This is a maintenance release, fixing the recently discovered file descriptor leak in lsh. I have reviewed the use of all fd:s opened by lshd, and besides the leaks related to the randomness generator, I found one more definite leak (the logfile, when using the --log-file option), and a few other suspicious places. These have been fixed.
News for the 2.0.2 release
Fixed a couple of problems in lshd, where the server process leaks file descriptors to user shells that it starts. These bugs implied a local denial of service hole, at best.
Support for aes256-ctr.
Newer nettle library. Bugfixes and performance improvements for the assembler code, in particular support for sparc64, and Makefile fixes.
Available at:
http://www.lysator.liu.se/~nisse/archive/lsh-2.0.1.tar.gz
This release is also a little special, since I'm away from home (I'm spending a month or too at INRIA in Antibes, France). This has some drawbacks, lsh-wise:
* This release is not signed. My signing keys are on a computer back home, which, for paranoia reasons, doesn't allow any remote logins. That the distribution tar file is located in my web directory at lysator should provide for some level of authenticity, but that isn't of much help if you don't trust unauthenticated network transfers.
If anybody else is feeling trustworthy, and is willing to review the changes since 2.0.1, you can mail me a pgp signature of the distribution file. I'll then check that it matches my copy of the file, and make the signature available.
* I've not had the same time for proper testing as I usually do, in particular, there have been no xenofarm builds. Let me know if there are any problems, and I'll see what I can do. The current code has been compiled on GNU/Linux and Solaris only.
* There might be other glitches, since the distribution isn't generated on the same machine as any other release.
* I'm totally off-line during weekends.
Happy hacking, /Niels