summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-01-05 - dtucker@cvs.openbsd.org 2006/12/13 08:34:39Damien Miller
[servconf.c] Make PermitOpen work with multiple values like the man pages says. bz #1267 with details from peter at dmtz.com, with & ok djm@
2007-01-05 - djm@cvs.openbsd.org 2006/12/12 03:58:42Damien Miller
[channels.c compat.c compat.h] bz #1019: some ssh.com versions apparently can't cope with the remote port forwarding bind_address being a hostname, so send them an address for cases where they are not explicitly specified (wildcard or localhost bind). reported by daveroth AT acm.org; ok dtucker@ deraadt@
2007-01-05 - markus@cvs.openbsd.org 2006/12/11 21:25:46Damien Miller
[ssh-keygen.1 ssh.1] add rfc 4716 (public key format); ok jmc
2007-01-05 - ray@cvs.openbsd.org 2006/11/23 01:35:11Damien Miller
[misc.c sftp.c] Don't access buf[strlen(buf) - 1] for zero-length strings. ``ok by me'' djm@.
2007-01-05 - (djm) OpenBSD CVS SyncDamien Miller
- deraadt@cvs.openbsd.org 2006/11/14 19:41:04 [ssh-keygen.c] use argc and argv not some made up short form
2006-12-23releasing version 1:4.3p2-8Colin Watson
2006-12-23* It turns out that the people who told me that removing a conffile in theColin Watson
preinst was sufficient to have dpkg replace it without prompting when moving a conffile between packages were very much mistaken. As far as I can tell, the only way to do this reliably is to write out the desired new text of the conffile in the preinst. This is gross, and requires shipping the text of all conffiles in the preinst too, but there's nothing for it. Fortunately this nonsense is only required for smooth upgrades from sarge.
2006-12-23fix disable_config_option to actually workColin Watson
2006-12-23urgency=mediumColin Watson
2006-12-23* Make GSSAPICleanupCreds a compatibility alias forColin Watson
GSSAPICleanupCredentials. Mark GSSUseSessionCCache and GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate away from them on upgrade.
2006-12-17debconf-updatepoColin Watson
2006-12-17* debconf template translations:Colin Watson
- Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).
2006-12-13* Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn'tColin Watson
sufficient to replace conffiles (closes: #402804).
2006-12-11* Give the ssh-askpass-gnome window a default icon; remove unnecessaryColin Watson
icon extension from .desktop file (closes: https://launchpad.net/bugs/27152).
2006-12-06releasing version 1:4.3p2-7Colin Watson
2006-12-06ssh-krb5 needs a copyright fileColin Watson
2006-12-06don't symlink /usr/share/doc/ssh-krb5; we have a separate NEWS file to put thereColin Watson
2006-12-06* When installing openssh-client or openssh-server from scratch, removeColin Watson
any unchanged conffiles from the pre-split ssh package to work around a bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
2006-12-06fix sed mistakeColin Watson
2006-12-06* Fix quoting error in configure.ac and regenerate configure (thanks, BenColin Watson
Pfaff; closes: #391248).
2006-12-06ignore debian/ssh-krb5Colin Watson
2006-12-06urgency=mediumColin Watson
2006-12-06* Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_configColin Watson
to avoid unnecessary conffile resolution steps for administrators (thanks, Jari Aalto; closes: #335259).
2006-12-06close #390986Colin Watson
2006-12-06* Add ssh -K option, the converse of -k, to enable GSSAPI credentialColin Watson
delegation (closes: #401483).
2006-12-06* Create transitional ssh-krb5 package which enables GSSAPI configurationColin Watson
in sshd_config. * Default client to attempting GSSAPI authentication. * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's found.
2006-12-05 - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@Damien Miller
2006-12-05 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash wouldDamien Miller
occur if the server did not have the privsep user and an invalid user tried to login and both privsep and krb5 auth are disabled.
2006-11-20* Ignore errors from usermod when changing sshd'\''s shell, since it willColin Watson
fail if the sshd user is not local (closes: #398436).
2006-11-15releasing version 1:4.3p2-6Colin Watson
2006-11-15* Backport from 4.5p1:Colin Watson
- Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities.
2006-11-08 - markus@cvs.openbsd.org 2006/11/07 13:02:07Darren Tucker
[dh.c] BN_hex2bn returns int; from dtucker@
2006-11-07 - (dtucker) Release 4.5p1.Darren Tucker
2006-11-07 - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] BumpDarren Tucker
versions.
2006-11-07 - markus@cvs.openbsd.org 2006/11/07 10:31:31Darren Tucker
[monitor.c version.h] correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. with dtucker@, ok djm@, dtucker@
2006-11-07 - markus@cvs.openbsd.org 2006/11/06 21:25:28Darren Tucker
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@
2006-11-07 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require itDarren Tucker
if we absolutely need it. Pointed out by Corinna, ok djm@
2006-11-05 - markus@cvs.openbsd.org 2006/10/31 16:33:12Damien Miller
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c] check DH_compute_key() for -1 even if it should not happen because of earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
2006-11-05 - (djm) OpenBSD CVS SyncDamien Miller
- otto@cvs.openbsd.org 2006/10/28 18:08:10 [ssh.1] correct/expand example of usage of -w; ok jmc@ stevesk@
2006-11-01 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerrDarren Tucker
events fatal in Solaris process contract support and tell it to signal only processes in the same process group when something happens. Based on information from andrew.benham at thus.net and similar to a patch from Chad Mynhier. ok djm@
2006-10-29* debconf template translations:Colin Watson
- Update German (thanks, Helge Kreutzmann; closes: #395947).
2006-10-28- (djm) [auth.c] gc some dead codeDamien Miller
2006-10-27* openssh-server Suggests: molly-guard (closes: #395473).Colin Watson
2006-10-27ack NMU, and a whitespace tweakColin Watson
2006-10-27Incorporate Manoj's NMU:Colin Watson
* NMU to update SELinux patch, bringing it in line with current selinux releases. The patch for this NMU is simply the Bug#394795 patch, and no other changes. (closes: #394795)
2006-10-23 - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keepTim Rice
autoconf 2.60 from complaining.
2006-10-24 - djm@cvs.openbsd.org 2006/10/22 02:25:50Damien Miller
[sftp-client.c] cancel progress meter when upload write fails; ok deraadt@
2006-10-24 - markus@cvs.openbsd.org 2006/10/11 12:38:03Damien Miller
[clientloop.c serverloop.c] exit instead of doing a blocking tcp send if we detect a client/server timeout, since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf
2006-10-24 - markus@cvs.openbsd.org 2006/10/10 10:12:45Damien Miller
[sshconnect.c] sleep before retrying (not after) since sleep changes errno; fixes pr 5250; rad@twig.com; ok dtucker djm
2006-10-24 - djm@cvs.openbsd.org 2006/10/09 23:36:11Damien Miller
[session.c] xmalloc -> xcalloc that was missed previously, from portable (NB. Id sync only for portable, obviously)