diff options
author | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
commit | c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch) | |
tree | b72c0867348e7e7914d64af6fc5e25c728922e03 /ssh-gss.h | |
parent | 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff) | |
parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) |
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'ssh-gss.h')
-rw-r--r-- | ssh-gss.h | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-gss.h,v 1.9 2006/08/18 14:40:34 djm Exp $ */ | 1 | /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 3 | * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
4 | * | 4 | * |
@@ -117,7 +117,6 @@ void ssh_gssapi_supported_oids(gss_OID_set *); | |||
117 | ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *); | 117 | ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *); |
118 | 118 | ||
119 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); | 119 | OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *); |
120 | OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *); | ||
121 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, | 120 | OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int, |
122 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); | 121 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); |
123 | OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *, | 122 | OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *, |
@@ -128,7 +127,6 @@ char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *); | |||
128 | void ssh_gssapi_build_ctx(Gssctxt **); | 127 | void ssh_gssapi_build_ctx(Gssctxt **); |
129 | void ssh_gssapi_delete_ctx(Gssctxt **); | 128 | void ssh_gssapi_delete_ctx(Gssctxt **); |
130 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 129 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
131 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | ||
132 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); | 130 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); |
133 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); | 131 | int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *); |
134 | 132 | ||
@@ -138,6 +136,7 @@ char *ssh_gssapi_client_mechanisms(const char *host); | |||
138 | char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *); | 136 | char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *); |
139 | gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); | 137 | gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); |
140 | int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *); | 138 | int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *); |
139 | OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | ||
141 | int ssh_gssapi_userok(char *name); | 140 | int ssh_gssapi_userok(char *name); |
142 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); | 141 | OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); |
143 | void ssh_gssapi_do_child(char ***, u_int *); | 142 | void ssh_gssapi_do_child(char ***, u_int *); |