* New upstream release (http://www.openssh.org/txt/release-5.9).

- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
author: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
committer: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
commit: 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree: 89400a44e42d84937deba7864e4964d6c7734da5 /channels.h
parent: 87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent: 3a7e89697ca363de0f64e0d5704c57219294e41c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/channels.h b/channels.h
index 0680ed00e..e2941c85a 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -271,7 +271,7 @@ int	 x11_connect_display(void);
 int      x11_create_display_inet(int, int, int, u_int *, int **);
 void     x11_input_open(int, u_int32_t, void *);
 void     x11_request_forwarding_with_spoofing(int, const char *, const char *,
-             const char *);
+             const char *, int);
 void     deny_input_open(int, u_int32_t, void *);
 /* agent forwarding */
author	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
committer	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
commit	978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree	89400a44e42d84937deba7864e4964d6c7734da5 /channels.h
parent	87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent	3a7e89697ca363de0f64e0d5704c57219294e41c (diff)

diff --git a/channels.h b/channels.h index 0680ed00e..e2941c85a 100644 --- a/channels.h +++ b/channels.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: channels.h,v 1.104 2010/05/14 23:29:23 djm Exp $ */	1	/* $OpenBSD: channels.h,v 1.105 2011/06/22 22:08:42 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -271,7 +271,7 @@ int x11_connect_display(void);
271	int x11_create_display_inet(int, int, int, u_int , int *);	271	int x11_create_display_inet(int, int, int, u_int , int *);
272	void x11_input_open(int, u_int32_t, void *);	272	void x11_input_open(int, u_int32_t, void *);
273	void x11_request_forwarding_with_spoofing(int, const char , const char ,	273	void x11_request_forwarding_with_spoofing(int, const char , const char ,
274	const char *);	274	const char *, int);
275	void deny_input_open(int, u_int32_t, void *);	275	void deny_input_open(int, u_int32_t, void *);
276		276
277	/* agent forwarding */	277	/* agent forwarding */