Module Name:	pkgsrc
Committed By:	itojun
Date:		Sun May 19 07:43:25 UTC 2002

Modified Files:
	pkgsrc/security/openssh: Makefile distinfo
	pkgsrc/security/openssh/patches: patch-aa patch-ab patch-ah

Log Message:
upgrade to 3.2.2p1.  includes security changes.

Security Changes:
=================

- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
  see UsePrivilegeSeparation in sshd(8) and
	  http://www.citi.umich.edu/u/provos/ssh/privsep.html
  for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger

Other Changes:
==============

- improved smartcard support (including support for OpenSC, see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in protocol v2
- support configuration of TCP forwarding during interactive sessions (~C)
- improved support for older sftp servers
- improved support for importing old DSA keys (from ssh.com software).
- client side suport for PASSWD_CHANGEREQ in protocol v2
- fixed waitpid race conditions
- record correct lastlogin time


To generate a diff of this commit:
cvs rdiff -r1.67 -r1.68 pkgsrc/security/openssh/Makefile
cvs rdiff -r1.15 -r1.16 pkgsrc/security/openssh/distinfo
cvs rdiff -r1.22 -r1.23 pkgsrc/security/openssh/patches/patch-aa
cvs rdiff -r1.9 -r1.10 pkgsrc/security/openssh/patches/patch-ab
cvs rdiff -r1.17 -r1.18 pkgsrc/security/openssh/patches/patch-ah

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.