* New upstream release (closes: #453367).

  - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
    creation of an untrusted cookie fails; found and fixed by Jan Pechanec
    (closes: #444738).
  - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
    installations are unchanged.
  - The SSH channel window size has been increased, and both ssh(1)
    sshd(8) now send window updates more aggressively. These improves
    performance on high-BDP (Bandwidth Delay Product) networks.
  - ssh(1) and sshd(8) now preserve MAC contexts between packets, which
    saves 2 hash calls per packet and results in 12-16% speedup for
    arcfour256/hmac-md5.
  - A new MAC algorithm has been added, UMAC-64 (RFC4418) as
    "umac-64@openssh.com". UMAC-64 has been measured to be approximately
    20% faster than HMAC-MD5.
  - Failure to establish a ssh(1) TunnelForward is now treated as a fatal
    error when the ExitOnForwardFailure option is set.
  - ssh(1) returns a sensible exit status if the control master goes away
    without passing the full exit status.
  - When using a ProxyCommand in ssh(1), set the outgoing hostname with
    gethostname(2), allowing hostbased authentication to work.
  - Make scp(1) skip FIFOs rather than hanging (closes: #246774).
  - Encode non-printing characters in scp(1) filenames. These could cause
    copies to be aborted with a "protocol error".
  - Handle SIGINT in sshd(8) privilege separation child process to ensure
    that wtmp and lastlog records are correctly updated.
  - Report GSSAPI mechanism in errors, for libraries that support multiple
    mechanisms.
  - Improve documentation for ssh-add(1)'s -d option.
  - Rearrange and tidy GSSAPI code, removing server-only code being linked
    into the client.
  - Delay execution of ssh(1)'s LocalCommand until after all forwardings
    have been established.
  - In scp(1), do not truncate non-regular files.
  - Improve exit message from ControlMaster clients.
  - Prevent sftp-server(8) from reading until it runs out of buffer space,
    whereupon it would exit with a fatal error (closes: #365541).
  - pam_end() was not being called if authentication failed
    (closes: #405041).
  - Manual page datestamps updated (closes: #433181).

1 files changed, 2 insertions, 3 deletions

diff --git a/ssh-gss.h b/ssh-gss.h
index ca8da70a2..4e9e357b5 100644
--- a/ssh-gss.h
+++ b/ssh-gss.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-gss.h,v 1.9 2006/08/18 14:40:34 djm Exp $ */
+/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
  *
@@ -117,7 +117,6 @@ void ssh_gssapi_supported_oids(gss_OID_set *);
 ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *);
 
 OM_uint32 ssh_gssapi_import_name(Gssctxt *, const char *);
-OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *);
 OM_uint32 ssh_gssapi_init_ctx(Gssctxt *, int,
     gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
 OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *,
@@ -128,7 +127,6 @@ char *ssh_gssapi_last_error(Gssctxt *, OM_uint32 *, OM_uint32 *);
 void ssh_gssapi_build_ctx(Gssctxt **);
 void ssh_gssapi_delete_ctx(Gssctxt **);
 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
-OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
 void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
 int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
 
@@ -138,6 +136,7 @@ char *ssh_gssapi_client_mechanisms(const char *host);
 char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *);
 gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int);
 int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *);
+OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
 int ssh_gssapi_userok(char *name);
 OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
 void ssh_gssapi_do_child(char ***, u_int *);