summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-08-10 - (djm) [README contrib/caldera/openssh.spec]Damien Miller
[contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
2014-08-01 - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociateDamien Miller
nc from stdin, it's more portable
2014-08-01 - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdinDamien Miller
is closed; avoid regress failures when stdin is /dev/null
2014-08-01 - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We needDamien Miller
a better solution, but this will have to do for now.
2014-07-30 - schwarze@cvs.openbsd.org 2014/07/28 15:40:08Damien Miller
[sftp-server.8 sshd_config.5] some systems no longer need /dev/log; issue noticed by jirib; ok deraadt
2014-07-30 - dtucker@cvs.openbsd.org 2014/07/25 21:22:03Damien Miller
[ssh-agent.c] Clear buffer used for handling messages. This prevents keys being left in memory after they have been expired or deleted in some cases (but note that ssh-agent is setgid so you would still need root to access them). Pointed out by Kevin Burns, ok deraadt
2014-07-30 - OpenBSD CVS SyncDamien Miller
- millert@cvs.openbsd.org 2014/07/24 22:57:10 [ssh.1] Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@
2014-07-25 - (djm) [regress/multiplex.sh] restore incorrectly deleted line;Damien Miller
pointed out by Christian Hesse
2014-07-23 - dtucker@cvs.openbsd.org 2014/07/22 23:35:38Darren Tucker
[regress/unittests/sshkey/testdata/*] Regenerate test keys with certs signed with ed25519 instead of ecdsa. These can be used in -portable on platforms that don't support ECDSA.
2014-07-23 - dtucker@cvs.openbsd.org 2014/07/22 23:57:40Darren Tucker
[regress/unittests/sshkey/mktestdata.sh] Add $OpenBSD tag to make syncs easier
2014-07-23 - dtucker@cvs.openbsd.org 2014/07/22 23:23:22Darren Tucker
[regress/unittests/sshkey/mktestdata.sh] Sign test certs with ed25519 instead of ecdsa so that they'll work in -portable on platforms that don't have ECDSA in their OpenSSL. ok djm
2014-07-23 - djm@cvs.openbsd.org 2014/07/22 01:32:12Darren Tucker
[regress/multiplex.sh] change the test for still-open Unix domain sockets to be robust against nc implementations that produce error messages. from -portable (Id sync only)
2014-07-23 - guenther@cvs.openbsd.org 2014/07/22 07:13:42Darren Tucker
[umac.c] Convert from <sys/endian.h> to the shiney new <endian.h> ok dtucker@, who also confirmed that -portable handles this already (ID sync only, includes.h pulls in endian.h if available.)
2014-07-23 - dtucker@cvs.openbsd.org 2014/07/22 01:18:50Darren Tucker
[key.c] Prevent spam from key_load_private_pem during hostbased auth. ok djm@
2014-07-23 - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-Darren Tucker
specific tests inside OPENSSL_HAS_ECC.
2014-07-22 - (djm) [regress/multiplex.sh] change the test for still-open UnixDamien Miller
domain sockets to be robust against nc implementations that produce error messages.
2014-07-22 - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow;Damien Miller
put it back
2014-07-22 - (dtucker) [sshkey.c] ifdef out unused variable when compiling withoutDarren Tucker
OPENSSL_HAS_ECC.
2014-07-21 - (djm) [regress/multiplex.sh] Not all netcat accept the -N option.Damien Miller
2014-07-21 - millert@cvs.openbsd.org 2014/07/15 15:54:15Damien Miller
[forwarding.sh multiplex.sh] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-07-21 - (dtucker) [regress/unittests/sshkey/Darren Tucker
{common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in ifdefs.
2014-07-21- (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bitsDarren Tucker
needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm
2014-07-18 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, usedTim Rice
in servconf.h.
2014-07-19 - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC.Darren Tucker
2014-07-19 - (dtucker) [Makefile.in] Add a t-exec target to run just the executableDarren Tucker
tests.
2014-07-19 - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, usedDarren Tucker
in servconf.h.
