===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/43.html,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- www/43.html 2008/03/11 10:39:37 1.32
+++ www/43.html 2008/03/12 12:53:25 1.33
@@ -205,7 +205,90 @@
OpenSSH 4.8:
-- ...
+
- New features:
+
+ - Added
+ chroot(2)
+ support for sshd(8),
+ controlled by a new option
+ "ChrootDirectory". Please refer to
+ sshd_config(5)
+ for details, and
+ please use this feature carefully.
+ - Linked
+ sftp-server(8)
+ into
+ sshd(8). The internal sftp server is
+ used when the command "internal-sftp" is specified in a Subsystem
+ or ForceCommand declaration. When used with ChrootDirectory, the
+ internal sftp server requires no special configuration of files
+ inside the chroot environment. Please refer to
+ sshd_config(5)
+ for more information.
+ - Added a protocol extension method "posix-rename@openssh.com" for
+ sftp-server(8)
+ to perform POSIX atomic rename() operations.
+ - Removed the fixed limit of 100 file handles in
+ sftp-server(8).
+ The server will now dynamically allocate handles up to the number of
+ available file descriptors.
+ - ssh(1)
+ will now skip generation of SSH protocol 1 ephemeral server
+ keys when in inetd mode and protocol 2 connections are negotiated.
+ This speeds up protocol 2 connections to inetd-mode servers that
+ also allow Protocol 1.
+ - Accept the PermitRootLogin directive in a
+ sshd_config(5)
+ Match
+ block. Allows for, e.g. permitting root only from the local
+ network.
+ - Reworked
+ sftp(1)
+ argument splitting and escaping to be more
+ internally consistent (i.e. between sftp commands) and more
+ consistent with
+ sh(1).
+ Please note that this will change the
+ interpretation of some quoted strings, especially those with
+ embedded backslash escape sequences.
+ - Support "Banner=none" in
+ sshd_config(5)
+ to disable sending of a
+ pre-login banner (e.g. in a Match block).
+ - ssh(1)
+ ProxyCommands are now executed with $SHELL rather than
+ /bin/sh.
+ - ssh(1)'s
+ ConnectTimeout option is now applied to both the TCP
+ connection and the SSH banner exchange (previously it just covered
+ the TCP connection). This allows callers of
+ ssh(1)
+ to better detect
+ and deal with stuck servers that accept a TCP connection but don't
+ progress the protocol, and also makes ConnectTimeout useful for
+ connections via a ProxyCommand.
+ - Many new regression tests, including interop tests against PuTTY's
+ plink
+
+ - The following significant bugs have been fixed in this release:
+
+ - SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client
+ keepalive logic, causing disconnections on servers that did not
+ explicitly implement "keepalive@openssh.com".
+ - ssh(1)
+ used the obselete SIG DNS RRtype for host keys in DNS,
+ instead of the current standard RRSIG.
+ - Correctly drain ACKs when a
+ sftp(1)
+ upload write fails midway,
+ avoids a fatal() exit from what should be a recoverable condition.
+ - Fixed packet size advertisements. Previously TCP and agent
+ forwarding incorrectly advertised the channel window size as the
+ packet size, causing fatal errors under some conditions.
+ - Many more bugfixes. Please refer to the
+ Release Notes.
+
+
@@ -649,7 +732,7 @@
alt="OpenBSD">
www@openbsd.org
-$OpenBSD: 43.html,v 1.32 2008/03/11 10:39:37 sobrado Exp $
+$OpenBSD: 43.html,v 1.33 2008/03/12 12:53:25 djm Exp $