| Age | Commit message (Collapse) | Author |
|---|
|
[servconf.c servconf.h sshd_config.5]
sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
ok djm@ (back in March)
|
|
[ssh.1]
Clarify description of -W. Noted by Steve.McClellan at radisys com, ok jmc
|
|
[ssh.1 sshd.8]
Remove mention of 'three' key files since there are now four. From
Steve.McClellan at radisys com.
|
|
[ssh_config.5]
RSA instead of DSA twice. From Steve.McClellan at radisys com
|
|
[jpake.c]
correct sizeof usage. patch from saw at online.de, ok deraadt
|
|
[mux.c]
fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
AT googlemail.com
|
|
[PROTOCOL.mux]
correct types of port numbers (integers, not strings); bz#2004 from
bert.wesarg AT googlemail.com
|
|
[dns.c dns.h key.c key.h ssh-keygen.c]
add support for RFC6594 SSHFP DNS records for ECDSA key types.
patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
|
|
[mux.c]
fix double-free in new session handler
NB. Id sync only
|
|
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
|
|
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
|
|
|
|
whether the running system's kernel has seccomp_filter support, not the
build system's kernel (forwarded upstream as
https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
|
|
|
|
[sshd_config.5]
Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
|
|
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32
[servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.
|
|
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
|
|
from cjwatson at debian org.
|
|
|
|
|
|
|
|
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
(closes: #643312, #650512).
- Add a new privilege separation sandbox implementation for Linux's new
seccomp sandbox, automatically enabled on platforms that support it.
(Note: privilege separation sandboxing is still experimental.)
|
|
|
|
|
|
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
|
|
platform rather than exiting early, so that we still clean up and return
status to test-exec.sh
|
|
ok dtucker@
|
|
via Niels
|
|
[channels.c]
fix function proto/source mismatch
|
|
[ssh.1]
use "brackets" instead of "braces", for consistency;
|
|
[sftp.c]
setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
|
|
[sshd_config sshd_config.5]
mention AuthorizedPrincipalsFile=none default
|
|
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@
|
|
[ssh-keyscan.1 ssh-keyscan.c]
now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
look for them by default; bz#1971
|
|
[sshd.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
|
|
[auth.c]
Support "none" as an argument for AuthorizedPrincipalsFile to indicate
no file should be read.
|
|
[channels.c channels.h clientloop.c serverloop.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
|
|
[channels.c channels.h servconf.c]
Add PermitOpen none option based on patch from Loganaden Velvindron
(bz #1949). ok djm@
|
|
[PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert.
|
|
[session.c]
root should always be excluded from the test for /etc/nologin instead
of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@
|
|
[ssh-keygen.c]
allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
|
|
#669667).
|
|
(closes: #669699).
|
|
|
|
|
|
[contrib/suse/openssh.spec] Update for release 6.0
|
|
contains openpty() but not login()
|
|
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
|
|
|
|
- Allow using a cross-architecture pkg-config.
- Pass default LDFLAGS to contrib/Makefile.
- Allow dh_strip to strip gnome-ssh-askpass, rather than calling
'install -s'.
|
