From c18b13d4c8aa31b145703bbbf228fb07d6b2a0a5 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 21 Jun 2017 10:53:19 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 170 ++++++++++++++++++++++++++++++++++++++++++++++ lib/ssh/vsn.mk | 2 +- 2 files changed, 171 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bddae00dd2..f93753f1d2 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,176 @@ notes.xml +
Ssh 4.5 + +
Improvements and New Features + + +

+ The internal handling of SSH options is re-written.

+

+ Previously there were no checks if a client option was + given to a daemon or vice versa. This is corrected now. + If your code has e.g. a client-only option in a call to + start a daemon, the call will fail.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12872

+
+ +

+ Modernization of key exchange algorithms. See + draft-ietf-curdle-ssh-kex-sha2 for a discussion.

+

+ Removed an outdated weak algorithm and added stronger + replacements to keep interoperability with other modern + ssh clients and servers. The default ordering of the + algorithms is also adjusted.

+

+ Retired: The nowadays unsecure key-exchange + diffie-hellman-group1-sha1 is not enabled by + default, but can be enabled with the option + preferred-algorithms.

+

+ Added: The new stronger key-exchange + diffie-hellman-group16-sha512, + diffie-hellman-group18-sha512 and + diffie-hellman-group14-sha256 are added and + enabled by default.

+

+ The questionable [RFC 6194] sha1-based algorithms + diffie-hellman-group-exchange-sha1 and + diffie-hellman-group14-sha1 are however still kept + enabled by default for compatibility with ancient clients + and servers that lack modern key-exchange alternatives. + When the draft-ietf-curdle-ssh-kex-sha2 becomes an rfc, + those sha1-based algorithms and + diffie-hellman-group1-sha1 will be deprecated by + IETF. They might then be removed from the default list in + Erlang/OTP.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14110

+
+ +

+ Modernized internal representation of sftp by use of + maps.

+

+ Own Id: OTP-14117

+
+ +

+ The Extension Negotiation Mechanism and the extension + server-sig-algs in + draft-ietf-curdle-ssh-ext-info-05 are implemented.

+

+ The related draft-ietf-curdle-rsa-sha2-05 is implemented + and introduces the signature algorithms + rsa-sha2-256 and rsa-sha2-512.

+

+ Own Id: OTP-14193

+
+ +

+ The 'timeout' and 'connect_timeout' handling in + ssh_sftp:start_channel documentation is clarified.

+

+ Own Id: OTP-14216

+
+ +

+ The functions ssh:connect, ssh:shell and + ssh:start_channel now accept an IP-tuple as Host + destination argument.

+

+ Own Id: OTP-14243

+
+ +

+ The function ssh:daemon_info/1 now returns Host + and Profile as well as the Port info in the property + list.

+

+ Own Id: OTP-14259

+
+ +

+ Removed the option public_key_alg which was + deprecated in 18.2. Use pref_public_key_algs + instead.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14263

+
+ +

+ The SSH application is refactored regarding daemon + starting. The resolution of contradicting Host + argument and ip option were not described. There + were also strange corner cases when the 'any' + value was used in Host argument or ip + option. This is (hopefully) resolved now, but it may + cause incompatibilities for code using both Host + and the ip option. The value 'loopback' has been + added for a correct way of naming those addresses.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-14264

+
+ +

+ The supervisor code is refactored. The naming of + listening IP-Port-Profile triples are slightly changed to + improve consistency in strange corner cases as resolved + by OTP-14264

+

+ Own Id: OTP-14267 Aux Id: OTP-14266

+
+ +

+ The idle_time option can now be used in daemons.

+

+ Own Id: OTP-14312

+
+ +

+ Added test cases for IETF-CURDLE Extension Negotiation + (ext-info)

+

+ Own Id: OTP-14361

+
+ +

+ Testcases for IETF-CURDLE extension + server-sig-algs including rsa-sha2-*

+

+ Own Id: OTP-14362 Aux Id: OTP-14361

+
+ +

+ The option auth_methods can now also be used in + clients to select which authentication options that are + used and in which order.

+

+ Own Id: OTP-14399

+
+ +

+ Checks that a ECDSA public key (ecdsa-sha2-nistp*) + stored in a file has the correct size.

+

+ Own Id: OTP-14410

+
+
+
+ +
+
Ssh 4.4.2
Fixed Bugs and Malfunctions diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 48332d2e5a..7208baca6e 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.4.2 +SSH_VSN = 4.5 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3