summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:46:16Damien Miller
[sftp-server.c] the protocol version should be unsigned; bz#1913 reported by mb AT smartftp.com
2011-06-20 - djm@cvs.openbsd.org 2011/06/17 21:44:31Damien Miller
[log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] make the pre-auth privsep slave log via a socketpair shared with the monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
2011-06-20 - markus@cvs.openbsd.org 2011/06/14 22:49:18Damien Miller
[authfile.c] make sure key_parse_public/private_rsa1() no longer consumes its input buffer. fixes ssh-add for passphrase-protected ssh1-keys; noted by naddy@; ok djm@
2011-06-20 - djm@cvs.openbsd.org 2011/06/04 00:10:26Damien Miller
[ssh_config.5] explain IdentifyFile's semantics a little better, prompted by bz#1898 ok dtucker jmc
2011-06-02 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.Tim Rice
2011-06-03 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52Darren Tucker
[regress/dynamic-forward.sh] Retry establishing the port forwarding after a small delay, should make the tests less flaky when the previous test is slow to shut down and free up the port.
2011-06-03 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34Darren Tucker
[regress/dynamic-forward.sh] work around startup and teardown races; caught by deraadt
2011-06-03 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58Darren Tucker
[regress/dynamic-forward.sh] back out revs 1.6 and 1.5 since it's not reliable
2011-06-03 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40Darren Tucker
[ssh-agent.c] Check current parent process ID against saved one to determine if the parent has exited, rather than attempting to send a zero signal, since the latter won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn Gillmor, ok djm@
2011-06-03 - (djm) [configure.ac] enable setproctitle emulation for OS XDamien Miller
2011-06-03 - djm@cvs.openbsd.org 2011/06/03 00:54:38Damien Miller
[ssh.c] bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg AT googlemail.com; ok dtucker@ NB. includes additional portability code to enable setproctitle emulation on platforms that don't support it.
2011-06-03add missing changelog entryDarren Tucker
2011-06-03Remove the !HAVE_SOCKETPAIR case. We use socketpair unconditionally in otherDarren Tucker
places and the survey data we have does not show any systems that use it. "nuke it" djm@
2011-06-02 - (tim) [configure.ac defines.h] Run test program to detect system mailTim Rice
directory. Add --with-maildir option to override. Fixed OpenServer 6 getting it wrong. Fixed many systems having MAIL=/var/mail//username ok dtucker
2011-06-03 - (dtucker) [README version.h contrib/caldera/openssh.specDarren Tucker
contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version bumps from the 5.8p2 branch into HEAD. ok djm.
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:31:31Damien Miller
[regress/cfgmatch.sh] include testing of multiple/overridden AuthorizedKeysFiles refactor to simply daemon start/stop and get rid of racy constructs
2011-05-29 - djm@cvs.openbsd.org 2011/05/24 07:15:47Damien Miller
[readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] Remove undocumented legacy options UserKnownHostsFile2 and GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile accept multiple paths per line and making their defaults include known_hosts2; ok markus
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 07:24:57Damien Miller
[authfile.c] read in key comments for v.2 keys (though note that these are not passed over the agent protocol); bz#439, based on patch from binder AT arago.de; ok markus@
2011-05-29 - jmc@cvs.openbsd.org 2011/05/23 07:10:21Damien Miller
[sshd.8 sshd_config.5] tweak previous; ok djm
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:52:55Damien Miller
[sshconnect.c] remove extra newline
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:33:38Damien Miller
[auth.c] make secure_filename() spam debug logs less
2011-05-29OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/05/23 03:30:07 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30Damien Miller
[dynamic-forward.sh] fix dumb error in dynamic-forward test
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50Damien Miller
[dynamic-forward.sh] Prevent races in dynamic forwarding test; ok djm
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 02:43:36Damien Miller
[cert-hostkey.sh] another attempt to generate a v00 ECDSA key that broke the test ID sync only - portable already had this somehow
2011-05-20 - djm@cvs.openbsd.org 2011/05/17 07:13:31Damien Miller
[regress/cert-userkey.sh] fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :)
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 03:25:45Damien Miller
[monitor.c monitor_wrap.c servconf.c servconf.h] use a macro to define which string options to copy between configs for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19Damien Miller
[servconf.c] Add comment documenting what should be after the preauth check. ok djm
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 00:55:02Damien Miller
[servconf.c] the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile and AuthorizedPrincipalsFile were not being correctly applied in Match blocks, despite being overridable there; ok dtucker@
2011-05-20 - djm@cvs.openbsd.org 2011/05/17 07:13:31Damien Miller
[key.c] fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :)
2011-05-20 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/05/15 08:09:01 [authfd.c monitor.c serverloop.c] use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2Damien Miller
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 - (djm) [session.c] call setexeccon() before executing passwd for pwDamien Miller
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
2011-05-15 - (djm) [packet.c] unbreak portability #endifDamien Miller
2011-05-15 - djm@cvs.openbsd.org 2011/05/13 00:05:36Damien Miller
[authfile.c] warn on unexpected key type in key_parse_private_type()
2011-05-15 - djm@cvs.openbsd.org 2011/05/11 04:47:06Damien Miller
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] remove support for authorized_keys2; it is a relic from the early days of protocol v.2 support and has been undocumented for many years; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/10 05:46:46Damien Miller
[authfile.c] despam debug() logs by detecting that we are trying to load a private key in key_try_load_public() and returning early; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/08 12:52:01Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c] improve our behaviour when TTY allocation fails: if we are in RequestTTY=auto mode (the default), then do not treat at TTY allocation error as fatal but rather just restore the local TTY to cooked mode and continue. This is more graceful on devices that never allocate TTYs. If RequestTTY is set to "yes" or "force", then failure to allocate a TTY is fatal. ok markus@
2011-05-15 - jmc@cvs.openbsd.org 2011/05/07 23:20:25Damien Miller
[ssh.1] +.It RequestTTY
2011-05-15 - jmc@cvs.openbsd.org 2011/05/07 23:19:39Damien Miller
[ssh_config.5] - tweak previous - come consistency fixes ok djm
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 22:20:10Damien Miller
[PROTOCOL.mux] fix numbering; from bert.wesarg AT googlemail.com
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:38:58Damien Miller
[ssh.c] fix dropping from previous diff
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:34:32Damien Miller
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] Add a RequestTTY ssh_config option to allow configuration-based control over tty allocation (like -t/-T); ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:31:38Damien Miller
[readconf.c ssh_config.5] support negated Host matching, e.g. Host *.example.org !c.example.org User mekmitasdigoat Will match "a.example.org", "b.example.org", but not "c.example.org" ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:18:02Damien Miller
[ssh.c ssh_config.5] add a %L expansion (short-form of the local host name) for ControlPath; sync some more expansions with LocalCommand; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:14:05Damien Miller
[packet.c packet.h] set traffic class for IPv6 traffic as we do for IPv4 TOS; patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 02:05:41Damien Miller
[sshconnect2.c] fix memory leak; bz#1849 ok dtucker@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 01:09:53Damien Miller
[sftp.1] mention that IPv6 addresses must be enclosed in square brackets; bz#1845