mouse Message-Id: <201004101128.HAA00624@Sparkle.Rodents-Montreal.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. Date: Sat, 10 Apr 2010 07:06:47 -0400 (EDT) To: mouseware Subject: New moussh New FTPable moussh. New in this version: - Bugfix in the agent client code: I was bzero()ing a block of memory using the wrong variable for the length. - Bugfix in the agent client code: when I added deleting keys from stdin, I neglected to initialize a variable, meaning I later passed stack trash to free(). - Added two missing #includes in the agent server code. - The zlib compression code defined nested routines with "static". These are now properly converted to use NESTED. - Bugfix in the client-side keyboard-interactive authentication code, which was double-freeing memory under some circumstances. - hkdb.c had a nested routine defined with "static". Now converted to use NESTED. - The malloc wrapper code, previously used only on SPARCs, is now used on i686 as well; I've turned fences on by default and improved them in that (a) they now use fence patterns somewhat less likely to occur by accident and (b) they now trash the fences when a block should no longer be in use, thereby catching (among other things) double frees. They also detect (and abort() on) recursive calls to the malloc() family of routines. - The server ignores certain signals. Previous versions let child processes, such as user logins, inherit these. This caused problems with programs that expected to get the default behaviour for some such signals; moussh now properly resets them to their defaults for child processes. - stdio-util.c's "read from a string" code now does not support seeks. moussh does not use this, and the code for it is difficult to port to OSes whose fpos_t is not a simple integral type. As some of you may have guessed, these are driven largely off attempts to port to another system - in particular, the Linux someone I know in Ottawa uses (hence the i686 above - NetBSD does not call anything i686, but Linux does). moussh is not yet a painless build on Linux; there are a whole pile of changes involved, of which the above include only the ones I am ready to pull back into the master tree. I'm still thinking about the best way to support systems requiring incompatible changes; once I feel reasonably confident it's stable for the Linux user in question, I'll assemble a Linux-patches file, as an interim measure until I come up with a better way. (Lest anyone be contemplating suggesting autoconf, consider http://ftp.rodents-montreal.org/mouse/blah/2009-11-20-1.html.) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B From mouse Sat Apr 10 22:17:31 2010 Return-Path: Received: (from mouse@localhost) by Sparkle.Rodents-Montreal.ORG (8.8.8/8.8.8) id WAA05474; Sat, 10 Apr 2010 22:17:31 -0400 (EDT) From: der Mouse Message-Id: <201004110217.WAA05474@Sparkle.Rodents-Montreal.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Erik-Conspiracy: There is no Conspiracy - and if there were I wouldn't be part of it anyway. X-Message-Flag: Microsoft: the company who gave us the botnet zombies. Date: Sat, 10 Apr 2010 22:12:16 -0400 (EDT) To: mouseware Subject: New moussh again, sigh I was..too hasty..in letting the latest moussh out. The latest malwrap.c leads to crashes with certain libcs (specifically, those where calloc calls malloc). I'm taking the opportunity to include a few noncritical things. New in 20100410b: - Update documentation to say rodents-montreal.org (rather than rodents.montreal.qc.ca). I'm tempted to do likewise to all the private-use algorithms and such, but that's just begging for interop problems. - Mention the Linux work-in-progress in INSTALL. - Update README: sync its list of flags with reality, and menion that it's relatively likely to be out of date. - Update local-prog to the latest version: fixes a typo, turns off -V by default, and adds -- to the mkdep command line. - Fix the aforementioned bug in malwrap.c, by having calloc call __real_malloc rather than __real_calloc (which can call back to malloc and thus trip the recursion test). /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mouse@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B