[mosh-devel] Please test mosh 1.2.1 release candidate

Ryan Steinmetz zi at freebsd.org
Wed May 23 13:21:46 EDT 2012 

All,

FreeBSD users may download a port of the release candidate and test it
as follows:

fetch http://people.freebsd.org/~zi/mosh-devel.shar
sh mosh-devel.shar
cd mosh-devel && make install clean

Please note that if you already have a copy of mosh installed, you
should uninstall it with:

pkg_delete mosh\*


-r

On (05/23/12 12:52), Keith Winstein wrote:
> Hello all,
> 
> Please test the mosh 1.2.1 release candidate before it is released later 
> this week.
> 
>  	https://github.com/downloads/keithw/mosh/mosh-1.2.0.97.tar.gz
> 
> This fixes a number of issues in mosh 1.2, including the ability of evil 
> applications to cause the mosh-server to use a lot of CPU time trying 
> execute a short ANSI escape sequence with a huge "repeat" count. The same 
> sequences can allow a malicious mosh-server to cause the mosh-client to 
> use a lot of CPU time.
> 
> Timo Juhani Lindfors reported this issue to Fedora, which requested a CVE 
> (CVE-2012-2385) on the grounds that it is a denial of service by the 
> application against the mosh-server or by the mosh-server against the 
> mosh-client. We don't generally consider this kind of issue to be security 
> related, since the application is already trusted to decide what it on the 
> screen, and can do things like shut off the keyboard. But it makes for 
> more robust terminal emulation to ignore these gigantic repeat counts 
> rather than getting stuck in a huge loop.
> 
> This release will also:
> 
> * Improve performance on lossy links
> 
> * Give the user a helpful diagnostic when the link is dead in only one
>    direction
> 
> * Use less CPU when link is down (Keegan McAllister)
> 
> * Use less memory when mosh-server is malicious.
> 
> * Fix a vttest regression re: wrapping and tabs.
> 
> * Enable a roundtrip verifier of terminal emulator correctness when
>    the server is verbose.
> 
> * Remove skalibs as a dependency (Keegan McAllister)
> 
> * Remove use of poll() and the OS X poll workaround in favor of
>    pselect(), which we think works everywhere (Keegan McAllister)
> 
> * Include a bash_completion file (ejeffrey)
> 
> * Include a firewall profile for UFW (Fumihito YOSHIDA)
> 
> Please report any feedback to the list or by filing a new issue on GitHub 
> (https://github.com/keithw/mosh/issues).
> 
> Thanks very much,
> Keith
> for the Mosh project
> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel

-- 
Ryan Steinmetz
PGP: EF36 D45A 5CA9 28B1 A550  18CD A43C D111 7AD7 FAF2

More information about the mosh-devel mailing list