diff options
| author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
| commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
| tree | 89400a44e42d84937deba7864e4964d6c7734da5 /debian/changelog | |
| parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
| parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) | |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 4ab7d8955..108d915bb 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,3 +1,30 @@ | |||
| 1 | openssh (1:5.9p1-1) UNRELEASED; urgency=low | ||
| 2 | |||
| 3 | * New upstream release (http://www.openssh.org/txt/release-5.9). | ||
| 4 | - Introduce sandboxing of the pre-auth privsep child using an optional | ||
| 5 | sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables | ||
| 6 | mandatory restrictions on the syscalls the privsep child can perform. | ||
| 7 | - Add new SHA256-based HMAC transport integrity modes from | ||
| 8 | http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. | ||
| 9 | - The pre-authentication sshd(8) privilege separation slave process now | ||
| 10 | logs via a socket shared with the master process, avoiding the need to | ||
| 11 | maintain /dev/log inside the chroot (closes: #75043, #429243, | ||
| 12 | #599240). | ||
| 13 | - ssh(1) now warns when a server refuses X11 forwarding (closes: | ||
| 14 | #504757). | ||
| 15 | - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, | ||
| 16 | separated by whitespace (closes: #76312). The authorized_keys2 | ||
| 17 | fallback is deprecated but documented (closes: #560156). | ||
| 18 | - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 | ||
| 19 | ToS/DSCP (closes: #498297). | ||
| 20 | - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add | ||
| 21 | - < /path/to/key" (closes: #229124). | ||
| 22 | - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). | ||
| 23 | - Say "required" rather than "recommended" in unprotected-private-key | ||
| 24 | warning (LP: #663455). | ||
| 25 | |||
| 26 | -- Colin Watson <cjwatson@debian.org> Tue, 06 Sep 2011 10:16:33 +0100 | ||
| 27 | |||
| 1 | openssh (1:5.8p1-7) unstable; urgency=low | 28 | openssh (1:5.8p1-7) unstable; urgency=low |
| 2 | 29 | ||
| 3 | * Only recommend ssh-import-id when built on Ubuntu (closes: #635887). | 30 | * Only recommend ssh-import-id when built on Ubuntu (closes: #635887). |