* New upstream release (http://www.openssh.org/txt/release-5.9).

- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
author: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
committer: Colin Watson <cjwatson@debian.org> 2011-09-06 14:56:29 +0100
commit: 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree: 89400a44e42d84937deba7864e4964d6c7734da5 /debian/patches/debian-config.patch
parent: 87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent: 3a7e89697ca363de0f64e0d5704c57219294e41c (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index e804aa526..74aa53ecc 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -24,7 +24,7 @@ Index: b/readconf.c
 ===================================================================
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1223,7 +1223,7 @@
+@@ -1268,7 +1268,7 @@
        if (options->forward_x11 == -1)
                options->forward_x11 = 0;
        if (options->forward_x11_trusted == -1)
@@ -84,7 +84,7 @@ Index: b/ssh_config.5
 The configuration file has the following format:
 .Pp
 Empty lines and lines starting with
-@@ -482,7 +498,8 @@
+@@ -499,7 +515,8 @@
 Remote clients will be refused access after this time.
 .Pp
 The default is
author	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
committer	Colin Watson <cjwatson@debian.org>	2011-09-06 14:56:29 +0100
commit	978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch)
tree	89400a44e42d84937deba7864e4964d6c7734da5 /debian/patches/debian-config.patch
parent	87c685b8c6a49814fd782288097b3093f975aa72 (diff)
parent	3a7e89697ca363de0f64e0d5704c57219294e41c (diff)

diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index e804aa526..74aa53ecc 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch
@@ -24,7 +24,7 @@ Index: b/readconf.c
24	===================================================================	24	===================================================================
25	--- a/readconf.c	25	--- a/readconf.c
26	+++ b/readconf.c	26	+++ b/readconf.c
27	@@ -1223,7 +1223,7 @@	27	@@ -1268,7 +1268,7 @@
28	if (options->forward_x11 == -1)	28	if (options->forward_x11 == -1)
29	options->forward_x11 = 0;	29	options->forward_x11 = 0;
30	if (options->forward_x11_trusted == -1)	30	if (options->forward_x11_trusted == -1)
@@ -84,7 +84,7 @@ Index: b/ssh_config.5
84	The configuration file has the following format:	84	The configuration file has the following format:
85	.Pp	85	.Pp
86	Empty lines and lines starting with	86	Empty lines and lines starting with
87	@@ -482,7 +498,8 @@	87	@@ -499,7 +515,8 @@
88	Remote clients will be refused access after this time.	88	Remote clients will be refused access after this time.
89	.Pp	89	.Pp
90	The default is	90	The default is