This commit is contained in:
parent
95f0239801
commit
608c9a76d0
@ -1,17 +0,0 @@
|
|||||||
--- sshconnect2.c
|
|
||||||
+++ sshconnect2.c
|
|
||||||
@@ -387,11 +387,11 @@
|
|
||||||
debug3("input_userauth_banner");
|
|
||||||
raw = packet_get_string(&len);
|
|
||||||
lang = packet_get_string(NULL);
|
|
||||||
- if (options.log_level >= SYSLOG_LEVEL_INFO) {
|
|
||||||
+ if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
|
|
||||||
if (len > 65536)
|
|
||||||
len = 65536;
|
|
||||||
- msg = xmalloc(len * 4); /* max expansion from strnvis() */
|
|
||||||
- strnvis(msg, raw, len * 4, VIS_SAFE|VIS_OCTAL);
|
|
||||||
+ msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
|
|
||||||
+ strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH);
|
|
||||||
fprintf(stderr, "%s", msg);
|
|
||||||
xfree(msg);
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:bbe533aa4d2d083011035e3b63e558eaf8db83f7b062410a2035aeb822904472
|
|
||||||
size 835720
|
|
@ -1,7 +1,7 @@
|
|||||||
# add support for Linux audit (FATE #120269)
|
# add support for Linux audit (FATE #120269)
|
||||||
================================================================================
|
================================================================================
|
||||||
--- openssh-5.1p1/Makefile.in
|
--- openssh-5.2p1/Makefile.in
|
||||||
+++ openssh-5.1p1/Makefile.in
|
+++ openssh-5.2p1/Makefile.in
|
||||||
@@ -44,6 +44,7 @@
|
@@ -44,6 +44,7 @@
|
||||||
CFLAGS=@CFLAGS@
|
CFLAGS=@CFLAGS@
|
||||||
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
||||||
@ -19,8 +19,8 @@
|
|||||||
|
|
||||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
||||||
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
--- openssh-5.1p1/auth.c
|
--- openssh-5.2p1/auth.c
|
||||||
+++ openssh-5.1p1/auth.c
|
+++ openssh-5.2p1/auth.c
|
||||||
@@ -287,6 +287,12 @@
|
@@ -287,6 +287,12 @@
|
||||||
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
|
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
|
||||||
# endif
|
# endif
|
||||||
@ -45,9 +45,9 @@
|
|||||||
#ifdef SSH_AUDIT_EVENTS
|
#ifdef SSH_AUDIT_EVENTS
|
||||||
audit_event(SSH_INVALID_USER);
|
audit_event(SSH_INVALID_USER);
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
#endif /* SSH_AUDIT_EVENTS */
|
||||||
--- openssh-5.1p1/config.h.in
|
--- openssh-5.2p1/config.h.in
|
||||||
+++ openssh-5.1p1/config.h.in
|
+++ openssh-5.2p1/config.h.in
|
||||||
@@ -1388,6 +1388,9 @@
|
@@ -1397,6 +1397,9 @@
|
||||||
/* Define if you want SELinux support. */
|
/* Define if you want SELinux support. */
|
||||||
#undef WITH_SELINUX
|
#undef WITH_SELINUX
|
||||||
|
|
||||||
@ -57,9 +57,9 @@
|
|||||||
/* Define to 1 if your processor stores words with the most significant byte
|
/* Define to 1 if your processor stores words with the most significant byte
|
||||||
first (like Motorola and SPARC, unlike Intel and VAX). */
|
first (like Motorola and SPARC, unlike Intel and VAX). */
|
||||||
#undef WORDS_BIGENDIAN
|
#undef WORDS_BIGENDIAN
|
||||||
--- openssh-5.1p1/configure.ac
|
--- openssh-5.2p1/configure.ac
|
||||||
+++ openssh-5.1p1/configure.ac
|
+++ openssh-5.2p1/configure.ac
|
||||||
@@ -3314,6 +3314,20 @@
|
@@ -3340,6 +3340,20 @@
|
||||||
fi ]
|
fi ]
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -80,7 +80,7 @@
|
|||||||
# Check whether user wants Kerberos 5 support
|
# Check whether user wants Kerberos 5 support
|
||||||
