New features:
-
- - ...
+
+ - Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
+ and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
+ offer better performance than plain DH and DSA at the same
+ equivalent symmetric key length, as well as much shorter keys.
+ - sftp(1)
+ and
+ sftp-server(8):
+ add a protocol extension to support a hard link operation. It is
+ available through the "ln" command in the client. The old "ln"
+ behaviour of creating a symlink is available using its "-s" option
+ or through the preexisting "symlink" command.
+ - scp(1):
+ Add a new -3 option to scp: Copies between two remote hosts are
+ transferred through the local host. Without this option the data is
+ copied directly between the two remote hosts.
+ - ssh(1):
+ automatically order the hostkeys requested by the client based on
+ which hostkeys are already recorded in known_hosts. This avoids
+ hostkey warnings when connecting to servers with new ECDSA keys,
+ since these are now preferred when learning hostkeys for the first
+ time.
+ - ssh(1)
+ and
+ sshd(8):
+ add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values
+ instead of hardcoding lowdelay/throughput. (bz#1733)
+ - sftp(1):
+ the sftp client is now significantly faster at performing directory
+ listings, using OpenBSD glob(3) extensions to preserve the results
+ of stat(3) operations performed in the course of its execution
+ rather than performing expensive round trips to fetch them again
+ afterwards.
+ - ssh(1):
+ "atomically" create the listening mux socket by binding it on a
+ temporary name and then linking it into position after listen() has
+ succeeded. This allows the mux clients to determine that the server
+ socket is either ready or stale without races. Stale server sockets
+ are now automatically removed. (also fixes bz#1711)
+ - ssh(1)
+ and
+ sshd(8):
+ add a KexAlgorithms knob to the client and server
+ configuration to allow selection of which key exchange methods are
+ used by
+ ssh(1)
+ and
+ sshd(8)
+ and their order of preference.
+ - sftp(1)
+ and
+ scp(1):
+ factor out bandwidth limiting code from
+ scp(1)
+ into a generic bandwidth limiter that can be attached using the
+ atomicio callback mechanism and use it to add a bandwidth
+ limit option to
+ sftp(1).
+ (bz#1147)
- The following significant bugs have been fixed in this release:
- - ...
+
- ssh(1)
+ and
+ ssh-agent(1):
+ honour $TMPDIR for client xauth and ssh-agent temporary
+ directories. (bz#1809)
+ - ssh(1):
+ avoid NULL deref on receiving a channel request on an
+ unknown or invalid channel. (bz#1842)
+ - sshd(8):
+ remove a debug() that pollutes stderr on client connecting
+ to a server in debug mode. (bz#1719)
+ - scp(1):
+ pass through ssh command-line flags and options when doing
+ remote-remote transfers, e.g. to enable agent forwarding which is
+ particularly useful in this case. (bz#1837)
+ - sftp-server(8):
+ umask should be parsed as octal.
+ - sftp(1):
+ escape '[' in filename tab-completion
+ - ssh(1):
+ Typo in confirmation message. (bz#1827)
+ - sshd(8):
+ prevent free() of string in .rodata when
+ overriding AuthorizedKeys in a Match block.
+ - sshd(8):
+ Use default shell /bin/sh if $SHELL is ""
+ - ssh(1):
+ kill proxy command on fatal() (we already killed it on
+ clean exit).
+ - ssh(1):
+ install a SIGCHLD handler to reap expiried child process.
+ (bz#1812)
+ - Support building against openssl-1.0.0a
+ - Fix vulnerability in legacy certificate signing introduced in
+ OpenSSH-5.6 and found by Mateusz Kocielski.
@@ -613,7 +704,7 @@
alt="OpenBSD">
www@openbsd.org
-$OpenBSD: 49.html,v 1.3 2011/04/08 16:10:12 deraadt Exp $
+$OpenBSD: 49.html,v 1.4 2011/04/13 09:19:49 sobrado Exp $