| Age | Commit message (Collapse) | Author |
|---|
|
- sshd(8): fix a memory corruption problem triggered during rekeying
when an AES-GCM cipher is selected (closes: #729029). Full details
of the vulnerability are available at:
http://www.openssh.com/txt/gcmrekey.adv
|
|
[contrib/suse/openssh.spec] update version numbers
|
|
- sftp(1): add support for resuming partial downloads using the "reget"
command and on the sftp commandline or on the "get" commandline using
the "-a" (append) option (closes: #158590).
- ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives (closes:
#436052).
- sftp(1): update progressmeter when data is acknowledged, not when it's
sent (partially addresses #708372).
- ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened (closes: #651357).
|
|
[contrib/suse/openssh.spec] Update version numbers
|
|
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
the Cygwin README file (which hasn't been updated for ages), drop
unsupported OSes from the ssh-host-config help text, and drop an
unneeded option from ssh-user-config. Patch from vinschen at redhat com.
|
|
Patch from cjwatson at debian.
|
|
|
|
- Only warn for missing identity files that were explicitly specified
(closes: #708275).
- Fix bug in contributed contrib/ssh-copy-id script that could result in
"rm *" being called on mktemp failure (closes: #708419).
|
|
executed if mktemp failed; bz#2105 ok dtucker@
|
|
executed if mktemp failed; bz#2105 ok dtucker@
|
|
[contrib/suse/openssh.spec] Crank version numbers for release.
|
|
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
|
|
Hands' greatly revised version.
|
|
[contrib/suse/openssh.spec] Crank version numbers
|
|
Iain Morgan
|
|
patch from Iain Morgan in bz#2059
|
|
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
|
|
SELinux policies require this (closes: #658675).
|
|
[contrib/suse/openssh.spec] Update version numbers
|
|
can logon as a service. Patch from vinschen at redhat com.
|
|
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
|
|
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
(closes: #643312, #650512).
- Add a new privilege separation sandbox implementation for Linux's new
seccomp sandbox, automatically enabled on platforms that support it.
(Note: privilege separation sandboxing is still experimental.)
|
|
[contrib/suse/openssh.spec] Update for release 6.0
|
|
- Allow using a cross-architecture pkg-config.
- Pass default LDFLAGS to contrib/Makefile.
- Allow dh_strip to strip gnome-ssh-askpass, rather than calling
'install -s'.
|
|
file from spec file. From crighter at nuclioss com.
|
|
fails. Patch from Corinna Vinschen.
|
|
|
|
|
|
|
|
|
|
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
|
|
|
|
[contrib/suse/openssh.spec] Update version numbers.
|
|
[contrib/suse/openssh.spec] Update version numbers.
|
|
bisson AT archlinux.org
|
|
identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
AT gmail.com; ok dtucker@
|
|
[contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
init scrips from imorgan AT nas.nasa.gov
|
|
contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
bumps from the 5.8p2 branch into HEAD. ok djm.
|
|
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
|
|
Cygwin-specific service installer script ssh-host-config. The actual
functionality is the same, the revisited version is just more
exact when it comes to check for problems which disallow to run
certain aspects of the script. So, part of this script and the also
rearranged service helper script library "csih" is to check if all
the tools required to run the script are available on the system.
The new script also is more thorough to inform the user why the
script failed. Patch from vinschen at redhat com.
|
|
generation and simplify. Patch from Corinna Vinschen.
|
|
- Fix stack information leak in legacy certificate signing
(http://www.openssh.com/txt/legacy-cert.adv).
|
|
|
|
[contrib/suse/openssh.spec] update versions in docs and spec files.
- Release OpenSSH 5.8p1
|
|
[contrib/suse/openssh.spec] update versions in docs and spec files.
- Release OpenSSH 5.8p1
|
|
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.
- sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation. It is available through the "ln" command in the
client. The old "ln" behaviour of creating a symlink is available
using its "-s" option or through the preexisting "symlink" command.
- scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host (closes: #508613).
- ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded. This allows the mux clients to determine that the server
socket is either ready or stale without races (closes: #454784).
Stale server sockets are now automatically removed (closes: #523250).
- ssh(1): install a SIGCHLD handler to reap expired child process
(closes: #594687).
- ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
temporary directories (closes: #357469, although only if you arrange
for ssh-agent to actually see $TMPDIR since the setgid bit will cause
it to be stripped off).
|
|
|
|
[contrib/suse/openssh.spec] update versions in docs and spec files.
|
|
of RPM so build completes. Signatures were changed to .asc since 4.1p1.
|
|
remove. Patch from martynas at venck us.
|