KRB5_MSG="no"
|
KRB5_MSG="no"
|
||||||
AC_ARG_WITH(kerberos5,
|
AC_ARG_WITH(kerberos5,
|
||||||
@@ -4134,6 +4148,7 @@
|
@@ -4160,6 +4174,7 @@
|
||||||
echo " OSF SIA support: $SIA_MSG"
|
echo " OSF SIA support: $SIA_MSG"
|
||||||
echo " KerberosV support: $KRB5_MSG"
|
echo " KerberosV support: $KRB5_MSG"
|
||||||
echo " SELinux support: $SELINUX_MSG"
|
echo " SELinux support: $SELINUX_MSG"
|
||||||
@ -88,8 +88,8 @@
|
|||||||
echo " Smartcard support: $SCARD_MSG"
|
echo " Smartcard support: $SCARD_MSG"
|
||||||
echo " S/KEY support: $SKEY_MSG"
|
echo " S/KEY support: $SKEY_MSG"
|
||||||
echo " TCP Wrappers support: $TCPW_MSG"
|
echo " TCP Wrappers support: $TCPW_MSG"
|
||||||
--- openssh-5.1p1/loginrec.c
|
--- openssh-5.2p1/loginrec.c
|
||||||
+++ openssh-5.1p1/loginrec.c
|
+++ openssh-5.2p1/loginrec.c
|
||||||
@@ -176,6 +176,10 @@
|
@@ -176,6 +176,10 @@
|
||||||
#include "auth.h"
|
#include "auth.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
@ -174,8 +174,8 @@
|
|||||||
/**
|
/**
|
||||||
** Low-level libutil login() functions
|
** Low-level libutil login() functions
|
||||||
**/
|
**/
|
||||||
--- openssh-5.1p1/loginrec.h
|
--- openssh-5.2p1/loginrec.h
|
||||||
+++ openssh-5.1p1/loginrec.h
|
+++ openssh-5.2p1/loginrec.h
|
||||||
@@ -127,5 +127,9 @@
|
@@ -127,5 +127,9 @@
|
||||||
char *line_abbrevname(char *dst, const char *src, int dstsize);
|
char *line_abbrevname(char *dst, const char *src, int dstsize);
|
||||||
|
|
@ -7,5 +7,5 @@
|
|||||||
-# Protocol 2,1
|
-# Protocol 2,1
|
||||||
+ Protocol 2
|
+ Protocol 2
|
||||||
# Cipher 3des
|
# Cipher 3des
|
||||||
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
|
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
|
||||||
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
|
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
|
@ -1,6 +1,6 @@
|
|||||||
--- openssh-5.1p1/sshd.8
|
--- openssh-5.2p1/sshd.8
|
||||||
+++ openssh-5.1p1/sshd.8
|
+++ openssh-5.2p1/sshd.8
|
||||||
@@ -785,7 +785,7 @@
|
@@ -783,7 +783,7 @@
|
||||||
The file format is described in
|
The file format is described in
|
||||||
.Xr moduli 5 .
|
.Xr moduli 5 .
|
||||||
.Pp
|
.Pp
|
||||||
@ -9,7 +9,7 @@
|
|||||||
See
|
See
|
||||||
.Xr motd 5 .
|
.Xr motd 5 .
|
||||||
.Pp
|
.Pp
|
||||||
@@ -798,7 +798,7 @@
|
@@ -796,7 +796,7 @@
|
||||||
refused.
|
refused.
|
||||||
The file should be world-readable.
|
The file should be world-readable.
|
||||||
.Pp
|
.Pp
|
||||||
@ -18,7 +18,7 @@
|
|||||||
This file is used in exactly the same way as
|
This file is used in exactly the same way as
|
||||||
.Pa hosts.equiv ,
|
.Pa hosts.equiv ,
|
||||||
but allows host-based authentication without permitting login with
|
but allows host-based authentication without permitting login with
|
||||||
@@ -875,8 +875,7 @@
|
@@ -873,8 +873,7 @@
|
||||||
.Xr ssh-keyscan 1 ,
|
.Xr ssh-keyscan 1 ,
|
||||||
.Xr chroot 2 ,
|
.Xr chroot 2 ,
|
||||||
.Xr hosts_access 5 ,
|
.Xr hosts_access 5 ,
|
||||||
@ -28,8 +28,8 @@
|
|||||||
.Xr sshd_config 5 ,
|
.Xr sshd_config 5 ,
|
||||||
.Xr inetd 8 ,
|
.Xr inetd 8 ,
|
||||||
.Xr sftp-server 8
|
.Xr sftp-server 8
|
||||||
--- openssh-5.1p1/sshd_config.5
|
--- openssh-5.2p1/sshd_config.5
|
||||||
+++ openssh-5.1p1/sshd_config.5
|
+++ openssh-5.2p1/sshd_config.5
|
||||||
@@ -177,9 +177,6 @@
|
@@ -177,9 +177,6 @@
|
||||||
By default, no banner is displayed.
|
By default, no banner is displayed.
