summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-06-30 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile errorDarren Tucker
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45Darren Tucker
[regress/try-ciphers.sh regress/cipher-speed.sh] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59Darren Tucker
[regress/connect-privsep.sh] test sandbox with every malloc option
2012-06-30 - djm@cvs.openbsd.org 2012/06/01 00:52:52Darren Tucker
[regress/sftp-cmds.sh] don't delete .* on cleanup due to unintended env expansion; pointed out in bz#2014 by openssh AT roumenpetrov.info
2012-06-30 - djm@cvs.openbsd.org 2012/06/01 00:47:35Darren Tucker
[multiplex.sh forwarding.sh] append to rather than truncate test log; bz#2013 from openssh AT roumenpetrov.
2012-06-30 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32Darren Tucker
[regress/addrmatch.sh] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
2012-06-30 - naddy@cvs.openbsd.org 2012/06/29 13:57:25Damien Miller
[ssh_config.5 sshd_config.5] match the documented MAC order of preference to the actual one; ok dtucker@ (actual patch accidentally committed with previous)
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45Damien Miller
[mac.c myproposal.h ssh_config.5 sshd_config.5] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus.
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30Damien Miller
[sandbox-systrace.c] Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation sandbox" since malloc now uses it. From johnw.mail at gmail com.
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33Damien Miller
[sftp.c] Remove unused variable leftover from tab-completion changes. From Steve.McClellan at radisys com, ok markus@
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26Damien Miller
[monitor.c sshconnect2.c] remove dead code following 'for (;;)' loops. From Steve.McClellan at radisys com, ok markus@
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07Damien Miller
[addrmatch.c] fix strlcpy truncation check. from carsten at debian org, ok markus
2012-06-28 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent nullDarren Tucker
pointer deref in the client when built with LDNS and using DNSSEC with a CNAME. Patch from gregdlg+mr at hochet info.
2012-06-22 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs asDarren Tucker
can logon as a service. Patch from vinschen at redhat com.
2012-06-20 - djm@cvs.openbsd.org 2012/06/20 04:42:58Damien Miller
[clientloop.c serverloop.c] initialise accept() backoff timer to avoid EINVAL from select(2) in rekeying
2012-06-20 - jmc@cvs.openbsd.org 2012/06/19 21:35:54Damien Miller
[sshd_config.5] tweak previous; ok markus
2012-06-20 - markus@cvs.openbsd.org 2012/06/19 18:25:28Damien Miller
[servconf.c servconf.h sshd_config.5] sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' ok djm@ (back in March)
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18Damien Miller
[ssh.1] Clarify description of -W. Noted by Steve.McClellan at radisys com, ok jmc
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07Damien Miller
[ssh.1 sshd.8] Remove mention of 'three' key files since there are now four. From Steve.McClellan at radisys com.
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58Damien Miller
[ssh_config.5] RSA instead of DSA twice. From Steve.McClellan at radisys com
2012-06-20 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53Damien Miller
[jpake.c] correct sizeof usage. patch from saw at online.de, ok deraadt
2012-06-20 - djm@cvs.openbsd.org 2012/06/01 01:01:22Damien Miller
[mux.c] fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg AT googlemail.com
2012-06-20 - djm@cvs.openbsd.org 2012/06/01 00:49:35Damien Miller
[PROTOCOL.mux] correct types of port numbers (integers, not strings); bz#2004 from bert.wesarg AT googlemail.com
2012-06-20 - djm@cvs.openbsd.org 2012/05/23 03:28:28Damien Miller
[dns.c dns.h key.c key.h ssh-keygen.c] add support for RFC6594 SSHFP DNS records for ECDSA key types. patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
2012-06-20 - djm@cvs.openbsd.org 2012/01/07 21:11:36Damien Miller
[mux.c] fix double-free in new session handler NB. Id sync only
2012-06-20 - djm@cvs.openbsd.org 2011/12/04 23:16:12Damien Miller
[mux.c] revert: > revision 1.32 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. > ok dtucker@ it interacts badly with ControlPersist
2012-06-20 - djm@cvs.openbsd.org 2011/12/02 00:41:56Damien Miller
[mux.c] fix bz#1948: ssh -f doesn't fork for multiplexed connection. ok dtucker@
2012-05-19 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30Darren Tucker
[sshd_config.5] Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
2012-05-19- (dtucker) OpenBSD CVS SyncDarren Tucker
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
2012-05-19 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to findDarren Tucker
pkg-config so it does the right thing when cross-compiling. Patch from cjwatson at debian org.
2012-05-19 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. PatchDarren Tucker
from cjwatson at debian org.
2012-05-04 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>Darren Tucker
to fix building on some plaforms. Fom bowman at math utah edu and des at des no.
2012-04-27 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6Darren Tucker
platform rather than exiting early, so that we still clean up and return status to test-exec.sh
2012-04-26 - (djm) [auth-krb5.c] Save errno across calls that might modify it;Damien Miller
ok dtucker@
2012-04-26 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul WoutersDamien Miller
via Niels
2012-04-23 - djm@cvs.openbsd.org 2012/04/23 08:18:17Damien Miller
[channels.c] fix function proto/source mismatch
2012-04-22 - jmc@cvs.openbsd.org 2012/04/20 16:26:22Damien Miller
[ssh.1] use "brackets" instead of "braces", for consistency;
2012-04-22 - djm@cvs.openbsd.org 2012/04/20 03:24:23Damien Miller
[sftp.c] setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
2012-04-22 - djm@cvs.openbsd.org 2012/04/12 02:43:55Damien Miller
[sshd_config sshd_config.5] mention AuthorizedPrincipalsFile=none default
2012-04-22 - djm@cvs.openbsd.org 2012/04/12 02:42:32Damien Miller
[servconf.c servconf.h sshd.c sshd_config sshd_config.5] VersionAddendum option to allow server operators to append some arbitrary text to the SSH-... banner; ok deraadt@ "don't care" markus@
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:34:17Damien Miller
[ssh-keyscan.1 ssh-keyscan.c] now that sshd defaults to offering ECDSA keys, ssh-keyscan should also look for them by default; bz#1971
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:26:40Damien Miller
[sshd.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:17:54Damien Miller
[auth.c] Support "none" as an argument for AuthorizedPrincipalsFile to indicate no file should be read.
2012-04-22 - djm@cvs.openbsd.org 2012/04/11 13:16:19Damien Miller
[channels.c channels.h clientloop.c serverloop.c] don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a while; ok deraadt@ markus@
2012-04-22 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36Damien Miller
[channels.c channels.h servconf.c] Add PermitOpen none option based on patch from Loganaden Velvindron (bz #1949). ok djm@
2012-04-22 - djm@cvs.openbsd.org 2012/03/28 07:23:22Damien Miller
[PROTOCOL.certkeys] explain certificate extensions/crit split rationale. Mention requirement that each appear at most once per cert.
2012-04-22 - guenther@cvs.openbsd.org 2012/03/15 03:10:27Damien Miller
[session.c] root should always be excluded from the test for /etc/nologin instead of having it always enforced even when marked as ignorenologin. This regressed when the logic was incompletely flipped around in rev 1.251 ok halex@ millert@
2012-04-22 - djm@cvs.openbsd.org 2012/02/29 11:21:26Damien Miller
[ssh-keygen.c] allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
2012-04-20 - (djm) Release openssh-6.0Damien Miller
2012-04-20 - (djm) [README] Update URL to release notes.Damien Miller