OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=5

openssh-4.5p1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1b2826c2c9b94cd2c2c441a3acf2b0f954b8556a0db6aa938cac13c44504e186
-size 776871

openssh-4.6p1-addrlist.dif

@@ -63,7 +63,7 @@
  
  /*
   * Close all listening sockets
-@@ -941,6 +997,7 @@
+@@ -942,6 +998,7 @@
  	int ret, listen_sock, on = 1;
  	struct addrinfo *ai;
  	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -71,7 +71,7 @@
  
  	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
  		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -986,6 +1043,13 @@
+@@ -987,6 +1044,13 @@
  			continue;
  		}
  		listen_socks[num_listen_socks] = listen_sock;

openssh-4.6p1-audit.patch

@@ -1,5 +1,94 @@
---- openssh-4.5p1/loginrec.c.audit	2006-09-07 14:57:54.000000000 +0200
-+++ openssh-4.5p1/loginrec.c	2006-12-21 12:17:35.000000000 +0100
+# add support for Linux audit (FATE #120269)
+--- openssh-4.6p1/Makefile.in
++++ openssh-4.6p1/Makefile.in
+@@ -45,6 +45,7 @@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
+ LIBSELINUX=@LIBSELINUX@
++LIBAUDIT=@LIBAUDIT@
+ SSHDLIBS=@SSHDLIBS@
+ LIBEDIT=@LIBEDIT@
+ LIBPAM=@LIBPAM@
+@@ -139,7 +140,7 @@
+ 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 
+ sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
+-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS)
++	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(SSHDLIBS) $(LIBS)
+ 
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ 	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+--- openssh-4.6p1/auth.c
++++ openssh-4.6p1/auth.c
+@@ -286,6 +286,12 @@
+ 		    get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
+ # endif
+ #endif
++#if HAVE_LINUX_AUDIT
++	if (authenticated == 0 && !authctxt->postponed) {
++		linux_audit_record_event(-1, authctxt->user, NULL,
++			get_remote_ipaddr(), "sshd", 0);
++	}
++#endif
+ #ifdef SSH_AUDIT_EVENTS
+ 	if (authenticated == 0 && !authctxt->postponed)
+ 		audit_event(audit_classify_auth(method));
+@@ -492,6 +498,10 @@
+ 		record_failed_login(user,
+ 		    get_canonical_hostname(options.use_dns), "ssh");
+ #endif
++#ifdef HAVE_LINUX_AUDIT
++		linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(),
++			"sshd", 0);
++#endif
+ #ifdef SSH_AUDIT_EVENTS
+ 		audit_event(SSH_INVALID_USER);
+ #endif /* SSH_AUDIT_EVENTS */
+--- openssh-4.6p1/config.h.in
++++ openssh-4.6p1/config.h.in
+@@ -1305,6 +1305,9 @@
+ /* Define if you want SELinux support. */
+ #undef WITH_SELINUX
+ 
++/* Define if you want Linux audit support. */
++#undef HAVE_LINUX_AUDIT
++
+ /* Define to 1 if your processor stores words with the most significant byte
+    first (like Motorola and SPARC, unlike Intel and VAX). */
+ #undef WORDS_BIGENDIAN
+--- openssh-4.6p1/configure.ac
++++ openssh-4.6p1/configure.ac
+@@ -3170,6 +3170,20 @@
+ )
+ AC_SUBST(LIBSELINUX)
+ 
++# Check whether user wants Linux audit support
++LINUX_AUDIT_MSG="no"
++LIBAUDIT=""
++AC_ARG_WITH(linux-audit,
++	[  --with-linux-audit   Enable Linux audit support],
++	[ if test "x$withval" != "xno" ; then
++		AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
++		LINUX_AUDIT_MSG="yes"
++		AC_CHECK_HEADERS(libaudit.h)
++		LIBAUDIT="-laudit"
++	fi
++	])
++AC_SUBST(LIBAUDIT)
++
+ # Check whether user wants Kerberos 5 support
+ KRB5_MSG="no"
+ AC_ARG_WITH(kerberos5,
+@@ -3990,6 +4004,7 @@
+ echo "                   OSF SIA support: $SIA_MSG"
+ echo "                 KerberosV support: $KRB5_MSG"
+ echo "                   SELinux support: $SELINUX_MSG"
++echo "               Linux audit support: $LINUX_AUDIT_MSG"
+ echo "                 Smartcard support: $SCARD_MSG"
+ echo "                     S/KEY support: $SKEY_MSG"
+ echo "              TCP Wrappers support: $TCPW_MSG"
+--- openssh-4.6p1/loginrec.c
++++ openssh-4.6p1/loginrec.c
 @@ -175,6 +175,10 @@
  #include "auth.h"
  #include "buffer.h"
@@ -84,8 +173,8 @@
  /**
   ** Low-level libutil login() functions
   **/
---- openssh-4.5p1/loginrec.h.audit	2006-08-05 04:39:40.000000000 +0200
-+++ openssh-4.5p1/loginrec.h	2006-12-21 12:17:35.000000000 +0100
+--- openssh-4.6p1/loginrec.h
++++ openssh-4.6p1/loginrec.h
 @@ -127,5 +127,9 @@
  char *line_abbrevname(char *dst, const char *src, int dstsize);
  
