summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:17:54Damien Miller
[auth.c] Support "none" as an argument for AuthorizedPrincipalsFile to indicate no file should be read.
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller
[channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36Damien Miller
[channels.c channels.h servconf.c] Add PermitOpen none option based on patch from Loganaden Velvindron (bz #1949). ok djm@
2012-04-22 - djm@cvs.openbsd.org 2012/03/28 07:23:22Damien Miller
[PROTOCOL.certkeys] explain certificate extensions/crit split rationale. Mention requirement that each appear at most once per cert.
2012-04-22 - guenther@cvs.openbsd.org 2012/03/15 03:10:27Damien Miller
[session.c] root should always be excluded from the test for /etc/nologin instead of having it always enforced even when marked as ignorenologin. This regressed when the logic was incompletely flipped around in rev 1.251 ok halex@ millert@
2012-04-22 - djm@cvs.openbsd.org 2012/02/29 11:21:26Damien Miller
[ssh-keygen.c] allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
2012-04-20 - (djm) Release openssh-6.0Damien Miller
2012-04-20 - (djm) [README] Update URL to release notes.Damien Miller
2012-04-20 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update for release 6.0
2012-04-19 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutilDamien Miller
contains openpty() but not login()
2012-04-04 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandboxDamien Miller
mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@
2012-03-30 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrectDamien Miller
assumptions when building on Cygwin; patch from Corinna Vinschen
2012-03-30 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow runningDamien Miller
openssh binaries on a newer fix release than they were compiled on. with and ok dtucker@
2012-03-30 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNINGDarren Tucker
file from spec file. From crighter at nuclioss com.
2012-03-09 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6Damien Miller
addressed connections. ok dtucker@
2012-03-09 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinuxDamien Miller
systems where sshd is run in te wrong context. Patch from Sven Vermeulen; ok dtucker@
2012-02-24 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSMDarren Tucker
audit breakage in Solaris 11. Patch from Magnus Johansson.
2012-02-14 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quoteTim Rice
to work. Spotted by Angel Gonzalez
2012-02-14 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN soTim Rice
it actually works.
2012-02-14 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type forTim Rice
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c ok dtucker@
2012-02-14 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list ofDamien Miller
preserved Cygwin environment variables; from Corinna Vinschen
2012-02-11 - markus@cvs.openbsd.org 2012/02/09 20:00:18Damien Miller
[version.h] move from 6.0-beta to 6.0
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:40:09Damien Miller
[packet.c packet.h] packet_read_poll() is not used anymore.
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:36:31Damien Miller
[authfile.c] memleak in key_load_file(); from Jan Klemkow
2012-02-11 - markus@cvs.openbsd.org 2012/01/25 19:26:43Damien Miller
[packet.c] do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; ok dtucker@, djm@
2012-02-11 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43Damien Miller
[clientloop.c] Ensure that $DISPLAY contains only valid characters before using it to extract xauth data so that it can't be used to play local shell metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
2012-02-11 - miod@cvs.openbsd.org 2012/01/16 20:34:09Damien Miller
[ssh-pkcs11-client.c] Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. While there, be sure to buffer_clear() between send_msg() and recv_msg(). ok markus@
2012-02-11 - miod@cvs.openbsd.org 2012/01/08 13:17:11Damien Miller
[ssh-ecdsa.c] Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, ok markus@
2012-02-11 - djm@cvs.openbsd.org 2012/01/07 21:11:36Damien Miller
[mux.c] fix double-free in new session handler
2012-02-11 - djm@cvs.openbsd.org 2012/01/05 00:16:56Damien Miller
[monitor.c] memleak on error path
2012-02-06 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platformsDamien Miller
that don't support ECC. Patch from Phil Oleson
2012-01-17 - (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] AddDarren Tucker
null implementation of HMAC_CTX_init for the benefit of old versions of OpenSSL that don't have it.
2011-12-19 - djm@cvs.openbsd.org 2011/12/07 05:44:38Damien Miller
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] fix some harmless and/or unreachable int overflows; reported Xi Wang, ok markus@
2011-12-19 - djm@cvs.openbsd.org 2011/12/04 23:16:12Damien Miller
[mux.c] revert: > revision 1.32 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. > ok dtucker@ it interacts badly with ControlPersist
2011-12-19 - djm@cvs.openbsd.org 2011/12/02 00:43:57Damien Miller
[mac.c] fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before HMAC_init (this change in policy seems insane to me) ok dtucker@
2011-12-19 - djm@cvs.openbsd.org 2011/12/02 00:41:56Damien Miller
[mux.c] fix bz#1948: ssh -f doesn't fork for multiplexed connection. ok dtucker@
2011-11-25 - oga@cvs.openbsd.org 2011/11/16 12:24:28Damien Miller
[sftp.c] Don't leak list in complete_cmd_parse if there are no commands found. Discovered when I was ``borrowing'' this code for something else. ok djm@
2011-11-21 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@Darren Tucker
2011-11-04 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.inDarren Tucker
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) with some rework from myself and djm. ok djm.
2011-11-04 - dtucker@cvs.openbsd.org 011/11/04 00:09:39Darren Tucker
[moduli] regenerated moduli file; ok deraadt
2011-11-04 - djm@cvs.openbsd.org 2011/10/24 02:13:13Darren Tucker
[session.c] bz#1859: send tty break to pty master instead of (probably already closed) slave side; "looks good" markus@
2011-11-04 - djm@cvs.openbsd.org 2011/10/24 02:10:46Darren Tucker
[ssh.c] bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh was incorrectly requesting the forward in both the control master and slave. skip requesting it in the master to fix. ok markus@
2011-11-04 - djm@cvs.openbsd.org 2011/10/19 10:39:48Darren Tucker
[umac.c] typo in comment; patch from Michael W. Bombardieri
2011-11-04 - djm@cvs.openbsd.org 2011/10/19 00:06:10Darren Tucker
[moduli.c] s/tmpfile/tmp/ to make this -Wshadow clean
2011-11-04 - djm@cvs.openbsd.org 2011/10/18 23:37:42Darren Tucker
[ssh-add.c] add -k to usage(); reminded by jmc@
2011-11-04 - djm@cvs.openbsd.org 2011/10/18 05:15:28Darren Tucker
[ssh.c] ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
2011-10-25 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc fileDarren Tucker
fails. Patch from Corinna Vinschen.
2011-10-18 - djm@cvs.openbsd.org 2011/10/18 05:00:48Damien Miller
[ssh-add.1 ssh-add.c] new "ssh-add -k" option to load plain keys (skipping certificates); "looks ok" markus@
2011-10-18 - djm@cvs.openbsd.org 2011/10/18 04:58:26Damien Miller
[auth-options.c key.c] remove explict search for \0 in packet strings, this job is now done implicitly by buffer_get_cstring; ok markus
2011-10-18 - stsp@cvs.openbsd.org 2011/10/16 15:51:39Damien Miller
[moduli.c] add missing includes to unbreak tree; fix from rpointel