|
||||||
.It Cm ChallengeResponseAuthentication
|
.It Cm ChallengeResponseAuthentication
|
@ -1,5 +1,5 @@
|
|||||||
--- openssh-5.1p1/ssh-add.c
|
--- openssh-5.2p1/ssh-add.c
|
||||||
+++ openssh-5.1p1/ssh-add.c
|
+++ openssh-5.2p1/ssh-add.c
|
||||||
@@ -43,6 +43,7 @@
|
@@ -43,6 +43,7 @@
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
@ -19,8 +19,8 @@
|
|||||||
/* At first, get a connection to the authentication agent. */
|
/* At first, get a connection to the authentication agent. */
|
||||||
ac = ssh_get_authentication_connection();
|
ac = ssh_get_authentication_connection();
|
||||||
if (ac == NULL) {
|
if (ac == NULL) {
|
||||||
--- openssh-5.1p1/ssh-agent.c
|
--- openssh-5.2p1/ssh-agent.c
|
||||||
+++ openssh-5.1p1/ssh-agent.c
|
+++ openssh-5.2p1/ssh-agent.c
|
||||||
@@ -52,6 +52,7 @@
|
@@ -52,6 +52,7 @@
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
@ -40,8 +40,8 @@
|
|||||||
__progname = ssh_get_progname(av[0]);
|
__progname = ssh_get_progname(av[0]);
|
||||||
init_rng();
|
init_rng();
|
||||||
seed_rng();
|
seed_rng();
|
||||||
--- openssh-5.1p1/ssh-keygen.c
|
--- openssh-5.2p1/ssh-keygen.c
|
||||||
+++ openssh-5.1p1/ssh-keygen.c
|
+++ openssh-5.2p1/ssh-keygen.c
|
||||||
@@ -22,6 +22,7 @@
|
@@ -22,6 +22,7 @@
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
@ -62,8 +62,8 @@
|
|||||||
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
|
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
|
||||||
|
|
||||||
init_rng();
|
init_rng();
|
||||||
--- openssh-5.1p1/ssh-keysign.c
|
--- openssh-5.2p1/ssh-keysign.c
|
||||||
+++ openssh-5.1p1/ssh-keysign.c
|
+++ openssh-5.2p1/ssh-keysign.c
|
||||||
@@ -38,6 +38,7 @@
|
@@ -38,6 +38,7 @@
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
@ -84,8 +84,8 @@
|
|||||||
for (i = 0; i < 256; i++)
|
for (i = 0; i < 256; i++)
|
||||||
rnd[i] = arc4random();
|
rnd[i] = arc4random();
|
||||||
RAND_seed(rnd, sizeof(rnd));
|
RAND_seed(rnd, sizeof(rnd));
|
||||||
--- openssh-5.1p1/ssh.c
|
--- openssh-5.2p1/ssh.c
|
||||||
+++ openssh-5.1p1/ssh.c
|
+++ openssh-5.2p1/ssh.c
|
||||||
@@ -73,6 +73,7 @@
|
@@ -73,6 +73,7 @@
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include "openbsd-compat/openssl-compat.h"
|
#include "openbsd-compat/openssl-compat.h"
|
||||||
@ -94,7 +94,7 @@
|
|||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
@@ -562,6 +563,10 @@
|
@@ -550,6 +551,10 @@
|
||||||
SSLeay_add_all_algorithms();
|
SSLeay_add_all_algorithms();
|
||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
|
|
||||||
@ -105,8 +105,8 @@
|
|||||||
/* Initialize the command to execute on remote host. */
|
/* Initialize the command to execute on remote host. */
|
||||||
buffer_init(&command);
|
buffer_init(&command);
|
||||||
|
|
||||||
--- openssh-5.1p1/sshd.c
|
--- openssh-5.2p1/sshd.c
|
||||||
+++ openssh-5.1p1/sshd.c
|
+++ openssh-5.2p1/sshd.c
|
||||||
@@ -77,6 +77,7 @@
|
@@ -77,6 +77,7 @@
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
@ -115,7 +115,7 @@
|
|||||||
|
|
||||||
#ifdef HAVE_SECUREWARE
|
#ifdef HAVE_SECUREWARE
|
||||||
#include <sys/security.h>
|
#include <sys/security.h>
|
||||||
@@ -1416,6 +1417,10 @@
|
@@ -1415,6 +1416,10 @@
|
||||||
|
|
||||||
SSLeay_add_all_algorithms();
|
SSLeay_add_all_algorithms();
|
||||||
|
|
@ -1,8 +1,8 @@
|
|||||||
--- channels.c
|
--- channels.c
|
||||||
+++ channels.c
|
+++ channels.c
|
||||||
@@ -2418,6 +2418,9 @@
|
@@ -2471,6 +2471,9 @@
|
||||||
const char *host, *addr;
|
|
||||||
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
|
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
|
||||||
|
in_port_t *lport_p;
|
||||||
|
|
||||||
+ if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
|
+ if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
|
||||||
+ fatal("channel_setup_fwd_listener: too many forwards");
|
+ fatal("channel_setup_fwd_listener: too many forwards");
|
@ -52,16 +52,16 @@ Index: auth2-gss.c
|
|||||||
extern Authmethod method_gssapi;
|
extern Authmethod method_gssapi;
|
||||||
+extern Authmethod method_gssapi_old;
|
+extern Authmethod method_gssapi_old;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef JPAKE
|
||||||
Authmethod *authmethods[] = {
|
extern Authmethod method_jpake;
|
||||||
@@ -77,6 +78,7 @@
|
@@ -80,6 +81,7 @@
|
||||||
&method_pubkey,
|
&method_pubkey,
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
&method_gssapi,
|
&method_gssapi,
|
||||||
+ &method_gssapi_old,
|
+ &method_gssapi_old,
|
||||||
#endif
|
#endif
|
||||||
&method_passwd,
|
#ifdef JPAKE
|
||||||
&method_kbdint,
|
