Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-09-14 | - Fix HAVE_GSSAPI_KRB5_H/HAVE_GSSAPI_GSSAPI_KRB5_H typos in | Colin Watson | |
gss-serv-krb5.c. | |||
2005-09-14 | - Update commented-out Kerberos/GSSAPI options in default sshd_config. | Colin Watson | |
2005-09-14 | - openssh-client and openssh-server replace ssh-krb5. | Colin Watson | |
2005-09-14 | - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr. | Colin Watson | |
2005-09-14 | Update copyright file for GSSAPI key exchange patch. | Colin Watson | |
2005-09-14 | * Add remaining pieces of Kerberos support (closes: #275472): | Colin Watson | |
- Add GSSAPI key exchange support from http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen Frost). | |||
2005-09-14 | * Annotate 1:4.1p1-1 changelog with CVE references. | Colin Watson | |
- SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified (closes: #326065). - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI credentials. This code is only built in openssh-krb5, not openssh, but I mention the CVE reference here anyway for completeness. | |||
2005-09-14 | releasing version 1:4.2p1-1 | Colin Watson | |
2005-09-14 | * Set X11Forwarding to yes in the default sshd_config (new installs only). | Colin Watson | |
At least when X11UseLocalhost is turned on, which is the default, the security risks of using X11 forwarding are risks to the client, not to the server (closes: #320104). | |||
2005-09-14 | * openssh-client and openssh-server conflict with pre-split ssh to avoid | Colin Watson | |
problems when ssh is left un-upgraded (closes: #324695). | |||
2005-09-14 | Flesh out changelog for upstream changes in 4.2p1. | Colin Watson | |
2005-09-14 | * debian/rules: Resynchronise CFLAGS with that generated by configure. | Colin Watson | |
2005-09-14 | Merge 4.2p1 to the trunk. | Colin Watson | |
2005-09-14 | Import OpenSSH 4.2p1. | Colin Watson | |
2005-09-02 | releasing version 1:4.1p1-7 | Colin Watson | |
2005-09-02 | * Policy version 3.6.2: no changes required. | Colin Watson | |
2005-09-02 | * Fix XSIish uses of 'test' in openssh-server.preinst. | Colin Watson | |
2005-09-02 | * Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113). | Colin Watson | |
2005-09-02 | * Work around the ssh-askpass alternative somehow ending up in manual mode | Colin Watson | |
pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass. | |||
2005-09-01 | - (djm) Update RPM spec file versions | Damien Miller | |
2005-08-31 | - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c | Tim Rice | |
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@ | |||
2005-09-01 | - (dtucker) [README] Update release note URL to 4.2 | Darren Tucker | |
2005-08-31 | - markus@cvs.openbsd.org 2005/08/31 09:28:42 | Damien Miller | |
[version.h] 4.2 | |||
2005-08-31 | - (djm) OpenBSD CVS Sync | Damien Miller | |
- djm@cvs.openbsd.org 2005/08/30 22:08:05 [gss-serv.c sshconnect2.c] destroy credentials if krb5_kuserok() call fails. Stops credentials being delegated to users who are not authorised for GSSAPIAuthentication when GSSAPIDeletegateCredentials=yes and another authentication mechanism succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@ | |||
2005-08-31 | correct bug number | Damien Miller | |
2005-08-30 | - (tim) [configure.ac] Back out last change. It needs to be done differently. | Tim Rice | |
2005-08-29 | - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long | Tim Rice | |
password support to 7.x for now. | |||
2005-08-26 | - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c | Tim Rice | |
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing by tim@. Feedback and OK dtucker@ | |||
2005-08-23 | - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ | Tim Rice | |
2005-08-23 | - (tim) [configure.ac ] Not all gcc's support -Wsign-compare | Tim Rice | |
2005-08-23 | - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully- | Darren Tucker | |
qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" and "//foo" to be different. Spotted by vinschen at redhat.com. | |||
2005-08-23 | - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for | Darren Tucker | |
LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@ | |||
2005-08-16 | - (djm) [ttymodes.c] bugzilla #1054: Fix encoding of _POSIX_VDISABLE, | Damien Miller | |
from Jacob Nevins; ok dtucker@ | |||
2005-08-15 | - (tim) [configure.ac] corrections to libedit tests. Report and patches | Tim Rice | |
by skeleten AT shillest.net | |||
2005-08-15 | - (tim) wrap el_end() in #ifdef USE_LIBEDIT | Tim Rice | |
2005-08-12 | - jaredy@cvs.openbsd.org 2005/08/08 13:22:48 | Damien Miller | |
[sftp.c] sftp prompt enhancements: - in non-interactive mode, do not print an empty prompt at the end before finishing - print newline after EOF in editline mode - call el_end() in editline mode ok dtucker djm | |||
2005-08-12 | oops, that last commit was: | Damien Miller | |
Report from Janusz Mucka; ok djm@ | |||
2005-08-12 | - dtucker@cvs.openbsd.org 2005/08/06 10:03:12 | Damien Miller | |
[servconf.c] Unbreak sshd ListenAddress for bare IPv6 addresses. | |||
2005-08-12 | - djm@cvs.openbsd.org 2005/07/30 02:03:47 | Damien Miller | |
[readconf.c] listen_hosts initialisation here too; spotted greg AT y2005.nest.cx | |||
2005-08-12 | - djm@cvs.openbsd.org 2005/07/30 01:26:16 | Damien Miller | |
[ssh.c] fix -D listen_host initialisation, so it picks up gateway_ports setting correctly | |||
2005-08-12 | - markus@cvs.openbsd.org 2005/07/28 17:36:22 | Damien Miller | |
[packet.c] missing packet_init_compression(); from solar | |||
2005-08-10 | - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c] | Darren Tucker | |
Sync current (thread-safe) version of realpath.c from OpenBSD (which is in turn based on FreeBSD's). ok djm@ | |||
2005-08-10 | - (dtucker) [configure.ac] Test libedit library and headers for compatibility. | Darren Tucker | |
Report from skeleten AT shillest.net, ok djm@ | |||
2005-08-09 | - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@ | Tim Rice | |
Report by skeleten AT shillest.net | |||
2005-08-03 | - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the | Darren Tucker | |
latter is specified in the standard. | |||
2005-08-03 | - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines | Darren Tucker | |
individually and use a value less likely to collide with real values from netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@ | |||
2005-08-03 | - (dtucker) [configure.ac] Add a --with-Werror option to configure for | Darren Tucker | |
adding -Werror to CFLAGS when all of the configure tests are done. ok djm@ | |||
2005-08-02 | - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling | Darren Tucker | |
with gcc. ok djm@ | |||
2005-08-02 | - dtucker@cvs.openbsd.org 2005/07/27 10:39:03 | Darren Tucker | |
[scp.c hostfile.c sftp-client.c] Silence bogus -Wuninitialized warnings; ok djm@ | |||
2005-07-26 | - markus@cvs.openbsd.org 2005/07/25 11:59:40 | Damien Miller | |
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c] [sshconnect2.c sshd.c sshd_config sshd_config.5] add a new compression method that delays compression until the user has been authenticated successfully and set compression to 'delayed' for sshd. this breaks older openssh clients (< 3.5) if they insist on compression, so you have to re-enable compression in sshd_config. ok djm@ |