![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.10 / (download) - annotate - [select for diffs], Wed Feb 23 19:07:20 2022 UTC (11 months ago) by christos
Branch: MAIN
CVS Tags: netbsd-10-base,
netbsd-10,
HEAD
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored)
Merge differences between openssh-8.8 and openssh-8.9
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Wed Feb 23 19:04:27 2022 UTC (11 months ago) by christos
Branch: OPENSSH
CVS Tags: v91-20221004,
v90-20220408,
v89-20220223
Changes since 1.1.1.5: +2 -2
lines
Diff to previous 1.1.1.5 (colored)
Import OpenSSH 8.9. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. This creates one area of potential incompatibility: scp(1) when using the SFTP protocol no longer requires this finicky and brittle quoting, and attempts to use it may cause transfers to fail. We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol. Another area of potential incompatibility relates to the use of remote paths relative to other user's home directories, for example - "scp host:~user/file /tmp". The SFTP protocol has no native way to expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a protocol extension "expand-path@openssh.com" to support this. Security Near Miss ================== * sshd(8): fix an integer overflow in the user authentication path that, in conjunction with other logic errors, could have yielded unauthenticated access under difficult to exploit conditions. This situation is not exploitable because of independent checks in the privilege separation monitor. Privilege separation has been enabled by default in since openssh-3.2.2 (released in 2002) and has been mandatory since openssh-7.5 (released in 2017). Moreover, portable OpenSSH has used toolchain features available in most modern compilers to abort on signed integer overflow since openssh-6.5 (released in 2014). Thanks to Malcolm Stagg for finding and reporting this bug. Potentially-incompatible changes ================================ * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. * This release modifies the FIDO security key middleware interface and increments SSH_SK_VERSION_MAJOR. Changes since OpenSSH 8.8 ========================= This release includes a number of new features. New features ------------ * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) A detailed description of the feature is available at https://www.openssh.com/agent-restrict.html and the protocol extensions are documented in the PROTOCOL and PROTOCOL.agent files in the source release. * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * ssh-keygen(1): when downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default). Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs. * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys on tokens that provide user verification (UV) on the device itself, including biometric keys, avoiding unnecessary PIN prompts. * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to perform matching of principals names against an allowed signers file. To be used towards a TOFU model for SSH signatures in git. * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at authentication time. * ssh-keygen(1): allow selection of hash at sshsig signing time (either sha512 (default) or sha256). * ssh(1), sshd(8): read network data directly to the packet input buffer instead indirectly via a small stack buffer. Provides a modest performance improvement. * ssh(1), sshd(8): read data directly to the channel input buffer, providing a similar modest performance improvement. * ssh(1): extend the PubkeyAuthentication configuration directive to accept yes|no|unbound|host-bound to allow control over one of the protocol extensions used to implement agent-restricted keys. Bugfixes -------- * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and PubkeyAuthOptions can be used in a Match block. PR#277. * sshd(8): fix possible string truncation when constructing paths to .rhosts/.shosts files with very long user home directory names. * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512 exchange hashes * ssh(1): don't put the TTY into raw mode when SessionType=none, avoids ^C being unable to kill such a session. bz3360 * scp(1): fix some corner-case bugs in SFTP-mode handling of ~-prefixed paths. * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to select RSA keys when only RSA/SHA2 signature algorithms are configured (this is the default case). Previously RSA keys were not being considered in the default case. * ssh-keysign(1): make ssh-keysign use the requested signature algorithm and not the default for the key type. Part of unbreaking hostbased auth for RSA/SHA2 keys. * ssh(1): stricter UpdateHostkey signature verification logic on the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 * ssh(1), sshd(8): fix signature algorithm selection logic for UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 signatures for RSA keys if the client proposed these algorithms in initial KEX. bz3375 * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2). This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1) and sftp-server(8), as well as the sshd(8) listen loop and all other FD read/writability checks. On platforms with missing or broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is available. * ssh-keygen(1): the "-Y find-principals" command was verifying key validity when using ca certs but not with simple key lifetimes within the allowed signers file. * ssh-keygen(1): make sshsig verify-time argument parsing optional * sshd(8): fix truncation in rhosts/shosts path construction. * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we already did this for RSA keys). Avoids fatal errors for PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364 * ssh(1), ssh-agent(1): improve the testing of credentials against inserted FIDO: ask the token whether a particular key belongs to it in cases where the token supports on-token user-verification (e.g. biometrics) rather than just assuming that it will accept it. Will reduce spurious "Confirm user presence" notifications for key handles that relate to FIDO keys that are not currently inserted in at least some cases. bz3366 * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to allow for the preceding two ECN bits. bz#3373 * ssh-keygen(1): add missing -O option to usage() for the "-Y sign" option. * ssh-keygen(1): fix a NULL deref when using the find-principals function, when matching an allowed_signers line that contains a namespace restriction, but no restriction specified on the command-line * ssh-agent(1): fix memleak in