Return to 52.html CVS log | Up to [local] / www |
version 1.26, 2012/09/06 10:08:55 | version 1.27, 2012/09/06 11:34:07 | ||
---|---|---|---|
|
|
||
<ul> | <ul> | ||
<li>New features: | <li>New features: | ||
<ul> | <ul> | ||
<li>... | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | ||
This release turns on pre-auth sandboxing sshd by default for new installs, | |||
by setting UsePrivilegeSeparation=sandbox in sshd_config. | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">sshd-keygen(1)</a>: | |||
Add options to specify starting line number and number of lines to process | |||
when screening moduli candidates, allowing processing of different parts of | |||
a candidate moduli file in parallel | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
The Match directive now supports matching on the local (listen) address and | |||
port upon which the incoming connection was received via LocalAddress and | |||
LocalPort clauses. | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups} | |||
<li>Add support for RFC6594 SSHFP DNS records for ECDSA key types. (bz#1978) | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">sshd-keygen(1)</a>: | |||
Allow conversion of RSA1 keys to public PEM and PKCS8 | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
Allow the sshd_config PermitOpen directive to accept "none" as an argument to | |||
refuse all port-forwarding requests. | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
Support "none" as an argument for AuthorizedPrincipalsFile | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keyscan&sektion=1">sshd-keyscan(1)</a>: | |||
Look for ECDSA keys by default. (bz#1971) | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
Add "VersionAddendum" to sshd_config to allow server operators to append some | |||
arbitrary text to the server SSH protocol banner. | |||
</ul> | </ul> | ||
<li>The following significant bugs have been fixed in this release: | <li>The following significant bugs have been fixed in this release: | ||
<ul> | <ul> | ||
<li>... | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> and | ||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
Don't spin in accept() in situations of file descriptor exhaustion. Instead | |||
back off for a while. | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> and | |||
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from | |||
the specification. (bz#2023) | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
Handle long comments in config files better. (bz#2025) | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
Delay setting tty_flag so RequestTTY options are correctly picked up. (bz#1995) | |||
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
Fix handling of /etc/nologin incorrectly being applied to root on platforms | |||
that use login_cap. | |||
</ul> | </ul> | ||
</ul> | </ul> | ||
<p> | <p> |