summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-06-21 - sobrado@cvs.openbsd.org 2009/03/26 08:38:39Darren Tucker
[sftp-server.8 sshd.8 ssh-agent.1] fix a few typographical errors found by spell(1). ok dtucker@, jmc@
2009-06-21 - tobias@cvs.openbsd.org 2009/03/23 19:38:04Darren Tucker
[ssh-agent.c] My previous commit didn't fix the problem at all, so stick at my first version of the fix presented to dtucker. Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). ok dtucker
2009-06-21 - tobias@cvs.openbsd.org 2009/03/23 08:31:19Darren Tucker
[ssh-agent.c] Fixed a possible out-of-bounds memory access if the environment variable SHELL is shorter than 3 characters. with input by and ok dtucker
2009-06-21 - jmc@cvs.openbsd.org 2009/03/19 15:15:09Darren Tucker
[ssh.1] for "Ciphers", just point the reader to the keyword in ssh_config(5), just as we do for "MACs": this stops us getting out of sync when the lists change; fixes documentation/6102, submitted by Peter J. Philipp alternative fix proposed by djm ok markus
2009-06-21 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2009/03/17 21:37:00 [ssh.c] pass correct argv[0] to openlog(); ok djm@
2009-06-16 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_tDarren Tucker
is a struct with a __val member. Fixes build on, eg, Redhat 6.2.
2009-05-04 - (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to includeDarren Tucker
variable declarations. Should prevent unused warnings anywhere it's set (only Crays as far as I can tell) and be a no-op everywhere else.
2009-03-18 - (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problemTim Rice
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005. Based on patch from vinschen at redhat com.
2009-03-08 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.cDarren Tucker
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old version of Cygwin. Patch from vinschen at redhat com.
2009-03-07 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]Darren Tucker
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg in openssl 0.9.6) so add an explicit test for it.
2009-03-07 - (dtucker) [configure.ac] Missing comma in type list.Darren Tucker
2009-03-07 - (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed.Darren Tucker
2009-03-07 - (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c to use them. Allows building with older OpenSSL versions.
2009-03-07 - (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if itDarren Tucker
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS has a /dev/random).
2009-03-06 - djm@cvs.openbsd.org 2009/03/05 07:18:19Damien Miller
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c] [sshconnect2.c] refactor the (disabled) Schnorr proof code to make it a little more generally useful
2009-03-06 - djm@cvs.openbsd.org 2009/03/05 11:30:50Damien Miller
[uuencode.c] document what these functions do so I don't ever have to recuse into b64_pton/ntop to remember their return values
2009-03-06 - djm@cvs.openbsd.org 2009/03/05 07:18:19Damien Miller
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c] [sshconnect2.c] refactor the (disabled) Schnorr proof code to make it a little more generally useful
2009-02-23 - (djm) Release openssh-5.2p1Damien Miller
2009-02-23 - (djm) [README] update for 5.2Damien Miller
2009-02-23trimDamien Miller
2009-02-23 - djm@cvs.openbsd.org 2009/02/23 00:06:15Damien Miller
[version.h] openssh-5.2
2009-02-23 - djm@cvs.openbsd.org 2009/02/22 23:59:25Damien Miller
[sshd_config.5] missing period
2009-02-23 - djm@cvs.openbsd.org 2009/02/22 23:50:57Damien Miller
[ssh_config.5 sshd_config.5] don't advertise experimental options
2009-02-22 - (djm) OpenBSD CVS SyncDamien Miller
- tobias@cvs.openbsd.org 2009/02/21 19:32:04 [misc.c sftp-server-main.c ssh-keygen.c] Added missing newlines in error messages. ok dtucker
2009-02-21 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Prepare for 5.2p1
2009-02-21 - djm@cvs.openbsd.org 2009/02/18 04:31:21Damien Miller
[schnorr.c] signature should hash over the entire group, not just the generator (this is still disabled code)
2009-02-21 - djm@cvs.openbsd.org 2009/02/17 01:28:32Damien Miller
[ssh_config] sync with revised default ciphers; pointed out by dkrause@
2009-02-16 - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolarisDamien Miller
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
2009-02-16 - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh]Damien Miller
[regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled interop tests from FATAL error to a warning. Allows some interop tests to proceed if others are missing necessary prerequisites.
