diff options
| author | Colin Watson <cjwatson@debian.org> | 2018-08-24 12:49:36 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2018-08-30 00:57:27 +0100 |
| commit | 816386e17654ca36834bebbf351419e460fad8f6 (patch) | |
| tree | 3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /debian/NEWS | |
| parent | 3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff) | |
| parent | 16a47fc4b04977a14f44dd433c8da1499fa80671 (diff) | |
New upstream release (7.8p1)
Closes: #907534
Diffstat (limited to 'debian/NEWS')
| -rw-r--r-- | debian/NEWS | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS index 08e596552..dd32ef436 100644 --- a/debian/NEWS +++ b/debian/NEWS | |||
| @@ -1,3 +1,42 @@ | |||
| 1 | openssh (1:7.8p1-1) UNRELEASED; urgency=medium | ||
| 2 | |||
| 3 | OpenSSH 7.8 includes a number of changes that may affect existing | ||
| 4 | configurations: | ||
| 5 | |||
| 6 | * ssh-keygen(1): Write OpenSSH format private keys by default instead of | ||
| 7 | using OpenSSL's PEM format. The OpenSSH format, supported in OpenSSH | ||
| 8 | releases since 2014 and described in the PROTOCOL.key file in the | ||
| 9 | source distribution, offers substantially better protection against | ||
| 10 | offline password guessing and supports key comments in private keys. | ||
| 11 | If necessary, it is possible to write old PEM-style keys by adding "-m | ||
| 12 | PEM" to ssh-keygen's arguments when generating or updating a key. | ||
| 13 | * sshd(8): Remove internal support for S/Key multiple factor | ||
| 14 | authentication. S/Key may still be used via PAM or BSD auth. | ||
| 15 | * ssh(1): Remove vestigial support for running ssh(1) as setuid. This | ||
| 16 | used to be required for hostbased authentication and the (long gone) | ||
| 17 | rhosts-style authentication, but has not been necessary for a long | ||
| 18 | time. Attempting to execute ssh as a setuid binary, or with uid != | ||
| 19 | effective uid will now yield a fatal error at runtime. | ||
| 20 | * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar | ||
| 21 | HostbasedAcceptedKeyTypes options have changed. These now specify | ||
| 22 | signature algorithms that are accepted for their respective | ||
| 23 | authentication mechanism, where previously they specified accepted key | ||
| 24 | types. This distinction matters when using the RSA/SHA2 signature | ||
| 25 | algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate | ||
| 26 | counterparts. Configurations that override these options but omit | ||
| 27 | these algorithm names may cause unexpected authentication failures (no | ||
| 28 | action is required for configurations that accept the default for these | ||
| 29 | options). | ||
| 30 | * sshd(8): The precedence of session environment variables has changed. | ||
| 31 | ~/.ssh/environment and environment="..." options in authorized_keys | ||
| 32 | files can no longer override SSH_* variables set implicitly by sshd. | ||
| 33 | * ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed. They | ||
| 34 | will now use DSCP AF21 for interactive traffic and CS1 for bulk. For a | ||
| 35 | detailed rationale, please see the commit message: | ||
| 36 | https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284 | ||
| 37 | |||
| 38 | -- Colin Watson <cjwatson@debian.org> Fri, 24 Aug 2018 10:13:03 +0100 | ||
| 39 | |||
| 1 | openssh (1:7.6p1-1) unstable; urgency=medium | 40 | openssh (1:7.6p1-1) unstable; urgency=medium |
| 2 | 41 | ||
| 3 | OpenSSH 7.6 includes a number of changes that may affect existing | 42 | OpenSSH 7.6 includes a number of changes that may affect existing |