process_extension(); oss-fuzz issue #42719 * ssh(1): suppress "Connection to xxx closed" messages when LogLevel is set to "error" or above. bz3378 * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing compressed packet data. bz3372 * scp(1): when recursively transferring files in SFTP mode, create the destination directory if it doesn't already exist to match scp(1) in legacy RCP mode behaviour. * scp(1): many improvements in error message consistency between scp(1) in SFTP mode vs legacy RCP mode. * sshd(8): fix potential race in SIGTERM handling PR#289 * ssh(1), ssh(8): since DSA keys are deprecated, move them to the end of the default list of public keys so that they will be tried last. PR#295 * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match wildcard principals in allowed_signers files Portability ----------- * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's implementation does not work in a chroot when the kernel does not have close_range(2). It tries to read from /proc/self/fd and when that fails dies with an assertion of sorts. Instead, call close_range(2) directly from our compat code and fall back if that fails. bz#3349, * OS X poll(2) is broken; use compat replacement. For character- special devices like /dev/null, Darwin's poll(2) returns POLLNVAL when polled with POLLIN. Apparently this is Apple bug 3710161 - not public but a websearch will find other OSS projects rediscovering it periodically since it was first identified in 2005. * Correct handling of exceptfds/POLLPRI in our select(2)-based poll(2)/ppoll(2) compat implementation. * Cygwin: correct checking of mbstowcs() return value. * Add a basic SECURITY.md that refers people to the openssh.com website. * Enable additional compiler warnings and toolchain hardening flags, including -Wbitwise-instead-of-logical, -Wmisleading-indentation, -fzero-call-used-regs and -ftrivial-auto-var-init. * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version is not reliable.
Revision 1.8.12.1 / (download) - annotate - [select for diffs], Mon Apr 13 07:45:20 2020 UTC (2 years, 9 months ago) by martin
Branch: phil-wifi
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
Mostly merge changes from HEAD upto 20200411
Revision 1.9 / (download) - annotate - [select for diffs], Sat Oct 12 18:32:22 2019 UTC (3 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
is-mlppp-base,
is-mlppp,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
merge openssh-8.1
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 12 15:14:14 2019 UTC (3 years, 3 months ago) by christos
Branch: OPENSSH
CVS Tags: v88-20210926,
v87-20210820,
v86-20210419,
v85_20210303,
v84-20200927,
v83-20200527,
v82-20200214,
v81-20191009
Changes since 1.1.1.4: +3 -3
lines
Diff to previous 1.1.1.4 (colored)
OpenSSH 8.1 was released on 2019-10-09. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Security ======== * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program. * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Potentially-incompatible changes ================================ This release includes a number of changes that may affect existing configurations: * ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ...").
Revision 1.2.8.1 / (download) - annotate - [select for diffs], Tue Aug 15 05:27:53 2017 UTC (5 years, 5 months ago) by snj
Branch: netbsd-6
Changes since 1.2: +11 -5
lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Apply patch (requested by mrg in ticket #1468): Update OpenSSH to 7.5.
Revision 1.2.20.1 / (download) - annotate - [select for diffs], Tue Aug 15 04:40:17 2017 UTC (5 years, 5 months ago) by snj
Branch: netbsd-6-1
Changes since 1.2: +11 -5
lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Apply patch (requested by mrg in ticket #1468): Update OpenSSH to 7.5.
Revision 1.2.14.1 / (download) - annotate - [select for diffs], Tue Aug 15 04:39:21 2017 UTC (5 years, 5 months ago) by snj
Branch: netbsd-6-0
Changes since 1.2: +11 -5
lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Apply patch (requested by mrg in ticket #1468): Update OpenSSH to 7.5.
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Wed Apr 26 02:52:15 2017 UTC (5 years, 9 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.6.2.1: +1 -1
lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
Sync with HEAD
Revision 1.7.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:50:57 2017 UTC (5 years, 9 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.7: +1 -1
lines
Diff to previous 1.7 (colored) next main 1.8 (colored)
Sync with HEAD
Revision 1.8 / (download) - annotate - [select for diffs], Tue Apr 18 18:41:46 2017 UTC (5 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-base,
phil-wifi-20190609,
pgoyette-localcount-20170426,
pgoyette-compat-merge-20190127,
pgoyette-compat-base,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
pgoyette-compat,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
netbsd-9-base,
netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
netbsd-9,
netbsd-8-base,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-8,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
bouyer-socketcan-base1
Branch point for: phil-wifi
Changes since 1.7: +0 -0
lines
Diff to previous 1.7 (colored)
merge conflicts
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:53:42 2017 UTC (6 years ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.6: +1 -1
lines
Diff to previous 1.6 (colored)
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
Revision 1.7 / (download) - annotate - [select for diffs], Sun Dec 25 00:07:47 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-20170320,
pgoyette-localcount-20170107,
bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.6: +0 -0
lines
Diff to previous 1.6 (colored)
merge conflicts
Revision 1.6 / (download) - annotate - [select for diffs], Fri Apr 3 23:58:19 2015 UTC (7 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-base,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
localcount-20160914
Branch point for: pgoyette-localcount
Changes since 1.5: +0 -0
lines
Diff to previous 1.5 (colored)
Merge conflicts
Revision 1.5 / (download) - annotate - [select for diffs], Sun Oct 19 16:30:59 2014 UTC (8 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.4: +0 -0
lines
Diff to previous 1.4 (colored)
merge openssh-6.7
Revision 1.2.12.2 / (download) - annotate - [select for diffs], Tue Aug 19 23:45:25 2014 UTC (8 years, 5 months ago) by tls
Branch: tls-maxphys
Changes since 1.2.12.1: +7 -7
lines
Diff to previous 1.2.12.1 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored)
Rebase to HEAD as of a few days ago.
