summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-09-07Consolidate the two "Miscellaneous bug fixes" sections of debian/patches/series.Colin Watson
2012-09-07* New upstream release (http://www.openssh.com/txt/release-6.1).Colin Watson
- Enable pre-auth sandboxing by default for new installs. - Allow "PermitOpen none" to refuse all port-forwarding requests (closes: #543683).
2012-09-06merge 6.1p1Colin Watson
2012-09-06Import 6.1p1 tarballColin Watson
2012-08-29 - (djm) Release openssh-6.1Damien Miller
2012-08-28 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEANDarren Tucker
for compatibility with future mingw-w64 headers. Patch from vinschen at redhat com.
2012-08-24releasing version 1:6.0p1-3Colin Watson
2012-08-24Add ncurses-term to openssh-server's Recommends, since it's often neededColin Watson
to support unusual terminal emulators on clients (closes: #675362).
2012-08-24Call restorecon on copied ~/.ssh/authorized_keys if possible, since someColin Watson
SELinux policies require this (closes: #658675).
2012-08-22 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update version numbers
2012-07-31 - markus@cvs.openbsd.org 2012/07/22 18:19:21Damien Miller
[version.h] openssh 6.1
2012-07-31 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21Damien Miller
[servconf.c] handle long comments in config files better. bz#2025, ok markus
2012-07-31fix truncated entryDamien Miller
2012-07-31 - djm@cvs.openbsd.org 2012/07/10 02:19:15Damien Miller
[servconf.c servconf.h sshd.c sshd_config] Turn on systrace sandboxing of pre-auth sshd by default for new installs by shipping a config that overrides the current UsePrivilegeSeparation=yes default. Make it easier to flip the default in the future by adding too.
2012-07-31 - jmc@cvs.openbsd.org 2012/07/06 06:38:03Damien Miller
[ssh-keygen.c] missing full stop in usage();
2012-07-20Import regened moduli file.Darren Tucker
2012-07-16* debconf template translations:Colin Watson
- Add Indonesian (thanks, Andika Triwidada; closes: #681670).
2012-07-06 - djm@cvs.openbsd.org 2012/07/06 01:47:38Damien Miller
[ssh.c] move setting of tty_flag to after config parsing so RequestTTY options are correctly picked up. bz#1995 patch from przemoc AT gmail.com; ok dtucker@
2012-07-06 - djm@cvs.openbsd.org 2012/07/06 01:37:21Damien Miller
[mux.c] fix memory leak of passed-in environment variables and connection context when new session message is malformed; bz#2003 from Bert.Wesarg AT googlemail.com
2012-07-06 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59Damien Miller
[moduli.c ssh-keygen.1 ssh-keygen.c] Add options to specify starting line number and number of lines to process when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
2012-07-06 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has noDamien Miller
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT esperi.org.uk; ok dtucker@
2012-07-06 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter isDamien Miller
not available. Allows use of sshd compiled on host with a filter-capable kernel on hosts that lack the support. bz#2011 ok dtucker@
2012-07-04 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf forDarren Tucker
platforms that don't have it. "looks good" tim@
2012-07-03 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or notDarren Tucker
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its benefit is minor, so it's not worth disabling the sandbox if it doesn't work.
2012-07-03 - (dtucker) [configure.ac] Detect platforms that can't use select(2) withDarren Tucker
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
2012-07-03 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.Darren Tucker
2012-07-03 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]Darren Tucker
Move cygwin detection to test-exec and use to skip reexec test on cygwin.
2012-07-03 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06Darren Tucker
[regress/connect-privsep.sh] remove exit from end of test since it prevents reporting failure
2012-07-02 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26Darren Tucker
[ssh-pkcs11-helper.c sftp-client.c] fix a couple of "assigned but not used" warnings. ok markus@
2012-07-02 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03Darren Tucker
[ssh.c] set interactive ToS for forwarded X11 sessions. ok djm@
2012-07-02 - markus@cvs.openbsd.org 2012/06/30 14:35:09Darren Tucker
[sandbox-systrace.c sshd.c] fix a during the load of the sandbox policies (child can still make the read-syscall and wait forever for systrace-answers) by replacing the read/write synchronisation with SIGSTOP/SIGCONT; report and help hshoexer@; ok djm@, dtucker@
2012-07-02 - naddy@cvs.openbsd.org 2012/06/29 13:57:25Darren Tucker
[ssh_config.5 sshd_config.5] match the documented MAC order of preference to the actual one; ok dtucker@
2012-06-30 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't haveDarren Tucker
the required functions in libcrypto.
2012-06-30 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile errorDarren Tucker
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45Darren Tucker
[regress/try-ciphers.sh regress/cipher-speed.sh] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59Darren Tucker
[regress/connect-privsep.sh] test sandbox with every malloc option
2012-06-30 - djm@cvs.openbsd.org 2012/06/01 00:52:52Darren Tucker
[regress/sftp-cmds.sh] don't delete .* on cleanup due to unintended env expansion; pointed out in bz#2014 by openssh AT roumenpetrov.info
2012-06-30 - djm@cvs.openbsd.org 2012/06/01 00:47:35Darren Tucker
[multiplex.sh forwarding.sh] append to rather than truncate test log; bz#2013 from openssh AT roumenpetrov.
2012-06-30 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32Darren Tucker
[regress/addrmatch.sh] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
2012-06-30 - naddy@cvs.openbsd.org 2012/06/29 13:57:25Damien Miller
[ssh_config.5 sshd_config.5] match the documented MAC order of preference to the actual one; ok dtucker@ (actual patch accidentally committed with previous)
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45Damien Miller
[mac.c myproposal.h ssh_config.5 sshd_config.5] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus.
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30Damien Miller
[sandbox-systrace.c] Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation sandbox" since malloc now uses it. From johnw.mail at gmail com.
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33Damien Miller
[sftp.c] Remove unused variable leftover from tab-completion changes. From Steve.McClellan at radisys com, ok markus@
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26Damien Miller
[monitor.c sshconnect2.c] remove dead code following 'for (;;)' loops. From Steve.McClellan at radisys com, ok markus@
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07Damien Miller
[addrmatch.c] fix strlcpy truncation check. from carsten at debian org, ok markus
2012-06-28 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent nullDarren Tucker
pointer deref in the client when built with LDNS and using DNSSEC with a CNAME. Patch from gregdlg+mr at hochet info.
2012-06-24releasing version 1:6.0p1-2Colin Watson
2012-06-24Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the currentColin Watson
"fix" version at build time (closes: #678661).
2012-06-22 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs asDarren Tucker
can logon as a service. Patch from vinschen at redhat com.
2012-06-20 - djm@cvs.openbsd.org 2012/06/20 04:42:58Damien Miller
[clientloop.c serverloop.c] initialise accept() backoff timer to avoid EINVAL from select(2) in rekeying