summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2007-12-24 10:29:57 +0000
committerColin Watson <cjwatson@debian.org>2007-12-24 10:29:57 +0000
commitc3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch)
treeb72c0867348e7e7914d64af6fc5e25c728922e03 /debian/changelog
parent6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff)
parent70847d299887abb96f8703ca99db6d817b78960e (diff)
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec (closes: #444738). - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. - The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. - ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. - A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. - Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. - ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work. - Make scp(1) skip FIFOs rather than hanging (closes: #246774). - Encode non-printing characters in scp(1) filenames. These could cause copies to be aborted with a "protocol error". - Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated. - Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms. - Improve documentation for ssh-add(1)'s -d option. - Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. - Delay execution of ssh(1)'s LocalCommand until after all forwardings have been established. - In scp(1), do not truncate non-regular files. - Improve exit message from ControlMaster clients. - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error (closes: #365541). - pam_end() was not being called if authentication failed (closes: #405041). - Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog45
1 files changed, 45 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 43dc83046..a027912ca 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,48 @@
1openssh (1:4.7p1-1) UNRELEASED; urgency=low
2
3 * New upstream release (closes: #453367).
4 - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
5 creation of an untrusted cookie fails; found and fixed by Jan Pechanec
6 (closes: #444738).
7 - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
8 installations are unchanged.
9 - The SSH channel window size has been increased, and both ssh(1)
10 sshd(8) now send window updates more aggressively. These improves
11 performance on high-BDP (Bandwidth Delay Product) networks.
12 - ssh(1) and sshd(8) now preserve MAC contexts between packets, which
13 saves 2 hash calls per packet and results in 12-16% speedup for
14 arcfour256/hmac-md5.
15 - A new MAC algorithm has been added, UMAC-64 (RFC4418) as
16 "umac-64@openssh.com". UMAC-64 has been measured to be approximately
17 20% faster than HMAC-MD5.
18 - Failure to establish a ssh(1) TunnelForward is now treated as a fatal
19 error when the ExitOnForwardFailure option is set.
20 - ssh(1) returns a sensible exit status if the control master goes away
21 without passing the full exit status.
22 - When using a ProxyCommand in ssh(1), set the outgoing hostname with
23 gethostname(2), allowing hostbased authentication to work.
24 - Make scp(1) skip FIFOs rather than hanging (closes: #246774).
25 - Encode non-printing characters in scp(1) filenames. These could cause
26 copies to be aborted with a "protocol error".
27 - Handle SIGINT in sshd(8) privilege separation child process to ensure
28 that wtmp and lastlog records are correctly updated.
29 - Report GSSAPI mechanism in errors, for libraries that support multiple
30 mechanisms.
31 - Improve documentation for ssh-add(1)'s -d option.
32 - Rearrange and tidy GSSAPI code, removing server-only code being linked
33 into the client.
34 - Delay execution of ssh(1)'s LocalCommand until after all forwardings
35 have been established.
36 - In scp(1), do not truncate non-regular files.
37 - Improve exit message from ControlMaster clients.
38 - Prevent sftp-server(8) from reading until it runs out of buffer space,
39 whereupon it would exit with a fatal error (closes: #365541).
40 - pam_end() was not being called if authentication failed
41 (closes: #405041).
42 - Manual page datestamps updated (closes: #433181).
43
44 -- Colin Watson <cjwatson@debian.org> Sun, 23 Dec 2007 12:53:46 +0000
45
1openssh (1:4.6p1-7) unstable; urgency=low 46openssh (1:4.6p1-7) unstable; urgency=low
2 47
3 * Don't build PIE executables on m68k (closes: #451192). 48 * Don't build PIE executables on m68k (closes: #451192).