summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-05-19 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. PatchDarren Tucker
from cjwatson at debian org.
2012-05-04 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>Darren Tucker
to fix building on some plaforms. Fom bowman at math utah edu and des at des no.
2012-04-27 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6Darren Tucker
platform rather than exiting early, so that we still clean up and return status to test-exec.sh
2012-04-26 - (djm) [auth-krb5.c] Save errno across calls that might modify it;Damien Miller
ok dtucker@
2012-04-26 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul WoutersDamien Miller
via Niels
2012-04-23 - djm@cvs.openbsd.org 2012/04/23 08:18:17Damien Miller
[channels.c] fix function proto/source mismatch
2012-04-22 - jmc@cvs.openbsd.org 2012/04/20 16:26:22Damien Miller
[ssh.1] use "brackets" instead of "braces", for consistency;
2012-04-22 - djm@cvs.openbsd.org 2012/04/20 03:24:23Damien Miller
[sftp.c] setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
2012-04-22 - djm@cvs.openbsd.org 2012/04/12 02:43:55Damien Miller
[sshd_config sshd_config.5] mention AuthorizedPrincipalsFile=none default
2012-04-22 - djm@cvs.openbsd.org 2012/04/12 02:42:32Damien Miller
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] VersionAddendum option to allow server operators to append some arbitrary text to the SSH-... banner; ok deraadt@ "don't care" markus@
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:34:17Damien Miller
[ssh-keyscan.1 ssh-keyscan.c] now that sshd defaults to offering ECDSA keys, ssh-keyscan should also look for them by default; bz#1971
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:26:40Damien Miller
[sshd.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:17:54Damien Miller
[auth.c] Support "none" as an argument for AuthorizedPrincipalsFile to indicate no file should be read.
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller
[channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36Damien Miller
[channels.c channels.h servconf.c] Add PermitOpen none option based on patch from Loganaden Velvindron (bz #1949). ok djm@
2012-04-22 - djm@cvs.openbsd.org 2012/03/28 07:23:22Damien Miller
[PROTOCOL.certkeys] explain certificate extensions/crit split rationale. Mention requirement that each appear at most once per cert.
2012-04-22 - guenther@cvs.openbsd.org 2012/03/15 03:10:27Damien Miller
[session.c] root should always be excluded from the test for /etc/nologin instead of having it always enforced even when marked as ignorenologin. This regressed when the logic was incompletely flipped around in rev 1.251 ok halex@ millert@
2012-04-22 - djm@cvs.openbsd.org 2012/02/29 11:21:26Damien Miller
[ssh-keygen.c] allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
2012-04-20 - (djm) Release openssh-6.0Damien Miller
2012-04-20 - (djm) [README] Update URL to release notes.Damien Miller
2012-04-20 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update for release 6.0
2012-04-19 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutilDamien Miller
contains openpty() but not login()
2012-04-04 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandboxDamien Miller
mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@
2012-03-30 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrectDamien Miller
assumptions when building on Cygwin; patch from Corinna Vinschen
2012-03-30 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow runningDamien Miller
openssh binaries on a newer fix release than they were compiled on. with and ok dtucker@
2012-03-30 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNINGDarren Tucker
file from spec file. From crighter at nuclioss com.
2012-03-09 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6Damien Miller
addressed connections. ok dtucker@
2012-03-09 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinuxDamien Miller
systems where sshd is run in te wrong context. Patch from Sven Vermeulen; ok dtucker@
2012-02-24 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSMDarren Tucker
audit breakage in Solaris 11. Patch from Magnus Johansson.
2012-02-14 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quoteTim Rice
to work. Spotted by Angel Gonzalez
2012-02-14 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN soTim Rice
it actually works.
2012-02-14 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type forTim Rice
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c ok dtucker@
2012-02-14 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list ofDamien Miller
preserved Cygwin environment variables; from Corinna Vinschen
2012-02-11 - markus@cvs.openbsd.org 2012/02/09 20:00:18Damien Miller
[version.h] move from 6.0-beta to 6.0
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:40:09Damien Miller
[packet.c packet.h] packet_read_poll() is not used anymore.
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:36:31Damien Miller
[authfile.c] memleak in key_load_file(); from Jan Klemkow
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:26:43Damien Miller
[packet.c] do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; ok dtucker@, djm@
2012-02-11 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43Damien Miller
[clientloop.c] Ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
2012-02-11 - miod@cvs.openbsd.org 2012/01/16 20:34:09Damien Miller
[ssh-pkcs11-client.c] Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. While there, be sure to buffer_clear() between send_msg() and recv_msg(). ok markus@
2012-02-11 - miod@cvs.openbsd.org 2012/01/08 13:17:11Damien Miller
[ssh-ecdsa.c] Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, ok markus@
2012-02-11 - djm@cvs.openbsd.org 2012/01/07 21:11:36Damien Miller
[mux.c] fix double-free in new session handler
2012-02-11 - djm@cvs.openbsd.org 2012/01/05 00:16:56Damien Miller
[monitor.c] memleak on error path
2012-02-06 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platformsDamien Miller
that don't support ECC. Patch from Phil Oleson
2012-01-17 - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] AddDarren Tucker
null implementation of HMAC_CTX_init for the benefit of old versions of OpenSSL that don't have it.
2011-12-19 - djm@cvs.openbsd.org 2011/12/07 05:44:38Damien Miller
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] fix some harmless and/or unreachable int overflows; reported Xi Wang, ok markus@
2011-12-19 - djm@cvs.openbsd.org 2011/12/04 23:16:12Damien Miller
[mux.c] revert: > revision 1.32 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. > ok dtucker@ it interacts badly with ControlPersist
2011-12-19 - djm@cvs.openbsd.org 2011/12/02 00:43:57Damien Miller
[mac.c] fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before HMAC_init (this change in policy seems insane to me) ok dtucker@
2011-12-19 - djm@cvs.openbsd.org 2011/12/02 00:41:56Damien Miller
[mux.c] fix bz#1948: ssh -f doesn't fork for multiplexed connection. ok dtucker@
2011-11-25 - oga@cvs.openbsd.org 2011/11/16 12:24:28Damien Miller
[sftp.c] Don't leak list in complete_cmd_parse if there are no commands found. Discovered when I was ``borrowing'' this code for something else. ok djm@
2011-11-21 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@Darren Tucker