summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-11-07 - markus@cvs.openbsd.org 2013/11/04 11:51:16Damien Miller
[monitor.c] fix rekeying for KEX_C25519_SHA256; noted by dtucker@ RCSID sync only; I thought this was a merge botch and fixed it already
2013-11-07 - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platformsDamien Miller
that lack it but have arc4random_uniform()
2013-11-07 - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit theseDamien Miller
2013-11-07 - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diffDamien Miller
2013-11-07 - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)Damien Miller
that got lost in recent merge.
2013-11-04 - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files fromDamien Miller
KEX/curve25519 change
2013-11-04 - djm@cvs.openbsd.org 2013/11/03 10:37:19Damien Miller
[roaming_common.c] fix a couple of function definitions foo() -> foo(void) (-Wold-style-definition)
2013-11-04 - markus@cvs.openbsd.org 2013/11/02 22:39:19Damien Miller
[ssh_config.5 sshd_config.5] the default kex is now curve25519-sha256@libssh.org
2013-11-04 - markus@cvs.openbsd.org 2013/11/02 22:34:01Damien Miller
[auth-options.c] no need to include monitor_wrap.h and ssh-gss.h
2013-11-04 - markus@cvs.openbsd.org 2013/11/02 22:24:24Damien Miller
[kexdhs.c kexecdhs.c] no need to include ssh-gss.h
2013-11-04 - markus@cvs.openbsd.org 2013/11/02 22:10:15Damien Miller
[kexdhs.c kexecdhs.c] no need to include monitor_wrap.h
2013-11-04 - markus@cvs.openbsd.org 2013/11/02 21:59:15Damien Miller
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] use curve25519 for default key exchange (curve25519-sha256@libssh.org); initial patch from Aris Adamantiadis; ok djm@
2013-11-04 - markus@cvs.openbsd.org 2013/11/02 20:03:54Damien Miller
[ssh-pkcs11.c] support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys; fixes bz#1908; based on patch from Laurent Barbe; ok djm
2013-11-03 - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_tDarren Tucker
for platforms that don't have them.
2013-11-03 - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2ndDarren Tucker
vsnprintf. From eric at openbsd via chl@.
2013-11-03 - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.Darren Tucker
From OpenSMTPD where it prevents "implicit declaration" warnings (it's a no-op in OpenSSH). From chl at openbsd.
2013-10-30 - jmc@cvs.openbsd.org 2013/10/29 18:49:32Damien Miller
[sshd_config.5] pty(4), not pty(7);
2013-10-30 - djm@cvs.openbsd.org 2013/10/29 09:48:02Damien Miller
[servconf.c servconf.h session.c sshd_config sshd_config.5] shd_config PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option; bz#2070, patch from Teran McKinney; ok markus@
2013-10-30 - djm@cvs.openbsd.org 2013/10/29 09:42:11Damien Miller
[key.c key.h] fix potential stack exhaustion caused by nested certificates; report by Mateusz Kocielski; ok dtucker@ markus@
2013-10-26 - djm@cvs.openbsd.org 2013/10/25 23:04:51Damien Miller
[ssh.c] fix crash when using ProxyCommand caused by previous commit - was calling freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
2013-10-26 - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] RemoveDamien Miller
unnecessary arc4random_stir() calls. The only ones left are to ensure that the PRNG gets a different state after fork() for platforms that have broken the API.
