* New upstream release (http://www.openssh.org/txt/release-5.9).

  - Introduce sandboxing of the pre-auth privsep child using an optional
    sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
    mandatory restrictions on the syscalls the privsep child can perform.
  - Add new SHA256-based HMAC transport integrity modes from
    http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
  - The pre-authentication sshd(8) privilege separation slave process now
    logs via a socket shared with the master process, avoiding the need to
    maintain /dev/log inside the chroot (closes: #75043, #429243,
    #599240).
  - ssh(1) now warns when a server refuses X11 forwarding (closes:
    #504757).
  - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
    separated by whitespace (closes: #76312).  The authorized_keys2
    fallback is deprecated but documented (closes: #560156).
  - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
    ToS/DSCP (closes: #498297).
  - ssh-add(1) now accepts keys piped from standard input.  E.g. "ssh-add
    - < /path/to/key" (closes: #229124).
  - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
  - Say "required" rather than "recommended" in unprotected-private-key
    warning (LP: #663455).

1 files changed, 8 insertions, 5 deletions

diff --git a/ssh.0 b/ssh.0
index c1d3135ce..1c98f7780 100644
--- a/ssh.0
+++ b/ssh.0
@@ -202,8 +202,9 @@ DESCRIPTION
              the -O option is specified, the ctl_cmd argument is interpreted
              and passed to the master process.  Valid commands are: ``check''
              (check that the master process is running), ``forward'' (request
-             forwardings without command execution) and ``exit'' (request the
-             master to exit).
+             forwardings without command execution), ``exit'' (request the
+             master to exit), and ``stop'' (request the master to stop
+             accepting further multiplexing requests).
 
      -o option
              Can be used to give options in the format used in the
@@ -263,6 +264,7 @@ DESCRIPTION
                    PubkeyAuthentication
                    RekeyLimit
                    RemoteForward
+                   RequestTTY
                    RhostsRSAAuthentication
                    RSAAuthentication
                    SendEnv
@@ -389,8 +391,9 @@ AUTHENTICATION
      support similar authentication methods, but protocol 2 is the default
      since it provides additional mechanisms for confidentiality (the traffic
      is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and
-     integrity (hmac-md5, hmac-sha1, umac-64, hmac-ripemd160).  Protocol 1
-     lacks a strong mechanism for ensuring the integrity of the connection.
+     integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64,
+     hmac-ripemd160).  Protocol 1 lacks a strong mechanism for ensuring the
+     integrity of the connection.
 
      The methods available for authentication are: GSSAPI-based
      authentication, host-based authentication, public key authentication,
@@ -895,4 +898,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 4.9                    November 18, 2010                   OpenBSD 4.9
+OpenBSD 5.0                     August 2, 2011                     OpenBSD 5.0