@@ -96,91 +185,3 @@
 +#endif /* HAVE_LINUX_AUDIT */
  
  #endif /* _HAVE_LOGINREC_H_ */
---- openssh-4.5p1/Makefile.in.audit	2006-10-23 23:44:47.000000000 +0200
-+++ openssh-4.5p1/Makefile.in	2006-12-21 12:19:39.000000000 +0100
-@@ -45,6 +45,7 @@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
- LIBSELINUX=@LIBSELINUX@
-+LIBAUDIT=@LIBAUDIT@
- SSHDLIBS=@SSHDLIBS@
- LIBEDIT=@LIBEDIT@
- LIBPAM=@LIBPAM@
-@@ -139,7 +140,7 @@
- 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
- 
- sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
--	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS)
-+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(SSHDLIBS) $(LIBS)
- 
- scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
- 	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
---- openssh-4.5p1/config.h.in.audit	2006-11-07 14:07:01.000000000 +0100
-+++ openssh-4.5p1/config.h.in	2006-12-21 12:17:35.000000000 +0100
-@@ -1305,6 +1305,9 @@
- /* Define if you want SELinux support. */
- #undef WITH_SELINUX
- 
-+/* Define if you want Linux audit support. */
-+#undef HAVE_LINUX_AUDIT
-+
- /* Define to 1 if your processor stores words with the most significant byte
-    first (like Motorola and SPARC, unlike Intel and VAX). */
- #undef WORDS_BIGENDIAN
---- openssh-4.5p1/configure.ac.audit	2006-12-21 12:17:34.000000000 +0100
-+++ openssh-4.5p1/configure.ac	2006-12-21 12:17:35.000000000 +0100
-@@ -3161,6 +3161,20 @@
- )
- AC_SUBST(LIBSELINUX)
- 
-+# Check whether user wants Linux audit support
-+LINUX_AUDIT_MSG="no"
-+LIBAUDIT=""
-+AC_ARG_WITH(linux-audit,
-+	[  --with-linux-audit   Enable Linux audit support],
-+	[ if test "x$withval" != "xno" ; then
-+		AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
-+		LINUX_AUDIT_MSG="yes"
-+		AC_CHECK_HEADERS(libaudit.h)
-+		LIBAUDIT="-laudit"
-+	fi
-+	])
-+AC_SUBST(LIBAUDIT)
-+
- # Check whether user wants Kerberos 5 support
- KRB5_MSG="no"
- AC_ARG_WITH(kerberos5,
-@@ -3982,6 +3996,7 @@
- echo "                   OSF SIA support: $SIA_MSG"
- echo "                 KerberosV support: $KRB5_MSG"
- echo "                   SELinux support: $SELINUX_MSG"
-+echo "               Linux audit support: $LINUX_AUDIT_MSG"
- echo "                 Smartcard support: $SCARD_MSG"
- echo "                     S/KEY support: $SKEY_MSG"
- echo "              TCP Wrappers support: $TCPW_MSG"
---- openssh-4.5p1/auth.c.audit	2006-10-27 17:10:16.000000000 +0200
-+++ openssh-4.5p1/auth.c	2006-12-21 12:17:35.000000000 +0100
-@@ -286,6 +286,12 @@
- 		    get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
- # endif
- #endif
-+#if HAVE_LINUX_AUDIT
-+	if (authenticated == 0 && !authctxt->postponed) {
-+		linux_audit_record_event(-1, authctxt->user, NULL,
-+			get_remote_ipaddr(), "sshd", 0);
-+	}
-+#endif
- #ifdef SSH_AUDIT_EVENTS
- 	if (authenticated == 0 && !authctxt->postponed)
- 		audit_event(audit_classify_auth(method));
-@@ -492,6 +498,10 @@
- 		record_failed_login(user,
- 		    get_canonical_hostname(options.use_dns), "ssh");
- #endif
-+#ifdef HAVE_LINUX_AUDIT
-+		linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(),
-+			"sshd", 0);
-+#endif
- #ifdef SSH_AUDIT_EVENTS
- 		audit_event(SSH_INVALID_USER);
- #endif /* SSH_AUDIT_EVENTS */

