Three commits in one (since they touch the same heavily-diverged file

repeatedly): - markus@cvs.openbsd.org 2014/03/25 09:40:03 [myproposal.h] trimm default proposals. This commit removes the weaker pre-SHA2 hashes, the broken ciphers (arcfour), and the broken modes (CBC) from the default configuration (the patch only changes the default, all the modes are still available for the config files). ok djm@, reminded by tedu@ & naddy@ and discussed with many - deraadt@cvs.openbsd.org 2014/03/26 17:16:26 [myproposal.h] The current sharing of myproposal[] between both client and server code makes the previous diff highly unpallatable. We want to go in that direction for the server, but not for the client. Sigh. Brought up by naddy. - markus@cvs.openbsd.org 2014/03/27 23:01:27 [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] disable weak proposals in sshd, but keep them in ssh; ok djm@
author: Damien Miller <djm@mindrot.org> 2014-04-20 13:17:20 +1000
committer: Damien Miller <djm@mindrot.org> 2014-04-20 13:17:20 +1000
commit: 9235a030ad1b16903fb495d81544e0f7c7449523 (patch)
tree: 3cb61622daa8f3b0caf0e53fd8bfab5534def35e /ChangeLog
parent: 6e1777f592f15f4559728c78204617537b1ac076 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index a12c4b98e..a26c48967 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,25 @@
     [scp.1]
     there is no need for rcp anymore
     ok deraadt millert
+   - markus@cvs.openbsd.org 2014/03/25 09:40:03
+     [myproposal.h]
+     trimm default proposals.
+     
+     This commit removes the weaker pre-SHA2 hashes, the broken ciphers
+     (arcfour), and the broken modes (CBC) from the default configuration
+     (the patch only changes the default, all the modes are still available
+     for the config files).
+     
+     ok djm@, reminded by tedu@ & naddy@ and discussed with many
+   - deraadt@cvs.openbsd.org 2014/03/26 17:16:26
+     [myproposal.h]
+     The current sharing of myproposal[] between both client and server code
+     makes the previous diff highly unpallatable.  We want to go in that
+     direction for the server, but not for the client.  Sigh.
+     Brought up by naddy.
+   - markus@cvs.openbsd.org 2014/03/27 23:01:27
+     [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
+     disable weak proposals in sshd, but keep them in ssh; ok djm@
 20140401
 - (djm) On platforms that support it, use prctl() to prevent sftp-server
author	Damien Miller <djm@mindrot.org>	2014-04-20 13:17:20 +1000
committer	Damien Miller <djm@mindrot.org>	2014-04-20 13:17:20 +1000
commit	9235a030ad1b16903fb495d81544e0f7c7449523 (patch)
tree	3cb61622daa8f3b0caf0e53fd8bfab5534def35e /ChangeLog
parent	6e1777f592f15f4559728c78204617537b1ac076 (diff)

diff --git a/ChangeLog b/ChangeLog index a12c4b98e..a26c48967 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -32,6 +32,25 @@
32	[scp.1]	32	[scp.1]
33	there is no need for rcp anymore	33	there is no need for rcp anymore
34	ok deraadt millert	34	ok deraadt millert
		35	- markus@cvs.openbsd.org 2014/03/25 09:40:03
		36	[myproposal.h]
		37	trimm default proposals.
		38
		39	This commit removes the weaker pre-SHA2 hashes, the broken ciphers
		40	(arcfour), and the broken modes (CBC) from the default configuration
		41	(the patch only changes the default, all the modes are still available
		42	for the config files).
		43
		44	ok djm@, reminded by tedu@ & naddy@ and discussed with many
		45	- deraadt@cvs.openbsd.org 2014/03/26 17:16:26
		46	[myproposal.h]
		47	The current sharing of myproposal[] between both client and server code
		48	makes the previous diff highly unpallatable. We want to go in that
		49	direction for the server, but not for the client. Sigh.
		50	Brought up by naddy.
		51	- markus@cvs.openbsd.org 2014/03/27 23:01:27
		52	[myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
		53	disable weak proposals in sshd, but keep them in ssh; ok djm@
35		54
36	20140401	55	20140401
37	- (djm) On platforms that support it, use prctl() to prevent sftp-server	56	- (djm) On platforms that support it, use prctl() to prevent sftp-server