summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-04-18 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/04/16 01:58:45 [regress/cert-hostkey.sh regress/cert-userkey.sh] regression tests for v01 certificate format includes interop tests for v00 certs
2010-04-18 - djm@cvs.openbsd.org 2010/04/16 21:14:27Damien Miller
[sshconnect.c] oops, %r => remote username, not %u
2010-04-18 - jmc@cvs.openbsd.org 2010/04/16 06:47:04Damien Miller
[ssh-keygen.1 ssh-keygen.c] tweak previous; ok djm
2010-04-18 - OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2010/04/16 06:45:01 [ssh_config.5] tweak previous; ok djm
2010-04-16 - djm@cvs.openbsd.org 2010/04/16 01:47:26Damien Miller
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] [sshconnect.c sshconnect2.c sshd.c] revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
2010-04-16 - markus@cvs.openbsd.org 2010/04/15 20:32:55Damien Miller
[ssh-pkcs11.c] retry lookup for private key if there's no matching key with CKA_SIGN attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) ok djm@
2010-04-16 - djm@cvs.openbsd.org 2010/04/14 22:27:42Damien Miller
[ssh_config.5 sshconnect.c] expand %r => remote username in ssh_config:ProxyCommand; ok deraadt markus
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 05:48:16Damien Miller
[mux.c] fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 02:10:56Damien Miller
[sshconnect2.c] show the key type that we are offering in debug(), helps distinguish between certs and plain keys as the path to the private key is usually the same.
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 02:08:44Damien Miller
[clientloop.c] bz#1698: kill channel when pty allocation requests fail. Fixed stuck client if the server refuses pty allocation. ok dtucker@ "think so" markus@
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 00:04:30Damien Miller
[sshconnect.c] fix terminology: we didn't find a certificate in known_hosts, we found a CA key
2010-04-16 - djm@cvs.openbsd.org 2010/04/10 00:00:16Damien Miller
[ssh.c] bz#1746 - suppress spurious tty warning when using -O and stdin is not a tty; ok dtucker@ markus@
2010-04-16 - jmc@cvs.openbsd.org 2010/03/27 14:26:55Damien Miller
[ssh_config.5] tweak previous; ok dtucker
2010-04-16 - jmc@cvs.openbsd.org 2010/03/26 06:54:36Damien Miller
[ssh.1] tweak previous;
2010-04-16 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/03/26 03:13:17 [bufaux.c] allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer argument to allow skipping past values in a buffer
2010-04-16openssh-5.5p1 markerDamien Miller
2010-04-10 - (dtucker) [configure.ac] Put the check for the existence of getaddrinfoDarren Tucker
back so we disable the IPv6 tests if we don't have it.
2010-04-09 - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enableDarren Tucker
utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
2010-04-09 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if weDarren Tucker
have it and the path is not provided to --with-libedit. Based on a patch from Iain Morgan.
2010-04-09 - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrongDarren Tucker
ones. Based on a patch from Roumen Petrov.
2010-03-26 - dtucker@cvs.openbsd.org 2010/03/26 01:06:13Darren Tucker
[ssh_config.5] Reformat default value of PreferredAuthentications entry (current formatting implies ", " is acceptable as a separator, which it's not. ok djm@
2010-03-26 - djm@cvs.openbsd.org 2010/03/26 00:26:58Damien Miller
[ssh.1] mention that -S none disables connection sharing; from Colin Watson
2010-03-26 - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys;Damien Miller
bz#1723 patch from Adeodato Simó via Colin Watson; ok dtucker@
2010-03-26 - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 usingDarren Tucker
pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold).
2010-03-26 - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721Damien Miller
ok dtucker@
2010-03-26 - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -Damien Miller
set up SELinux execution context before chroot() call. From Russell Coker via Colin watson; bz#1726 ok dtucker@
2010-03-26 - djm@cvs.openbsd.org 2010/03/25 23:38:28Damien Miller
[servconf.c] from portable: getcwd(NULL, 0) doesn't work on all platforms, so use a stack buffer; ok dtucker@
2010-03-26 - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originallyDarren Tucker
by Ingo Weinhold via Scott McCreary, ok djm@
2010-03-26 - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detectionDamien Miller
for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
2010-03-24 - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directoryDarren Tucker
containing the services file explicitely case-insensitive. This allows to tweak the Windows services file reliably. Patch from vinschen at redhat.
2010-03-22 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Crank version numbers
2010-03-22 - djm@cvs.openbsd.org 2010/03/16 16:36:49Damien Miller
[version.h] crank version to openssh-5.5 since we have a few fixes since 5.4; requested deraadt@ kettenis@
2010-03-22 - stevesk@cvs.openbsd.org 2010/03/16 15:46:52Damien Miller
[auth-options.c] spelling in error message. ok djm kettenis
2010-03-22 - stevesk@cvs.openbsd.org 2010/03/15 19:40:02Damien Miller
[key.c key.h ssh-keygen.c] also print certificate type (user or host) for ssh-keygen -L ok djm kettenis
2010-03-22 - jmc@cvs.openbsd.org 2010/03/13 23:38:13Damien Miller
[ssh-keygen.1] fix a formatting error (args need quoted); noted by stevesk
2010-03-22 - djm@cvs.openbsd.org 2010/03/13 21:45:46Damien Miller
[ssh-keygen.1] Certificates are named *-cert.pub, not *_cert.pub; committing a diff from stevesk@ ok me
2010-03-22 - djm@cvs.openbsd.org 2010/03/13 21:10:38Damien Miller
[clientloop.c] protocol conformance fix: send language tag when disconnecting normally; spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
2010-03-22 - markus@cvs.openbsd.org 2010/03/12 11:37:40Damien Miller
[servconf.c] do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths free() (not xfree()) the buffer returned by getcwd()
2010-03-22 - djm@cvs.openbsd.org 2010/03/12 01:06:25Damien Miller
[servconf.c] unbreak AuthorizedKeys option with a $HOME-relative path; reported by vinschen AT redhat.com, ok dtucker@
2010-03-22 - djm@cvs.openbsd.org 2010/03/10 23:27:17Damien Miller
[auth2-pubkey.c] correct certificate logging and make it more consistent between authorized_keys and TrustedCAKeys; ok markus@
2010-03-22 - jmc@cvs.openbsd.org 2010/03/10 07:40:35Damien Miller
[ssh-keygen.1] typos; from Ross Richardson closes prs 6334 and 6335
2010-03-22 - jmc@cvs.openbsd.org 2010/03/08 09:41:27Damien Miller
[ssh-keygen.1] sort the list of constraints (to -O); ok djm
2010-03-14 - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat forDamien Miller
ssh-pkcs11-helper to repair static builds (we do the same for ssh-keyscan). Reported by felix-mindrot AT fefe.de
2010-03-14 - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fixDamien Miller
compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot AT fefe.de
2010-03-11 - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to installTim Rice
on a Cygwin installation. Patch from Corinna Vinschen.
2010-03-11 - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.Tim Rice
Patch from Corinna Vinschen.
2010-03-11 - (tim) [openssh/Makefile.in] Now that scard is gone, no need toTim Rice
make $(datadir)
2010-03-10 - (tim) [contrib/suse/openssh.spec] crank version number here too.Tim Rice
report by imorgan AT nas.nasa.gov
2010-03-09 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFODarren Tucker
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-08 - djm@cvs.openbsd.org 2010/03/08 00:28:55Damien Miller
[ssh-keygen.1] document permit-agent-forwarding certificate constraint; patch from stevesk@