Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-03-01 | releasing version 1:4.2p1-7 | Colin Watson | |
2006-03-01 | small path reorderings, really sync with /etc/login.defs | Colin Watson | |
2006-03-01 | * I accidentally applied the default $PATH change in 1:4.2p1-6 to the udeb | Colin Watson | |
rather than the deb. Fixed. | |||
2006-02-20 | releasing version 1:4.2p1-6 | Colin Watson | |
2005-11-30 | - Correct erroneously-changed Last-Translator headers in Greek and | Colin Watson | |
Spanish translations. | |||
2005-11-30 | - Update Spanish (thanks, Javier Fernández-Sanguino Peña; | Colin Watson | |
closes: #341371). | |||
2005-11-27 | * When the client receives a signal, don't fatal() with "Killed by signal | Colin Watson | |
%d." (which produces unhelpful noise on stderr and causes confusion for users of some applications that wrap ssh); instead, generate a debug message and exit with the traditional status (closes: #313371). | |||
2005-10-10 | debconf-updatepo | Colin Watson | |
2005-10-10 | * debconf template translations: | Colin Watson | |
- Add Swedish (thanks, Daniel Nylander; closes: #333133). | |||
2005-10-10 | * Sync default values of $PATH from shadow 1:4.0.12-6, adding /usr/bin/X11 | Colin Watson | |
to the normal and superuser paths and /usr/games to the normal path. | |||
2005-10-07 | releasing version 1:4.2p1-5 | Colin Watson | |
2005-10-07 | * Build-depend on libssl-dev (>= 0.9.8-1) to cope with surprise OpenSSL | Colin Watson | |
transition, since otherwise who knows what the buildds will do. If you're building openssh yourself, you can safely ignore this and use an older libssl-dev. | |||
2005-10-07 | * Only send GSSAPI proposal if GSSAPIAuthentication is enabled. | Colin Watson | |
2005-10-06 | back out accidental commit | Colin Watson | |
2005-10-06 | * Build-depend on libselinux1-dev on armeb. | Colin Watson | |
2005-10-03 | * Add a CVE name to the 1:4.0p1-1 changelog entry. | Colin Watson | |
2005-09-16 | releasing version 1:4.2p1-4 | Colin Watson | |
2005-09-16 | * Initialise token to GSS_C_EMPTY_BUFFER in ssh_gssapi_check_mechanism | Colin Watson | |
(closes: #328606). | |||
2005-09-15 | releasing version 1:4.2p1-3 | Colin Watson | |
2005-09-15 | * Explicitly tell po2debconf to use the 'popular' output encoding, so that | Colin Watson | |
the woody-compatibility hack works even with po-debconf 0.9.0. | |||
2005-09-15 | * Interoperate with ssh-krb5 << 3.8.1p1-1 servers, which used a slightly | Colin Watson | |
different version of the gssapi authentication method (thanks, Aaron M. Ucko; closes: #328388). | |||
2005-09-15 | * Add prototype for ssh_gssapi_server_mechanisms (closes: #328372). | Colin Watson | |
2005-09-14 | releasing version 1:4.2p1-2 | Colin Watson | |
2005-09-14 | Kerberos support closes: #152657 too | Colin Watson | |
2005-09-14 | fix version | Colin Watson | |
2005-09-14 | - Fix HAVE_GSSAPI_KRB5_H/HAVE_GSSAPI_GSSAPI_KRB5_H typos in | Colin Watson | |
gss-serv-krb5.c. | |||
2005-09-14 | - Update commented-out Kerberos/GSSAPI options in default sshd_config. | Colin Watson | |
2005-09-14 | - openssh-client and openssh-server replace ssh-krb5. | Colin Watson | |
2005-09-14 | - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr. | Colin Watson | |
2005-09-14 | Update copyright file for GSSAPI key exchange patch. | Colin Watson | |
2005-09-14 | * Add remaining pieces of Kerberos support (closes: #275472): | Colin Watson | |
- Add GSSAPI key exchange support from http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen Frost). | |||
2005-09-14 | * Annotate 1:4.1p1-1 changelog with CVE references. | Colin Watson | |
- SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified (closes: #326065). - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI credentials. This code is only built in openssh-krb5, not openssh, but I mention the CVE reference here anyway for completeness. | |||
2005-09-14 | releasing version 1:4.2p1-1 | Colin Watson | |
2005-09-14 | * Set X11Forwarding to yes in the default sshd_config (new installs only). | Colin Watson | |
At least when X11UseLocalhost is turned on, which is the default, the security risks of using X11 forwarding are risks to the client, not to the server (closes: #320104). | |||
2005-09-14 | * openssh-client and openssh-server conflict with pre-split ssh to avoid | Colin Watson | |
problems when ssh is left un-upgraded (closes: #324695). | |||
2005-09-14 | Flesh out changelog for upstream changes in 4.2p1. | Colin Watson | |
2005-09-14 | * debian/rules: Resynchronise CFLAGS with that generated by configure. | Colin Watson | |
2005-09-14 | Merge 4.2p1 to the trunk. | Colin Watson | |
2005-09-14 | Import OpenSSH 4.2p1. | Colin Watson | |
2005-09-02 | releasing version 1:4.1p1-7 | Colin Watson | |
2005-09-02 | * Policy version 3.6.2: no changes required. | Colin Watson | |
2005-09-02 | * Fix XSIish uses of 'test' in openssh-server.preinst. | Colin Watson | |
2005-09-02 | * Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113). | Colin Watson | |
2005-09-02 | * Work around the ssh-askpass alternative somehow ending up in manual mode | Colin Watson | |
pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass. | |||
2005-09-01 | - (djm) Update RPM spec file versions | Damien Miller | |
2005-08-31 | - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c | Tim Rice | |
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@ | |||
2005-09-01 | - (dtucker) [README] Update release note URL to 4.2 | Darren Tucker | |
2005-08-31 | - markus@cvs.openbsd.org 2005/08/31 09:28:42 | Damien Miller | |
[version.h] 4.2 | |||
2005-08-31 | - (djm) OpenBSD CVS Sync | Damien Miller | |
- djm@cvs.openbsd.org 2005/08/30 22:08:05 [gss-serv.c sshconnect2.c] destroy credentials if krb5_kuserok() call fails. Stops credentials being delegated to users who are not authorised for GSSAPIAuthentication when GSSAPIDeletegateCredentials=yes and another authentication mechanism succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@ | |||
2005-08-31 | correct bug number | Damien Miller | |