Return to 49.html CVS log | Up to [local] / www |
version 1.3, 2011/04/08 16:10:12 | version 1.4, 2011/04/13 09:19:49 | ||
---|---|---|---|
|
|
||
</ul> | </ul> | ||
<p> | <p> | ||
<li>OpenSSH 5.6: | <li>OpenSSH 5.8: | ||
<ul> | <ul> | ||
<li>New features: | <li>New features: | ||
<ul> | <ul> | ||
<li>... | <li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH) | ||
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA | |||
offer better performance than plain DH and DSA at the same | |||
equivalent symmetric key length, as well as much shorter keys.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> | |||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>: | |||
add a protocol extension to support a hard link operation. It is | |||
available through the "ln" command in the client. The old "ln" | |||
behaviour of creating a symlink is available using its "-s" option | |||
or through the preexisting "symlink" command.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>: | |||
Add a new -3 option to scp: Copies between two remote hosts are | |||
transferred through the local host. Without this option the data is | |||
copied directly between the two remote hosts.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
automatically order the hostkeys requested by the client based on | |||
which hostkeys are already recorded in known_hosts. This avoids | |||
hostkey warnings when connecting to servers with new ECDSA keys, | |||
since these are now preferred when learning hostkeys for the first | |||
time.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> | |||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values | |||
instead of hardcoding lowdelay/throughput. (bz#1733)</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>: | |||
the sftp client is now significantly faster at performing directory | |||
listings, using OpenBSD glob(3) extensions to preserve the results | |||
of stat(3) operations performed in the course of its execution | |||
rather than performing expensive round trips to fetch them again | |||
afterwards.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
"atomically" create the listening mux socket by binding it on a | |||
temporary name and then linking it into position after listen() has | |||
succeeded. This allows the mux clients to determine that the server | |||
socket is either ready or stale without races. Stale server sockets | |||
are now automatically removed. (also fixes bz#1711)</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> | |||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
add a <em>KexAlgorithms</em> knob to the client and server | |||
configuration to allow selection of which key exchange methods are | |||
used by | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> | |||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> | |||
and their order of preference.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> | |||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>: | |||
factor out bandwidth limiting code from | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a> | |||
into a generic bandwidth limiter that can be attached using the | |||
<em>atomicio</em> callback mechanism and use it to add a bandwidth | |||
limit option to | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>. | |||
(bz#1147)</li> | |||
</ul> | </ul> | ||
<li>The following significant bugs have been fixed in this release: | <li>The following significant bugs have been fixed in this release: | ||
<ul> | <ul> | ||
<li>... | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> | ||
and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>: | |||
honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary | |||
directories. (bz#1809)</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
avoid <em>NULL</em> deref on receiving a channel request on an | |||
unknown or invalid channel. (bz#1842)</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
remove a <em>debug()</em> that pollutes stderr on client connecting | |||
to a server in debug mode. (bz#1719)</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>: | |||
pass through ssh command-line flags and options when doing | |||
remote-remote transfers, e.g. to enable agent forwarding which is | |||
particularly useful in this case. (bz#1837)</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>: | |||
<em>umask</em> should be parsed as octal.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>: | |||
escape '[' in filename tab-completion</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
Typo in confirmation message. (bz#1827)</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
prevent <em>free()</em> of string in <em>.rodata</em> when | |||
overriding <em>AuthorizedKeys</em> in a <em>Match</em> block.</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is ""</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
kill proxy command on <em>fatal()</em> (we already killed it on | |||
clean exit).</li> | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
install a <em>SIGCHLD</em> handler to reap expiried child process. | |||
(bz#1812)</li> | |||
<li>Support building against openssl-1.0.0a</li> | |||
<li>Fix vulnerability in legacy certificate signing introduced in | |||
OpenSSH-5.6 and found by Mateusz Kocielski.</li> | |||
</ul> | </ul> | ||
</ul> | </ul> | ||
<p> | <p> |