diff options
author | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
commit | c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch) | |
tree | b72c0867348e7e7914d64af6fc5e25c728922e03 /README.platform | |
parent | 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff) | |
parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) |
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'README.platform')
-rw-r--r-- | README.platform | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/README.platform b/README.platform index b7dc3f91c..3d7db1494 100644 --- a/README.platform +++ b/README.platform | |||
@@ -23,6 +23,20 @@ to force the previous IPv4-only behaviour. | |||
23 | IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5 | 23 | IPv6 known to work: 5.1ML7 5.2ML2 5.2ML5 |
24 | IPv6 known broken: 4.3.3ML11 5.1ML4 | 24 | IPv6 known broken: 4.3.3ML11 5.1ML4 |
25 | 25 | ||
26 | If you wish to use dynamic libraries that aren't in the normal system | ||
27 | locations (eg IBM's OpenSSL and zlib packages) then you will need to | ||
28 | define the environment variable blibpath before running configure, eg | ||
29 | |||
30 | blibpath=/lib:/usr/lib:/opt/freeware/lib ./configure \ | ||
31 | --with-ssl-dir=/opt/freeware --with-zlib=/opt/freeware | ||
32 | |||
33 | If sshd is built with the WITH_AIXAUTHENTICATE option (which is enabled | ||
34 | by default) then sshd checks that users are permitted via the | ||
35 | loginrestrictions() function, in particular that the user has the | ||
36 | "rlogin" attribute set. This check is not done for the root account, | ||
37 | instead the PermitRootLogin setting in sshd_config is used. | ||
38 | |||
39 | |||
26 | Cygwin | 40 | Cygwin |
27 | ------ | 41 | ------ |
28 | To build on Cygwin, OpenSSH requires the following packages: | 42 | To build on Cygwin, OpenSSH requires the following packages: |
@@ -67,4 +81,4 @@ account stacks which will prevent authentication entirely, but will still | |||
67 | return the output from pam_nologin to the client. | 81 | return the output from pam_nologin to the client. |
68 | 82 | ||
69 | 83 | ||
70 | $Id: README.platform,v 1.7 2006/06/23 11:05:13 dtucker Exp $ | 84 | $Id: README.platform,v 1.9 2007/08/09 04:31:53 dtucker Exp $ |