summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog54
1 files changed, 52 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index dc9c82813..234cc9191 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,56 @@
1openssh (1:7.1p2-3) UNRELEASED; urgency=medium 1openssh (1:7.2p1-1) UNRELEASED; urgency=medium
2 2
3 * New upstream release (http://www.openssh.com/txt/release-7.2):
4 - This release disables a number of legacy cryptographic algorithms by
5 default in ssh:
6 + Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and
7 the rijndael-cbc aliases for AES.
8 + MD5-based and truncated HMAC algorithms.
9 These algorithms are already disabled by default in sshd.
10 - ssh(1), sshd(8): Remove unfinished and unused roaming code (was
11 already forcibly disabled in OpenSSH 7.1p2).
12 - ssh(1): Eliminate fallback from untrusted X11 forwarding to trusted
13 forwarding when the X server disables the SECURITY extension.
14 - ssh(1), sshd(8): Increase the minimum modulus size supported for
15 diffie-hellman-group-exchange to 2048 bits.
16 - sshd(8): Pre-auth sandboxing is now enabled by default (previous
17 releases enabled it for new installations via sshd_config).
18 - all: Add support for RSA signatures using SHA-256/512 hash algorithms
19 based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt.
20 - ssh(1): Add an AddKeysToAgent client option which can be set to 'yes',
21 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
22 private key that is used during authentication will be added to
23 ssh-agent if it is running (with confirmation enabled if set to
24 'confirm').
25 - sshd(8): Add a new authorized_keys option "restrict" that includes all
26 current and future key restrictions (no-*-forwarding, etc.). Also add
27 permissive versions of the existing restrictions, e.g. "no-pty" ->
28 "pty". This simplifies the task of setting up restricted keys and
29 ensures they are maximally-restricted, regardless of any permissions
30 we might implement in the future.
31 - ssh(1): Add ssh_config CertificateFile option to explicitly list
32 certificates.
33 - ssh-keygen(1): Allow ssh-keygen to change the key comment for all
34 supported formats (closes: #811125).
35 - ssh-keygen(1): Allow fingerprinting from standard input, e.g.
36 "ssh-keygen -lf -" (closes: #509058).
37 - ssh-keygen(1): Allow fingerprinting multiple public keys in a file,
38 e.g. "ssh-keygen -lf ~/.ssh/authorized_keys".
39 - sshd(8): Support "none" as an argument for sshd_config Foreground and
40 ChrootDirectory. Useful inside Match blocks to override a global
41 default.
42 - ssh-keygen(1): Support multiple certificates (one per line) and
43 reading from standard input (using "-f -") for "ssh-keygen -L"
44 - ssh-keyscan(1): Add "ssh-keyscan -c ..." flag to allow fetching
45 certificates instead of plain keys.
46 - ssh(1): Better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
47 hostname canonicalisation - treat them as already canonical and remove
48 the trailing '.' before matching ssh_config.
49 - sftp(1): Existing destination directories should not terminate
50 recursive uploads (regression in OpenSSH 6.8; LP: #1553378).
3 * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb. 51 * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
52 * Restore slogin symlinks for compatibility, although they were removed
53 upstream.
4 54
5 -- Colin Watson <cjwatson@debian.org> Wed, 27 Jan 2016 13:04:38 +0000 55 -- Colin Watson <cjwatson@debian.org> Wed, 27 Jan 2016 13:04:38 +0000
6 56