| version 1.62, 2016/03/21 05:46:19 |
version 1.63, 2016/03/22 10:54:42 |
|
|
| <li>See a <a href="plus56.html">detailed log of changes</a> between the |
<li>See a <a href="plus56.html">detailed log of changes</a> between the |
| 5.5 and 5.6 releases. |
5.5 and 5.6 releases. |
| <p> |
<p> |
| <li><a href="http://man.openbsd.org?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br> |
<li><a href="http://man.openbsd.org/?query=signify&sektion=1">signify(1)</a> pubkeys for this release:<br> |
| <pre> |
<pre> |
| base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV |
base: RWR0EANmo9nqhpPbPUZDIBcRtrVcRwQxZ8UKGWY8Ui4RHi229KFL84wV |
| fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw |
fw: RWT4e3jpYgSeLYs62aDsUkcvHR7+so5S/Fz/++B859j61rfNVcQTRxMw |
|
|
| <ul> |
<ul> |
| <li>Potentially-incompatible changes: |
<li>Potentially-incompatible changes: |
| <ul> |
<ul> |
| <li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| The default set of ciphers and <i>MAC</i>s has been altered to remove |
The default set of ciphers and <i>MAC</i>s has been altered to remove |
| unsafe algorithms. In particular, <i>CBC ciphers</i> and |
unsafe algorithms. In particular, <i>CBC ciphers</i> and |
| <i>arcfour*</i> are disabled by default. |
<i>arcfour*</i> are disabled by default. |
| <li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| Support for <i>tcpwrappers</i>/<i>libwrap</i> has been removed. |
Support for <i>tcpwrappers</i>/<i>libwrap</i> has been removed. |
| <li>OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections |
<li>OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections |
| using the "curve25519-sha256@libssh.org" <i>KEX exchange method</i> |
using the "curve25519-sha256@libssh.org" <i>KEX exchange method</i> |
|
|
| as a library. So far the wire parsing, key handling and KRL code |
as a library. So far the wire parsing, key handling and KRL code |
| has been refactored. Please note that we do not consider the API |
has been refactored. Please note that we do not consider the API |
| stable yet, nor do we offer the library in separable form. |
stable yet, nor do we offer the library in separable form. |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
| <a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| Add support for <i>Unix domain socket</i> forwarding. A remote TCP |
Add support for <i>Unix domain socket</i> forwarding. A remote TCP |
| port may be forwarded to a local Unix domain socket and vice versa or |
port may be forwarded to a local Unix domain socket and vice versa or |
| both ends may be a Unix domain socket. |
both ends may be a Unix domain socket. |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
| <a href="http://man.openbsd.org?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
| Add support for <i>SSHFP DNS records</i> for <i>Ed2551</i>9 key types. |
Add support for <i>SSHFP DNS records</i> for <i>Ed2551</i>9 key types. |
| <li><a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a>: |
<li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>: |
| Allow resumption of interrupted uploads. |
Allow resumption of interrupted uploads. |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
| When rekeying, skip file/DNS lookups of the hostkey if it is the same |
When rekeying, skip file/DNS lookups of the hostkey if it is the same |
| as the one sent during initial key exchange. (bz#2154) |
as the one sent during initial key exchange. (bz#2154) |
| <li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when |
Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when |
| <tt>GatewayPorts=no</tt>; allows client to choose address family. |
<tt>GatewayPorts=no</tt>; allows client to choose address family. |
| (bz#2222) |
(bz#2222) |
| <li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| Add a |
Add a |
| <a href="http://man.openbsd.org?query=sshd_config&sektion=5">sshd_config(5)</a> |
<a href="http://man.openbsd.org/?query=sshd_config&sektion=5">sshd_config(5)</a> |
| <tt>PermitUserRC</tt> option to control whether <tt>~/.ssh/rc</tt> is |
<tt>PermitUserRC</tt> option to control whether <tt>~/.ssh/rc</tt> is |
| executed, mirroring the <tt>no-user-rc</tt> authorized_keys option. |
executed, mirroring the <tt>no-user-rc</tt> authorized_keys option. |
| (bz#2160) |
(bz#2160) |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
| Add a %C escape sequence for <tt>LocalCommand</tt> and |
Add a %C escape sequence for <tt>LocalCommand</tt> and |
| <tt>ControlPath</tt> that expands to a unique identifer based on a |
<tt>ControlPath</tt> that expands to a unique identifer based on a |
| hash of the tuple of (local host, remote user, hostname, port). Helps |
hash of the tuple of (local host, remote user, hostname, port). Helps |
| avoid exceeding miserly pathname limits for Unix domain sockets in |
avoid exceeding miserly pathname limits for Unix domain sockets in |
