summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-07-20 - markus@cvs.openbsd.org 2013/07/19 07:37:48Damien Miller
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c] [servconf.h session.c sshd.c sshd_config.5] add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 ok djm@
2013-07-18 - djm@cvs.openbsd.org 2013/07/18 01:12:26Damien Miller
[ssh.1] be more exact wrt perms for ~/.ssh/config; bz#2078
2013-07-18 - schwarze@cvs.openbsd.org 2013/07/16 00:07:52Damien Miller
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8] use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 05:48:55Damien Miller
[ssh.c] set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 05:42:03Damien Miller
[ssh-keygen.c] do_print_resource_record() can never be called with a NULL filename, so don't attempt (and bungle) asking for one if it has not been specified bz#2127 ok dtucker@
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 00:43:50Damien Miller
[misc.c] in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when errno == 0. Avoids confusing error message in some broken resolver cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 00:20:00Damien Miller
[sftp.c ssh-keygen.c ssh-pkcs11.c] fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 - djm@cvs.openbsd.org 2013/07/12 00:19:59Damien Miller
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2013-07-18 - markus@cvs.openbsd.org 2013/07/02 12:31:43Damien Miller
[dh.c] remove extra whitespace
2013-07-18 - jmc@cvs.openbsd.org 2013/06/27 14:05:37Damien Miller
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] do not use Sx for sections outwith the man page - ingo informs me that stuff like html will render with broken links; issue reported by Eric S. Raymond, via djm
2013-07-18 - djm@cvs.openbsd.org 2013/06/22 06:31:57Damien Miller
[scp.c] improved time_t overflow check suggested by guenther@
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 05:43:10Damien Miller
[scp.c] make this -Wsign-compare clean after time_t conversion
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 05:42:32Damien Miller
[dh.c] sprinkle in some error() to explain moduli(5) parse failures
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 00:37:49Damien Miller
[ssh_config.5] explicitly mention that IdentitiesOnly can be used with IdentityFile to control which keys are offered from an agent.
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 00:34:49Damien Miller
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c] for hostbased authentication, print the client host and user on the auth success/failure line; bz#2064, ok dtucker@
2013-07-18 - markus@cvs.openbsd.org 2013/06/20 19:15:06Damien Miller
[krl.c] don't leak the rdata blob on errors; ok djm@
2013-07-18 - guenther@cvs.openbsd.org 2013/06/17 04:48:42Damien Miller
[scp.c] Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines. ok dtucker@ deraadt@
2013-07-18 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44Damien Miller
[readconf.c] revert 1.203 while we investigate crashes reported by okan@
2013-07-02 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-configDarren Tucker
contrib/cygwin/ssh-user-config] Modernizes and improve readability of the Cygwin README file (which hasn't been updated for ages), drop unsupported OSes from the ssh-host-config help text, and drop an unneeded option from ssh-user-config. Patch from vinschen at redhat com.
2013-06-11 - (dtucker) [myproposal.h] Make the conditional algorithm support consistentDarren Tucker
and add some comments so it's clear what goes where.
2013-06-11 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't haveDarren Tucker
the required OpenSSL support. Patch from naddy at freebsd.
2013-06-11 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupportedDarren Tucker
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-10 - dtucker@cvs.openbsd.org 2013/06/07 15:37:52Damien Miller
[channels.c channels.h clientloop.c] Add an "ABANDONED" channel state and use for mux sessions that are disconnected via the ~. escape sequence. Channels in this state will be able to close if the server responds, but do not count as active channels. This means that if you ~. all of the mux clients when using ControlPersist on a broken network, the backgrounded mux master will exit when the Control Persist time expires rather than hanging around indefinitely. bz#1917, also reported and tested by tedu@. ok djm@ markus@.
2013-06-06 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater forDarren Tucker
platforms that don't have multibyte character support (specifically, mblen).
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28Darren Tucker
[readconf.c] plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38Darren Tucker
[sshconnect2.c] Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50Darren Tucker
[sshd.c] When running sshd -D, close stderr unless we have explicitly requesting logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch so, err, ok dtucker.
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 02:07:29Darren Tucker
[mux.c] fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967, ok djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36Darren Tucker
[sftp.c] Make sftp's libedit interface marginally multibyte aware by building up the quoted string by character instead of by byte. Prevents failures when linked against a libedit built with wide character support (bz#1990). "looks ok" djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23Darren Tucker
[scp.c] use MAXPATHLEN for buffer size instead of fixed value. ok markus
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18Darren Tucker
[mac.c] force the MAC output to be 64-bit aligned so umac won't see unaligned accesses on strict-alignment architectures. bz#2101, patch from tomas.kuthan at oracle.com, ok djm@
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29Darren Tucker
[clientloop.h clientloop.c mux.c] No need for the mux cleanup callback to be visible so restore it to static and call it through the detach_user function pointer. ok djm@
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/02 21:01:51Darren Tucker
[channels.h] typo in comment
2013-06-06 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when buildingDarren Tucker
modpipe in case there's anything in there we need.
2013-06-06 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, theDarren Tucker
forwarding test is extremely slow copying data on some machines so switch back to copying the much smaller ls binary until we can figure out why this is.
2013-06-05 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.Darren Tucker
Patch from cjwatson at debian.
2013-06-05 - (dtucker) Enable sha256 kex methods based on the presence of the necessaryDarren Tucker
functions, not from the openssl version.
2013-06-04 - (dtucker) [configure.ac] Some other platforms need sys/types.h beforeDarren Tucker
sys/socket.h.
2013-06-03 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.Darren Tucker
2013-06-02 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtuckerTim Rice
2013-06-02 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.Tim Rice
feedback and ok dtucker
2013-06-02 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh weTim Rice
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep dealing with shell portability issues in regression tests, we let configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-03 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.Darren Tucker
Patch from Nathan Osman.
2013-06-03 - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platformsDarren Tucker
to prevent noise from configure. Patch from Nathan Osman.
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58Darren Tucker
[ssh-agent.c] Make parent_alive_interval time_t to avoid signed/unsigned comparison
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/02 13:33:05Darren Tucker
[progressmeter.c] Add misc.h for monotime prototype. (id sync only)
2013-06-0120130602Tim Rice
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy linking regress/modpipe.
2013-06-02 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.Darren Tucker
2013-06-02fix typoDarren Tucker
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50Darren Tucker
[sftp-client.c] Update progressmeter when data is acked, not when it's sent. bz#2108, from Debian via Colin Watson, ok djm@