&method_jpake,
|
||||||
--- readconf.c
|
--- readconf.c
|
||||||
+++ readconf.c
|
+++ readconf.c
|
||||||
@@ -126,7 +126,7 @@
|
@@ -126,7 +126,7 @@
|
||||||
@ -85,7 +85,7 @@ Index: auth2-gss.c
|
|||||||
#endif
|
#endif
|
||||||
{ "fallbacktorsh", oDeprecated },
|
{ "fallbacktorsh", oDeprecated },
|
||||||
{ "usersh", oDeprecated },
|
{ "usersh", oDeprecated },
|
||||||
@@ -447,6 +449,10 @@
|
@@ -456,6 +458,10 @@
|
||||||
case oGssDelegateCreds:
|
case oGssDelegateCreds:
|
||||||
intptr = &options->gss_deleg_creds;
|
intptr = &options->gss_deleg_creds;
|
||||||
goto parse_flag;
|
goto parse_flag;
|
||||||
@ -96,7 +96,7 @@ Index: auth2-gss.c
|
|||||||
|
|
||||||
case oBatchMode:
|
case oBatchMode:
|
||||||
intptr = &options->batch_mode;
|
intptr = &options->batch_mode;
|
||||||
@@ -1017,6 +1023,7 @@
|
@@ -1009,6 +1015,7 @@
|
||||||
options->challenge_response_authentication = -1;
|
options->challenge_response_authentication = -1;
|
||||||
options->gss_authentication = -1;
|
options->gss_authentication = -1;
|
||||||
options->gss_deleg_creds = -1;
|
options->gss_deleg_creds = -1;
|
||||||
@ -104,7 +104,7 @@ Index: auth2-gss.c
|
|||||||
options->password_authentication = -1;
|
options->password_authentication = -1;
|
||||||
options->kbd_interactive_authentication = -1;
|
options->kbd_interactive_authentication = -1;
|
||||||
options->kbd_interactive_devices = NULL;
|
options->kbd_interactive_devices = NULL;
|
||||||
@@ -1108,6 +1115,8 @@
|
@@ -1101,6 +1108,8 @@
|
||||||
options->gss_authentication = 0;
|
options->gss_authentication = 0;
|
||||||
if (options->gss_deleg_creds == -1)
|
if (options->gss_deleg_creds == -1)
|
||||||
options->gss_deleg_creds = 0;
|
options->gss_deleg_creds = 0;
|
||||||
@ -133,7 +133,7 @@ Index: auth2-gss.c
|
|||||||
options->password_authentication = -1;
|
options->password_authentication = -1;
|
||||||
options->kbd_interactive_authentication = -1;
|
options->kbd_interactive_authentication = -1;
|
||||||
options->challenge_response_authentication = -1;
|
options->challenge_response_authentication = -1;
|
||||||
@@ -211,6 +212,8 @@
|
@@ -212,6 +213,8 @@
|
||||||
options->gss_authentication = 0;
|
options->gss_authentication = 0;
|
||||||
if (options->gss_cleanup_creds == -1)
|
if (options->gss_cleanup_creds == -1)
|
||||||
options->gss_cleanup_creds = 1;
|
options->gss_cleanup_creds = 1;
|
||||||
@ -142,7 +142,7 @@ Index: auth2-gss.c
|
|||||||
if (options->password_authentication == -1)
|
if (options->password_authentication == -1)
|
||||||
options->password_authentication = 1;
|
options->password_authentication = 1;
|
||||||
if (options->kbd_interactive_authentication == -1)
|
if (options->kbd_interactive_authentication == -1)
|
||||||
@@ -299,7 +302,7 @@
|
@@ -302,7 +305,7 @@
|
||||||
sBanner, sUseDNS, sHostbasedAuthentication,
|
sBanner, sUseDNS, sHostbasedAuthentication,
|
||||||
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
|
||||||
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
|
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
|
||||||
@ -150,8 +150,8 @@ Index: auth2-gss.c
|
|||||||
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
|
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
|
||||||
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
|
||||||
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
sUsePrivilegeSeparation, sAllowAgentForwarding,
|
||||||
sDeprecated, sUnsupported
|
sZeroKnowledgePasswordAuthentication,
|
||||||
@@ -360,9 +363,11 @@
|
@@ -364,9 +367,11 @@
|
||||||
#ifdef GSSAPI
|
#ifdef GSSAPI
|
||||||
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
|
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
|
||||||
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
|
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
|
||||||
@ -163,7 +163,7 @@ Index: auth2-gss.c
|
|||||||
#endif
|
#endif
|
||||||
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
|
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
|
||||||
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
|
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
|
||||||
@@ -885,6 +890,10 @@
|
@@ -894,6 +899,10 @@
|
||||||
case sGssCleanupCreds:
|
case sGssCleanupCreds:
|
||||||
intptr = &options->gss_cleanup_creds;
|
intptr = &options->gss_cleanup_creds;
|
||||||
goto parse_flag;
|
goto parse_flag;
|
||||||
@ -186,7 +186,7 @@ Index: auth2-gss.c
|
|||||||
int kbd_interactive_authentication; /* If true, permit */
|
int kbd_interactive_authentication; /* If true, permit */
|
||||||
