summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-01-08 - jmc@cvs.openbsd.org 2009/10/28 21:45:08Darren Tucker
[sshd_config.5 sftp.1] tweak previous;
2010-01-08 - reyk@cvs.openbsd.org 2009/10/28 16:38:18Darren Tucker
[ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. ok markus@
2010-01-08 - andreas@cvs.openbsd.org 2009/10/24 11:23:42Darren Tucker
[ssh.c] Request roaming to be enabled if UseRoaming is true and the server supports it. ok markus@
2010-01-08 - andreas@cvs.openbsd.org 2009/10/24 11:22:37Darren Tucker
[roaming_common.c] Do the actual suspend/resume in the client. This won't be useful until the server side supports roaming. Most code from Martin Forssen, maf at appgate dot com. Some changes by me and markus@ ok markus@
2010-01-08 - andreas@cvs.openbsd.org 2009/10/24 11:19:17Darren Tucker
[ssh2.h] Define the KEX messages used when resuming a suspended connection. ok markus@
2010-01-08 - andreas@cvs.openbsd.org 2009/10/24 11:15:29Darren Tucker
[clientloop.c] client_loop() must detect if the session has been suspended and resumed, and take appropriate action in that case. From Martin Forssen, maf at appgate dot com ok markus@
2010-01-08 - andreas@cvs.openbsd.org 2009/10/24 11:13:54Darren Tucker
[sshconnect2.c kex.h kex.c] Let the client detect if the server supports roaming by looking for the resume@appgate.com kex algorithm. ok markus@
2010-01-08 - andreas@cvs.openbsd.org 2009/10/24 11:11:58Darren Tucker
[roaming.h] Declarations needed for upcoming changes. ok markus@
2009-12-26 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1Tim Rice
Gzip all man pages. Patch from Corinna Vinschen.
2009-12-21 - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]Darren Tucker
Bug #1583: Use system's kerberos principal name on AIX if it's available. Based on a patch from and tested by Miguel Sanders.
2009-12-08 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,Darren Tucker
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
2009-12-07 - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass.Darren Tucker
2009-12-07 - (dtucker) Bug #1160: use pkg-config for opensc config if it's available.Darren Tucker
Tested by Martin Paljak.
2009-11-20 - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.Tim Rice
Bug 1628. OK dtucker@
2009-11-20 - (djm) [ssh-rand-helper.c] Print error and usage() when passed command-Damien Miller
line arguments as none are supported. Exit when passed unrecognised commandline flags. bz#1568 from gson AT araneus.fi
2009-11-18 - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.Damien Miller
bz#1645, patch from jchadima AT redhat.com
2009-11-18 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() toDamien Miller
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() report and fix from jan.kratochvil AT redhat.com
2009-11-07 - (dtucker) [authfile.c] Fall back to 3DES for the encryption of privateDarren Tucker
keys when built with OpenSSL versions that don't do AES.
2009-11-05 - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds withDarren Tucker
older versions of OpenSSL.
2009-10-24 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinuxDarren Tucker
is enabled set the security context to "sftpd_t" before running the internal sftp server Based on a patch from jchadima at redhat.
2009-10-24 - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro.Darren Tucker
2009-10-24 - dtucker@cvs.openbsd.org 2009/10/24 00:48:34Darren Tucker
[ssh-keygen.1] ssh-keygen now uses AES-128 for private keys
2009-10-24 - djm@cvs.openbsd.org 2009/10/23 01:57:11Darren Tucker
[sshconnect2.c] disallow a hostile server from checking jpake auth by sending an out-of-sequence success message. (doesn't affect code enabled by default)
2009-10-24 - djm@cvs.openbsd.org 2009/10/22 22:26:13Darren Tucker
[authfile.c] switch from 3DES to AES-128 for encryption of passphrase-protected SSH protocol 2 private keys; ok several
2009-10-24 - sobrado@cvs.openbsd.org 2009/10/22 15:02:12Darren Tucker
[ssh-agent.1 ssh-add.1 ssh.1] write UNIX-domain in a more consistent way; while here, replace a few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@
2009-10-24 - sobrado@cvs.openbsd.org 2009/10/22 12:35:53Darren Tucker
[ssh.1 ssh-agent.1 ssh-add.1] use the UNIX-related macros (.At and .Ux) where appropriate. ok jmc@
2009-10-24 - sobrado@cvs.openbsd.org 2009/10/17 12:10:39Darren Tucker
[sftp-server.c] sort flags.
