summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-11-05 - (dtucker) [configure.ac platform.{c,h} session.cDarren Tucker
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. Patch from cory.erickson at csu mnscu edu with a bit of rework from me. ok djm@
2010-11-05 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead ofDamien Miller
int. Should fix bz#1817 cleanly; ok dtucker@
2010-11-05 - djm@cvs.openbsd.org 2010/11/04 02:45:34Damien Miller
[sftp-server.c] umask should be parsed as octal. reported by candland AT xmission.com; ok markus@
2010-11-05 - jmc@cvs.openbsd.org 2010/10/28 18:33:28Damien Miller
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines;
2010-11-05 - djm@cvs.openbsd.org 2010/10/28 11:22:09Damien Miller
[authfile.c key.c key.h ssh-keygen.c] fix a possible NULL deref on loading a corrupt ECDH key store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things.
2010-11-05 - djm@cvs.openbsd.org 2010/09/22 12:26:05Damien Miller
[regress/Makefile regress/kextype.sh] regress test for each of the key exchange algorithms that we support
2010-10-25 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have aDarren Tucker
native one.
2010-10-24 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came withTim Rice
1.12 to unbreak Solaris build. ok djm@
2010-10-24 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don'tDarren Tucker
have it.
2010-10-24- (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platformsDarren Tucker
which don't have ECC support in libcrypto.
2010-10-24 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platformsDarren Tucker
which don't have ECC support in libcrypto.
2010-10-24 - sthen@cvs.openbsd.org 2010/10/23 22:06:12Darren Tucker
[sftp.c] escape '[' in filename tab-completion; fix a type while there. ok djm@
2010-10-24 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.Darren Tucker
2010-10-21 - djm@cvs.openbsd.org 2010/08/31 12:24:09Damien Miller
[regress/cert-hostkey.sh regress/cert-userkey.sh] tests for ECDSA certificates
2010-10-21 - OpenBSD CVS SyncDamien Miller
- dtucker@cvs.openbsd.org 2010/10/12 02:22:24 [mux.c] Typo in confirmation message. bz#1827, patch from imorgan at nas nasa gov
2010-10-12 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)Damien Miller
2010-10-12 - (djm) [canohost.c] Zero a4 instead of addr to better match type.Damien Miller
bz#1825, reported by foo AT mailinator.com
2010-10-11 - (djm) [configure.ac] Use = instead of == in shell tests. Patch fromDamien Miller
dr AT vasco.com
2010-10-07 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmpDamien Miller
2010-10-07 - (djm) [cipher-acss.c] Add missing header.Damien Miller
2010-10-07 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.Damien Miller
2010-10-07 - djm@cvs.openbsd.org 2010/10/06 21:10:21Damien Miller
[sshconnect.c] swapped args to kill(2)
2010-10-07 - djm@cvs.openbsd.org 2010/10/06 06:39:28Damien Miller
[clientloop.c ssh.c sshconnect.c sshconnect.h] kill proxy command on fatal() (we already kill it on clean exit); ok markus@
2010-10-07 - djm@cvs.openbsd.org 2010/10/05 05:13:18Damien Miller
[sftp.c sshconnect.c] use default shell /bin/sh if $SHELL is ""; ok markus@
2010-10-07 - djm@cvs.openbsd.org 2010/10/01 23:05:32Damien Miller
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] adapt to API changes in openssl-1.0.0a NB. contains compat code to select correct API for older OpenSSL
2010-10-07 - (djm) [ssh-agent.c] Fix type for curve name.Damien Miller
2010-10-07sadly, two typos on one line is not my best recordDamien Miller
2010-10-07unbreak previousDamien Miller
2010-10-07 - djm@cvs.openbsd.org 2010/09/30 11:04:51Damien Miller
[servconf.c] prevent free() of string in .rodata when overriding AuthorizedKeys in a Match block; patch from rein AT basefarm.no
2010-10-07 - djm@cvs.openbsd.org 2010/09/26 22:26:33Damien Miller
[sftp.c] when performing an "ls" in columnated (short) mode, only call ioctl(TIOCGWINSZ) once to get the window width instead of per- filename
2010-10-07 - djm@cvs.openbsd.org 2010/09/25 09:30:16Damien Miller
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] make use of new glob(3) GLOB_KEEPSTAT extension to save extra server rountrips to fetch per-file stat(2) information. NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to match.