2013-10-24 - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"Tim Rice
2013-10-24 - djm@cvs.openbsd.org 2013/10/24 08:19:36Damien Miller
[ssh.c] fix bug introduced in hostname canonicalisation commit: don't try to resolve hostnames when a ProxyCommand is set unless the user has forced canonicalisation; spotted by Iain Morgan
2013-10-24 - dtucker@cvs.openbsd.org 2013/10/24 00:51:48Damien Miller
[readconf.c servconf.c ssh_config.5 sshd_config.5] Disallow empty Match statements and add "Match all" which matches everything. ok djm, man page help jmc@
2013-10-24 - dtucker@cvs.openbsd.org 2013/10/24 00:49:49Damien Miller
[moduli.c] Periodically print progress and, if possible, expected time to completion when screening moduli for DH groups. ok deraadt djm
2013-10-24 - djm@cvs.openbsd.org 2013/10/23 23:35:32Damien Miller
[sshd.c] include local address and port in "Connection from ..." message (only shown at loglevel>=verbose)
2013-10-24 - dtucker@cvs.openbsd.org 2013/10/23 05:40:58Damien Miller
[servconf.c] fix comment
2013-10-24 - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok checkDamien Miller
rather than full client name which may be of form user@REALM; patch from Miguel Sanders; ok dtucker@
2013-10-23 - djm@cvs.openbsd.org 2013/10/23 04:16:22Damien Miller
[ssh-keygen.c] Make code match documentation: relative-specified certificate expiry time should be relative to current time and not the validity start time. Reported by Petr Lautrbach; ok deraadt@
2013-10-23 - djm@cvs.openbsd.org 2013/10/23 03:05:19Damien Miller
[readconf.c ssh.c] comment
2013-10-23 - djm@cvs.openbsd.org 2013/10/23 03:03:07Damien Miller
[readconf.c] Hostname may have %h sequences that should be expanded prior to Match evaluation; spotted by Iain Morgan
2013-10-23 - jmc@cvs.openbsd.org 2013/10/20 18:00:13Damien Miller
[ssh_config.5] tweak the "exec" description, as worded by djm;
2013-10-23 - djm@cvs.openbsd.org 2013/10/20 09:51:26Damien Miller
[scp.1 sftp.1] add canonicalisation options to -o lists
2013-10-23 - djm@cvs.openbsd.org 2013/10/20 06:19:28Damien Miller
[readconf.c ssh_config.5] rename "command" subclause of the recently-added "Match" keyword to "exec"; it's shorter, clearer in intent and we might want to add the ability to match against the command being executed at the remote end in the future.
2013-10-23 - djm@cvs.openbsd.org 2013/10/20 04:39:28Damien Miller
[ssh_config.5] document % expansions performed by "Match command ..."
2013-10-18 - djm@cvs.openbsd.org 2013/10/17 22:08:04Damien Miller
[sshd.c] include remote port in bad banner message; bz#2162
2013-10-18 - jmc@cvs.openbsd.org 2013/10/17 07:35:48Damien Miller
[sftp.1 sftp.c] tweak previous;
2013-10-18 - djm@cvs.openbsd.org 2013/10/09 23:44:14Damien Miller
[regress/Makefile regress/sftp-perm.sh] regression test for sftp request white/blacklisting and readonly mode.
2013-10-17 - djm@cvs.openbsd.org 2013/10/17 00:46:49Damien Miller
[ssh.c] rearrange check to reduce diff against -portable (Id sync only)
2013-10-17 - djm@cvs.openbsd.org 2013/10/17 00:30:13Damien Miller
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c] fsync@openssh.com protocol extension for sftp-server client support to allow calling fsync() faster successful transfer patch mostly by imorgan AT nas.nasa.gov; bz#1798 "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 22:58:01Damien Miller
[ssh.c ssh_config.5] one I missed in previous: s/isation/ization/
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 22:49:39Damien Miller
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5] s/canonicalise/canonicalize/ for consistency with existing spelling, e.g. authorized_keys; pointed out by naddy@
2013-10-17 - jmc@cvs.openbsd.org 2013/10/16 06:42:25Damien Miller
[ssh_config.5] tweak previous;
2013-10-17 - djm@cvs.openbsd.org 2013/10/16 02:31:47Damien Miller
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5] [sshconnect.c sshconnect.h] Implement client-side hostname canonicalisation to allow an explicit search path of domain suffixes to use to convert unqualified host names to fully-qualified ones for host key matching. This is particularly useful for host certificates, which would otherwise need to list unqualified names alongside fully-qualified ones (and this causes a number of problems). "looks fine" markus@
2013-10-17 - jmc@cvs.openbsd.org 2013/10/15 14:10:25Damien Miller
[ssh.1 ssh_config.5] tweak previous;
2013-10-17 - [ssh.c] g/c unused variable.Damien Miller
2013-10-15 - [ssh.c] g/c unused variable.Damien Miller
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 23:31:01Damien Miller
[ssh.c] whitespace at EOL; pointed out by markus@
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 23:28:23Damien Miller
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] refactor client config code a little: add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
2013-10-15 - djm@cvs.openbsd.org 2013/10/14 22:22:05Damien Miller
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5] add a "Match" keyword to ssh_config that allows matching on hostname, user and result of arbitrary commands. "nice work" markus@