summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-05-10 - djm@cvs.openbsd.org 2010/04/23 22:42:05Damien Miller
[session.c] set stderr to /dev/null for subsystems rather than just closing it. avoids hangs if a subsystem or shell initialisation writes to stderr. bz#1750; ok markus@
2010-05-10 - djm@cvs.openbsd.org 2010/04/23 22:27:38Damien Miller
[mux.c] set "detach_close" flag when registering channel cleanup callbacks. This causes the channel to close normally when its fds close and hangs when terminating a mux slave using ~. bz#1758; ok markus@
2010-05-10 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/04/23 01:47:41 [ssh-keygen.c] bz#1740: display a more helpful error message when $HOME is inaccessible while trying to create .ssh directory. Based on patch from jchadima AT redhat.com; ok dtucker@
2010-05-04Add powerpcspe to architecture list for libselinux1-dev build-dependencySebastian Andrzej Siewior
(closes: #579843).
2010-04-28releasing version 1:5.5p1-3Colin Watson
2010-04-28Drop IDEA key check; I don't think it works properly any more due toColin Watson
textual changes in error output, it's only relevant for direct upgrades from truly ancient versions, and it breaks upgrades if /etc/ssh/ssh_host_key can't be loaded (closes: #579570).
2010-04-26Discard error messages while checking whether rsh, rlogin, and rcpColin Watson
alternatives exist (closes: #579285).
2010-04-23 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dirDarren Tucker
in the openssl install directory (some newer openssl versions do this on at least some amd64 platforms).
2010-04-18 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.defaultDarren Tucker
file.
2010-04-18 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/04/16 01:58:45 [regress/cert-hostkey.sh regress/cert-userkey.sh] regression tests for v01 certificate format includes interop tests for v00 certs
2010-04-18 - djm@cvs.openbsd.org 2010/04/16 21:14:27Damien Miller
[sshconnect.c] oops, %r => remote username, not %u
2010-04-18 - jmc@cvs.openbsd.org 2010/04/16 06:47:04Damien Miller
[ssh-keygen.1 ssh-keygen.c] tweak previous; ok djm
2010-04-18 - OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2010/04/16 06:45:01 [ssh_config.5] tweak previous; ok djm
2010-04-17releasing version 1:5.5p1-2Colin Watson
2010-04-17Use dh_installinit -n, since our maintainer scripts already handle thisColin Watson
more carefully (thanks, Julien Cristau).
2010-04-16releasing version 1:5.5p1-1Colin Watson
2010-04-16* New upstream release:Colin Watson
- Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative paths. - Include a language tag when sending a protocol 2 disconnection message. - Make logging of certificates used for user authentication more clear and consistent between CAs specified using TrustedUserCAKeys and authorized_keys.
2010-04-16merge 5.5p1Colin Watson
2010-04-16releasing version 1:5.4p1-2Colin Watson
2010-04-16Import 5.5p1 tarballColin Watson
2010-04-16 - djm@cvs.openbsd.org 2010/04/16 01:47:26Damien Miller
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] [sshconnect.c sshconnect2.c sshd.c] revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
2010-04-16 - markus@cvs.openbsd.org 2010/04/15 20:32:55Damien Miller
[ssh-pkcs11.c] retry lookup for private key if there's no matching key with CKA_SIGN attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) ok djm@
2010-04-16 - djm@cvs.openbsd.org 2010/04/14 22:27:42Damien Miller
[ssh_config.5 sshconnect.c] expand %r => remote username in ssh_config:ProxyCommand; ok deraadt markus
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 05:48:16Damien Miller
[mux.c] fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 02:10:56Damien Miller
[sshconnect2.c] show the key type that we are offering in debug(), helps distinguish between certs and plain keys as the path to the private key is usually the same.
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 02:08:44Damien Miller
[clientloop.c] bz#1698: kill channel when pty allocation requests fail. Fixed stuck client if the server refuses pty allocation. ok dtucker@ "think so" markus@
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 00:04:30Damien Miller
[sshconnect.c] fix terminology: we didn't find a certificate in known_hosts, we found a CA key
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 00:00:16Damien Miller
[ssh.c] bz#1746 - suppress spurious tty warning when using -O and stdin is not a tty; ok dtucker@ markus@
2010-04-16 - jmc@cvs.openbsd.org 2010/03/27 14:26:55Damien Miller
[ssh_config.5] tweak previous; ok dtucker
2010-04-16 - jmc@cvs.openbsd.org 2010/03/26 06:54:36Damien Miller
[ssh.1] tweak previous;
2010-04-16 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/03/26 03:13:17 [bufaux.c] allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer argument to allow skipping past values in a buffer
2010-04-16openssh-5.5p1 markerDamien Miller
2010-04-10 - (dtucker) [configure.ac] Put the check for the existence of getaddrinfoDarren Tucker
back so we disable the IPv6 tests if we don't have it.
2010-04-10lintian-symlink-pickiness: remember to bump Last-UpdateColin Watson
2010-04-09Add a NEWS.Debian entry about changes in smartcard support relative toColin Watson
previous unofficial builds (closes: #231472).
2010-04-09 - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enableDarren Tucker
utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
2010-04-09 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if weDarren Tucker
have it and the path is not provided to --with-libedit. Based on a patch from Iain Morgan.
2010-04-09 - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrongDarren Tucker
ones. Based on a patch from Roumen Petrov.
2010-04-08Use dh_install more effectively.Colin Watson
2010-04-08remove obsolete Ssh.bin hack, no longer needed with new PKCS#11 smartcard ↵Colin Watson
handling
2010-04-08remove old ssh_prng_cmds handling; we never use this, and it's unnecessary ↵Colin Watson
with debhelper v3 anyway
2010-04-07Drop lpia support, since Ubuntu no longer supports this architecture.Colin Watson
2010-04-07Convert to dh(1), and use dh_installdocs --link-doc.Colin Watson
2010-04-06Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 isColin Watson
installed, the host key is published in an SSHFP RR secured with DNSSEC, and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key verification (closes: #572049).
2010-04-06lintian-symlink-pickiness.patch rejected upstream, but we need to keep itColin Watson
2010-04-06releasing version 1:5.4p1-1Colin Watson
2010-04-03* Policy version 3.8.4:Colin Watson
- Add a Homepage field.
2010-03-31Drop most of our "LogLevel SILENT" (-qq) patch. This was originallyColin Watson
introduced to match the behaviour of non-free SSH, in which -q does not suppress fatal errors, but matching the behaviour of OpenSSH upstream is much more important nowadays. We no longer document that -q does not suppress fatal errors (closes: #280609). Migrate "LogLevel SILENT" to "LogLevel QUIET" in sshd_config on upgrade.
2010-03-31Drop Debian-specific removal of OpenSSL version check. Upstream ignoresColin Watson
the two patchlevel nybbles now, which is sufficient to address the original reason this change was introduced, and it appears that any change in the major/minor/fix nybbles would involve a new libssl package name. (We'd still lose if the status nybble were ever changed, but that would mean somebody had packaged a development/beta version rather than a proper release, which doesn't appear to be normal practice.)
2010-03-31Remove SSHD_OOM_ADJUST configuration. sshd now unconditionally makesColin Watson
itself non-OOM-killable, and doesn't require configuration to avoid log spam in virtualisation containers (closes: #555625).