summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2005-09-16releasing version 1:4.2p1-4Colin Watson
2005-09-16* Initialise token to GSS_C_EMPTY_BUFFER in ssh_gssapi_check_mechanismColin Watson
(closes: #328606).
2005-09-15releasing version 1:4.2p1-3Colin Watson
2005-09-15* Explicitly tell po2debconf to use the 'popular' output encoding, so thatColin Watson
the woody-compatibility hack works even with po-debconf 0.9.0.
2005-09-15* Interoperate with ssh-krb5 << 3.8.1p1-1 servers, which used a slightlyColin Watson
different version of the gssapi authentication method (thanks, Aaron M. Ucko; closes: #328388).
2005-09-15* Add prototype for ssh_gssapi_server_mechanisms (closes: #328372).Colin Watson
2005-09-14releasing version 1:4.2p1-2Colin Watson
2005-09-14Kerberos support closes: #152657 tooColin Watson
2005-09-14fix versionColin Watson
2005-09-14 - Fix HAVE_GSSAPI_KRB5_H/HAVE_GSSAPI_GSSAPI_KRB5_H typos inColin Watson
gss-serv-krb5.c.
2005-09-14 - Update commented-out Kerberos/GSSAPI options in default sshd_config.Colin Watson
2005-09-14 - openssh-client and openssh-server replace ssh-krb5.Colin Watson
2005-09-14 - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr.Colin Watson
2005-09-14Update copyright file for GSSAPI key exchange patch.Colin Watson
2005-09-14* Add remaining pieces of Kerberos support (closes: #275472):Colin Watson
- Add GSSAPI key exchange support from http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen Frost).
2005-09-14* Annotate 1:4.1p1-1 changelog with CVE references.Colin Watson
- SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified (closes: #326065). - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI credentials. This code is only built in openssh-krb5, not openssh, but I mention the CVE reference here anyway for completeness.
2005-09-14releasing version 1:4.2p1-1Colin Watson
2005-09-14* Set X11Forwarding to yes in the default sshd_config (new installs only).Colin Watson
At least when X11UseLocalhost is turned on, which is the default, the security risks of using X11 forwarding are risks to the client, not to the server (closes: #320104).
2005-09-14* openssh-client and openssh-server conflict with pre-split ssh to avoidColin Watson
problems when ssh is left un-upgraded (closes: #324695).
2005-09-14Flesh out changelog for upstream changes in 4.2p1.Colin Watson
2005-09-14* debian/rules: Resynchronise CFLAGS with that generated by configure.Colin Watson
2005-09-14Merge 4.2p1 to the trunk.Colin Watson
2005-09-14Import OpenSSH 4.2p1.Colin Watson
2005-09-02releasing version 1:4.1p1-7Colin Watson
2005-09-02* Policy version 3.6.2: no changes required.Colin Watson
2005-09-02* Fix XSIish uses of 'test' in openssh-server.preinst.Colin Watson
2005-09-02* Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113).Colin Watson
2005-09-02* Work around the ssh-askpass alternative somehow ending up in manual modeColin Watson
pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass.
2005-09-01 - (djm) Update RPM spec file versionsDamien Miller
2005-08-31 - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.cTim Rice
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd(). Feedback and OK dtucker@
2005-09-01 - (dtucker) [README] Update release note URL to 4.2Darren Tucker
2005-08-31 - markus@cvs.openbsd.org 2005/08/31 09:28:42Damien Miller
[version.h] 4.2
2005-08-31 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2005/08/30 22:08:05 [gss-serv.c sshconnect2.c] destroy credentials if krb5_kuserok() call fails. Stops credentials being delegated to users who are not authorised for GSSAPIAuthentication when GSSAPIDeletegateCredentials=yes and another authentication mechanism succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
2005-08-31correct bug numberDamien Miller
2005-08-30 - (tim) [configure.ac] Back out last change. It needs to be done differently.Tim Rice
2005-08-29 - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW longTim Rice
password support to 7.x for now.
2005-08-26 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.cTim Rice
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char) on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing by tim@. Feedback and OK dtucker@
2005-08-23 - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@Tim Rice
2005-08-23 - (tim) [configure.ac ] Not all gcc's support -Wsign-compareTim Rice
2005-08-23 - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-Darren Tucker
qualified sshd pathname since some systems (eg Cygwin) may consider "/foo" and "//foo" to be different. Spotted by vinschen at redhat.com.
2005-08-23 - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support forDarren Tucker
LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@
2005-08-16 - (djm) [ttymodes.c] bugzilla #1054: Fix encoding of _POSIX_VDISABLE,Damien Miller
from Jacob Nevins; ok dtucker@
2005-08-15 - (tim) [configure.ac] corrections to libedit tests. Report and patchesTim Rice
by skeleten AT shillest.net
2005-08-15 - (tim) wrap el_end() in #ifdef USE_LIBEDITTim Rice
2005-08-12 - jaredy@cvs.openbsd.org 2005/08/08 13:22:48Damien Miller
[sftp.c] sftp prompt enhancements: - in non-interactive mode, do not print an empty prompt at the end before finishing - print newline after EOF in editline mode - call el_end() in editline mode ok dtucker djm
2005-08-12oops, that last commit was:Damien Miller
Report from Janusz Mucka; ok djm@
2005-08-12 - dtucker@cvs.openbsd.org 2005/08/06 10:03:12Damien Miller
[servconf.c] Unbreak sshd ListenAddress for bare IPv6 addresses.
2005-08-12 - djm@cvs.openbsd.org 2005/07/30 02:03:47Damien Miller
[readconf.c] listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
2005-08-12 - djm@cvs.openbsd.org 2005/07/30 01:26:16Damien Miller
[ssh.c] fix -D listen_host initialisation, so it picks up gateway_ports setting correctly
2005-08-12 - markus@cvs.openbsd.org 2005/07/28 17:36:22Damien Miller
[packet.c] missing packet_init_compression(); from solar