2010-10-07 - matthew@cvs.openbsd.org 2010/09/24 13:33:00Damien Miller
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] [openbsd-compat/timingsafe_bcmp.c] Add timingsafe_bcmp(3) to libc, mention that it's already in the kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@ NB. re-added under openbsd-compat/ for portable OpenSSH
2010-09-24 - jmc@cvs.openbsd.org 2010/09/23 13:36:46Damien Miller
[scp.1 sftp.1] add KexAlgorithms to the -o list;
2010-09-24 - jmc@cvs.openbsd.org 2010/09/23 13:34:43Damien Miller
[sftp.c] add [-l limit] to usage();
2010-09-24 - djm@cvs.openbsd.org 2010/09/22 22:58:51Damien Miller
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] [sftp-client.h sftp.1 sftp.c] add an option per-read/write callback to atomicio factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
2010-09-24 - jmc@cvs.openbsd.org 2010/09/22 08:30:08Damien Miller
[ssh.1 ssh_config.5] ssh.1: add kexalgorithms to the -o list ssh_config.5: format the kexalgorithms in a more consistent (prettier!) way ok djm
2010-09-24 - djm@cvs.openbsd.org 2010/09/22 05:01:30Damien Miller
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
2010-09-24 - djm@cvs.openbsd.org 2010/09/20 07:19:27Damien Miller
[mux.c] "atomically" create the listening mux socket by binding it on a temorary name and then linking it into position after listen() has succeeded. this allows the mux clients to determine that the server socket is either ready or stale without races. stale server sockets are now automatically removed ok deraadt
2010-09-24 - djm@cvs.openbsd.org 2010/09/20 04:54:07Damien Miller
[jpake.c] missing #include
2010-09-24 - djm@cvs.openbsd.org 2010/09/20 04:50:53Damien Miller
[jpake.c schnorr.c] check that received values are smaller than the group size in the disabled and unfinished J-PAKE code. avoids catastrophic security failure found by Sebastien Martini
2010-09-24 - djm@cvs.openbsd.org 2010/09/20 04:41:47Damien Miller
[ssh.c] install a SIGCHLD handler to reap expiried child process; ok markus@
2010-09-24 - jmc@cvs.openbsd.org 2010/09/19 21:30:05Damien Miller
[sftp.1] more wacky macro fixing;
2010-09-24 - djm@cvs.openbsd.org 2010/09/11 21:44:20Damien Miller
[ssh.1] mention RFC 5656 for ECC stuff
2010-09-24 - naddy@cvs.openbsd.org 2010/09/10 15:19:29Damien Miller
[ssh-keygen.1] * mention ECDSA in more places * less repetition in FILES section * SSHv1 keys are still encrypted with 3DES help and ok jmc@
2010-09-10 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefsDarren Tucker
for missing headers and compiler warnings.
2010-09-10 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]Damien Miller
[kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on platforms that don't have the requisite OpenSSL support. ok dtucker@
2010-09-10 - djm@cvs.openbsd.org 2010/09/09 10:45:45Damien Miller
[kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] ECDH/ECDSA compliance fix: these methods vary the hash function they use (SHA256/384/512) depending on the length of the curve in use. The previous code incorrectly used SHA256 in all cases. This fix will cause authentication failure when using 384 or 521-bit curve keys if one peer hasn't been upgraded and the other has. (256-bit curve keys work ok). In particular you may need to specify HostkeyAlgorithms when connecting to a server that has not been upgraded from an upgraded client. ok naddy@
2010-09-10 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31Damien Miller
[compress.c] work around name-space collisions some buggy compilers (looking at you gcc, at least in earlier versions, but this does not forgive your current transgressions) seen between zlib and openssl ok djm
2010-09-10 - djm@cvs.openbsd.org 2010/09/08 03:54:36Damien Miller
[authfile.c] typo
2010-09-10 - naddy@cvs.openbsd.org 2010/09/06 17:10:19Damien Miller
[sshd_config] add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste <mattieu.b@gmail.com> ok deraadt@