This is a development release, and the first for quite a while. Most of the changes are for making lsh and lshd more robust.
Proof-reading of lsh_string.c is encouraged. As far as practical, all code that writes into strings and buffers, and thus is potentially subject to buffer overruns like the one we had September last year, have been moved into this file. This change is in line with the advice of Bennett Todd and Timo Sirainen, as described in message 20030919132619.GD544@rahul.net, 19 Sep 2003.
News for the 1.5.4 release
Added logging of tcpip-forward requests.
Includes nettle-1.9, which have had some portability fixes and optimizations. In particular, arcfour on x86 should be much faster. Implemented flow control on the raw ssh connection. Enforce limits on the amount of buffered data waiting to be written to the socket.
Moved all destructive string operations to a separate file lsh_string.c, which has exclusive rights of accessing string internals. Should make the code more robust, as buffer size and index calculations elsewhere in the code should hit an assert in lsh_string.c before doing damage.
Some general simplification and cleanup of the code.
Available at
http://www.lysator.liu.se/~nisse/archive/lsh-1.5.4.tar.gz ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-1.5.4.tar.gz
Happy hacking, /Niels