| version 1.46, 2018/03/27 04:53:39 |
version 1.47, 2018/03/27 05:01:30 |
|
|
| |
|
| <li>OpenSMTPD 6.0.4 |
<li>OpenSMTPD 6.0.4 |
| <ul> |
<ul> |
| <li>... |
<li>Add <b>spf walk</b> option to |
| |
<a href="https://man.openbsd.org/smtpctl.8">smtpctl(8)</a> |
| </ul> |
</ul> |
| <p> |
<p> |
| |
|
| <li>OpenSSH 7.7 |
<li>OpenSSH 7.7 |
| <ul> |
<ul> |
| <li>Security: |
|
| <ul> |
|
| <li>... |
|
| </ul> |
|
| <li>New/changed features: |
<li>New/changed features: |
| <ul> |
<ul> |
| <li>... |
<li>All: Add experimental support for PQC XMSS keys (Extended Hash- |
| |
Based Signatures) based on the algorithm described in |
| |
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 |
| |
The XMSS signature code is experimental and not compiled in by |
| |
default. |
| |
<li>sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword |
| |
to allow conditional configuration that depends on which routing |
| |
domain a connection was received on (currently supported on OpenBSD |
| |
and Linux). |
| |
<li>sshd_config(5): Add an optional rdomain qualifier to the |
| |
ListenAddress directive to allow listening on different routing |
| |
domains. This is supported only on OpenBSD and Linux at present. |
| |
<li>sshd_config(5): Add RDomain directive to allow the authenticated |
| |
session to be placed in an explicit routing domain. This is only |
| |
supported on OpenBSD at present. |
| |
<li>sshd(8): Add "expiry-time" option for authorized_keys files to |
| |
allow for expiring keys. |
| |
<li>ssh(1): Add a BindInterface option to allow binding the outgoing |
| |
connection to an interface's address (basically a more usable |
| |
BindAddress) |
| |
<li>ssh(1): Expose device allocated for tun/tap forwarding via a new |
| |
%T expansion for LocalCommand. This allows LocalCommand to be used |
| |
to prepare the interface. |
| |
<li>sshd(8): Expose the device allocated for tun/tap forwarding via a |
| |
new SSH_TUNNEL environment variable. This allows automatic setup of |
| |
the interface and surrounding network configuration automatically on |
| |
the server. |
| |
<li>ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g. |
| |
ssh://user@host or sftp://user@host/path. Additional connection |
| |
parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not |
| |
implemented since the ssh fingerprint format in the draft uses the |
| |
deprecated MD5 hash with no way to specify the any other algorithm. |
| |
<li>ssh-keygen(1): Allow certificate validity intervals that specify |
| |
only a start or stop time (instead of both or neither). |
| |
<li>sftp(1): Allow "cd" and "lcd" commands with no explicit path |
| |
argument. lcd will change to the local user's home directory as |
| |
usual. cd will change to the starting directory for session (because |
| |
the protocol offers no way to obtain the remote user's home |
| |
directory). bz#2760 |
| |
<li>sshd(8): When doing a config test with sshd -T, only require the |
| |
attributes that are actually used in Match criteria rather than (an |
| |
incomplete list of) all criteria. |
| </ul> |
</ul> |
| <li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
| <ul> |
<ul> |
| <li>... |
<li>ssh(1)/sshd(8): More strictly check signature types during key |
| |
exchange against what was negotiated. Prevents downgrade of RSA |
| |
signatures made with SHA-256/512 to SHA-1. |
| |
<li>sshd(8): Fix support for client that advertise a protocol version |
| |
of "1.99" (indicating that they are prepared to accept both SSHv1 and |
| |
SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1 |
| |
support. bz#2810 |
| |
<li>ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when |
| |
a rsa-sha2-256/512 signature was requested. This condition is possible |
| |
when an old or non-OpenSSH agent is in use. bz#2799 |
| |
<li>ssh-agent(1): Fix regression introduce in 7.6 that caused ssh-agent |
| |
to fatally exit if presented an invalid signature request message. |
| |
<li>sshd_config(5): Accept yes/no flag options case-insensitively, as |
| |
has been the case in ssh_config(5) for a long time. bz#2664 |
| |
<li>ssh(1): Improve error reporting for failures during connection. |
| |
Under some circumstances misleading errors were being shows. bz#2814 |
| |
<li>ssh-keyscan(1): Add -D option to allow printing of results directly |
| |
in SSHFP format. bz#2821 |
| |
<li>regress tests: fix PuTTY interop test broken in last release's SSHv1 |
| |
removal. bz#2823 |
| |
<li>ssh(1): Compatibility fix for some servers that erroneously drop the |
| |
connection when the IUTF8 (RFC8160) option is sent. |
| |
<li>scp(1): Disable RemoteCommand and RequestTTY in the ssh session |
| |
started by scp (sftp was already doing this.) |
| |
<li>ssh-keygen(1): Refuse to create a certificate with an unusable |
| |
number of principals. |
| |
<li>ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the |
| |
public key during key generation. Previously it would silently |
| |
ignore errors writing the comment and terminating newline. |
| |
<li>ssh(1): Do not modify hostname arguments that are addresses by |
| |
automatically forcing them to lower-case. Instead canonicalise them |
| |
to resolve ambiguities (e.g. ::0001 => ::1) before they are matched |
| |
against known_hosts. bz#2763 |
| |
<li>ssh(1): Don't accept junk after "yes" or "no" responses to hostkey |
| |
prompts. bz#2803 |
| |
<li>sftp(1): Have sftp print a warning about shell cleanliness when |
| |
decoding the first packet fails, which is usually caused by shells |
| |
polluting stdout of non-interactive startups. bz#2800 |
| |
<li>ssh(1)/sshd(8): Switch timers in packet code from using wall-clock |
| |
time to monotonic time, allowing the packet layer to better function |
| |
over a clock step and avoiding possible integer overflows during |
| |
steps. |
| |
<li>Numerous manual page fixes and improvements. |
| </ul> |
</ul> |
| </ul> |
</ul> |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 63.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www