===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/47.html,v
retrieving revision 1.20
retrieving revision 1.21
diff -c -r1.20 -r1.21
*** www/47.html 2010/03/08 22:25:35 1.20
--- www/47.html 2010/03/08 22:28:40 1.21
***************
*** 205,211 ****
OpenSSH 5.4:
--- 205,339 ----
OpenSSH 5.4:
! - New features:
!
! - SSH protocol 1 is disabled by default.
!
- Remove the libsectok/OpenSC-based smartcard code and add support
! for PKCS#11 tokens.
!
- Add support for certificate authentication of users and hosts using
! a new, minimal OpenSSH certificate format (not X.509).
!
- Added a 'netcat mode' to
! ssh(1).
!
- Add the ability to revoke keys in
! sshd(8)
! and
! ssh(1).
!
- Rewrite the
! ssh(1)
! multiplexing support to support non-blocking operation of the mux
! master.
!
- Add a 'read-only' mode to
! sftp-server(8)
! that disables open in write mode and all other fs-modifying
! protocol methods. (bz#430)
!
- Allow setting an explicit umask on the
! sftp-server(8)
! commandline to override whatever default the user has. (bz#1229)
!
- Many improvements to the
! sftp(1)
! client.
!
- New RSA keys will be generated with a public exponent of
! RSA_F4 == (2**16)+1 == 65537 instead of the previous value 35.
!
- Passphrase-protected SSH protocol 2 private keys are now protected
! with AES-128 instead of 3DES.
!
! - The following significant bugs have been fixed in this release:
!
! - Fixed a minor information leak of environment variables specified
! in authorized_keys if an attacker happens to know the public key
! in use.
!
- When using ChrootDirectory, make sure we test for the
! existence of the user's shell inside the chroot and not outside.
! (bz#1679)
!
- Cache user and group name lookups in sftp-server using
! user_from_[ug]id(3)
! to improve performance on hosts where these operations are slow.
! (bz#1495)
!
- Fix problem that prevented passphrase reading from being
! interrupted in some circumstances. (bz#1590)
!
- Ignore and log any Protocol 1 keys where the claimed size is not
! equal to the actual size.
!
- Make HostBased authentication work with a
! ProxyCommand. (bz#1569)
!
- Avoid run-time failures when specifying hostkeys via a relative
! path by prepending the current working directory in these cases.
! (bz#1290)
!
- Do not prompt for a passphrase if we fail to open a keyfile, and
! log the reason why the open failed to debug. (bz#1693)
!
- Document that the PubkeyAuthentication directive is
! allowed in a
! sshd_config(5)
! Match block. (bz#1577)
!
- When converting keys, truncate key comments at 72 chars as per
! RFC4716. (bz#1630)
!
- Do not allow logins if /etc/nologin exists but is not
! readable by the user logging in.
!
- Output a debug log if
! sshd(8)
! can't open an existing authorized_keys. (bz#1694)
!
- Quell
! tc[gs]etattr(3)
! warnings when forcing a tty (ssh -tt), since we usually don't
! actually have a tty to read/set. (bz#1686)
!
- Prevent
! sftp(1)
! from crashing when given a "-" without a command; also, allow
! whitespace to follow a "-". (bz#1691)
!
- After
! sshd(8)
! receives a SIGHUP, ignore subsequent HUPs while
! sshd(8)
! re-execs itself; prevents two HUPs in quick succession from
! resulting in
! sshd(8)
! dying. (bz#1692)
!
- Clarify in
! sshd_config(5)
! that StrictModes does not apply to
! ChrootDirectory; permissions and ownership are always
! checked when chrooting. (bz#1532)
!
- Set close-on-exec on various descriptors so they don't get leaked
! to child processes. (bz#1643)
!
- Fix very rare race condition in x11/agent channel allocation
!
- Fix incorrect exit status when multiplexing and channel ID 0 is
! recycled. (bz#1570)
!
- Fail with an error when an attempt is made to connect to a server
! with ForceCommand=internal-sftp with a shell session.
! (bz#1606)
!
- Warn but do not fail if
! stat(2)ing
! the subsystem binary fails. (bz#1599)
!
- Change "Connecting to host..." message to "Connected to host."
! and delay it until after the sftp protocol connection has been
! established. (bz#1588)
!
- Use the HostKeyAlias rather than the hostname specified
! on the commandline when prompting for passwords. (bz#1039)
!
- Correct off-by-one in percent_expand(). (bz#1607)
!
- Fix passing of empty options from
! scp(1)
! and
! sftp(1)
! to the underlying
! ssh(1);
! also add support for the stop option "--".
!
- Fix an incorrect magic number and typo in PROTOCOL. (bz#1688)
!
- Don't escape backslashes when displaying the SSH2 banner. (bz#1533)
!
- Don't unnecessarily dup() the in and out fds for
! sftp-server(8).
! (bz#1566)
!
- Force use of the correct hash function for random-art signature
! display. (bz#1611)
!
- Do not fall back to adding keys without constraints when the agent
! refuses the constrained add request. (bz#1612)
!
- Fix a race condition in
! ssh-agent(1)
! that could result in a wedged or spinning agent. (bz#1633)
!
- Flush stdio before exec() to ensure that everying has made it out
! before the streams go away. (bz#1596)
!
- Set FD_CLOEXEC on in/out sockets in
! sshd(8).
! (bz#1706)
!
***************
*** 673,679 ****
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 47.html,v 1.20 2010/03/08 22:25:35 jsg Exp $