| multiplexing control paths. (bz#2220) |
multiplexing control paths. (bz#2220) |
| <li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| Make the "Too many authentication failures" message include the user, |
Make the "Too many authentication failures" message include the user, |
| source address, port and protocol in a format similar to the |
source address, port and protocol in a format similar to the |
| authentication success/failure messages. (bz#2199) |
authentication success/failure messages. (bz#2199) |
|
|
| </ul> |
</ul> |
| <li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
| <ul> |
<ul> |
| <li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| Fix remote forwarding with same listen port but different listen |
Fix remote forwarding with same listen port but different listen |
| address. |
address. |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
| Fix inverted test that caused <i>PKCS#11</i> keys that were explicitly |
Fix inverted test that caused <i>PKCS#11</i> keys that were explicitly |
| listed in |
listed in |
| <a href="http://man.openbsd.org?query=ssh_config&sektion=5">ssh_config(5)</a> |
<a href="http://man.openbsd.org/?query=ssh_config&sektion=5">ssh_config(5)</a> |
| or on the commandline not to be preferred. |
or on the commandline not to be preferred. |
| <li><a href="http://man.openbsd.org?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
| Fix bug in KRL generation: multiple consecutive revoked certificate |
Fix bug in KRL generation: multiple consecutive revoked certificate |
| serial number ranges could be serialised to an invalid format. |
serial number ranges could be serialised to an invalid format. |
| Readers of a broken KRL caused by this bug will fail closed, so no |
Readers of a broken KRL caused by this bug will fail closed, so no |
| should-have-been-revoked key will be accepted. |
should-have-been-revoked key will be accepted. |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
| Reflect stdio-forward ("<tt>ssh -W host:port ...</tt>") failures in |
Reflect stdio-forward ("<tt>ssh -W host:port ...</tt>") failures in |
| exit status. Previously we were always returning 0. (bz#2255) |
exit status. Previously we were always returning 0. (bz#2255) |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>, |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>, |
| <a href="http://man.openbsd.org?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
| Make Ed25519 keys' title fit properly in the randomart border. |
Make Ed25519 keys' title fit properly in the randomart border. |
| (bz#2247) |
(bz#2247) |
| <li><a href="http://man.openbsd.org?query=ssh-agent&sektion=1">ssh-agent(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-agent&sektion=1">ssh-agent(1)</a>: |
| Only cleanup agent socket in the main agent process and not in any |
Only cleanup agent socket in the main agent process and not in any |
| subprocesses it may have started (e.g. forked askpass). Fixes agent |
subprocesses it may have started (e.g. forked askpass). Fixes agent |
| sockets being zapped when askpass processes <i>fatal()</i>. (bz#2236) |
sockets being zapped when askpass processes <i>fatal()</i>. (bz#2236) |
| <li><a href="http://man.openbsd.org?query=ssh-add&sektion=1">ssh-add(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a>: |
| Make stdout line-buffered; saves partial output getting lost when |
Make stdout line-buffered; saves partial output getting lost when |
| <a href="http://man.openbsd.org?query=ssh-add&sektion=1">ssh-add(1)</a> |
<a href="http://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a> |
| <i>fatal()</i>s part-way through (e.g. when listing keys from an |
<i>fatal()</i>s part-way through (e.g. when listing keys from an |
| agent that supports key types that |
agent that supports key types that |
| <a href="http://man.openbsd.org?query=ssh-add&sektion=1">ssh-add(1)</a> |
<a href="http://man.openbsd.org/?query=ssh-add&sektion=1">ssh-add(1)</a> |
| doesn't). (bz#2234) |
doesn't). (bz#2234) |
| <li><a href="http://man.openbsd.org?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>: |
| When hashing or removing hosts, don't choke on "@revoked" markers and |
When hashing or removing hosts, don't choke on "@revoked" markers and |
| don't remove "@cert-authority" markers. (bz#2241) |
don't remove "@cert-authority" markers. (bz#2241) |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
| Don't fatal when hostname canonicalisation fails and a |
Don't fatal when hostname canonicalisation fails and a |
| <tt>ProxyCommand</tt> is in use; continue and allow the |
<tt>ProxyCommand</tt> is in use; continue and allow the |
| <tt>ProxyCommand</tt> to connect anyway (e.g. to a host with a name |
<tt>ProxyCommand</tt> to connect anyway (e.g. to a host with a name |
| outside the DNS behind a bastion). |
outside the DNS behind a bastion). |