2014-07-18 - djm@cvs.openbsd.org 2014/07/18 02:46:01Damien Miller
[ssh-agent.c] restore umask around listener socket creation (dropped in streamlocal patch merge)
2014-07-18 - djm@cvs.openbsd.org 2014/07/17 07:22:19Damien Miller
[mux.c ssh.c] reflect stdio-forward ("ssh -W host:port ...") failures in exit status. previously we were always returning 0. bz#2255 reported by Brendan Germain; ok dtucker
2014-07-18 - djm@cvs.openbsd.org 2014/07/17 00:12:03Damien Miller
[key.c] silence "incorrect passphrase" error spam; reported and ok dtucker@
2014-07-18 - djm@cvs.openbsd.org 2014/07/17 00:10:18Damien Miller
[mux.c] preserve errno across syscall
2014-07-18 - djm@cvs.openbsd.org 2014/07/17 00:10:56Damien Miller
[sandbox-systrace.c] ifdef SYS_sendsyslog so this will compile without patching on -stable
2014-07-18 - jmc@cvs.openbsd.org 2014/07/16 14:48:57Damien Miller
[ssh.1] add the streamlocal* options to ssh's -o list; millert says they're irrelevant for scp/sftp; ok markus millert
2014-07-18 - millert@cvs.openbsd.org 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
2014-07-17 - tedu@cvs.openbsd.org 2014/07/11 13:54:34Damien Miller
[myproposal.h] by popular demand, add back hamc-sha1 to server proposal for better compat with many clients still in use. ok deraadt
2014-07-17 - deraadt@cvs.openbsd.org 2014/07/11 08:09:54Damien Miller
[sandbox-systrace.c] Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, update your kernels and sshd soon.. libc will start using sendsyslog() in about 4 days.
2014-07-17 - (djm) [digest-openssl.c] Preserve array order when disabling digests.Damien Miller
Reported by Petr Lautrbach.
2014-07-15 - (djm) [configure.ac] Delay checks for arc4random* until after libcryptoDamien Miller
has been located; fixes builds agains libressl-portable
2014-07-11 - OpenBSD CVS SyncDamien Miller
- benno@cvs.openbsd.org 2014/07/09 14:15:56 [ssh-add.c] fix ssh-add crash while loading more than one key ok markus@
2014-07-09 - djm@cvs.openbsd.org 2014/07/07 08:15:26Damien Miller
[multiplex.sh] remove forced-fatal that I stuck in there to test the new cleanup logic and forgot to remove...
2014-07-09 - djm@cvs.openbsd.org 2014/07/06 07:42:03Damien Miller
[multiplex.sh test-exec.sh] add a hook to the cleanup() function to kill $SSH_PID if it is set use it to kill the mux master started in multiplex.sh (it was being left around on fatal failures)
2014-07-09 - djm@cvs.openbsd.org 2014/07/09 03:02:15Damien Miller
[key.c] downgrade more error() to debug() to better match what old authfile.c did; suppresses spurious errors with hostbased authentication enabled
2014-07-09 - djm@cvs.openbsd.org 2014/07/09 01:45:10Damien Miller
[sftp.c] more useful error message when GLOB_NOSPACE occurs; bz#2254, patch from Orion Poplawski
2014-07-09 - djm@cvs.openbsd.org 2014/07/07 08:19:12Damien Miller
[ssh_config.5] mention that ProxyCommand is executed using shell "exec" to avoid a lingering process; bz#1977
2014-07-06 - djm@cvs.openbsd.org 2014/07/05 23:11:48Damien Miller
[channels.c] fix remote-forward cancel regression; ok markus@
2014-07-06 - djm@cvs.openbsd.org 2014/07/03 23:18:35Damien Miller
[authfile.h] remove leakmalloc droppings
2014-07-04 - djm@cvs.openbsd.org 2014/07/03 22:40:43Damien Miller
[servconf.c servconf.h session.c sshd.8 sshd_config.5] Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option; bz#2160; ok markus@
2014-07-04 - djm@cvs.openbsd.org 2014/07/03 22:33:41Damien Miller
[channels.c] allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family; bz#2222 ok markus@
2014-07-04 - djm@cvs.openbsd.org 2014/07/03 22:23:46Damien Miller
[sshconnect.c] when rekeying, skip file/DNS lookup if it is the same as the key sent during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
2014-07-04 - jsing@cvs.openbsd.org 2014/07/03 12:42:16Damien Miller
[cipher-chachapoly.c] Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this makes it easier to verify that chacha_encrypt_bytes() is only called once per chacha_ivsetup() call. ok djm@
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 11:16:55Damien Miller
[auth.c auth.h auth1.c auth2.c] make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages; bz#2199, ok dtucker