===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/56.html,v
retrieving revision 1.62
retrieving revision 1.63
diff -c -r1.62 -r1.63
*** www/56.html 2016/03/21 05:46:19 1.62
--- www/56.html 2016/03/22 10:54:42 1.63
***************
*** 36,42 ****
See a detailed log of changes between the
5.5 and 5.6 releases.
!
signify(1) pubkeys for this release:
base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV
fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw
--- 36,42 ----
See a detailed log of changes between the
5.5 and 5.6 releases.
!
signify(1) pubkeys for this release:
base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV
fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw
***************
*** 292,302 ****
- Potentially-incompatible changes:
! - sshd(8):
The default set of ciphers and MACs has been altered to remove
unsafe algorithms. In particular, CBC ciphers and
arcfour* are disabled by default.
!
- sshd(8):
Support for tcpwrappers/libwrap has been removed.
- OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the "curve25519-sha256@libssh.org" KEX exchange method
--- 292,302 ----
- Potentially-incompatible changes:
! - sshd(8):
The default set of ciphers and MACs has been altered to remove
unsafe algorithms. In particular, CBC ciphers and
arcfour* are disabled by default.
!
- sshd(8):
Support for tcpwrappers/libwrap has been removed.
- OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the "curve25519-sha256@libssh.org" KEX exchange method
***************
*** 310,345 ****
as a library. So far the wire parsing, key handling and KRL code
has been refactored. Please note that we do not consider the API
stable yet, nor do we offer the library in separable form.
!
- ssh(1),
! sshd(8):
Add support for Unix domain socket forwarding. A remote TCP
port may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket.
!
- ssh(1),
! ssh-keygen(1):
Add support for SSHFP DNS records for Ed25519 key types.
!
- sftp(1):
Allow resumption of interrupted uploads.
!
- ssh(1):
When rekeying, skip file/DNS lookups of the hostkey if it is the same
as the one sent during initial key exchange. (bz#2154)
!
- sshd(8):
Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
GatewayPorts=no; allows client to choose address family.
(bz#2222)
!
- sshd(8):
Add a
! sshd_config(5)
PermitUserRC option to control whether ~/.ssh/rc is
executed, mirroring the no-user-rc authorized_keys option.
(bz#2160)
!
- ssh(1):
Add a %C escape sequence for LocalCommand and
ControlPath that expands to a unique identifer based on a
hash of the tuple of (local host, remote user, hostname, port). Helps
avoid exceeding miserly pathname limits for Unix domain sockets in
multiplexing control paths. (bz#2220)
!
- sshd(8):
Make the "Too many authentication failures" message include the user,
source address, port and protocol in a format similar to the
authentication success/failure messages. (bz#2199)
--- 310,345 ----
as a library. So far the wire parsing, key handling and KRL code
has been refactored. Please note that we do not consider the API
stable yet, nor do we offer the library in separable form.
!
- ssh(1),
! sshd(8):
Add support for Unix domain socket forwarding. A remote TCP
port may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket.
!
- ssh(1),
! ssh-keygen(1):
Add support for SSHFP DNS records for Ed25519 key types.
!
- sftp(1):
Allow resumption of interrupted uploads.
!
- ssh(1):
When rekeying, skip file/DNS lookups of the hostkey if it is the same
as the one sent during initial key exchange. (bz#2154)
!
- sshd(8):
Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
GatewayPorts=no; allows client to choose address family.
(bz#2222)
!
- sshd(8):
Add a
! sshd_config(5)
PermitUserRC option to control whether ~/.ssh/rc is
executed, mirroring the no-user-rc authorized_keys option.
(bz#2160)
!
- ssh(1):
Add a %C escape sequence for LocalCommand and
ControlPath that expands to a unique identifer based on a
hash of the tuple of (local host, remote user, hostname, port). Helps
avoid exceeding miserly pathname limits for Unix domain sockets in
multiplexing control paths. (bz#2220)
!
- sshd(8):
Make the "Too many authentication failures" message include the user,
source address, port and protocol in a format similar to the
authentication success/failure messages. (bz#2199)
***************
*** 347,405 ****
- The following significant bugs have been fixed in this release:
! - sshd(8):
Fix remote forwarding with same listen port but different listen
address.
!
- ssh(1):
Fix inverted test that caused PKCS#11 keys that were explicitly
listed in
! ssh_config(5)
or on the commandline not to be preferred.
!
- ssh-keygen(1):
Fix bug in KRL generation: multiple consecutive revoked certificate
serial number ranges could be serialised to an invalid format.
Readers of a broken KRL caused by this bug will fail closed, so no
should-have-been-revoked key will be accepted.
!
- ssh(1):
Reflect stdio-forward ("ssh -W host:port ...") failures in
exit status. Previously we were always returning 0. (bz#2255)
!
- ssh(1),
! ssh-keygen(1):
Make Ed25519 keys' title fit properly in the randomart border.
(bz#2247)
!
- ssh-agent(1):
Only cleanup agent socket in the main agent process and not in any
subprocesses it may have started (e.g. forked askpass). Fixes agent
sockets being zapped when askpass processes fatal(). (bz#2236)
!
- ssh-add(1):
Make stdout line-buffered; saves partial output getting lost when
! ssh-add(1)
fatal()s part-way through (e.g. when listing keys from an
agent that supports key types that
! ssh-add(1)
doesn't). (bz#2234)
!
