www/49.html - diff

Return to 49.html CVS log

Up to [local] / www

Diff for /www/49.html between version 1.3 and 1.4

-version 1.3, 2011/04/08 16:10:12
+version 1.4, 2011/04/13 09:19:49
 Line 130
 Line 130
 Line 130
      </ul>
  <p>
- <li>OpenSSH 5.6:
+ <li>OpenSSH 5.8:
      <ul>
      <li>New features:
          <ul>
-         <li>...
+         <li>Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
+             and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
+             offer better performance than plain DH and DSA at the same
+             equivalent symmetric key length, as well as much shorter keys.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
+             and
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
+             add a protocol extension to support a hard link operation. It is
+             available through the "ln" command in the client. The old "ln"
+             behaviour of creating a symlink is available using its "-s" option
+             or through the preexisting "symlink" command.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>:
+             Add a new -3 option to scp: Copies between two remote hosts are
+             transferred through the local host. Without this option the data is
+             copied directly between the two remote hosts.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+             automatically order the hostkeys requested by the client based on
+             which hostkeys are already recorded in known_hosts. This avoids
+             hostkey warnings when connecting to servers with new ECDSA keys,
+             since these are now preferred when learning hostkeys for the first
+             time.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
+             and
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
+             add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values
+             instead of hardcoding lowdelay/throughput. (bz#1733)</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
+             the sftp client is now significantly faster at performing directory
+             listings, using OpenBSD glob(3) extensions to preserve the results
+             of stat(3) operations performed in the course of its execution
+             rather than performing expensive round trips to fetch them again
+             afterwards.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+             "atomically" create the listening mux socket by binding it on a
+             temporary name and then linking it into position after listen() has
+             succeeded. This allows the mux clients to determine that the server
+             socket is either ready or stale without races. Stale server sockets
+             are now automatically removed. (also fixes bz#1711)</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
+             and
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
+             add a <em>KexAlgorithms</em> knob to the client and server
+             configuration to allow selection of which key exchange methods are
+             used by
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
+             and
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
+             and their order of preference.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>
+             and
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>:
+             factor out bandwidth limiting code from
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>
+             into a generic bandwidth limiter that can be attached using the
+             <em>atomicio</em> callback mechanism and use it to add a bandwidth
+             limit option to
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>.
+             (bz#1147)</li>
          </ul>
      <li>The following significant bugs have been fixed in this release:
          <ul>
-         <li>...
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
+             and
+             <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1">ssh-agent(1)</a>:
+             honour <em>$TMPDIR</em> for client xauth and ssh-agent temporary
+             directories. (bz#1809)</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+             avoid <em>NULL</em> deref on receiving a channel request on an
+             unknown or invalid channel. (bz#1842)</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
+             remove a <em>debug()</em> that pollutes stderr on client connecting
+             to a server in debug mode. (bz#1719)</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=scp&sektion=1">scp(1)</a>:
+             pass through ssh command-line flags and options when doing
+             remote-remote transfers, e.g. to enable agent forwarding which is
+             particularly useful in this case. (bz#1837)</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>:
+             <em>umask</em> should be parsed as octal.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
+             escape '[' in filename tab-completion</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+             Typo in confirmation message. (bz#1827)</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
+             prevent <em>free()</em> of string in <em>.rodata</em> when
+             overriding <em>AuthorizedKeys</em> in a <em>Match</em> block.</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
+             Use default shell <em>/bin/sh</em> if <em>$SHELL</em> is ""</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+             kill proxy command on <em>fatal()</em> (we already killed it on
+             clean exit).</li>
+         <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+             install a <em>SIGCHLD</em> handler to reap expiried child process.
+             (bz#1812)</li>
+         <li>Support building against openssl-1.0.0a</li>
+         <li>Fix vulnerability in legacy certificate signing introduced in
+             OpenSSH-5.6 and found by Mateusz Kocielski.</li>
          </ul>
      </ul>
  <p>