--- ssh_config
|
--- ssh_config
|
||||||
+++ ssh_config
|
+++ ssh_config
|
||||||
@@ -54,3 +54,13 @@
|
@@ -54,4 +54,14 @@
|
||||||
# Tunnel no
|
# Tunnel no
|
||||||
# TunnelDevice any:any
|
# TunnelDevice any:any
|
||||||
# PermitLocalCommand no
|
# PermitLocalCommand no
|
||||||
@ -200,10 +200,11 @@ Index: auth2-gss.c
|
|||||||
+# GSSAPIEnableMITMAttack no
|
+# GSSAPIEnableMITMAttack no
|
||||||
+
|
+
|
||||||
+>>>>>>>
|
+>>>>>>>
|
||||||
|
# VisualHostKey no
|
||||||
--- sshconnect2.c
|
--- sshconnect2.c
|
||||||
+++ sshconnect2.c
|
+++ sshconnect2.c
|
||||||
@@ -246,6 +246,10 @@
|
@@ -255,6 +255,10 @@
|
||||||
userauth_gssapi,
|
NULL,
|
||||||
&options.gss_authentication,
|
&options.gss_authentication,
|
||||||
NULL},
|
NULL},
|
||||||
+ {"gssapi",
|
+ {"gssapi",
|
||||||
@ -213,7 +214,7 @@ Index: auth2-gss.c
|
|||||||
#endif
|
#endif
|
||||||
{"hostbased",
|
{"hostbased",
|
||||||
userauth_hostbased,
|
userauth_hostbased,
|
||||||
@@ -587,7 +591,9 @@
|
@@ -617,7 +621,9 @@
|
||||||
|
|
||||||
if (status == GSS_S_COMPLETE) {
|
if (status == GSS_S_COMPLETE) {
|
||||||
/* send either complete or MIC, depending on mechanism */
|
/* send either complete or MIC, depending on mechanism */
|
@ -1,8 +1,8 @@
|
|||||||
Index: openssh-5.1p1/auth-pam.c
|
Index: openssh-5.1p1/auth-pam.c
|
||||||
===================================================================
|
================================================================================
|
||||||
--- openssh-5.1p1.orig/auth-pam.c
|
--- openssh-5.2p1/auth-pam.c
|
||||||
+++ openssh-5.1p1/auth-pam.c
|
+++ openssh-5.2p1/auth-pam.c
|
||||||
@@ -602,16 +602,16 @@ sshpam_cleanup(void)
|
@@ -602,16 +602,16 @@
|
||||||
return;
|
return;
|
||||||
debug("PAM: cleanup");
|
debug("PAM: cleanup");
|
||||||
pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
|
pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
|
@ -1,6 +1,6 @@
|
|||||||
--- sshd.c
|
--- sshd.c
|
||||||
+++ sshd.c
|
+++ sshd.c
|
||||||
@@ -305,6 +305,7 @@
|
@@ -304,6 +304,7 @@
|
||||||
static void
|
static void
|
||||||
sighup_restart(void)
|
sighup_restart(void)
|
||||||
{
|
{
|
||||||
@ -8,7 +8,7 @@
|
|||||||
logit("Received SIGHUP; restarting.");
|
logit("Received SIGHUP; restarting.");
|
||||||
close_listen_socks();
|
close_listen_socks();
|
||||||
close_startup_pipes();
|
close_startup_pipes();
|
||||||
@@ -1270,7 +1271,11 @@
|
@@ -1269,7 +1270,11 @@
|
||||||
#ifndef HAVE_SETPROCTITLE
|
#ifndef HAVE_SETPROCTITLE
|
||||||
/* Prepare for later setproctitle emulation */
|
/* Prepare for later setproctitle emulation */
|
||||||
compat_init_setproctitle(ac, av);
|
compat_init_setproctitle(ac, av);
|
@ -1,6 +1,6 @@
|
|||||||
--- ssh_config
|
--- ssh_config
|
||||||
+++ ssh_config
|
+++ ssh_config
|
||||||
@@ -63,4 +63,7 @@
|
@@ -63,5 +63,8 @@
|
||||||
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
|
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
|
||||||
# GSSAPIEnableMITMAttack no
|
# GSSAPIEnableMITMAttack no
|
||||||
|
|
||||||
@ -9,6 +9,7 @@
|
|||||||
+SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
+SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||||
+SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
+SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||||
+SendEnv LC_IDENTIFICATION LC_ALL
|
+SendEnv LC_IDENTIFICATION LC_ALL
|
||||||
|
# VisualHostKey no
|
||||||
--- sshd_config
|
--- sshd_config
|
||||||
+++ sshd_config
|
+++ sshd_config
|
||||||
@@ -119,6 +119,11 @@
|
@@ -119,6 +119,11 @@
|
@ -1,6 +1,6 @@
|
|||||||
--- session.c
|
--- session.c
|
||||||
+++ session.c
|
+++ session.c
|
||||||
@@ -2487,8 +2487,41 @@
|
@@ -2493,8 +2493,41 @@
|
||||||
session_close(Session *s)
|
session_close(Session *s)
|
||||||
{
|
{
|
||||||
u_int i;
|
u_int i;
|
@ -1,6 +1,6 @@
|
|||||||
--- session.c
|
--- session.c
|
||||||
+++ session.c
|
+++ session.c
|
||||||
@@ -1104,7 +1104,7 @@
|
@@ -1110,7 +1110,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
static char **
|
static char **
|
||||||
@ -9,7 +9,7 @@
|
|||||||
{
|
{
|
||||||
char buf[256];
|
char buf[256];
|
||||||
u_int i, envsize;
|
u_int i, envsize;
|
||||||
@@ -1291,6 +1291,8 @@
|
@@ -1297,6 +1297,8 @@
|
||||||
for (i = 0; env[i]; i++)
|
for (i = 0; env[i]; i++)
|
||||||
fprintf(stderr, " %.200s\n", env[i]);
|
fprintf(stderr, " %.200s\n", env[i]);
|
||||||
}
|
}
|
||||||
@ -18,7 +18,7 @@
|
|||||||
return env;
|
return env;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1299,7 +1301,7 @@
|
@@ -1305,7 +1307,7 @@
|
||||||
* first in this order).