openssh-4.6p1-eal3.diff

@@ -1,5 +1,5 @@
---- openssh-4.5p1/sshd.8
-+++ openssh-4.5p1/sshd.8
+--- openssh-4.6p1/sshd.8
++++ openssh-4.6p1/sshd.8
 @@ -739,7 +739,7 @@
  The file format is described in
  .Xr moduli 5 .
@@ -28,9 +28,9 @@
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
  .Xr sftp-server 8
---- openssh-4.5p1/sshd_config.5
-+++ openssh-4.5p1/sshd_config.5
-@@ -169,9 +169,6 @@
+--- openssh-4.6p1/sshd_config.5
++++ openssh-4.6p1/sshd_config.5
+@@ -167,9 +167,6 @@
  By default, no banner is displayed.
  .It Cm ChallengeResponseAuthentication
  Specifies whether challenge-response authentication is allowed.
@@ -40,7 +40,7 @@
  The default is
  .Dq yes .
  .It Cm Ciphers
-@@ -384,7 +381,7 @@
+@@ -382,7 +379,7 @@
  .Pp
  .Pa /etc/hosts.equiv
  and

openssh-4.6p1-engines.diff

@@ -1,9 +1,5 @@
-# Load drivers for available hardware crypto accelerators.
-#                                      -- mludvig@suse.cz
-Index: openssh-3.8p1/ssh-add.c
-================================================================================
---- openssh-4.5p1/ssh-add.c
-+++ openssh-4.5p1/ssh-add.c
+--- openssh-4.6p1/ssh-add.c
++++ openssh-4.6p1/ssh-add.c
 @@ -42,6 +42,7 @@
  #include <sys/param.h>
  
@@ -23,8 +19,8 @@ Index: openssh-3.8p1/ssh-add.c
  	/* At first, get a connection to the authentication agent. */
  	ac = ssh_get_authentication_connection();
  	if (ac == NULL) {
---- openssh-4.5p1/ssh-agent.c
-+++ openssh-4.5p1/ssh-agent.c
+--- openssh-4.6p1/ssh-agent.c
++++ openssh-4.6p1/ssh-agent.c
 @@ -51,6 +51,7 @@
  
  #include <openssl/evp.h>
@@ -33,7 +29,7 @@ Index: openssh-3.8p1/ssh-add.c
  
  #include <errno.h>
  #include <fcntl.h>
-@@ -1044,6 +1045,10 @@
+@@ -1043,6 +1044,10 @@
  
  	SSLeay_add_all_algorithms();
  
@@ -44,8 +40,8 @@ Index: openssh-3.8p1/ssh-add.c
  	__progname = ssh_get_progname(av[0]);
  	init_rng();
  	seed_rng();
---- openssh-4.5p1/ssh-keygen.c
-+++ openssh-4.5p1/ssh-keygen.c
+--- openssh-4.6p1/ssh-keygen.c
++++ openssh-4.6p1/ssh-keygen.c
 @@ -21,6 +21,7 @@
  
