diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index ccee48f9d..42450d4d3 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,51 @@ | |||
1 | openssh (1:7.0p1-1) UNRELEASED; urgency=medium | ||
2 | |||
3 | * New upstream release (http://www.openssh.com/txt/release-7.0, closes: | ||
4 | #785190): | ||
5 | - Support for the legacy SSH version 1 protocol is disabled by default | ||
6 | at compile time. | ||
7 | - Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is | ||
8 | disabled by default at run-time. It may be re-enabled using the | ||
9 | instructions at http://www.openssh.com/legacy.html | ||
10 | - Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by | ||
11 | default at run-time. These may be re-enabled using the instructions | ||
12 | at http://www.openssh.com/legacy.html | ||
13 | - Support for the legacy v00 cert format has been removed. | ||
14 | - The default for the sshd_config(5) PermitRootLogin option has changed | ||
15 | from "yes" to "prohibit-password". | ||
16 | - PermitRootLogin=without-password/prohibit-password now bans all | ||
17 | interactive authentication methods, allowing only public-key, | ||
18 | hostbased and GSSAPI authentication (previously it permitted | ||
19 | keyboard-interactive and password-less authentication if those were | ||
20 | enabled). | ||
21 | - ssh_config(5): Add PubkeyAcceptedKeyTypes option to control which | ||
22 | public key types are available for user authentication. | ||
23 | - sshd_config(5): Add HostKeyAlgorithms option to control which public | ||
24 | key types are offered for host authentications. | ||
25 | - ssh(1), sshd(8): Extend Ciphers, MACs, KexAlgorithms, | ||
26 | HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes | ||
27 | options to allow appending to the default set of algorithms instead of | ||
28 | replacing it. Options may now be prefixed with a '+' to append to the | ||
29 | default, e.g. "HostKeyAlgorithms=+ssh-dss". | ||
30 | - sshd_config(5): PermitRootLogin now accepts an argument of | ||
31 | 'prohibit-password' as a less-ambiguous synonym of 'without- | ||
32 | password'. | ||
33 | - ssh(1), sshd(8): Add compatability workarounds for Cisco and more | ||
34 | PuTTY versions. | ||
35 | - Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux | ||
36 | documentation relating to Unix domain socket forwarding. | ||
37 | - ssh(1): Improve the ssh(1) manual page to include a better description | ||
38 | of Unix domain socket forwarding (closes: #779068). | ||
39 | - ssh(1), ssh-agent(1): Skip uninitialised PKCS#11 slots, fixing | ||
40 | failures to load keys when they are present. | ||
41 | - ssh(1), ssh-agent(1): Do not ignore PKCS#11 hosted keys that wth empty | ||
42 | CKA_ID. | ||
43 | - sshd(8): Clarify documentation for UseDNS option. | ||
44 | - Check realpath(3) behaviour matches what sftp-server requires and use | ||
45 | a replacement if necessary. | ||
46 | |||
47 | -- Colin Watson <cjwatson@debian.org> Sun, 29 Nov 2015 17:32:44 +0000 | ||
48 | |||
1 | openssh (1:6.9p1-3) unstable; urgency=medium | 49 | openssh (1:6.9p1-3) unstable; urgency=medium |
2 | 50 | ||
3 | * ssh_config(5): Fix markup errors in description of GSSAPITrustDns | 51 | * ssh_config(5): Fix markup errors in description of GSSAPITrustDns |