summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-12-24fix compilation failure due to merge errorColin Watson
2007-12-24* Fix "overriden" typo in ssh(1) (thanks, A. Costa; closes: #390699).Colin Watson
2007-12-24* Create /var/run/sshd on start even if /etc/ssh/sshd_not_to_be_run existsColin Watson
(closes: #453285).
2007-12-24* Install the OpenSSH FAQ in /usr/share/doc/openssh-client.Colin Watson
- Includes documentation on copying files with colons using scp (closes: #303453).
2007-12-24* New upstream release (closes: #453367).Colin Watson
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec (closes: #444738). - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. - The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. - ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. - A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. - Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. - ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work. - Make scp(1) skip FIFOs rather than hanging (closes: #246774). - Encode non-printing characters in scp(1) filenames. These could cause copies to be aborted with a "protocol error". - Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated. - Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms. - Improve documentation for ssh-add(1)'s -d option. - Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. - Delay execution of ssh(1)'s LocalCommand until after all forwardings have been established. - In scp(1), do not truncate non-regular files. - Improve exit message from ControlMaster clients. - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error (closes: #365541). - pam_end() was not being called if authentication failed (closes: #405041). - Manual page datestamps updated (closes: #433181).
2007-12-23Import OpenSSH 4.7p1.Colin Watson
2007-12-03releasing version 1:4.6p1-7Colin Watson
2007-12-03* Check whether deluser exists in postrm (closes: #454085).Colin Watson
2007-11-20* Adjust README.Debian to suggest mailing debian-ssh@lists.debian.orgColin Watson
rather than Matthew.
2007-11-17* Use autotools-dev's recommended configure --build and --host options.Colin Watson
2007-11-14* Don't build PIE executables on m68k (closes: #451192).Colin Watson
2007-11-12revert previous commit; ftruncate is needed to shorten a previously-existing ↵Colin Watson
file
2007-11-12* Make scp only ftruncate if it hasn'\''t written the required number ofColin Watson
bytes (works around #447153).
2007-11-12releasing version 1:4.6p1-6Colin Watson
2007-11-12authorized_keys.5 belongs in openssh-serverColin Watson
2007-11-12* Adjust categories in ssh-askpass-gnome.desktop to comply with theColin Watson
Desktop Menu Specification.
2007-11-12* Don't ignore errors from 'make -C contrib clean'.Colin Watson
2007-11-12* Suppress error from debian/rules if lsb-release is not installed.Colin Watson
2007-11-08revert mistakenly committed experimentColin Watson
2007-11-08* Fix sshd/inittab advice in README.Debian to account for rc.d movementColin Watson
(closes: #450632).
2007-10-18 - Update Brazilian Portuguese (thanks, Eder L. Marques;Colin Watson
closes: #447145).
2007-10-18* Discard error output from dpkg-query in preinsts, in case the sshColin Watson
metapackage is not installed.
2007-09-12* Install authorized_keys(5) as a symlink to sshd(8) (thanks, TomasColin Watson
Pospisek; closes: #441817).
2007-09-12* debconf template translations:Colin Watson
- Add Slovak (thanks, Ivan Masár; closes: #441690).
2007-09-12* Remove blank line between head comment and first template inColin Watson
debian/openssh-server.templates.master; apparently it confuses some versions of debconf.
2007-09-04don't say it twiceDamien Miller
2007-09-04credit Jan PechanecDamien Miller
2007-09-04Mention Jan PechanecDarren Tucker
2007-08-17 - (dtucker) [INSTALL] Link to tcpwrappers.Darren Tucker
2007-08-17 - (dtucker) [INSTALL] Give PAM its own heading.Darren Tucker
2007-08-17 - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.Darren Tucker
2007-08-17 - (dtucker) [INSTALL] Group the parts describing random options and PAMDarren Tucker
implementations together which is hopefully more coherent.
2007-08-17typoDarren Tucker
2007-08-17 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote lockedDarren Tucker
accounts and that's what the code looks for, so make man page and code agree. Pointed out by Roumen Petrov.
2007-08-16 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticatedDarren Tucker
connections too. Based on a patch from Sandro Wefel, with & ok djm@
2007-08-15 - stevesk@cvs.openbsd.org 2007/08/15 12:13:41Darren Tucker
[ssh_config.5] tun device forwarding now honours ExitOnForwardFailure; ok markus@
2007-08-15 - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.specDarren Tucker
contrib/suse/openssh.spec] Crank version.
2007-08-15 - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.Darren Tucker
ok djm@
2007-08-15 - markus@cvs.openbsd.org 2007/08/15 08:16:49Darren Tucker
[version.h] openssh 4.7
2007-08-15 - markus@cvs.openbsd.org 2007/08/15 08:14:46Darren Tucker
[clientloop.c] do NOT fall back to the trused x11 cookie if generation of an untrusted cookie fails; from security-alert at sun.com; ok dtucker
2007-08-13 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is alwaysDarren Tucker
called with PAM_ESTABLISH_CRED at least once, which resolves a problem with pam_dhkeys. Patch from David Leonard, ok djm@
2007-08-10 - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From.Darren Tucker
Matt Kraai, ok djm@.
2007-08-10 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@Darren Tucker
2007-08-09Credit Bernhard Simon who also reported this.Darren Tucker
2007-08-09 - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren'tDarren Tucker
used anywhere and are a potential source of warnings.
2007-08-09 - (dtucker) [README.platform] Document the interaction between PermitRootLoginDarren Tucker
and the AIX native login restrictions.
2007-08-09 - (dtucker) [openbsd-compat/port-aix.c] Comment typo.Darren Tucker
2007-08-08 - djm@cvs.openbsd.org 2007/08/07 07:32:53Damien Miller
[clientloop.c clientloop.h ssh.c] bz#1232: ensure that any specified LocalCommand is executed after the tunnel device is opened. Also, make failures to open a tunnel device fatal when ExitOnForwardFailure is active. Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
2007-08-08 - sobrado@cvs.openbsd.org 2007/08/06 19:16:06Damien Miller
[scp.1 scp.c] the ellipsis is not an optional argument; while here, sync the usage and synopsis of commands lots of good ideas by jmc@ ok jmc@
2007-08-08 - ray@cvs.openbsd.org 2007/07/12 05:48:05Damien Miller
[key.c] Delint: remove some unreachable statements, from Bret Lambert. OK markus@ and dtucker@.