- Avoid remote code execution in ssh-agent PKCS#11 support
  Resolves: CVE-2023-38408

- Fix for CVE-2018-15473: User enumeration via malformed packets in authentication requests

- Fix for CVE-2016-6210: User enumeration via covert timing channel (#1357442)

- security issues
  . CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes (1405374)

- Fix missing hmac-md5-96 from server offer (#1373836)
- Prevent infinite loop when Ctrl+Z pressed at password prompt (#1218424)
- Remove RC4 cipher and MD5 based MAC from the default client proposal (#1373836)
- Resolve sftp force permission colision with umask (#1341747)
- Relax bits needed check to allow hmac-sha2-512 with gss-group1-sha1- (#1353359)
- close ControlPersist background process stderr when not in debug mode (#1335539)
- Do not add a message "The agent has no identities." in ~/.ssh/authorized_keys (#1353410)

- security issues
  . CVE-2016-1908: Prevent possible fallback from untrusted X11 forwarding (#1299048)
  . CVE-2015-5352: XSECURITY restrictions bypass under certain conditions
  . CVE-2015-6563: Privilege separation weakness related to PAM support
  . CVE-2015-6564: Use-after-free bug related to PAM support

- CVE-2015-5600: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (#1245969)

- Backport fixed of ssh-keygen with error : gethostname: File name too long (#1161454)
- Backport show remote address instead of UNKNOWN after timeout at password prompt (#1161449)
- Fix printing of extensions in v01 certificates (#1093869)
- Fix confusing audit trail for unsuccessful logins (#1127312)
- Don't close fds for internal sftp sessions (#1085710)
- Fix config parsing quotes (backport) (#1134938)
- Enable logging in chroot into separate file (#1172224)
- Fix auditing when using combination of ForcedCommand and PTY (#1131585)
- Fix ssh-copy-id on non-sh remote shells (#1135521)
- Add missing ControlPersist option to man ssh (#1197763)
- Add sftp option to force mode of created files (#1191055)
- Do not load RSA1 keys in FIPS mode (#1197072)
- Add missing support for ECDSA in ssh-keyscan (#1196331)
- Fix coverity/gcc issues (#1196063)
- Backport wildcard functionality for PermitOpen in sshd_config file (#1159055)
- Ability to specify an arbitrary LDAP filter in ldap.conf (#1119506)
- Make sshd -T write all config options and add missing Cipher, MAC to man (#1109251)
- Better approach to logging sftp commands in chroot
- Fix problems with failing persistent connections (#1131585)
- Fix memory leaks in auditing patch (#1208584)
- Fix minor problems found by covscan/gcc (#1196063)
- Add missing options in man ssh (#1197763)
- Add KbdInteractiveAuthentication documentation to man sshd_config (#1109251)
- Correct freeing newkeys structure when privileged monitor exits (#1208584)
- Add missing dot in ssh manual page (#1197763)
- SSH2_MSG_DISCONNECT for user initiated disconnect follow RFC 4253 (#1222500)

- Fix ControlPersist option with ProxyCommand (#1160487)

- rebuild for AnNyung 2.4
- security issues
  . CVE-2014-2653 prevent a server from skipping SSHFP lookup
  . CVE-2014-2532 ignore environment variables with embedded '=' or '\0' characters

- AnNyung 2.3 pre-release
- sevaral bug fixes
  . http://rhn.redhat.com/errata/RHSA-2013-1591.html
- security issues
  . CVE-2010-5107

- support X11Forwarding (Default config is No)

- rebuilt on AnNyung
- removed X option
- change server configuration
  change KeyRegenerationInterval value to 0 on sshd_config
  change UseDNS value to no
  change GSSAPIAuthentication to no
  change X11Forwarding no
  add Banner directive to /etc/issue.net
  add USER_LANG environment
- change client configuration
  change GSSAPIAuthentication value to no
  change ForwardX11Trusted no
  add USER_LANG on SendEnv
- support mcookie on Banner file
- support idn client
- add skip host key check command lien option
- security issue
  . CVE-2012-5536
    pam_ssh_agent_auth: symbol crash leading to glibc error() called incorrectly

- rebuilt

- defaults on HashKnownHosts

- rebuilt on AnNyung
- removed X option
- change server configuration
  change KeyRegenerationInterval value to 0 on sshd_config
  change UseDNS value to no
  change GSSAPIAuthentication to no
  change X11Forwarding no
  add Banner directive to /etc/issue.net
  add USER_LANG environment
- change client configuration
  change GSSAPIAuthentication value to no
  change ForwardX11Trusted no
  add USER_LANG on SendEnv
- support mcookie on Banner file
- support idn client
- add skip host key check command lien option

- rebuilt on AnNyung
- removed X option
- change server configuration
  change KeyRegenerationInterval value to 0 on sshd_config
  change UseDNS value to no
  change GSSAPIAuthentication to no
  change X11Forwarding no
  add Banner directive to /etc/issue.net
  add USER_LANG environment
- change client configuration
  change GSSAPIAuthentication value to no
  change ForwardX11Trusted no
  add USER_LANG on SendEnv
- support mcookie on Banner file
- support idn client
- add skip host key check command lien option