|
* first in this order).
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
@ -27,7 +27,7 @@
|
|||||||
{
|
{
|
||||||
FILE *f = NULL;
|
FILE *f = NULL;
|
||||||
char cmd[1024];
|
char cmd[1024];
|
||||||
@@ -1353,12 +1355,20 @@
|
@@ -1359,12 +1361,20 @@
|
||||||
options.xauth_location);
|
options.xauth_location);
|
||||||
f = popen(cmd, "w");
|
f = popen(cmd, "w");
|
||||||
if (f) {
|
if (f) {
|
||||||
@ -48,7 +48,7 @@
|
|||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Could not run %s\n",
|
fprintf(stderr, "Could not run %s\n",
|
||||||
cmd);
|
cmd);
|
||||||
@@ -1644,6 +1654,7 @@
|
@@ -1650,6 +1660,7 @@
|
||||||
{
|
{
|
||||||
extern char **environ;
|
extern char **environ;
|
||||||
char **env;
|
char **env;
|
||||||
@ -56,7 +56,7 @@
|
|||||||
char *argv[ARGV_MAX];
|
char *argv[ARGV_MAX];
|
||||||
const char *shell, *shell0, *hostname = NULL;
|
const char *shell, *shell0, *hostname = NULL;
|
||||||
struct passwd *pw = s->pw;
|
struct passwd *pw = s->pw;
|
||||||
@@ -1710,7 +1721,7 @@
|
@@ -1716,7 +1727,7 @@
|
||||||
* Make sure $SHELL points to the shell from the password file,
|
* Make sure $SHELL points to the shell from the password file,
|
||||||
* even if shell is overridden from login.conf
|
* even if shell is overridden from login.conf
|
||||||
*/
|
*/
|
||||||
@ -65,7 +65,7 @@
|
|||||||
|
|
||||||
#ifdef HAVE_LOGIN_CAP
|
#ifdef HAVE_LOGIN_CAP
|
||||||
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
|
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
|
||||||
@@ -1778,7 +1789,7 @@
|
@@ -1784,7 +1795,7 @@
|
||||||
closefrom(STDERR_FILENO + 1);
|
closefrom(STDERR_FILENO + 1);
|
||||||
|
|
||||||
if (!options.use_login)
|
if (!options.use_login)
|
3
openssh-5.2p1.tar.bz2
Normal file
3
openssh-5.2p1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5de561b64b659e21d66b4f1c04690e94f922f3f5fb3f070e81fbd8f9f4403de8
|
||||||
|
size 816819
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 23 17:27:22 CET 2009 - anicka@suse.cz
|
||||||
|
|
||||||
|
- update to 5.2p1
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 9 14:35:42 CEST 2008 - anicka@suse.cz
|
Wed Apr 9 14:35:42 CEST 2008 - anicka@suse.cz
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package openssh-askpass-gnome (Version 5.1p1)
|
# spec file for package openssh-askpass-gnome (Version 5.2p1)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -22,8 +22,8 @@ Name: openssh-askpass-gnome
|
|||||||
BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
|
BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
|
||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Group: Productivity/Networking/SSH
|
Group: Productivity/Networking/SSH
|
||||||
Version: 5.1p1
|
Version: 5.2p1
|
||||||
Release: 41
|
Release: 1
|
||||||
Requires: openssh = %{version} openssh-askpass = %{version}
|
Requires: openssh = %{version} openssh-askpass = %{version}
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
||||||
@ -118,6 +118,8 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
|
%attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 23 2009 anicka@suse.cz
|
||||||
|
- update to 5.2p1
|
||||||
* Wed Apr 09 2008 anicka@suse.cz
|
* Wed Apr 09 2008 anicka@suse.cz
|
||||||
- update to 5.0p1
|
- update to 5.0p1
|
||||||
* Wed Apr 02 2008 anicka@suse.cz
|
* Wed Apr 02 2008 anicka@suse.cz
|
||||||
|
@ -1,3 +1,57 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 23 17:27:45 CET 2009 - anicka@suse.cz
|
||||||
|
|
||||||
|
- update to 5.2p1
|
||||||
|
* This release changes the default cipher order to prefer the AES CTR
|
||||||
|
modes and the revised "arcfour256" mode to CBC mode ciphers that are
|
||||||
|
susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".
