[sshd_config.5]
clarify that StrictModes does not apply to ChrootDirectory. Permissions
and ownership are always checked when chrooting. bz#1532
+ - dtucker@cvs.openbsd.org 2009/11/10 04:30:45
+ [sshconnect2.c channels.c sshconnect.c]
+ Set close-on-exec on various descriptors so they don't get leaked to
+ child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
+ - markus@cvs.openbsd.org 2009/11/11 21:37:03
+ [channels.c channels.h]
+ fix race condition in x11/agent channel allocation: don't read after
+ the end of the select read/write fdset and make sure a reused FD
+ is not touched before the pre-handlers are called.
+ with and ok djm@
+ - djm@cvs.openbsd.org 2009/11/17 05:31:44
+ [clientloop.c]
+ fix incorrect exit status when multiplexing and channel ID 0 is recycled
+ bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
+ - djm@cvs.openbsd.org 2009/11/19 23:39:50
+ [session.c]
+ bz#1606: error when an attempt is made to connect to a server
+ with ForceCommand=internal-sftp with a shell session (i.e. not a
+ subsystem session). Avoids stuck client when attempting to ssh to such a
+ service. ok dtucker@
+ - dtucker@cvs.openbsd.org 2009/11/20 00:15:41
+ [session.c]
+ Warn but do not fail if stat()ing the subsystem binary fails. This helps
+ with chrootdirectory+forcecommand=sftp-server and restricted shells.
+ bz #1599, ok djm.
+ - djm@cvs.openbsd.org 2009/11/20 00:54:01
+ [sftp.c]
+ bz#1588 change "Connecting to host..." message to "Connected to host."
+ and delay it until after the sftp protocol connection has been established.
+ Avoids confusing sequence of messages when the underlying ssh connection
+ experiences problems. ok dtucker@
+ - dtucker@cvs.openbsd.org 2009/11/20 00:59:36
+ [sshconnect2.c]
+ Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@
+ - djm@cvs.openbsd.org 2009/11/20 03:24:07
+ [misc.c]
+ correct off-by-one in percent_expand(): we would fatal() when trying
+ to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
+ work. Note that nothing in OpenSSH actually uses close to this limit at
+ present. bz#1607 from Jan.Pechanec AT Sun.COM
+ - halex@cvs.openbsd.org 2009/11/22 13:18:00
+ [sftp.c]
+ make passing of zero-length arguments to ssh safe by
+ passing "-<switch>" "<value>" rather than "-<switch><value>"
+ ok dtucker@, guenther@, djm@
+ - dtucker@cvs.openbsd.org 2009/12/06 23:41:15
+ [sshconnect2.c]
+ zap unused variable and strlen; from Steve McClellan, ok djm
+ - djm@cvs.openbsd.org 2009/12/06 23:53:45
+ [roaming_common.c]
+ use socklen_t for getsockopt optlen parameter; reported by
+ Steve.McClellan AT radisys.com, ok dtucker@
20091226
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1