- ssh-keygen(1):
When hashing or removing hosts, don't choke on "@revoked" markers and
don't remove "@cert-authority" markers. (bz#2241)
!
- ssh(1):
Don't fatal when hostname canonicalisation fails and a
ProxyCommand is in use; continue and allow the
ProxyCommand to connect anyway (e.g. to a host with a name
outside the DNS behind a bastion).
!
- scp(1):
When copying local->remote fails during read, don't send uninitialised
heap to the remote end.
!
- sftp(1):
Fix fatal "el_insertstr failed" errors when tab-completing filenames
with a single quote char somewhere in the string. (bz#2238)
!
- ssh-keyscan(1):
Scan for Ed25519 keys by default.
!
- ssh(1):
When using VerifyHostKeyDNS with a DNSSEC resolver,
down-convert any certificate keys to plain keys and attempt SSHFP
resolution. Prevents a server from skipping SSHFP lookup and forcing
a new-hostkey dialog by offering only certificate keys.
!
- sshd(8):
Avoid crash at exit via NULL pointer reference. (bz#2225)
- Fix some strict-alignment errors.
--- 347,405 ----
- The following significant bugs have been fixed in this release:
! - sshd(8):
Fix remote forwarding with same listen port but different listen
address.
!
- ssh(1):
Fix inverted test that caused PKCS#11 keys that were explicitly
listed in
! ssh_config(5)
or on the commandline not to be preferred.
!
- ssh-keygen(1):
Fix bug in KRL generation: multiple consecutive revoked certificate
serial number ranges could be serialised to an invalid format.
Readers of a broken KRL caused by this bug will fail closed, so no
should-have-been-revoked key will be accepted.
!
- ssh(1):
Reflect stdio-forward ("ssh -W host:port ...") failures in
exit status. Previously we were always returning 0. (bz#2255)
!
- ssh(1),
! ssh-keygen(1):
Make Ed25519 keys' title fit properly in the randomart border.
(bz#2247)
!
- ssh-agent(1):
Only cleanup agent socket in the main agent process and not in any
subprocesses it may have started (e.g. forked askpass). Fixes agent
sockets being zapped when askpass processes fatal(). (bz#2236)
!
- ssh-add(1):
Make stdout line-buffered; saves partial output getting lost when
! ssh-add(1)
fatal()s part-way through (e.g. when listing keys from an
agent that supports key types that
! ssh-add(1)
doesn't). (bz#2234)
!
- ssh-keygen(1):
When hashing or removing hosts, don't choke on "@revoked" markers and
don't remove "@cert-authority" markers. (bz#2241)
!
- ssh(1):
Don't fatal when hostname canonicalisation fails and a
ProxyCommand is in use; continue and allow the
ProxyCommand to connect anyway (e.g. to a host with a name
outside the DNS behind a bastion).
!
- scp(1):
When copying local->remote fails during read, don't send uninitialised
heap to the remote end.
!
- sftp(1):
Fix fatal "el_insertstr failed" errors when tab-completing filenames
with a single quote char somewhere in the string. (bz#2238)
!
- ssh-keyscan(1):
Scan for Ed25519 keys by default.
!
- ssh(1):
When using VerifyHostKeyDNS with a DNSSEC resolver,
down-convert any certificate keys to plain keys and attempt SSHFP
resolution. Prevents a server from skipping SSHFP lookup and forcing
a new-hostkey dialog by offering only certificate keys.
!
- sshd(8):
Avoid crash at exit via NULL pointer reference. (bz#2225)
- Fix some strict-alignment errors.
***************
*** 407,417 ****
- mandoc 1.13.0:
! - New implementation of apropos(1),
! whatis(1),
! and makewhatis(8) based on SQLite3 databases.
!
- Substantial improvements of mandoc(1) error and warning messages.
!
- Almost complete implementation of roff(7) numerical expressions.
- About a dozen minor new features and numerous bug fixes.
--- 407,417 ----
- mandoc 1.13.0:
! - New implementation of apropos(1),
! whatis(1),
! and makewhatis(8) based on SQLite3 databases.
!
- Substantial improvements of mandoc(1) error and warning messages.
!
- Almost complete implementation of roff(7) numerical expressions.
- About a dozen minor new features and numerous bug fixes.
***************
*** 590,598 ****
To make a boot floppy under MS-DOS, use the "rawrite" utility located
at CD1:5.6/tools/rawrite.exe. To make the boot floppy under a Unix OS,
use the
! dd(1)
utility. The following is an example usage of
! dd(1),
where the device could be "floppy", "rfd0c", or
"rfd0a".
--- 590,598 ----
To make a boot floppy under MS-DOS, use the "rawrite" utility located
at CD1:5.6/tools/rawrite.exe. To make the boot floppy under a Unix OS,
use the
! dd(1)
utility. The following is an example usage of
! dd(1),
where the device could be "floppy", "rfd0c", or
"rfd0a".
***************
*** 870,876 ****
OpenBSD ports system.
The ports/ directory represents a CVS (see the manpage for
!
cvs(1) if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via
--- 870,876 ----
OpenBSD ports system.
The ports/ directory represents a CVS (see the manpage for
!
cvs(1) if
you aren't familiar with CVS) checkout of our ports. As with our complete
source tree, our ports tree is available via