Subject: CVS commit: pkgsrc/security/openssh
To: None <pkgsrc-changes@NetBSD.org>
From: Thomas Klausner <wiz@netbsd.org>
List: pkgsrc-changes
Date: 08/31/2004 11:27:12
Module Name:	pkgsrc
Committed By:	wiz
Date:		Tue Aug 31 11:27:12 UTC 2004

Modified Files:
	pkgsrc/security/openssh: Makefile distinfo
	pkgsrc/security/openssh/patches: patch-aa patch-ab patch-ac patch-ad
	    patch-ag patch-ah patch-aj patch-ak patch-al patch-an patch-ap
	    patch-aq

Log Message:
Update to 3.9p1:
 * Added new "IdentitiesOnly" option to ssh(1), which specifies that it should
   use keys specified in ssh_config, rather than any keys in ssh-agent(1)

 * Make sshd(8) re-execute itself on accepting a new connection. This security
   measure ensures that all execute-time randomisations are reapplied for each
   connection rather than once, for the master process' lifetime. This includes
   mmap and malloc mappings, shared library addressing, shared library mapping
   order, ProPolice and StackGhost cookies on systems that support such things

 * Add strict permission and ownership checks to programs reading ~/.ssh/config
   NB ssh(1) will now exit instead of trying to process a config with poor
   ownership or permissions

 * Implemented the ability to pass selected environment variables between the
   client and the server. See "AcceptEnv" in sshd_config(5) and "SendEnv" in
   ssh_config(5) for details

 * Added a "MaxAuthTries" option to sshd(8), allowing control over the maximum
   number of authentication attempts permitted per connection

 * Added support for cancellation of active remote port forwarding sessions.
   This may be performed using the ~C escape character, see "Escape Characters"
   in ssh(1) for details

 * Many sftp(1) interface improvements, including greatly enhanced "ls" support
   and the ability to cancel active transfers using SIGINT (^C)

 * Implement session multiplexing: a single ssh(1) connection can now carry
   multiple login/command/file transfer sessions. Refer to the "ControlMaster"
   and "ControlPath" options in ssh_config(5) for more information

 * The sftp-server has improved support for non-POSIX filesystems (e.g. FAT)

 * Portable OpenSSH: Re-introduce support for PAM password authentication, in
   addition to the keyboard-interactive driver. PAM password authentication
   is less flexible, and doesn't support pre-authentication password expiry but
   runs in-process so Kerberos tokens, etc are retained

 * Improved and more extensive regression tests

 * Many bugfixes and small improvements


To generate a diff of this commit:
cvs rdiff -r1.141 -r1.142 pkgsrc/security/openssh/Makefile
cvs rdiff -r1.34 -r1.35 pkgsrc/security/openssh/distinfo
cvs rdiff -r1.35 -r1.36 pkgsrc/security/openssh/patches/patch-aa
cvs rdiff -r1.18 -r1.19 pkgsrc/security/openssh/patches/patch-ab
cvs rdiff -r1.10 -r1.11 pkgsrc/security/openssh/patches/patch-ac
cvs rdiff -r1.7 -r1.8 pkgsrc/security/openssh/patches/patch-ad
cvs rdiff -r1.4 -r1.5 pkgsrc/security/openssh/patches/patch-ag \
    pkgsrc/security/openssh/patches/patch-aj \
    pkgsrc/security/openssh/patches/patch-ak
cvs rdiff -r1.20 -r1.21 pkgsrc/security/openssh/patches/patch-ah
cvs rdiff -r1.3 -r1.4 pkgsrc/security/openssh/patches/patch-al \
    pkgsrc/security/openssh/patches/patch-an \
    pkgsrc/security/openssh/patches/patch-ap \
    pkgsrc/security/openssh/patches/patch-aq

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.