Revision 1.2.6.1 / (download) - annotate - [select for diffs], Thu May 22 13:21:35 2014 UTC (8 years, 8 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2: +10 -4
lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
Revision 1.4 / (download) - annotate - [select for diffs], Fri Nov 8 19:18:25 2013 UTC (9 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9,
tls-maxphys-base,
tls-earlyentropy-base,
tls-earlyentropy,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0,
netbsd-7
Changes since 1.3: +8 -8
lines
Diff to previous 1.3 (colored)
merge conflicts.
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Fri Nov 8 17:58:12 2013 UTC (9 years, 2 months ago) by christos
Branch: OPENSSH
CVS Tags: v80-20190417,
v78-20180824,
v77-20180405,
v76-20171003,
v75-20170418,
v74-20161219,
v73-20160802,
v72-20160310,
v71-20150821,
v70-20150812,
v69-20150630,
v68-20150318,
v67-20141018,
v64-20131107
Changes since 1.1.1.3: +7 -7
lines
Diff to previous 1.1.1.3 (colored)
Import new openssh to address Changes since OpenSSH 6.3 ========================= This release fixes a security bug: * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv Checksums: ========== - SHA1 (openssh-6.4.tar.gz) = 4caf1a50eb3a3da821c16298c4aaa576fe24210c - SHA1 (openssh-6.4p1.tar.gz) = cf5fe0eb118d7e4f9296fbc5d6884965885fc55d Reporting Bugs: =============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh@openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom.
Revision 1.2.12.1 / (download) - annotate - [select for diffs], Sun Jun 23 06:26:14 2013 UTC (9 years, 7 months ago) by tls
Branch: tls-maxphys
Changes since 1.2: +7 -1
lines
Diff to previous 1.2 (colored)
resync from head
Revision 1.3 / (download) - annotate - [select for diffs], Fri Mar 29 16:19:46 2013 UTC (9 years, 10 months ago) by christos
Branch: MAIN
CVS Tags: riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
khorben-n900
Changes since 1.2: +8 -2
lines
Diff to previous 1.2 (colored)
welcome to openssh-6.2
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Fri Mar 29 14:52:48 2013 UTC (9 years, 10 months ago) by christos
Branch: OPENSSH
CVS Tags: v62-20130321
Changes since 1.1.1.2: +7 -1
lines
Diff to previous 1.1.1.2 (colored)
from openbsd
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Sun Jul 24 15:08:59 2011 UTC (11 years, 6 months ago) by christos
Branch: OPENSSH
CVS Tags: v61-20120828,
v60-20120421,
v59-20110906,
v58-20110724
Changes since 1.1.1.1: +0 -1
lines
Diff to previous 1.1.1.1 (colored)
from ftp.openbsd.org
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jun 7 22:38:48 2009 UTC (13 years, 7 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-tag8,
yamt-pagecache-base8,
yamt-pagecache-base7,
yamt-pagecache-base6,
yamt-pagecache-base5,
yamt-pagecache-base4,
yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
netbsd-6-base,
netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
matt-premerge-20091211,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus,
matt-mips64-premerge-20101231,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2,
agc-symver-base,
agc-symver
Branch point for: yamt-pagecache,
tls-maxphys,
netbsd-6-1,
netbsd-6-0,
netbsd-6
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Merge in our changes: - conditionalize login_cap - conditionalize bsd_auth - bring in pam from portable - restore krb5, krb4, afs, skey - bring in hpn patches, disable mt aes cipher, keep speedups and cipher none - add ignore root rhosts option - fix ctype macro arguments - umac is broken, disable it - better ~homedir handling - netbsd style tunnels - urandom, xhome, chrootdir, rescuedir NetBSD handling - utmp/utmpx handling - handle tty posix_vdisable properly - handle setuid and unsetuid the posix way instead of setresuid() - add all missing functions - add new moduli - add build glue
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Jun 7 22:19:31 2009 UTC (13 years, 7 months ago) by christos
Branch: OPENSSH
CVS Tags: v56-20101121,
v53-20091226,
v52-20090607
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
import 5.2 from ftp.openbsd.org
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jun 7 22:19:31 2009 UTC (13 years, 7 months ago) by christos
Branch: MAIN
Initial revision