  #include <openssl/evp.h>
@@ -54,8 +50,8 @@ Index: openssh-3.8p1/ssh-add.c
  
  #include <errno.h>
  #include <fcntl.h>
-@@ -1074,6 +1075,11 @@
- 	__progname = ssh_get_progname(av[0]);
+@@ -1073,6 +1074,11 @@
+ 	__progname = ssh_get_progname(argv[0]);
  
  	SSLeay_add_all_algorithms();
 +
@@ -63,11 +59,11 @@ Index: openssh-3.8p1/ssh-add.c
 +	ENGINE_load_builtin_engines();
 +	ENGINE_register_all_complete();
 +
- 	log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+ 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
  
  	init_rng();
---- openssh-4.5p1/ssh-keysign.c
-+++ openssh-4.5p1/ssh-keysign.c
+--- openssh-4.6p1/ssh-keysign.c
++++ openssh-4.6p1/ssh-keysign.c
 @@ -38,6 +38,7 @@
  #include <openssl/evp.h>
  #include <openssl/rand.h>
@@ -88,8 +84,8 @@ Index: openssh-3.8p1/ssh-add.c
  	for (i = 0; i < 256; i++)
  		rnd[i] = arc4random();
  	RAND_seed(rnd, sizeof(rnd));
---- openssh-4.5p1/ssh.c
-+++ openssh-4.5p1/ssh.c
+--- openssh-4.6p1/ssh.c
++++ openssh-4.6p1/ssh.c
 @@ -72,6 +72,7 @@
  
  #include <openssl/evp.h>
@@ -109,8 +105,8 @@ Index: openssh-3.8p1/ssh-add.c
  	/* Initialize the command to execute on remote host. */
  	buffer_init(&command);
  
---- openssh-4.5p1/sshd.c
-+++ openssh-4.5p1/sshd.c
+--- openssh-4.6p1/sshd.c
++++ openssh-4.6p1/sshd.c
 @@ -75,6 +75,7 @@
  #include <openssl/bn.h>
  #include <openssl/md5.h>
@@ -119,7 +115,7 @@ Index: openssh-3.8p1/ssh-add.c
  #ifdef HAVE_SECUREWARE
  #include <sys/security.h>
  #include <prot.h>
-@@ -1444,6 +1445,10 @@
+@@ -1445,6 +1446,10 @@
  
  	SSLeay_add_all_algorithms();
  

openssh-4.6p1-gssapimitm.patch

@@ -153,16 +153,16 @@ Index: auth2-gss.c
  	sDeprecated, sUnsupported
 @@ -351,9 +354,11 @@
  #ifdef GSSAPI
- 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL },
+ 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
  	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
 +	{ "gssapienablemitmattack", sGssEnableMITM },
  #else
- 	{ "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
+ 	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
 +	{ "gssapienablemitmattack", sUnsupported },
  #endif
- 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL },
- 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
+ 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
+ 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
 @@ -877,6 +882,10 @@
  	case sGssCleanupCreds:
  		intptr = &options->gss_cleanup_creds;

openssh-4.6p1-pwname-home.diff

@@ -1,5 +1,5 @@
---- openssh-4.5p1/misc.c
-+++ openssh-4.5p1/misc.c
+--- openssh-4.6p1/misc.c
++++ openssh-4.6p1/misc.c
 @@ -186,6 +186,29 @@
  	return (old);
  }
@@ -39,8 +39,8 @@
  		fatal("tilde_expand_filename: No such uid %d", uid);
  
  	if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
---- openssh-4.5p1/misc.h
-+++ openssh-4.5p1/misc.h
+--- openssh-4.6p1/misc.h
++++ openssh-4.6p1/misc.h
 @@ -34,6 +34,7 @@
  char	*tohex(const void *, size_t);
  void	 sanitise_stdfd(void);
@@ -49,8 +49,8 @@
  struct passwd *pwcopy(struct passwd *);
  
  typedef struct arglist arglist;
---- openssh-4.5p1/ssh.c
-+++ openssh-4.5p1/ssh.c
+--- openssh-4.6p1/ssh.c
++++ openssh-4.6p1/ssh.c
 @@ -249,7 +249,7 @@
  	}
  #endif

