=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/70.html,v retrieving revision 1.12 retrieving revision 1.13 diff -c -r1.12 -r1.13 *** www/70.html 2021/10/02 12:15:52 1.12 --- www/70.html 2021/10/02 12:17:35 1.13 *************** *** 273,279 **** !

OpenSSH 8.7 XXX

Security fixes

OpenSSH 8.8 XXX replace with release notes !

Corrected sshd(8) initialization of supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand helper program (not enabled by default) as a different user. !

Fixed the ssh(1) "Allocated port" debug message for unix sockets. !

Switched scp(1) back to using the original scp/rcp protocol by default for release. !

Made scp(1) SFTP mode (including error logging) more scp-like. !

Allowed CanonicalPermittedCNAMEs=none in ssh_config(5). !

Put back the mux_ctx memleak fix for SSH_CHANNEL_MUX_CLIENT in ssh(1). !

Stopped ignoring SIGINT in sftp(1) while waiting for input if editline(3) is not used. !

Altered scp(1) to use the SFTP protocol by default. The original scp/rcp protocol remains available via the -O flag. !

Disabled the RSA/SHA-1 signature algorithm by default in ssh(1). !

Ensured some programs (including sftp(1)) do not ignore Ctrl-C when awaiting user input. !

Added scp(1) -O and temporary -s (SFTP) flags to select the sftp protocol. !

Made scp(1) -3 the default for remote-to-remote copies. !

Improved handling of ~ prefixed paths in scp(1) in SFTP mode. !

Added experimental support for using the SFTP protocol for file transfers in scp(1). !

Added a ForkAfterAuthentication directive to ssh_config(5), equivalent to ssh(1) -f. !

Added a StdinNull directive to ssh_config(5) to prevent reading from stdin, equivalent to ssh(1) -n. !

Let allowed signers files used by ssh-keygen(1) signatures support key lifetimes and verification mode to specify a signature time at which to check. !

Added a SessionType directive to ssh_config(5), equivalent to the -N (no session) and -s (subsystem) command line flags. !

Allowed spaces to appear in usernames for scp(1) local to remote and scp -3 remote to remote copies. !

Prevented a hang in sshd(8) when interrupted. !

Matched host certificates against host public keys in sshd(8), allowing use of certificates with private keys held in an ssh-agent. !

Prevented a race condition which could result in sshd(8) not shutting down until the next time it receives a new connection. !

Allowed ssh_config(5) SetEnv to override $TERM. !

Fixed a segmentation violation in ssh(1) in an UpdateHostKezs debug() message when the update removed more host keys than remain present. !

Fixed ssh(1) to restore file descriptors to non-blocking mode on exit. !

Fixed ssh(1) started with ControlPersist incorrectly executing a shell when the -N option was specified. !

Security fixes