+20091208
+ - (dtucker) OpenBSD CVS Sync
+ - andreas@cvs.openbsd.org 2009/10/24 11:11:58
+ [roaming.h]
+ Declarations needed for upcoming changes.
+ ok markus@
+ - andreas@cvs.openbsd.org 2009/10/24 11:13:54
+ [sshconnect2.c kex.h kex.c]
+ Let the client detect if the server supports roaming by looking
+ for the resume@appgate.com kex algorithm.
+ ok markus@
+ - andreas@cvs.openbsd.org 2009/10/24 11:15:29
+ [clientloop.c]
+ client_loop() must detect if the session has been suspended and resumed,
+ and take appropriate action in that case.
+ From Martin Forssen, maf at appgate dot com
+ - andreas@cvs.openbsd.org 2009/10/24 11:19:17
+ [ssh2.h]
+ Define the KEX messages used when resuming a suspended connection.
+ ok markus@
+ - andreas@cvs.openbsd.org 2009/10/24 11:22:37
+ [roaming_common.c]
+ Do the actual suspend/resume in the client. This won't be useful until
+ the server side supports roaming.
+ Most code from Martin Forssen, maf at appgate dot com. Some changes by
+ me and markus@
+ ok markus@
+ - andreas@cvs.openbsd.org 2009/10/24 11:23:42
+ [ssh.c]
+ Request roaming to be enabled if UseRoaming is true and the server
+ supports it.
+ ok markus@
+ - reyk@cvs.openbsd.org 2009/10/28 16:38:18
+ [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
+ channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
+ sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
+ Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
+ ok markus@
+ - jmc@cvs.openbsd.org 2009/10/28 21:45:08
+ [sshd_config.5 sftp.1]
+ tweak previous;
+ - djm@cvs.openbsd.org 2009/11/10 02:56:22
+ [ssh_config.5]
+ explain the constraints on LocalCommand some more so people don't
+ try to abuse it.
+ - djm@cvs.openbsd.org 2009/11/10 02:58:56
+ [sshd_config.5]
+ clarify that StrictModes does not apply to ChrootDirectory. Permissions
+ and ownership are always checked when chrooting. bz#1532
+ - dtucker@cvs.openbsd.org 2009/11/10 04:30:45
+ [sshconnect2.c channels.c sshconnect.c]
+ Set close-on-exec on various descriptors so they don't get leaked to
+ child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
+ - markus@cvs.openbsd.org 2009/11/11 21:37:03
+ [channels.c channels.h]
+ fix race condition in x11/agent channel allocation: don't read after
+ the end of the select read/write fdset and make sure a reused FD
+ is not touched before the pre-handlers are called.
+ with and ok djm@
+ - djm@cvs.openbsd.org 2009/11/17 05:31:44
+ [clientloop.c]
+ fix incorrect exit status when multiplexing and channel ID 0 is recycled
+ bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
+ - djm@cvs.openbsd.org 2009/11/19 23:39:50
+ [session.c]
+ bz#1606: error when an attempt is made to connect to a server
+ with ForceCommand=internal-sftp with a shell session (i.e. not a
+ subsystem session). Avoids stuck client when attempting to ssh to such a
+ service. ok dtucker@
+ - dtucker@cvs.openbsd.org 2009/11/20 00:15:41
+ [session.c]
+ Warn but do not fail if stat()ing the subsystem binary fails. This helps
+ with chrootdirectory+forcecommand=sftp-server and restricted shells.
+ bz #1599, ok djm.
+
+20091226
+ - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
+ Gzip all man pages. Patch from Corinna Vinschen.
+
+20091221
+ - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
+ Bug #1583: Use system's kerberos principal name on AIX if it's available.
+ Based on a patch from and tested by Miguel Sanders
+
+20091208
+ - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,
+ based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
+
+20091207
+ - (dtucker) Bug #1160: use pkg-config for opensc config if it's available.
+ Tested by Martin Paljak.
+ - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass.
+
+20091121
+ - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.
+ Bug 1628. OK dtucker@
+
+20091120
+ - (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
+ line arguments as none are supported. Exit when passed unrecognised
+ commandline flags. bz#1568 from gson AT araneus.fi
+
+20091118
+ - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
+ set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
+ setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
+ bz#1648, report and fix from jan.kratochvil AT redhat.com
+ - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.
+ bz#1645, patch from jchadima AT redhat.com
+
+20091107
+ - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
+ keys when built with OpenSSL versions that don't do AES.
+
+20091105
+ - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
+ older versions of OpenSSL.
+
20091024
- (dtucker) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2009/10/11 23:03:15
- dtucker@cvs.openbsd.org 2009/10/24 00:48:34
[ssh-keygen.1]
ssh-keygen now uses AES-128 for private keys
+ - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro.
+ - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
+ is enabled set the security context to "sftpd_t" before running the
+ internal sftp server Based on a patch from jchadima at redhat.
20091011
- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
andersk / openssh.git / blobdiff