2009-02-14 - djm@cvs.openbsd.org 2009/02/14 06:35:49Damien Miller
[PROTOCOL] mention that eow and no-more-sessions extensions are sent only to OpenSSH peers
2009-02-14 - markus@cvs.openbsd.org 2009/02/13 11:50:21Damien Miller
[packet.c] check for enc !=NULL in packet_start_discard
2009-02-14 - jmc@cvs.openbsd.org 2009/02/12 07:34:20Damien Miller
[ssh_config.5] kill trailing whitespace;
2009-02-14 - djm@cvs.openbsd.org 2009/02/12 03:46:17Damien Miller
[ssh_config.5] document RemoteForward usage with 0 listen port
2009-02-14 - djm@cvs.openbsd.org 2009/02/12 03:44:25Damien Miller
[ssh.1] consistency: Dq => Ql
2009-02-14 - djm@cvs.openbsd.org 2009/02/12 03:42:09Damien Miller
[ssh.1] document -R0:... usage
2009-02-14 - djm@cvs.openbsd.org 2009/02/12 03:26:22Damien Miller
[monitor.c] some paranoia: check that the serialised key is really KEY_RSA before diddling its internals
2009-02-14 - djm@cvs.openbsd.org 2009/02/12 03:16:01Damien Miller
[serverloop.c] tighten check for -R0:... forwarding: only allow dynamic allocation if want_reply is set in the packet
2009-02-14 - djm@cvs.openbsd.org 2009/02/12 03:00:56Damien Miller
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] [readconf.h serverloop.c ssh.c] support remote port forwarding with a zero listen port (-R0:...) to dyamically allocate a listen port at runtime (this is actually specified in rfc4254); bz#1003 ok markus@
2009-02-14 - dtucker@cvs.openbsd.org 2009/02/02 11:15:14Damien Miller
[sftp.c] Initialize a few variables to prevent spurious "may be used uninitialized" warnings from newer gcc's. ok djm@
2009-02-12 - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.Damien Miller
OSX provides a getlastlogxbyname function that automates the reading of a lastlog file. Also, the pututxline function will update lastlog so there is no need for loginrec.c to do it explicitly. Collapse some overly verbose code while I'm in there.
2009-02-12 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagicallyDamien Miller
set ownership and modes, so avoid explicitly setting them
2009-02-01 - (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed inDarren Tucker
channels.c too, so move the definition for non-IP6 platforms to defines.h where it can be shared.
2009-01-29 - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes.Tim Rice
2009-01-29 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.Tim Rice
If the CYGWIN environment variable is empty, the installer script should not install the service with an empty CYGWIN variable, but rather without setting CYGWNI entirely.
2009-01-28 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.Tim Rice
Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x. The information given for the setting of the CYGWIN environment variable is wrong for both releases so I just removed it, together with the unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
2009-01-28 - markus@cvs.openbsd.org 2009/01/26 09:58:15Damien Miller
[cipher.c cipher.h packet.c] Work around the CPNI-957037 Plaintext Recovery Attack by always reading 256K of data on packet size or HMAC errors (in CBC mode only). Help, feedback and ok djm@ Feedback from Martin Albrecht and Paterson Kenny
2009-01-28 - naddy@cvs.openbsd.org 2009/01/24 17:10:22Damien Miller
[ssh_config.5 sshd_config.5] sync list of preferred ciphers; ok djm@
2009-01-28 - djm@cvs.openbsd.org 2009/01/23 07:58:11Damien Miller
[myproposal.h] prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC modes; ok markus@
2009-01-28 - djm@cvs.openbsd.org 2009/01/22 10:09:16Damien Miller
[auth-options.c] another chunk of a2port() diff that got away. wtfdjm??
2009-01-28 - djm@cvs.openbsd.org 2009/01/22 10:02:34Damien Miller
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] [serverloop.c ssh-keyscan.c ssh.c sshd.c] make a2port() return -1 when it encounters an invalid port number rather than 0, which it will now treat as valid (needed for future work) adjust current consumers of a2port() to check its return value is <= 0, which in turn required some things to be converted from u_short => int make use of int vs. u_short consistent in some other places too feedback & ok markus@