| Age | Commit message (Collapse) | Author |
|---|
|
[agent-ptrace.sh agent.sh]
keep return values that are printed in error messages;
from portable
(Id sync only)
|
|
[login-timeout.sh]
remove any existing LoginGraceTime from sshd_config before adding
a specific one for the test back in
|
|
[scp-ssh-wrapper.sh scp.sh]
make sure $SCP is tested on the remote end rather than whichever one
happens to be in $PATH; from portable
(Id sync only)
|
|
[regress/cert-hostkey.sh]
automatically generate revoked keys from listed keys rather than
manually specifying each type; from portable
(Id sync only)
|
|
[regress/Makefile regress/dhgex.sh]
Add a test for DH GEX sizes
|
|
[sftp-chroot.sh]
append to rather than truncating the log file
|
|
[regress/sftp-chroot.sh]
Don't use -q on sftp as it suppresses logging, instead redirect the
output to the regress logfile.
|
|
[contrib/suse/openssh.spec] Crank version numbers
|
|
[version.h]
openssh-6.6
|
|
[sshd_config.5]
bz#2184 clarify behaviour of a keyword that appears in multiple
matching Match blocks; ok dtucker@
|
|
[bufbn.c]
off by one in range check
|
|
[bufbn.c]
fix unsigned overflow that could lead to reading a short ssh protocol
1 bignum value; found by Ben Hawkes; ok deraadt@
|
|
[sshd.c]
ssh_gssapi_prepare_supported_oids needs GSSAPI
|
|
[channels.c]
don't assume that the socks4 username is \0 terminated;
spotted by Ben Hawkes; ok markus@
|
|
[auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
sandboxing, as running this code in the sandbox can cause violations;
ok markus@
|
|
[ssh.c]
bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
ok dtucker@ markus@
|
|
[readconf.c readconf.h ssh.c ssh_config.5]
reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
the hostname. This allows users to write configurations that always
refer to canonical hostnames, e.g.
CanonicalizeHostname yes
CanonicalDomains int.example.org example.org
CanonicalizeFallbackLocal no
Host *.int.example.org
Compression off
Host *.example.org
User djm
ok markus@
|
|
[ssh-ed25519.c]
check for unsigned overflow; not reachable in OpenSSH but others might
copy our code...
|
|
[readconf.c]
when processing Match blocks, skip 'exec' clauses if previous predicates
failed to match; ok markus@
|
|
[channels.c]
avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
bz#2200, debian#738692 via Colin Watson; ok dtucker@
|
|
[cipher.c mac.c]
remove some logging that makes ssh debugging output very verbose;
ok markus
|
|
This allows it to also be used by other SSH server implementations like
dropbear (closes: #504290).
|
|
- (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
|
|
sshd" in the sysvinit script (thanks, Michael Biebl).
|
|
|
|
|
|
Origin: upstream, https://bugzilla.mindrot.org/show_bug.cgi?id=2200
Bug-Debian: http://bugs.debian.org/738693
Last-Update: 2014-02-15
Patch-Name: getsockname-error.patch
|
|
no longer supported.
|
|
Amend "Running sshd from inittab" instructions in README.Debian to recommend
'update-rc.d ssh disable', rather than manual removal of rc*.d symlinks that
won't work with dependency-based sysv-rc.
|
|
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
|
|
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
|
|
|
|
|
|
|
|
|
|
Drop some very old Conflicts and Replaces (ssh (<< 1:3.8.1p1-9), rsh-client
(<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-nonfree (<< 2), and
openssh-client (<< 1:3.8.1p1-11)). These all relate to pre-etch versions,
for which we no longer have maintainer script code, and per policy they
would have to become Breaks nowadays anyway.
|
|
Debian patch) rather than plain GPL.
|
|
Remove tests for whether /dev/null is a character device from the Upstart
job and the systemd service files; it's there to avoid a confusing failure
mode in daemon(), but with modern init systems we use the -D option to
suppress daemonisation anyway.
|
|
|
|
have got it wrong before, and it's fairly harmless to repeat it.
|
|
We need to cope with still-running sysvinit jobs being considered active by
systemd (thanks, Uoti Urpala and Michael Biebl).
|
|
|
|
This has been upstream's default since 5.4p1.
|
|
- djm@cvs.openbsd.org 2014/02/04 00:24:29
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170
Bug-Debian: http://bugs.debian.org/738619
Forwarded: not-needed
Last-Update: 2014-02-11
Patch-Name: fix-case-sensitive-matching.patch
|
|
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
default.
sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
PermitRootLogin default.
Document all of this, along with several sshd defaults set in
debian/openssh-server.postinst.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2014-02-12
Patch-Name: debian-config.patch
|
|
|
|
|
|
|
|
(closes: #738619).
|
|
- djm@cvs.openbsd.org 2014/02/04 00:24:29
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170
Bug-Debian: http://bugs.debian.org/738619
Forwarded: not-needed
Last-Update: 2014-02-11
Patch-Name: fix-case-sensitive-matching.patch
|
