summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-06-20 - djm@cvs.openbsd.org 2012/06/20 04:42:58Damien Miller
[clientloop.c serverloop.c] initialise accept() backoff timer to avoid EINVAL from select(2) in rekeying
2012-06-20 - jmc@cvs.openbsd.org 2012/06/19 21:35:54Damien Miller
[sshd_config.5] tweak previous; ok markus
2012-06-20 - markus@cvs.openbsd.org 2012/06/19 18:25:28Damien Miller
[servconf.c servconf.h sshd_config.5] sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' ok djm@ (back in March)
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18Damien Miller
[ssh.1] Clarify description of -W. Noted by Steve.McClellan at radisys com, ok jmc
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07Damien Miller
[ssh.1 sshd.8] Remove mention of 'three' key files since there are now four. From Steve.McClellan at radisys com.
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58Damien Miller
[ssh_config.5] RSA instead of DSA twice. From Steve.McClellan at radisys com
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53Damien Miller
[jpake.c] correct sizeof usage. patch from saw at online.de, ok deraadt
2012-06-20 - djm@cvs.openbsd.org 2012/06/01 01:01:22Damien Miller
[mux.c] fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg AT googlemail.com
2012-06-20 - djm@cvs.openbsd.org 2012/06/01 00:49:35Damien Miller
[PROTOCOL.mux] correct types of port numbers (integers, not strings); bz#2004 from bert.wesarg AT googlemail.com
2012-06-20 - djm@cvs.openbsd.org 2012/05/23 03:28:28Damien Miller
[dns.c dns.h key.c key.h ssh-keygen.c] add support for RFC6594 SSHFP DNS records for ECDSA key types. patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
2012-06-20 - djm@cvs.openbsd.org 2012/01/07 21:11:36Damien Miller
[mux.c] fix double-free in new session handler NB. Id sync only
2012-06-20 - djm@cvs.openbsd.org 2011/12/04 23:16:12Damien Miller
[mux.c] revert: > revision 1.32 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. > ok dtucker@ it interacts badly with ControlPersist
2012-06-20 - djm@cvs.openbsd.org 2011/12/02 00:41:56Damien Miller
[mux.c] fix bz#1948: ssh -f doesn't fork for multiplexed connection. ok dtucker@
2012-05-26releasing version 1:6.0p1-1Colin Watson
2012-05-26Add a sandbox fallback mechanism, so that behaviour on Linux depends onColin Watson
whether the running system's kernel has seccomp_filter support, not the build system's kernel (forwarded upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
2012-05-22Pass noupdate to pam_motd call for /run/motd.dynamic.Roger Leigh
2012-05-19 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30Darren Tucker
[sshd_config.5] Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
2012-05-19- (dtucker) OpenBSD CVS SyncDarren Tucker
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
2012-05-19 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to findDarren Tucker
pkg-config so it does the right thing when cross-compiling. Patch from cjwatson at debian org.
2012-05-19 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. PatchDarren Tucker
from cjwatson at debian org.
2012-05-18IPQoS fix closes #671075 tooColin Watson
2012-05-18close #671010 with new upstreamColin Watson
2012-05-18Fix a bashism in configure's seccomp_filter check.Colin Watson
2012-05-18* New upstream release (http://www.openssh.org/txt/release-6.0).Colin Watson
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections (closes: #643312, #650512). - Add a new privilege separation sandbox implementation for Linux's new seccomp sandbox, automatically enabled on platforms that support it. (Note: privilege separation sandboxing is still experimental.)
2012-05-17merge 6.0p1Colin Watson
2012-05-17Import 6.0p1 tarballColin Watson
2012-05-04 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>Darren Tucker
to fix building on some plaforms. Fom bowman at math utah edu and des at des no.
2012-04-27 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6Darren Tucker
platform rather than exiting early, so that we still clean up and return status to test-exec.sh
2012-04-26 - (djm) [auth-krb5.c] Save errno across calls that might modify it;Damien Miller
ok dtucker@
2012-04-26 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul WoutersDamien Miller
via Niels
2012-04-23 - djm@cvs.openbsd.org 2012/04/23 08:18:17Damien Miller
[channels.c] fix function proto/source mismatch
2012-04-22 - jmc@cvs.openbsd.org 2012/04/20 16:26:22Damien Miller
[ssh.1] use "brackets" instead of "braces", for consistency;
2012-04-22 - djm@cvs.openbsd.org 2012/04/20 03:24:23Damien Miller
[sftp.c] setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
2012-04-22 - djm@cvs.openbsd.org 2012/04/12 02:43:55Damien Miller
[sshd_config sshd_config.5] mention AuthorizedPrincipalsFile=none default
2012-04-22 - djm@cvs.openbsd.org 2012/04/12 02:42:32Damien Miller
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] VersionAddendum option to allow server operators to append some arbitrary text to the SSH-... banner; ok deraadt@ "don't care" markus@
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:34:17Damien Miller
[ssh-keyscan.1 ssh-keyscan.c] now that sshd defaults to offering ECDSA keys, ssh-keyscan should also look for them by default; bz#1971
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:26:40Damien Miller
[sshd.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:17:54Damien Miller
[auth.c] Support "none" as an argument for AuthorizedPrincipalsFile to indicate no file should be read.
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller
[channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36Damien Miller
[channels.c channels.h servconf.c] Add PermitOpen none option based on patch from Loganaden Velvindron (bz #1949). ok djm@
2012-04-22 - djm@cvs.openbsd.org 2012/03/28 07:23:22Damien Miller
[PROTOCOL.certkeys] explain certificate extensions/crit split rationale. Mention requirement that each appear at most once per cert.
2012-04-22 - guenther@cvs.openbsd.org 2012/03/15 03:10:27Damien Miller
[session.c] root should always be excluded from the test for /etc/nologin instead of having it always enforced even when marked as ignorenologin. This regressed when the logic was incompletely flipped around in rev 1.251 ok halex@ millert@
2012-04-22 - djm@cvs.openbsd.org 2012/02/29 11:21:26Damien Miller
[ssh-keygen.c] allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
2012-04-22Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes:Colin Watson
#669667).
2012-04-21Display dynamic part of MOTD from /run/motd.dynamic, if it existsColin Watson
(closes: #669699).
2012-04-20 - (djm) Release openssh-6.0Damien Miller
2012-04-20 - (djm) [README] Update URL to release notes.Damien Miller
2012-04-20 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update for release 6.0
2012-04-19 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutilDamien Miller
contains openpty() but not login()
2012-04-04 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandboxDamien Miller
mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@