![[BACK]](/icons/back.gif){kind=icon}
Return to 52.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to 52.html CVS log | Up to [local] / www |
| version 1.26, 2012/09/06 10:08:55 | version 1.27, 2012/09/06 11:34:07 | ||
|---|---|---|---|
|
|
||
| <ul> | <ul> | ||
| <li>New features: | <li>New features: | ||
| <ul> | <ul> | ||
| <li>... | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | ||
| This release turns on pre-auth sandboxing sshd by default for new installs, | |||
| by setting UsePrivilegeSeparation=sandbox in sshd_config. | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">sshd-keygen(1)</a>: | |||
| Add options to specify starting line number and number of lines to process | |||
| when screening moduli candidates, allowing processing of different parts of | |||
| a candidate moduli file in parallel | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
| The Match directive now supports matching on the local (listen) address and | |||
| port upon which the incoming connection was received via LocalAddress and | |||
| LocalPort clauses. | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
| Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups} | |||
| <li>Add support for RFC6594 SSHFP DNS records for ECDSA key types. (bz#1978) | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">sshd-keygen(1)</a>: | |||
| Allow conversion of RSA1 keys to public PEM and PKCS8 | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
| Allow the sshd_config PermitOpen directive to accept "none" as an argument to | |||
| refuse all port-forwarding requests. | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
| Support "none" as an argument for AuthorizedPrincipalsFile | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keyscan&sektion=1">sshd-keyscan(1)</a>: | |||
| Look for ECDSA keys by default. (bz#1971) | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
| Add "VersionAddendum" to sshd_config to allow server operators to append some | |||
| arbitrary text to the server SSH protocol banner. | |||
| </ul> | </ul> | ||
| <li>The following significant bugs have been fixed in this release: | <li>The following significant bugs have been fixed in this release: | ||
| <ul> | <ul> | ||
| <li>... | <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> and | ||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
| Don't spin in accept() in situations of file descriptor exhaustion. Instead | |||
| back off for a while. | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a> and | |||
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
| Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from | |||
| the specification. (bz#2023) | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
| Handle long comments in config files better. (bz#2025) | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>: | |||
| Delay setting tty_flag so RequestTTY options are correctly picked up. (bz#1995) | |||
| <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>: | |||
| Fix handling of /etc/nologin incorrectly being applied to root on platforms | |||
| that use login_cap. | |||
| </ul> | </ul> | ||
| </ul> | </ul> | ||
| <p> | <p> |