summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2006-12-06don't symlink /usr/share/doc/ssh-krb5; we have a separate NEWS file to put thereColin Watson
2006-12-06* When installing openssh-client or openssh-server from scratch, removeColin Watson
any unchanged conffiles from the pre-split ssh package to work around a bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
2006-12-06fix sed mistakeColin Watson
2006-12-06* Fix quoting error in configure.ac and regenerate configure (thanks, BenColin Watson
Pfaff; closes: #391248).
2006-12-06ignore debian/ssh-krb5Colin Watson
2006-12-06urgency=mediumColin Watson
2006-12-06* Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_configColin Watson
to avoid unnecessary conffile resolution steps for administrators (thanks, Jari Aalto; closes: #335259).
2006-12-06close #390986Colin Watson
2006-12-06* Add ssh -K option, the converse of -k, to enable GSSAPI credentialColin Watson
delegation (closes: #401483).
2006-12-06* Create transitional ssh-krb5 package which enables GSSAPI configurationColin Watson
in sshd_config. * Default client to attempting GSSAPI authentication. * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's found.
2006-12-05 - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@Damien Miller
2006-12-05 - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash wouldDamien Miller
occur if the server did not have the privsep user and an invalid user tried to login and both privsep and krb5 auth are disabled.
2006-11-20* Ignore errors from usermod when changing sshd'\''s shell, since it willColin Watson
fail if the sshd user is not local (closes: #398436).
2006-11-15releasing version 1:4.3p2-6Colin Watson
2006-11-15* Backport from 4.5p1:Colin Watson
- Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities.
2006-11-08 - markus@cvs.openbsd.org 2006/11/07 13:02:07Darren Tucker
[dh.c] BN_hex2bn returns int; from dtucker@
2006-11-07 - (dtucker) Release 4.5p1.Darren Tucker
2006-11-07 - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] BumpDarren Tucker
versions.
2006-11-07 - markus@cvs.openbsd.org 2006/11/07 10:31:31Darren Tucker
[monitor.c version.h] correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. with dtucker@, ok djm@, dtucker@
2006-11-07 - markus@cvs.openbsd.org 2006/11/06 21:25:28Darren Tucker
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c] add missing checks for openssl return codes; with & ok djm@
2006-11-07 - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require itDarren Tucker
if we absolutely need it. Pointed out by Corinna, ok djm@
2006-11-05 - markus@cvs.openbsd.org 2006/10/31 16:33:12Damien Miller
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c] check DH_compute_key() for -1 even if it should not happen because of earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
2006-11-05 - (djm) OpenBSD CVS SyncDamien Miller
- otto@cvs.openbsd.org 2006/10/28 18:08:10 [ssh.1] correct/expand example of usage of -w; ok jmc@ stevesk@
2006-11-01 - (dtucker) [openbsd-compat/port-solaris.c] Bug #1255: Make only hwerrDarren Tucker
events fatal in Solaris process contract support and tell it to signal only processes in the same process group when something happens. Based on information from andrew.benham at thus.net and similar to a patch from Chad Mynhier. ok djm@
2006-10-29* debconf template translations:Colin Watson
- Update German (thanks, Helge Kreutzmann; closes: #395947).
2006-10-28- (djm) [auth.c] gc some dead codeDamien Miller
2006-10-27* openssh-server Suggests: molly-guard (closes: #395473).Colin Watson
2006-10-27ack NMU, and a whitespace tweakColin Watson
2006-10-27Incorporate Manoj's NMU:Colin Watson
* NMU to update SELinux patch, bringing it in line with current selinux releases. The patch for this NMU is simply the Bug#394795 patch, and no other changes. (closes: #394795)
2006-10-23 - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keepTim Rice
autoconf 2.60 from complaining.
2006-10-24 - djm@cvs.openbsd.org 2006/10/22 02:25:50Damien Miller
[sftp-client.c] cancel progress meter when upload write fails; ok deraadt@
2006-10-24 - markus@cvs.openbsd.org 2006/10/11 12:38:03Damien Miller
[clientloop.c serverloop.c] exit instead of doing a blocking tcp send if we detect a client/server timeout, since the tcp sendqueue might be already full (of alive requests); ok dtucker, report mpf
2006-10-24 - markus@cvs.openbsd.org 2006/10/10 10:12:45Damien Miller
[sshconnect.c] sleep before retrying (not after) since sleep changes errno; fixes pr 5250; rad@twig.com; ok dtucker djm
2006-10-24 - djm@cvs.openbsd.org 2006/10/09 23:36:11Damien Miller
[session.c] xmalloc -> xcalloc that was missed previously, from portable (NB. Id sync only for portable, obviously)
2006-10-24 - djm@cvs.openbsd.org 2006/10/06 02:29:19Damien Miller
[ssh-agent.c ssh-keyscan.c ssh.c] sys/resource.h needs sys/time.h; prompted by brad@ (NB. Id sync only for portable)
2006-10-24 - (djm) OpenBSD CVS SyncDamien Miller
- ray@cvs.openbsd.org 2006/09/30 17:48:22 [sftp.c] Clear errno before calling the strtol functions. From Paul Stoeber <x0001 at x dot de1 dot cc>. OK deraadt@.
2006-10-18 - (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warningsDarren Tucker
on older versions of OS X. ok djm@
2006-10-18 - ray@cvs.openbsd.org 2006/09/25 04:55:38Darren Tucker
[ssh-keyscan.1 ssh.1] Change "a SSH" to "an SSH". Hurray, I'm not the only one who pronounces "SSH" as "ess-ess-aich". OK jmc@ and stevesk@.
2006-10-16 - (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macrosDarren Tucker
on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
2006-10-06 - (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).Tim Rice
Allow setting alternate awk in openssh-config.local.
2006-10-07 - (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing forDarren Tucker
SELinux functions so they're detected correctly. Patch from pebenito at gentoo.org.
2006-10-0620061006Tim Rice
- (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris. Differentiate between OpenServer 5 and OpenServer 6
2006-10-05releasing version 1:4.3p2-5Colin Watson
2006-10-04* Remove ssh/insecure_telnetd check altogether (closes: #391081).Colin Watson
2006-10-03 - (tim) [configure.ac] Move CHECK_HEADERS test before platform specificTim Rice
section so additional platform specific CHECK_HEADER tests will work correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no Feedback and "seems like a good idea" dtucker@
2006-10-02* debconf template translations:Colin Watson
- Update Danish (thanks, Claus Hindsgaul; closes: #390612).
2006-10-01 - (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no.Darren Tucker
2006-09-29releasing version 1:4.3p2-4Colin Watson
2006-09-29 - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. TheColin Watson
signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.
2006-09-29* Backport from 4.4p1 (since I don't have an updated version of the GSSAPIColin Watson
patch yet): - CVE-2006-4924: Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired (closes: #389995).
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 02:38:32 +0000