|
||||||
|
* This release also adds countermeasures to mitigate CPNI-957037-style
|
||||||
|
attacks against the SSH protocol's use of CBC-mode ciphers. Upon
|
||||||
|
detection of an invalid packet length or Message Authentication
|
||||||
|
Code, ssh/sshd will continue reading up to the maximum supported
|
||||||
|
packet length rather than immediately terminating the connection.
|
||||||
|
This eliminates most of the known differences in behaviour that
|
||||||
|
leaked information about the plaintext of injected data which formed
|
||||||
|
the basis of this attack. We believe that these attacks are rendered
|
||||||
|
infeasible by these changes.
|
||||||
|
* Added a -y option to ssh(1) to force logging to syslog rather than
|
||||||
|
stderr, which is useful when running daemonised (ssh -f)
|
||||||
|
* The sshd_config(5) ForceCommand directive now accepts commandline
|
||||||
|
arguments for the internal-sftp server.
|
||||||
|
* The ssh(1) ~C escape commandline now support runtime creation of
|
||||||
|
dynamic (-D) port forwards.
|
||||||
|
* Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
|
||||||
|
(bz#1482)
|
||||||
|
* Support remote port forwarding with a listen port of '0'. This
|
||||||
|
informs the server that it should dynamically allocate a listen
|
||||||
|
port and report it back to the client. (bz#1003)
|
||||||
|
* sshd(8) now supports setting PermitEmptyPasswords and
|
||||||
|
AllowAgentForwarding in Match blocks
|
||||||
|
* Repair a ssh(1) crash introduced in openssh-5.1 when the client is
|
||||||
|
sent a zero-length banner (bz#1496)
|
||||||
|
* Due to interoperability problems with certain
|
||||||
|
broken SSH implementations, the eow@openssh.com and
|
||||||
|
no-more-sessions@openssh.com protocol extensions are now only sent
|
||||||
|
to peers that identify themselves as OpenSSH.
|
||||||
|
* Make ssh(1) send the correct channel number for
|
||||||
|
SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
|
||||||
|
avoid triggering 'Non-public channel' error messages on sshd(8) in
|
||||||
|
openssh-5.1.
|
||||||
|
* Avoid printing 'Non-public channel' warnings in sshd(8), since the
|
||||||
|
ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
|
||||||
|
a behaviour introduced in openssh-5.1).
|
||||||
|
* Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)
|
||||||
|
* Correct fail-on-error behaviour in sftp(1) batchmode for remote
|
||||||
|
stat operations. (bz#1541)
|
||||||
|
* Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
|
||||||
|
connections. (bz#1543)
|
||||||
|
* Avoid hang in ssh(1) when attempting to connect to a server that
|
||||||
|
has MaxSessions=0 set.
|
||||||
|
* Multiple fixes to sshd(8) configuration test (-T) mode
|
||||||
|
* Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
|
||||||
|
1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540
|
||||||
|
* Many manual page improvements.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Dec 1 15:43:14 CET 2008 - anicka@suse.cz
|
Mon Dec 1 15:43:14 CET 2008 - anicka@suse.cz
|
||||||
|
|
||||||
|
65
openssh.spec
65
openssh.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package openssh (Version 5.1p1)
|
# spec file for package openssh (Version 5.2p1)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -37,8 +37,8 @@ Requires: /bin/netstat
|
|||||||
PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_prereq /bin/mkdir /bin/cat permissions
|
PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_prereq /bin/mkdir /bin/cat permissions
|
||||||
Conflicts: nonfreessh
|
Conflicts: nonfreessh
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 5.1p1
|
Version: 5.2p1
|
||||||
Release: 41
|
Release: 1
|
||||||
%define xversion 1.2.4.1
|
%define xversion 1.2.4.1
|
||||||
Summary: Secure Shell Client and Server (Remote Login Program)
|
Summary: Secure Shell Client and Server (Remote Login Program)
|
||||||
Url: http://www.openssh.com/
|
Url: http://www.openssh.com/
|
||||||
@ -70,7 +70,6 @@ Patch43: %{name}-%{version}-default-protocol.diff
|
|||||||
Patch44: %{name}-%{version}-audit.patch
|
Patch44: %{name}-%{version}-audit.patch
|
||||||
Patch45: %{name}-%{version}-pts.diff
|
Patch45: %{name}-%{version}-pts.diff
|
||||||
Patch46: %{name}-%{version}-pam-fix4.diff
|
Patch46: %{name}-%{version}-pam-fix4.diff
|
||||||
Patch47: %{name}-%{version}-strnvis.diff
|
|
||||||
Patch48: %{name}-%{version}-forwards.diff
|
Patch48: %{name}-%{version}-forwards.diff
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
@ -162,7 +161,6 @@ Authors:
|
|||||||
%patch44 -p1
|
%patch44 -p1
|
||||||
%patch45
|
%patch45
|
||||||
%patch46 -p1
|
%patch46 -p1
|
||||||
%patch47
|
|
||||||
%patch48
|
%patch48
|
||||||
cp -v %{SOURCE4} .
|
cp -v %{SOURCE4} .
|
||||||
cp -v %{SOURCE6} .
|
cp -v %{SOURCE6} .
