| Age | Commit message (Collapse) | Author |
|---|
|
[sshd_config.5]
do not use lists for SYNOPSIS;
from eric s. raymond via brad
|
|
[servconf.c]
Make "PermitOpen all" first-match within a block to match the way other
options work. ok markus@ djm@
|
|
[servconf.c]
Make PermitOpen work with multiple values like the man pages says.
bz #1267 with details from peter at dmtz.com, with & ok djm@
|
|
[channels.c compat.c compat.h]
bz #1019: some ssh.com versions apparently can't cope with the
remote port forwarding bind_address being a hostname, so send
them an address for cases where they are not explicitly
specified (wildcard or localhost bind). reported by daveroth AT
acm.org; ok dtucker@ deraadt@
|
|
[ssh-keygen.1 ssh.1]
add rfc 4716 (public key format); ok jmc
|
|
[misc.c sftp.c]
Don't access buf[strlen(buf) - 1] for zero-length strings.
``ok by me'' djm@.
|
|
- deraadt@cvs.openbsd.org 2006/11/14 19:41:04
[ssh-keygen.c]
use argc and argv not some made up short form
|
|
|
|
preinst was sufficient to have dpkg replace it without prompting when
moving a conffile between packages were very much mistaken. As far as I
can tell, the only way to do this reliably is to write out the desired
new text of the conffile in the preinst. This is gross, and requires
shipping the text of all conffiles in the preinst too, but there's
nothing for it. Fortunately this nonsense is only required for smooth
upgrades from sarge.
|
|
|
|
|
|
GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
away from them on upgrade.
|
|
|
|
- Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).
|
|
sufficient to replace conffiles (closes: #402804).
|
|
icon extension from .desktop file (closes:
https://launchpad.net/bugs/27152).
|
|
|
|
|
|
|
|
any unchanged conffiles from the pre-split ssh package to work around a
bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
|
|
|
|
Pfaff; closes: #391248).
|
|
|
|
|
|
to avoid unnecessary conffile resolution steps for administrators
(thanks, Jari Aalto; closes: #335259).
|
|
|
|
delegation (closes: #401483).
|
|
in sshd_config.
* Default client to attempting GSSAPI authentication.
* Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
found.
|
|
|
|
occur if the server did not have the privsep user and an invalid user
tried to login and both privsep and krb5 auth are disabled.
|
|
fail if the sshd user is not local (closes: #398436).
|
|
|
|
- Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authentication. This bug is not known to be
exploitable in the absence of additional vulnerabilities.
|
|
[dh.c]
BN_hex2bn returns int; from dtucker@
|
|
|
|
versions.
|
|
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
|
|
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
add missing checks for openssl return codes; with & ok djm@
|
|
if we absolutely need it. Pointed out by Corinna, ok djm@
|
|
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
check DH_compute_key() for -1 even if it should not happen because of
earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
|
|
- otto@cvs.openbsd.org 2006/10/28 18:08:10
[ssh.1]
correct/expand example of usage of -w; ok jmc@ stevesk@
|
|
events fatal in Solaris process contract support and tell it to signal
only processes in the same process group when something happens.
Based on information from andrew.benham at thus.net and similar to
a patch from Chad Mynhier. ok djm@
|
|
- Update German (thanks, Helge Kreutzmann; closes: #395947).
|
|
|
|
|
|
|
|
* NMU to update SELinux patch, bringing it in line with current selinux
releases. The patch for this NMU is simply the Bug#394795 patch,
and no other changes. (closes: #394795)
|
|
autoconf 2.60 from complaining.
|
|
[sftp-client.c]
cancel progress meter when upload write fails; ok deraadt@
|
|
[clientloop.c serverloop.c]
exit instead of doing a blocking tcp send if we detect a client/server
timeout, since the tcp sendqueue might be already full (of alive
requests); ok dtucker, report mpf
|
