summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2004-03-10Turn off the new ForwardX11Trusted by default, returning to the semanticsColin Watson
of 3.7 and earlier, since it seems immature and causes far too many problems with existing setups. See README.Debian for details (closes: #237021).
2004-03-08Disable PasswordAuthentication for new installations (closes: #236810).Colin Watson
2004-03-06Finish 1:3.8p1-1.Colin Watson
2004-03-06Add Greek debconf template translation (thanks, Konstantinos Margaritis;Colin Watson
closes: #232843).
2004-03-06Add Italian debconf template translation (thanks, Renato Gini;Colin Watson
closes: #234777).
2004-03-06Privilege separation and PAM are now properly supported together, so removeColin Watson
both debconf questions related to them and simply set it unconditionally in newly generated sshd_config files (closes: #228838).
2004-03-06Fix up details of configuration upgrading a bit, including a warningColin Watson
message.
2004-03-05Remove README.Debian warnings about privsep not working properly with PAM.Colin Watson
2004-03-05Really pick up upstream fix for OpenSSH bug #808, a segfault. The previousColin Watson
auth-pam.c change was in fact a different bug.
2004-03-05Implement SSH1 support for ServerAliveInterval using SSH_MSG_IGNORE. AsColin Watson
documented in ssh_config(5), it's not as good as the SSH2 version.
2004-03-05Remove a few line breaks that were awkwardly placed and just made it harderColin Watson
to grep for things.
2004-03-05Update config.guess and config.sub from autotools-dev 20040105.1.Colin Watson
2004-03-05Pick up upstream fix for OpenSSH bug #808, a segfault:Colin Watson
revision 1.97 date: 2004/03/04 09:03:54; author: dtucker; state: Exp; lines: +2 -1 - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, prevent hanging during PAM keyboard-interactive authentications. ok djm@
2004-03-01Since PAM session modules are run as root, we can turn pam_limits back onColin Watson
by default, and it no longer spits out "Operation not permitted" to syslog (closes: #171673).
2004-03-01According to Darren Tucker, password expiry has been fixed.Colin Watson
2004-03-01Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested itColin Watson
extensively yet. ProtocolKeepAlives is now just a compatibility alias for ServerAliveInterval.
2004-03-01Import OpenSSH 3.8p1.Colin Watson
2004-02-24 - (djm) Release 3.8p1Damien Miller
2004-02-23[configure.ac] SCO3 needs -lcrypt_i for -lprotTim Rice
2004-02-24 - (dtucker) {README.platform] Add platform-specific notes.Darren Tucker
2004-02-24 - (dtucker) [README] Add pointer to release notes. ok djm@Darren Tucker
2004-02-24 - (djm) Crank RPM spec versionsDamien Miller
2004-02-23[openbsd-compat/getrrsetbyname.c] Make gcc 2.7.2.3 happy. ok djm@Tim Rice
2004-02-24 - (dtucker) [uidswap.c] Minor KNF. ok djm@Darren Tucker
2004-02-24 - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtimeDamien Miller
using sysconf() if available Based on patches from holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
2004-02-24Add missing okDarren Tucker
2004-02-24 - (dtucker) [configure.ac gss-serv-krb5.c ssh-gss.h] Define GSSAPI when foundDarren Tucker
with krb5-config, hunt down gssapi.h and friends. Based partially on patch from deengert at anl.gov. For the MIT Kerberos bug against krb5-config related to this see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=2240
2004-02-24 - markus@cvs.openbsd.org 2004/02/23 15:16:46Darren Tucker
[version.h] enter 3.8
2004-02-24 - markus@cvs.openbsd.org 2004/02/23 15:12:46Darren Tucker
[bufaux.c] encode 0 correctly in buffer_put_bignum2; noted by Mikulas Patocka and drop support for negative BNs; ok otto@
2004-02-24 - markus@cvs.openbsd.org 2004/02/23 12:02:33Darren Tucker
[sshd.c] backout revision 1.279; set listen socket to non-block; ok henning.
2004-02-24 - markus@cvs.openbsd.org 2004/02/19 21:15:04Darren Tucker
[sftp-server.c] switch to new license.template
2004-02-24 - (dtucker) [session.c] Bug #789: Only make setcred call for !privsep in theDarren Tucker
non-interactive path. ok djm@
2004-02-22Add yet more upstream bug closures.Colin Watson
2004-02-22Close "new version available" bug.Colin Watson
2004-02-22Add more upstream bug closures.Colin Watson
2004-02-22Add 'UsePAM yes' to /etc/ssh/sshd_config on upgrade from versions olderColin Watson
than this, to maintain the standard Debian sshd configuration. Comment out PAMAuthenticationViaKbdInt and RhostsAuthentication in sshd_config on upgrade. Neither option is supported any more.
2004-02-22I'm not sure where the need to define __FILE_OFFSET_BITS (as opposed toColin Watson
_FILE_OFFSET_BITS) came from, but it doesn't seem to be necessary any more. Remove it.
2004-02-22Backport a few more changes to auth-pam.c from upstream portable CVS. PAMColin Watson
session modules finally produce output!
2004-02-22Add missed ChangeLog entries for previous commits...Darren Tucker
2004-02-22 - (dtucker) [configure.ac] Apply krb5-config --libs fix to non-gssapi pathDarren Tucker
too.
2004-02-22 - (dtucker) [auth-passwd.c] Only check password expiry once. PreventsDarren Tucker
multiple warnings if a wrong password is entered.
2004-02-22 - (dtucker) [auth-shadow.c auth.h] Provide warnings of impending account orDarren Tucker
password expiry. ok djm@
2004-02-22 - (dtucker) [auth-shadow.c auth.c auth.h] Move shadow account expiry testDarren Tucker
to auth-shadow.c, no functional change. ok djm@
2004-02-20 - (djm) [openbsd-compat/setproctitle.c] fix comments; from grange@Damien Miller
2004-02-18 - (djm) [log.c] Tighten openlog_r testsDamien Miller
2004-02-18 - (djm) [log.c] Correct use of HAVE_OPENLOG_RDamien Miller
2004-02-18 - jmc@cvs.openbsd.org 2004/02/17 19:35:21Damien Miller
[sshd_config.5] remove cruft left over from RhostsAuthentication removal; ok markus@
2004-02-18 - djm@cvs.openbsd.org 2004/02/17 11:03:08Damien Miller
[sftp.c] sftp.c and sftp-int.c, together at last; ok markus@
2004-02-18 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2004/02/17 07:17:29 [sftp-glob.c sftp.c] Remove useless headers; ok deraadt@
2004-02-18 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2004/02/17 07:17:29 [sftp-glob.c sftp.c] Remove useless headers; ok deraadt@