+20070815
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2007/08/15 08:14:46
+ [clientloop.c]
+ do NOT fall back to the trused x11 cookie if generation of an untrusted
+ cookie fails; from security-alert at sun.com; ok dtucker
+
+20070813
+ - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always
+ called with PAM_ESTABLISH_CRED at least once, which resolves a problem
+ with pam_dhkeys. Patch from David Leonard, ok djm@
+
+20070810
+ - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
+ - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From
+ Matt Kraai, ok djm@
+
+20070809
+ - (dtucker) [openbsd-compat/port-aix.c] Comment typo.
+ - (dtucker) [README.platform] Document the interaction between PermitRootLogin
+ and the AIX native login restrictions.
+ - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
+ used anywhere and are a potential source of warnings.
+
+20070808
+ - (djm) OpenBSD CVS Sync
+ - ray@cvs.openbsd.org 2007/07/12 05:48:05
+ [key.c]
+ Delint: remove some unreachable statements, from Bret Lambert.
+ OK markus@ and dtucker@.
+ - sobrado@cvs.openbsd.org 2007/08/06 19:16:06
+ [scp.1 scp.c]
+ the ellipsis is not an optional argument; while here, sync the usage
+ and synopsis of commands
+ lots of good ideas by jmc@
+ ok jmc@
+ - djm@cvs.openbsd.org 2007/08/07 07:32:53
+ [clientloop.c clientloop.h ssh.c]
+ bz#1232: ensure that any specified LocalCommand is executed after the
+ tunnel device is opened. Also, make failures to open a tunnel device
+ fatal when ExitOnForwardFailure is active.
+ Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
+
+20070724
+ - (tim) [openssh.xml.in] make FMRI match what package scripts use.
+ - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
+ Report/patch by David.Leonard AT quest.com (and Bernhard Simon)
+ - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
+ - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
+
+20070628
+ - (djm) bz#1325: Fix SELinux in permissive mode where it would
+ incorrectly fatal() on errors. patch from cjwatson AT debian.org;
+ ok dtucker
+
+20070625
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/06/13 00:21:27
+ [scp.c]
+ don't ftruncate() non-regular files; bz#1236 reported by wood AT
+ xmission.com; ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/14 21:43:25
+ [ssh.c]
+ handle EINTR when waiting for mux exit status properly
+ - djm@cvs.openbsd.org 2007/06/14 22:48:05
+ [ssh.c]
+ when waiting for the multiplex exit status, read until the master end
+ writes an entire int of data *and* closes the client_fd; fixes mux
+ regression spotted by dtucker, ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/19 02:04:43
+ [atomicio.c]
+ if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
+ avoid a spin if it is not yet ready for reading/writing; ok dtucker@
+ - dtucker@cvs.openbsd.org 2007/06/25 08:20:03
+ [channels.c]
+ Correct test for window updates every three packets; prevents sending
+ window updates for every single packet. ok markus@
+ - dtucker@cvs.openbsd.org 2007/06/25 12:02:27
+ [atomicio.c]
+ Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
+ - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
+ atomicio.
+ - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
+ Add an implementation of poll() built on top of select(2). Code from
+ OpenNTPD with changes suggested by djm. ok djm@
+
+20070614
+ - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
+ USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
+ shared with umac.c. Allows building with OpenSSL 0.9.5 again including
+ umac support. With tim@ djm@, ok djm.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
+ sections. Fixes builds with early OpenSSL 0.9.6 versions.
+ - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
+ of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
+ subsequent <0.9.7 test.
+
+20070612
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2007/06/11 09:14:00
+ [channels.h]
+ increase default channel windows; ok djm
+ - djm@cvs.openbsd.org 2007/06/12 07:41:00
+ [ssh-add.1]
+ better document ssh-add's -d option (delete identies from agent), bz#1224
+ new text based on some provided by andrewmc-debian AT celt.dias.ie;
+ ok dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 08:20:00
+ [ssh-gss.h gss-serv.c gss-genr.c]
+ relocate server-only GSSAPI code from libssh to server; bz #1225
+ patch from simon AT sxw.org.uk; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 08:24:20
+ [scp.c]
+ make scp try to skip FIFOs rather than blocking when nothing is listening.
+ depends on the platform supporting sane O_NONBLOCK semantics for open
+ on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
+ bz #856; report by cjwatson AT debian.org; ok markus@
+ - djm@cvs.openbsd.org 2007/06/12 11:11:08
+ [ssh.c]
+ fix slave exit value when a control master goes away without passing the
+ full exit status by ensuring that the slave reads a full int. bz#1261
+ reported by frekko AT gmail.com; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2007/06/12 11:15:17
+ [ssh.c ssh.1]
+ Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
+ GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
+ and is useful for hosts with /home on Kerberised NFS; bz #1312
+ patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
+ - djm@cvs.openbsd.org 2007/06/12 11:45:27
+ [ssh.c]
+ improved exit message from multiplex slave sessions; bz #1262
+ reported by alexandre.nunes AT gmail.com; ok dtucker@
+ - dtucker@cvs.openbsd.org 2007/06/12 11:56:15
+ [gss-genr.c]
+ Pass GSS OID to gss_display_status to provide better information in
+ error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
+ - jmc@cvs.openbsd.org 2007/06/12 13:41:03
+ [ssh-add.1]
+ identies -> identities;
+ - jmc@cvs.openbsd.org 2007/06/12 13:43:55
+ [ssh.1]
+ add -K to SYNOPSIS;
+ - dtucker@cvs.openbsd.org 2007/06/12 13:54:28
+ [scp.c]
+ Encode filename with strnvis if the name contains a newline (which can't
+ be represented in the scp protocol), from bz #891. ok markus@
+
20070611
- (djm) Bugzilla #1306: silence spurious error messages from hang-on-exit
fix; tested by dtucker@ and jochen.kirn AT gmail.com
[sshd_config.5]
oops, here too: put the MAC list into a display, like we do for
ciphers, since groff has trouble with wide lines;
+ - markus@cvs.openbsd.org 2007/06/11 08:04:44
+ [channels.c]
+ send 'window adjust' messages every tree packets and do not wait
+ until 50% of the window is consumed. ok djm dtucker
- (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
fallback to provided bit-swizzing functions
- (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
but check anyway in case this changes or the code gets used elsewhere.
+ - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should
+ prevent warnings about redefinitions of various things in paths.h.
+ Spotted by cartmanltd at hotmail.com.
20070605
- (dtucker) OpenBSD CVS Sync
andersk / openssh.git / blobdiff