| <li><a href="http://man.openbsd.org?query=scp&sektion=1">scp(1)</a>: |
<li><a href="http://man.openbsd.org/?query=scp&sektion=1">scp(1)</a>: |
| When copying local->remote fails during read, don't send uninitialised |
When copying local->remote fails during read, don't send uninitialised |
| heap to the remote end. |
heap to the remote end. |
| <li><a href="http://man.openbsd.org?query=sftp&sektion=1">sftp(1)</a>: |
<li><a href="http://man.openbsd.org/?query=sftp&sektion=1">sftp(1)</a>: |
| Fix fatal "el_insertstr failed" errors when tab-completing filenames |
Fix fatal "el_insertstr failed" errors when tab-completing filenames |
| with a single quote char somewhere in the string. (bz#2238) |
with a single quote char somewhere in the string. (bz#2238) |
| <li><a href="http://man.openbsd.org?query=ssh-keyscan&sektion=1">ssh-keyscan(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh-keyscan&sektion=1">ssh-keyscan(1)</a>: |
| Scan for Ed25519 keys by default. |
Scan for Ed25519 keys by default. |
| <li><a href="http://man.openbsd.org?query=ssh&sektion=1">ssh(1)</a>: |
<li><a href="http://man.openbsd.org/?query=ssh&sektion=1">ssh(1)</a>: |
| When using <tt>VerifyHostKeyDNS</tt> with a DNSSEC resolver, |
When using <tt>VerifyHostKeyDNS</tt> with a DNSSEC resolver, |
| down-convert any certificate keys to plain keys and attempt SSHFP |
down-convert any certificate keys to plain keys and attempt SSHFP |
| resolution. Prevents a server from skipping SSHFP lookup and forcing |
resolution. Prevents a server from skipping SSHFP lookup and forcing |
| a new-hostkey dialog by offering only certificate keys. |
a new-hostkey dialog by offering only certificate keys. |
| <li><a href="http://man.openbsd.org?query=sshd&sektion=8">sshd(8)</a>: |
<li><a href="http://man.openbsd.org/?query=sshd&sektion=8">sshd(8)</a>: |
| Avoid crash at exit via NULL pointer reference. (bz#2225) |
Avoid crash at exit via NULL pointer reference. (bz#2225) |
| <li>Fix some strict-alignment errors. |
<li>Fix some strict-alignment errors. |
| </ul> |
</ul> |
|
|
| <p> |
<p> |
| <li>mandoc 1.13.0: |
<li>mandoc 1.13.0: |
| <ul> |
<ul> |
| <li>New implementation of <a href="http://man.openbsd.org?query=apropos&sektion=1">apropos(1)</a>, |
<li>New implementation of <a href="http://man.openbsd.org/?query=apropos&sektion=1">apropos(1)</a>, |
| <a href="http://man.openbsd.org?query=whatis&sektion=1">whatis(1)</a>, |
<a href="http://man.openbsd.org/?query=whatis&sektion=1">whatis(1)</a>, |
| and <a href="http://man.openbsd.org?query=makewhatis&sektion=8">makewhatis(8)</a> based on SQLite3 databases. |
and <a href="http://man.openbsd.org/?query=makewhatis&sektion=8">makewhatis(8)</a> based on SQLite3 databases. |
| <li>Substantial improvements of <a href="http://man.openbsd.org?query=mandoc&sektion=1">mandoc(1)</a> error and warning messages. |
<li>Substantial improvements of <a href="http://man.openbsd.org/?query=mandoc&sektion=1">mandoc(1)</a> error and warning messages. |
| <li>Almost complete implementation of <a href="http://man.openbsd.org?query=roff&sektion=7">roff(7)</a> numerical expressions. |
<li>Almost complete implementation of <a href="http://man.openbsd.org/?query=roff&sektion=7">roff(7)</a> numerical expressions. |
| <li>About a dozen minor new features and numerous bug fixes. |
<li>About a dozen minor new features and numerous bug fixes. |
| </ul> |
</ul> |
| |
|
|
|
| To make a boot floppy under MS-DOS, use the "rawrite" utility located |
To make a boot floppy under MS-DOS, use the "rawrite" utility located |
| at <i>CD1:5.6/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
at <i>CD1:5.6/tools/rawrite.exe</i>. To make the boot floppy under a Unix OS, |
| use the |
use the |
| <a href="http://man.openbsd.org?query=dd&sektion=1">dd(1)</a> |
<a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a> |
| utility. The following is an example usage of |
utility. The following is an example usage of |
| <a href="http://man.openbsd.org?query=dd&sektion=1">dd(1)</a>, |
<a href="http://man.openbsd.org/?query=dd&sektion=1">dd(1)</a>, |
| where the device could be "floppy", "rfd0c", or |
where the device could be "floppy", "rfd0c", or |
| "rfd0a". |
"rfd0a". |
| |
|
|
|
| OpenBSD ports system. |
OpenBSD ports system. |
| <p> |
<p> |
| The <i>ports/</i> directory represents a CVS (see the manpage for |
The <i>ports/</i> directory represents a CVS (see the manpage for |
| <a href="http://man.openbsd.org?query=cvs&sektion=1&arch=i386"> |
<a href="http://man.openbsd.org/?query=cvs&sektion=1&arch=i386"> |
| cvs(1)</a> if |
cvs(1)</a> if |
| you aren't familiar with CVS) checkout of our ports. As with our complete |
you aren't familiar with CVS) checkout of our ports. As with our complete |
| source tree, our ports tree is available via |
source tree, our ports tree is available via |
![[BACK]](/icons/back.gif){kind=icon}
Return to 56.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www