* New upstream release (closes: #395507, #397961, #420035). Important

changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
author: Colin Watson <cjwatson@debian.org> 2007-06-12 16:16:35 +0000
committer: Colin Watson <cjwatson@debian.org> 2007-06-12 16:16:35 +0000
commit: b7e40fa9da0b5491534a429dadb321eab5a77558 (patch)
tree: bed1da11e9f829925797aa093e379fc0b5868ecd /openssh.xml.in
parent: 4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff)
parent: 086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff)
1 files changed, 90 insertions, 0 deletions
diff --git a/openssh.xml.in b/openssh.xml.in
new file mode 100644
index 000000000..2fcdea0a1
--- /dev/null
+++ b/openssh.xml.in
@@ -0,0 +1,90 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<!--
+    Copyright (c) 2006 Chad Mynhier.
+    Permission to use, copy, modify, and distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+-->
+<service_bundle type='manifest' name='OpenSSH server'>
+    <service
+        name='site/openssh'
+        type='service'
+        version='1'>
+<!--
+        We default to disabled so administrator can decide to enable or not.
+-->
+        <create_default_instance enabled='false'/>
+        <single_instance/>
+        <dependency
+            name='filesystem-local'
+            grouping='require_all'
+            restart_on='none'
+            type='service'>
+            <service_fmri value='svc:/system/filesystem/local'/>
+        </dependency>
+        <dependency
+            name='network'
+            grouping='require_all'
+            restart_on='none'
+            type='service'>
+            <service_fmri value='svc:/milestone/network'/>
+        </dependency>
+        <dependent
+            name='multi-user-server'
+            restart_on='none'
+            grouping='optional_all'>
+            <service_fmri value='svc:/milestone/multi-user-server'/>
+        </dependent>
+        <exec_method
+            name='start'
+            type='method'
+            exec='/lib/svc/method/site/__SYSVINIT_NAME__ start'
+            timeout_seconds='60'>
+            <method_context/>
+        </exec_method>
+        <exec_method
+            name='stop'
+            type='method'
+            exec=':kill'
+            timeout_seconds='60'>
+            <method_context/>
+        </exec_method>
+        <property_group
+            name='startd'
+            type='framework'>
+            <propval name='ignore_error' type='astring' value='core,signal'/>
+        </property_group>
+        <template>
+            <common_name>
+                <loctext xml:lang='C'>OpenSSH server</loctext>
+            </common_name>
+            <documentation>
+                <manpage
+                    title='sshd'
+                    section='1M'
+                    manpath='@prefix@/man'/>
+            </documentation>
+        </template>
+    </service>
+</service_bundle>
author	Colin Watson <cjwatson@debian.org>	2007-06-12 16:16:35 +0000
committer	Colin Watson <cjwatson@debian.org>	2007-06-12 16:16:35 +0000
commit	b7e40fa9da0b5491534a429dadb321eab5a77558 (patch)
tree	bed1da11e9f829925797aa093e379fc0b5868ecd /openssh.xml.in
parent	4f84beedf1005e44ff33c854abd6b711ffc0adb7 (diff)
parent	086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff)

diff --git a/openssh.xml.in b/openssh.xml.in new file mode 100644 index 000000000..2fcdea0a1 --- /dev/null +++ b/openssh.xml.in
@@ -0,0 +1,90 @@
	1	<?xml version='1.0'?>
	2	<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
	3	<!--
	4	Copyright (c) 2006 Chad Mynhier.
	5
	6	Permission to use, copy, modify, and distribute this software for any
	7	purpose with or without fee is hereby granted, provided that the above
	8	copyright notice and this permission notice appear in all copies.
	9
	10	THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	11	WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	12	MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	13	ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	14	WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	15	ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	16	OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	17	-->
	18
	19	<service_bundle type='manifest' name='OpenSSH server'>
	20
	21	<service
	22	name='site/openssh'
	23	type='service'
	24	version='1'>
	25
	26	<!--
	27	We default to disabled so administrator can decide to enable or not.
	28	-->
	29	<create_default_instance enabled='false'/>
	30
	31	<single_instance/>
	32
	33	<dependency
	34	name='filesystem-local'
	35	grouping='require_all'
	36	restart_on='none'
	37	type='service'>
	38	<service_fmri value='svc:/system/filesystem/local'/>
	39	</dependency>
	40
	41	<dependency
	42	name='network'
	43	grouping='require_all'
	44	restart_on='none'
	45	type='service'>
	46	<service_fmri value='svc:/milestone/network'/>
	47	</dependency>
	48
	49	<dependent
	50	name='multi-user-server'
	51	restart_on='none'
	52	grouping='optional_all'>
	53	<service_fmri value='svc:/milestone/multi-user-server'/>
	54	</dependent>
	55
	56	<exec_method
	57	name='start'
	58	type='method'
	59	exec='/lib/svc/method/site/__SYSVINIT_NAME__ start'
	60	timeout_seconds='60'>
	61	<method_context/>
	62	</exec_method>
	63
	64	<exec_method
	65	name='stop'
	66	type='method'
	67	exec=':kill'
	68	timeout_seconds='60'>
	69	<method_context/>
	70	</exec_method>
	71
	72	<property_group
	73	name='startd'
	74	type='framework'>
	75	<propval name='ignore_error' type='astring' value='core,signal'/>
	76	</property_group>
	77
	78	<template>
	79	<common_name>
	80	<loctext xml:lang='C'>OpenSSH server</loctext>
	81	</common_name>
	82	<documentation>
	83	<manpage
	84	title='sshd'
	85	section='1M'
	86	manpath='@prefix@/man'/>
	87	</documentation>
	88	</template>
	89	</service>
	90	</service_bundle>