[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #24 from Damien Miller --- close bugs that were resolved in OpenSSH 8.5 release cycle -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #23 from Damien Miller --- Closing this bug. No clear motivation was ever offered - CIPSO is an expired draft. It and the other option in the proposed whitelist (SEC: rfc1108) is basically equivalent to rfc3514. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Jakub Jelen changed: What|Removed |Added Attachment #1693|0 |1 is obsolete|| CC||jje...@redhat.com --- Comment #22 from Jakub Jelen --- Created attachment 2824 --> https://bugzilla.mindrot.org/attachment.cgi?id=2824&action=edit Whitelist of safe options Current version we are using in Fedora and RHEL (written by Petr Lautrbach) is using explicit whitelist of 0, 1, 130, 133 and 134 options instead of previous blacklist. All the other options cause failure as before. I don't know why it was not submitted upstream before so doing now. Let me know if it is acceptable in this way. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|2130| --- Comment #21 from Damien Miller --- Removing this from consideration for release until comment #17 is resolved. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||2130 --- Comment #19 from Damien Miller --- Retarget to openssh-6.4 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|2076| --- Comment #20 from Damien Miller --- Retarget 6.3 -> 6.4 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|2035| --- Comment #18 from Damien Miller --- retarget to openssh-6.3 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||2076 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 --- Comment #17 from Damien Miller --- I think this should be a (very short) whitelist of permitted options rather than a blacklist of a few bad options. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||2035 --- Comment #15 from Damien Miller --- Retarget uncompleted bugs from 6.1 => 6.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|1986| --- Comment #16 from Damien Miller --- Retarget bugs from 6.1 => 6.2 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||1986 --- Comment #13 from Damien Miller 2012-02-24 10:34:26 EST --- Retarget from 6.0 to 6.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|1930| --- Comment #14 from Damien Miller 2012-02-24 10:38:05 EST --- Retarget 6.0 => 6.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Jan F. Chadima changed: What|Removed |Added CC||j...@jagda.eu -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|1845| --- Comment #12 from Damien Miller 2011-09-06 10:39:04 EST --- Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 --- Comment #11 from Damien Miller 2011-09-06 10:36:30 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||1930 --- Comment #10 from Damien Miller 2011-09-06 10:34:17 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||1845 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|1803| --- Comment #9 from Damien Miller 2011-01-24 12:30:49 EST --- Retarget unclosed bugs from 5.7=>5.8 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added CC||d...@mindrot.org Blocks|1708| -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||1803 --- Comment #8 from Damien Miller --- Targetting OpenSSH 5.7 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 --- Comment #7 from Damien Miller --- We are freezing for the OpenSSH 5.6 release. Retargetting these bugs to the next release. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks||1708 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Damien Miller changed: What|Removed |Added Blocks|1626| -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1644] Allow ip options except source routing
https://bugzilla.mindrot.org/show_bug.cgi?id=1644 Darren Tucker changed: What|Removed |Added Blocks||1626 --- Comment #6 from Darren Tucker 2009-10-23 10:54:39 EST --- If we're going to do this we should whitelist known safe options instead, and we should handle IP4 and IP6 connections consistently. I'll take a look at this for 5.4. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
