From 893d73549d7cfa277434bf0113688a5a14055408 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Wed, 7 Oct 2009 08:47:02 +1100
Subject:    - djm@cvs.openbsd.org 2009/08/27 17:44:52      [authfd.c ssh-add.c
 authfd.h]      Do not fall back to adding keys without contraints (ssh-add -c
 / -t ...)      when the agent refuses the constrained add request. This was a
 useful      migration measure back in 2002 when constraints were new, but
 just      adds risk now.      bz #1612, report and patch from dkg AT
 fifthhorseman.net; ok markus@

---
 ChangeLog | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 183733fcb..971225fa8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -60,6 +60,13 @@
      [sftp-server.8]
      allow setting an explicit umask on the commandline to override whatever
      default the user has. bz#1229; ok dtucker@ deraadt@ markus@
+   - djm@cvs.openbsd.org 2009/08/27 17:44:52
+     [authfd.c ssh-add.c authfd.h]
+     Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
+     when the agent refuses the constrained add request. This was a useful
+     migration measure back in 2002 when constraints were new, but just
+     adds risk now.
+     bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
 
 20091002
  - (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps.
-- 
cgit v1.2.3