| Age | Commit message (Collapse) | Author |
|---|
|
[regress/addrmatch.sh]
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.
|
|
[ssh_config.5 sshd_config.5]
match the documented MAC order of preference to the actual one; ok dtucker@
(actual patch accidentally committed with previous)
|
|
[mac.c myproposal.h ssh_config.5 sshd_config.5]
Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
from draft6 of the spec and will not be in the RFC when published. Patch
from mdb at juniper net via bz#2023, ok markus.
|
|
[sandbox-systrace.c]
Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
sandbox" since malloc now uses it. From johnw.mail at gmail com.
|
|
[sftp.c]
Remove unused variable leftover from tab-completion changes.
From Steve.McClellan at radisys com, ok markus@
|
|
[monitor.c sshconnect2.c]
remove dead code following 'for (;;)' loops.
From Steve.McClellan at radisys com, ok markus@
|
|
[addrmatch.c]
fix strlcpy truncation check. from carsten at debian org, ok markus
|
|
pointer deref in the client when built with LDNS and using DNSSEC with a
CNAME. Patch from gregdlg+mr at hochet info.
|
|
can logon as a service. Patch from vinschen at redhat com.
|
|
[clientloop.c serverloop.c]
initialise accept() backoff timer to avoid EINVAL from select(2) in
rekeying
|
|
[sshd_config.5]
tweak previous; ok markus
|
|
[servconf.c servconf.h sshd_config.5]
sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
ok djm@ (back in March)
|
|
[ssh.1]
Clarify description of -W. Noted by Steve.McClellan at radisys com, ok jmc
|
|
[ssh.1 sshd.8]
Remove mention of 'three' key files since there are now four. From
Steve.McClellan at radisys com.
|
|
[ssh_config.5]
RSA instead of DSA twice. From Steve.McClellan at radisys com
|
|
[jpake.c]
correct sizeof usage. patch from saw at online.de, ok deraadt
|
|
[mux.c]
fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
AT googlemail.com
|
|
[PROTOCOL.mux]
correct types of port numbers (integers, not strings); bz#2004 from
bert.wesarg AT googlemail.com
|
|
[dns.c dns.h key.c key.h ssh-keygen.c]
add support for RFC6594 SSHFP DNS records for ECDSA key types.
patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
|
|
[mux.c]
fix double-free in new session handler
NB. Id sync only
|
|
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
|
|
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
|
|
[sshd_config.5]
Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
|
|
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32
[servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.
|
|
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
|
|
from cjwatson at debian org.
|
|
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
|
|
platform rather than exiting early, so that we still clean up and return
status to test-exec.sh
|
|
ok dtucker@
|
|
via Niels
|
|
[channels.c]
fix function proto/source mismatch
|
|
[ssh.1]
use "brackets" instead of "braces", for consistency;
|
|
[sftp.c]
setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
|
|
[sshd_config sshd_config.5]
mention AuthorizedPrincipalsFile=none default
|
|
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@
|
|
[ssh-keyscan.1 ssh-keyscan.c]
now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
look for them by default; bz#1971
|
|
[sshd.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
|
|
[auth.c]
Support "none" as an argument for AuthorizedPrincipalsFile to indicate
no file should be read.
|
|
[channels.c channels.h clientloop.c serverloop.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
|
|
[channels.c channels.h servconf.c]
Add PermitOpen none option based on patch from Loganaden Velvindron
(bz #1949). ok djm@
|
|
[PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert.
|
|
[session.c]
root should always be excluded from the test for /etc/nologin instead
of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@
|
|
[ssh-keygen.c]
allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
|
|
|
|
|
|
[contrib/suse/openssh.spec] Update for release 6.0
|
|
contains openpty() but not login()
|
|
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
|
|
assumptions when building on Cygwin; patch from Corinna Vinschen
|
|
openssh binaries on a newer fix release than they were compiled on.
with and ok dtucker@
|