|
||||||
@ -294,7 +292,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0755,root,root) /usr/%_lib/ssh/sftp-server
|
%attr(0755,root,root) /usr/%_lib/ssh/sftp-server
|
||||||
%attr(0755,root,root) /usr/%_lib/ssh/ssh-keysign
|
%attr(0755,root,root) /usr/%_lib/ssh/ssh-keysign
|
||||||
%dir /etc/slp.reg.d
|
%dir /etc/slp.reg.d
|
||||||
/etc/slp.reg.d/ssh.reg
|
%config /etc/slp.reg.d/ssh.reg
|
||||||
/var/adm/fillup-templates/sysconfig.ssh
|
/var/adm/fillup-templates/sysconfig.ssh
|
||||||
%config %{_fwdefdir}/sshd
|
%config %{_fwdefdir}/sshd
|
||||||
|
|
||||||
@ -304,9 +302,60 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0755,root,root) /usr/%_lib/ssh/x11-ssh-askpass
|
%attr(0755,root,root) /usr/%_lib/ssh/x11-ssh-askpass
|
||||||
%doc %_mandir/man1/ssh-askpass.1x.gz
|
%doc %_mandir/man1/ssh-askpass.1x.gz
|
||||||
%doc %_mandir/man1/x11-ssh-askpass.1x.gz
|
%doc %_mandir/man1/x11-ssh-askpass.1x.gz
|
||||||
%config %_appdefdir/SshAskpass
|
%_appdefdir/SshAskpass
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 23 2009 anicka@suse.cz
|
||||||
|
- update to 5.2p1
|
||||||
|
* This release changes the default cipher order to prefer the AES CTR
|
||||||
|
modes and the revised "arcfour256" mode to CBC mode ciphers that are
|
||||||
|
susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".
|
||||||
|
* This release also adds countermeasures to mitigate CPNI-957037-style
|
||||||
|
attacks against the SSH protocol's use of CBC-mode ciphers. Upon
|
||||||
|
detection of an invalid packet length or Message Authentication
|
||||||
|
Code, ssh/sshd will continue reading up to the maximum supported
|
||||||
|
packet length rather than immediately terminating the connection.
|
||||||
|
This eliminates most of the known differences in behaviour that
|
||||||
|
leaked information about the plaintext of injected data which formed
|
||||||
|
the basis of this attack. We believe that these attacks are rendered
|
||||||
|
infeasible by these changes.
|
||||||
|
* Added a -y option to ssh(1) to force logging to syslog rather than
|
||||||
|
stderr, which is useful when running daemonised (ssh -f)
|
||||||
|
* The sshd_config(5) ForceCommand directive now accepts commandline
|
||||||
|
arguments for the internal-sftp server.
|
||||||
|
* The ssh(1) ~C escape commandline now support runtime creation of
|
||||||
|
dynamic (-D) port forwards.
|
||||||
|
* Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
|
||||||
|
(bz#1482)
|
||||||
|
* Support remote port forwarding with a listen port of '0'. This
|
||||||
|
informs the server that it should dynamically allocate a listen
|
||||||
|
port and report it back to the client. (bz#1003)
|
||||||
|
* sshd(8) now supports setting PermitEmptyPasswords and
|
||||||
|
AllowAgentForwarding in Match blocks
|
||||||
|
* Repair a ssh(1) crash introduced in openssh-5.1 when the client is
|
||||||
|
sent a zero-length banner (bz#1496)
|
||||||
|
* Due to interoperability problems with certain
|
||||||
|
broken SSH implementations, the eow@openssh.com and
|
||||||
|
no-more-sessions@openssh.com protocol extensions are now only sent
|
||||||
|
to peers that identify themselves as OpenSSH.
|
||||||
|
* Make ssh(1) send the correct channel number for
|
||||||
|
SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
|
||||||
|
avoid triggering 'Non-public channel' error messages on sshd(8) in
|
||||||
|
openssh-5.1.
|
||||||
|
* Avoid printing 'Non-public channel' warnings in sshd(8), since the
|
||||||
|
ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
|
||||||
|
a behaviour introduced in openssh-5.1).
|
||||||
|
* Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)
|
||||||
|
* Correct fail-on-error behaviour in sftp(1) batchmode for remote
|
||||||
|
stat operations. (bz#1541)
|
||||||
|
* Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
|
||||||
|
connections. (bz#1543)
|
||||||
|
* Avoid hang in ssh(1) when attempting to connect to a server that
|
||||||
|
has MaxSessions=0 set.
|
||||||
|
* Multiple fixes to sshd(8) configuration test (-T) mode
|
||||||
|
* Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
|
||||||
|
1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540
|
||||||
|
* Many manual page improvements.
|
||||||
* Mon Dec 01 2008 anicka@suse.cz
|
* Mon Dec 01 2008 anicka@suse.cz
|
||||||
- respect SSH_MAX_FORWARDS_PER_DIRECTION (bnc#448775)
|
- respect SSH_MAX_FORWARDS_PER_DIRECTION (bnc#448775)
|
||||||
* Mon Nov 10 2008 anicka@suse.cz
|
* Mon Nov 10 2008 anicka@suse.cz
|
||||||
|
Loading…
Reference in New Issue
Block a user