2009-10-24 - (dtucker) OpenBSD CVS SyncDarren Tucker
- djm@cvs.openbsd.org 2009/10/11 23:03:15 [hostfile.c] mention the host name that we are looking for in check_host_in_hostfile()
2009-10-12 - markus@cvs.openbsd.org 2009/10/08 18:04:27Darren Tucker
[regress/test-exec.sh] re-enable protocol v1 for the tests.
2009-10-11 - dtucker@cvs.openbsd.org 2009/10/11 10:41:26Darren Tucker
[sftp-client.c] d_type isn't portable so use lstat to get dirent modes. Suggested by and "looks sane" deraadt@
2009-10-11 - jmc@cvs.openbsd.org 2009/10/08 20:42:12Darren Tucker
[sshd_config.5 ssh_config.5 sshd.8 ssh.1] some tweaks now that protocol 1 is not offered by default; ok markus
2009-10-11 - (dtucker) OpenBSD CVS SyncDarren Tucker
- markus@cvs.openbsd.org 2009/10/08 14:03:41 [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5] disable protocol 1 by default (after a transition period of about 10 years) ok deraadt
2009-10-11 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required forDarren Tucker
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable lstat.
2009-10-07 - (dtucker) d_type is not mandated by POSIX, so add fallback code usingDarren Tucker
stat(), needed on at least cygwin.
2009-10-07 - (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on atDarren Tucker
least dragonflybsd.
2009-10-07 - (dtucker) [regress/portnum.sh] Import new test.Darren Tucker
2009-10-07fix idDarren Tucker
2009-10-07 - dtucker@cvs.openbsd.org 2009/10/06 23:51:49Darren Tucker
[regress/ssh2putty.sh] Add OpenBSD tag to make syncs easier
2009-10-07 - djm@cvs.openbsd.org 2009/08/20 18:43:07Darren Tucker
[ssh-com-sftp.sh] fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos Silva for Google Summer of Code
2009-10-07 - djm@cvs.openbsd.org 2009/08/13 01:11:55Darren Tucker
[sftp-batch.sh sftp-badcmds.sh sftp.sh sftp-cmds.sh sftp-glob.sh] date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7 Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path", add "-P port" to match scp(1). Fortunately, the -P option is only really used by our regression scripts. part of larger patch from carlosvsilvapt@gmail.com for his Google Summer of Code work; ok deraadt markus
2009-10-07 - djm@cvs.openbsd.org 2009/08/13 00:57:17Darren Tucker
[regress/Makefile] regression test for port number parsing. written as part of the a2port change that went into 5.2 but I forgot to commit it at the time...
2009-10-07 - dtucker@cvs.openbsd.org 2009/05/05 07:51:36Darren Tucker
[regress/multiplex.sh] Always specify ssh_config for multiplex tests: prevents breakage caused by options in ~/.ssh/config. From Dan Peterson.
2009-10-07 - djm@cvs.openbsd.org 2008/12/07 22:17:48Darren Tucker
[regress/addrmatch.sh] match string "passwordauthentication" only at start of line, not anywhere in sshd -T output
2009-10-07 - djm@cvs.openbsd.org 2009/10/06 04:46:40Darren Tucker
[session.c] bz#1596: fflush(NULL) before exec() to ensure that everying (motd in particular) has made it out before the streams go away.
2009-10-07 - grunk@cvs.openbsd.org 2009/10/01 11:37:33Darren Tucker
[dh.c] fix a cast ok djm@ markus@
2009-10-07 - djm@cvs.openbsd.org 2009/09/01 14:43:17Darren Tucker
[ssh-agent.c] fix a race condition in ssh-agent that could result in a wedged or spinning agent: don't read off the end of the allocated fd_sets, and don't issue blocking read/write on agent sockets - just fall back to select() on retriable read/write errors. bz#1633 reported and tested by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
2009-10-07 - djm@cvs.openbsd.org 2009/08/31 21:01:29Darren Tucker
[sftp-server.8] document -e and -h; prodded by jmc@
2009-10-07 - djm@cvs.openbsd.org 2009/08/31 20:56:02Darren Tucker
[sftp-server.c] check correct variable for error message, spotted by martynas@
2009-10-07 - djm@cvs.openbsd.org 2009/08/27 17:44:52Darren Tucker
[authfd.c ssh-add.c authfd.h] Do not fall back to adding keys without contraints (ssh-add -c / -t ...) when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
2009-10-07 - djm@cvs.openbsd.org 2009/08/27 17:43:00Darren Tucker
[sftp-server.8] allow setting an explicit umask on the commandline to override whatever default the user has. bz#1229; ok dtucker@ deraadt@ markus@