openssh-4.6p1-saveargv-fix.diff

@@ -8,7 +8,7 @@
  	logit("Received SIGHUP; restarting.");
  	close_listen_socks();
  	close_startup_pipes();
-@@ -1317,7 +1318,11 @@
+@@ -1318,7 +1319,11 @@
  #ifndef HAVE_SETPROCTITLE
  	/* Prepare for later setproctitle emulation */
  	compat_init_setproctitle(ac, av);

openssh-4.6p1-tmpdir.diff

@@ -1,6 +1,6 @@
 --- ssh-agent.c
 +++ ssh-agent.c
-@@ -1127,8 +1127,18 @@
+@@ -1126,8 +1126,18 @@
  	parent_pid = getpid();
  
  	if (agentsocket == NULL) {

openssh-4.6p1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c19f14140fbbbf912b9a033e961910ab5510a6c625bbd1a443e7aa9bbe6c09b9
+size 781338

openssh-askpass-gnome.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package openssh-askpass-gnome (Version 4.5p1)
+# spec file for package openssh-askpass-gnome (Version 4.6p1)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -14,8 +14,8 @@ Name:           openssh-askpass-gnome
 BuildRequires:  gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
 License:        Other License(s), see package
 Group:          Productivity/Networking/SSH
-Version:        4.5p1
-Release:        19
+Version:        4.6p1
+Release:        1
 Requires:       openssh = %{version} openssh-askpass = %{version}
 Autoreqprov:    on
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH

openssh-gssapi_krb5-fix.patch

@@ -1,6 +1,6 @@
 --- configure.ac
 +++ configure.ac
-@@ -3220,7 +3220,14 @@
+@@ -3237,7 +3237,14 @@
  				  K5LIBS="-lgssapi $K5LIBS" ],
  				[ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
  					[ AC_DEFINE(GSSAPI)

openssh.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Mon Mar 12 10:56:31 CET 2007 - anicka@suse.cz
+
+- update to 4.6p1
+  * sshd now allows the enabling and disabling of authentication
+    methods on a per user, group, host and network basis via the
+    Match directive in sshd_config. 
+  * Allow multiple forwarding options to work when specified in a
+    PermitOpen directive
+  * Clear SIGALRM when restarting due to SIGHUP. Prevents stray
+    signal from taking down sshd if a connection was pending at
+    the time SIGHUP was received
+  * hang on exit" when background processes are running at the 
+    time of exit on a ttyful/login session
+  * some more bugfixes
+
 -------------------------------------------------------------------
 Mon Mar  5 11:03:41 CET 2007 - anicka@suse.cz
 

openssh.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package openssh (Version 4.5p1)
+# spec file for package openssh (Version 4.6p1)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -28,8 +28,8 @@ Requires:       /bin/netstat
 PreReq:         /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq  %fillup_prereq /bin/mkdir /bin/cat permissions
 Conflicts:      nonfreessh
 Autoreqprov:    on
-Version:        4.5p1
-Release:        19
+Version:        4.6p1
+Release:        1
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
 URL:            http://www.openssh.com/
@@ -283,7 +283,7 @@ rm -rf $RPM_BUILD_ROOT
 %dir /etc/slp.reg.d
 /etc/slp.reg.d/ssh.reg
 /var/adm/fillup-templates/sysconfig.ssh
-%{_fwdefdir}/sshd
+%config %{_fwdefdir}/sshd
 
 %files askpass
 %defattr(-,root,root)
@@ -294,6 +294,19 @@ rm -rf $RPM_BUILD_ROOT
 %config %_appdefdir/SshAskpass
 
 %changelog
+* Mon Mar 12 2007 - anicka@suse.cz
+- update to 4.6p1
+  * sshd now allows the enabling and disabling of authentication
+  methods on a per user, group, host and network basis via the
+  Match directive in sshd_config.
+  * Allow multiple forwarding options to work when specified in a
+  PermitOpen directive
+  * Clear SIGALRM when restarting due to SIGHUP. Prevents stray
+  signal from taking down sshd if a connection was pending at
+  the time SIGHUP was received
+  * hang on exit" when background processes are running at the
+  time of exit on a ttyful/login session
+  * some more bugfixes
 * Mon Mar 05 2007 - anicka@suse.cz
 - fix path for firewall definition
 * Thu Mar 01 2007 - anicka@suse.cz