summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-05-26Add a sandbox fallback mechanism, so that behaviour on Linux depends onColin Watson
whether the running system's kernel has seccomp_filter support, not the build system's kernel (forwarded upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
2012-05-22Pass noupdate to pam_motd call for /run/motd.dynamic.Roger Leigh
2012-05-18IPQoS fix closes #671075 tooColin Watson
2012-05-18close #671010 with new upstreamColin Watson
2012-05-18Fix a bashism in configure's seccomp_filter check.Colin Watson
2012-05-18* New upstream release (http://www.openssh.org/txt/release-6.0).Colin Watson
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections (closes: #643312, #650512). - Add a new privilege separation sandbox implementation for Linux's new seccomp sandbox, automatically enabled on platforms that support it. (Note: privilege separation sandboxing is still experimental.)
2012-05-17merge 6.0p1Colin Watson
2012-05-17Import 6.0p1 tarballColin Watson
2012-04-22Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes:Colin Watson
#669667).
2012-04-21Display dynamic part of MOTD from /run/motd.dynamic, if it existsColin Watson
(closes: #669699).
2012-04-20 - (djm) Release openssh-6.0Damien Miller
2012-04-20 - (djm) [README] Update URL to release notes.Damien Miller
2012-04-20 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update for release 6.0
2012-04-19 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutilDamien Miller
contains openpty() but not login()
2012-04-04 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandboxDamien Miller
mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@
2012-04-02releasing version 1:5.9p1-5Colin Watson
2012-04-02* Fix cross-building:Colin Watson
- Allow using a cross-architecture pkg-config. - Pass default LDFLAGS to contrib/Makefile. - Allow dh_strip to strip gnome-ssh-askpass, rather than calling 'install -s'.
2012-04-01Use dpkg-buildflags, including for hardening support; drop use ofColin Watson
hardening-includes.
2012-03-30 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrectDamien Miller
assumptions when building on Cygwin; patch from Corinna Vinschen
2012-03-30 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow runningDamien Miller
openssh binaries on a newer fix release than they were compiled on. with and ok dtucker@
2012-03-30 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNINGDarren Tucker
file from spec file. From crighter at nuclioss com.
2012-03-19releasing version 1:5.9p1-4Colin Watson
2012-03-19Disable OpenSSL version check again, as its SONAME is sufficientColin Watson
nowadays (closes: #664383).
2012-03-09 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6Damien Miller
addressed connections. ok dtucker@
2012-03-09 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinuxDamien Miller
systems where sshd is run in te wrong context. Patch from Sven Vermeulen; ok dtucker@
2012-02-24releasing version 1:5.9p1-3Colin Watson
2012-02-24Move ssh-krb5 to Section: oldlibs.Colin Watson
2012-02-24slight simplificationColin Watson
2012-02-24Ignore errors writing to console in init script (closes: #546743).Colin Watson
2012-02-24 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSMDarren Tucker
audit breakage in Solaris 11. Patch from Magnus Johansson.
2012-02-14 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quoteTim Rice
to work. Spotted by Angel Gonzalez
2012-02-14 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN soTim Rice
it actually works.
2012-02-14 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type forTim Rice
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c ok dtucker@
2012-02-14* debconf template translations:Colin Watson
- Update Polish (thanks, Michał Kułach; closes: #659829).
2012-02-14 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list ofDamien Miller
preserved Cygwin environment variables; from Corinna Vinschen
2012-02-11 - markus@cvs.openbsd.org 2012/02/09 20:00:18Damien Miller
[version.h] move from 6.0-beta to 6.0
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:40:09Damien Miller
[packet.c packet.h] packet_read_poll() is not used anymore.
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:36:31Damien Miller
[authfile.c] memleak in key_load_file(); from Jan Klemkow
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:26:43Damien Miller
[packet.c] do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; ok dtucker@, djm@
2012-02-11 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43Damien Miller
[clientloop.c] Ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
2012-02-11 - miod@cvs.openbsd.org 2012/01/16 20:34:09Damien Miller
[ssh-pkcs11-client.c] Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. While there, be sure to buffer_clear() between send_msg() and recv_msg(). ok markus@
2012-02-11 - miod@cvs.openbsd.org 2012/01/08 13:17:11Damien Miller
[ssh-ecdsa.c] Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, ok markus@
2012-02-11 - djm@cvs.openbsd.org 2012/01/07 21:11:36Damien Miller
[mux.c] fix double-free in new session handler
2012-02-11 - djm@cvs.openbsd.org 2012/01/05 00:16:56Damien Miller
[monitor.c] memleak on error path
2012-02-06 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platformsDamien Miller
that don't support ECC. Patch from Phil Oleson
2012-01-17 - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] AddDarren Tucker
null implementation of HMAC_CTX_init for the benefit of old versions of OpenSSL that don't have it.
2011-12-19 - djm@cvs.openbsd.org 2011/12/07 05:44:38Damien Miller
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] fix some harmless and/or unreachable int overflows; reported Xi Wang, ok markus@
2011-12-19 - djm@cvs.openbsd.org 2011/12/04 23:16:12Damien Miller
[mux.c] revert: > revision 1.32 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. > ok dtucker@ it interacts badly with ControlPersist
2011-12-19 - djm@cvs.openbsd.org 2011/12/02 00:43:57Damien Miller
[mac.c] fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before HMAC_init (this change in policy seems insane to me) ok dtucker@
2011-12-19 - djm@cvs.openbsd.org 2011/12/02 00:41:56Damien Miller
[mux.c] fix bz#1948: ssh -f doesn't fork for multiplexed connection. ok dtucker@