diff options
author | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-06-12 16:16:35 +0000 |
commit | b7e40fa9da0b5491534a429dadb321eab5a77558 (patch) | |
tree | bed1da11e9f829925797aa093e379fc0b5868ecd /openssh.xml.in | |
parent | 4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff) | |
parent | 086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff) |
* New upstream release (closes: #395507, #397961, #420035). Important
changes not previously backported to 4.3p2:
- 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4):
+ On portable OpenSSH, fix a GSSAPI authentication abort that could be
used to determine the validity of usernames on some platforms.
+ Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of
post-authentication options are supported and more are expected to
be added in future releases.
+ Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
+ Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
+ Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
+ Add optional logging of transactions to sftp-server(8).
+ ssh(1) will now record port numbers for hosts stored in
~/.ssh/known_hosts when a non-standard port has been requested
(closes: #50612).
+ Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a
non-zero exit code) when requested port forwardings could not be
established.
+ Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
+ Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
+ Many manpage fixes and improvements.
+ Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
+ Tokens in configuration files may be double-quoted in order to
contain spaces (closes: #319639).
+ Move a debug() call out of a SIGCHLD handler, fixing a hang when the
session exits very quickly (closes: #307890).
+ Fix some incorrect buffer allocation calculations (closes: #410599).
+ ssh-add doesn't ask for a passphrase if key file permissions are too
liberal (closes: #103677).
+ Likewise, ssh doesn't ask either (closes: #99675).
- 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6):
+ sshd now allows the enabling and disabling of authentication methods
on a per user, group, host and network basis via the Match directive
in sshd_config.
+ Fixed an inconsistent check for a terminal when displaying scp
progress meter (closes: #257524).
+ Fix "hang on exit" when background processes are running at the time
of exit on a ttyful/login session (closes: #88337).
* Update to current GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch;
install ChangeLog.gssapi.
Diffstat (limited to 'openssh.xml.in')
-rw-r--r-- | openssh.xml.in | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/openssh.xml.in b/openssh.xml.in new file mode 100644 index 000000000..2fcdea0a1 --- /dev/null +++ b/openssh.xml.in | |||
@@ -0,0 +1,90 @@ | |||
1 | <?xml version='1.0'?> | ||
2 | <!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'> | ||
3 | <!-- | ||
4 | Copyright (c) 2006 Chad Mynhier. | ||
5 | |||
6 | Permission to use, copy, modify, and distribute this software for any | ||
7 | purpose with or without fee is hereby granted, provided that the above | ||
8 | copyright notice and this permission notice appear in all copies. | ||
9 | |||
10 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
11 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
12 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
13 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
14 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
15 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
16 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
17 | --> | ||
18 | |||
19 | <service_bundle type='manifest' name='OpenSSH server'> | ||
20 | |||
21 | <service | ||
22 | name='site/openssh' | ||
23 | type='service' | ||
24 | version='1'> | ||
25 | |||
26 | <!-- | ||
27 | We default to disabled so administrator can decide to enable or not. | ||
28 | --> | ||
29 | <create_default_instance enabled='false'/> | ||
30 | |||
31 | <single_instance/> | ||
32 | |||
33 | <dependency | ||
34 | name='filesystem-local' | ||
35 | grouping='require_all' | ||
36 | restart_on='none' | ||
37 | type='service'> | ||
38 | <service_fmri value='svc:/system/filesystem/local'/> | ||
39 | </dependency> | ||
40 | |||
41 | <dependency | ||
42 | name='network' | ||
43 | grouping='require_all' | ||
44 | restart_on='none' | ||
45 | type='service'> | ||
46 | <service_fmri value='svc:/milestone/network'/> | ||
47 | </dependency> | ||
48 | |||
49 | <dependent | ||
50 | name='multi-user-server' | ||
51 | restart_on='none' | ||
52 | grouping='optional_all'> | ||
53 | <service_fmri value='svc:/milestone/multi-user-server'/> | ||
54 | </dependent> | ||
55 | |||
56 | <exec_method | ||
57 | name='start' | ||
58 | type='method' | ||
59 | exec='/lib/svc/method/site/__SYSVINIT_NAME__ start' | ||
60 | timeout_seconds='60'> | ||
61 | <method_context/> | ||
62 | </exec_method> | ||
63 | |||
64 | <exec_method | ||
65 | name='stop' | ||
66 | type='method' | ||
67 | exec=':kill' | ||
68 | timeout_seconds='60'> | ||
69 | <method_context/> | ||
70 | </exec_method> | ||
71 | |||
72 | <property_group | ||
73 | name='startd' | ||
74 | type='framework'> | ||
75 | <propval name='ignore_error' type='astring' value='core,signal'/> | ||
76 | </property_group> | ||
77 | |||
78 | <template> | ||
79 | <common_name> | ||
80 | <loctext xml:lang='C'>OpenSSH server</loctext> | ||
81 | </common_name> | ||
82 | <documentation> | ||
83 | <manpage | ||
84 | title='sshd' | ||
85 | section='1M' | ||
86 | manpath='@prefix@/man'/> | ||
87 | </documentation> | ||
88 | </template> | ||
89 | </service> | ||
90 | </service_bundle> | ||