summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-09-07 - jmc@cvs.openbsd.org 2012/09/06 13:57:42Darren Tucker
[ssh.1] missing letter in previous;
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@ (note: previous commit with this description was a mistake on my part while pulling changes from OpenBSD)
2012-09-07bz#2039: add acknowledgement of the original authors of the ECDSA SSHFP DNSDarren Tucker
work. From Ondřej Surý.
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39Darren Tucker
[clientloop.c log.c ssh.1 log.h] Add ~v and ~V escape sequences to raise and lower the logging level respectively. Man page help from jmc, ok deraadt jmc
2012-09-06 - djm@cvs.openbsd.org 2012/08/17 01:30:00Darren Tucker
[compat.c sshconnect.c] Send client banner immediately, rather than waiting for the server to move first for SSH protocol 2 connections (the default). Patch based on one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2012-09-06 - djm@cvs.openbsd.org 2012/08/17 01:25:58Darren Tucker
[ssh-keygen.c] print details of which host lines were deleted when using "ssh-keygen -R host"; ok markus@
2012-09-06 - djm@cvs.openbsd.org 2012/08/17 01:22:56Darren Tucker
[kex.c] add some comments about better handling first-KEX-follows notifications from the server. Nothing uses these right now. No binary change
2012-09-06 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45Darren Tucker
[clientloop.c clientloop.h mux.c] Force a clean shutdown of ControlMaster client sessions when the ~. escape sequence is used. This means that ~. should now work in mux clients even if the server is no longer responding. Found by tedu, ok djm.
2012-09-06 - jmc@cvs.openbsd.org 2012/08/15 18:25:50Darren Tucker
[ssh-keygen.1] a little more info on certificate validity; requested by Ross L Richardson, and provided by djm
2012-08-30 - (dtucker) [moduli] Import new moduli file.Darren Tucker
2012-08-29 - (djm) Release openssh-6.1Damien Miller
2012-08-28 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEANDarren Tucker
for compatibility with future mingw-w64 headers. Patch from vinschen at redhat com.
2012-08-22 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update version numbers
2012-07-31 - markus@cvs.openbsd.org 2012/07/22 18:19:21Damien Miller
[version.h] openssh 6.1
2012-07-31 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21Damien Miller
[servconf.c] handle long comments in config files better. bz#2025, ok markus
2012-07-31fix truncated entryDamien Miller
2012-07-31 - djm@cvs.openbsd.org 2012/07/10 02:19:15Damien Miller
[servconf.c servconf.h sshd.c sshd_config] Turn on systrace sandboxing of pre-auth sshd by default for new installs by shipping a config that overrides the current UsePrivilegeSeparation=yes default. Make it easier to flip the default in the future by adding too.
2012-07-31 - jmc@cvs.openbsd.org 2012/07/06 06:38:03Damien Miller
[ssh-keygen.c] missing full stop in usage();
2012-07-20Import regened moduli file.Darren Tucker
2012-07-06 - djm@cvs.openbsd.org 2012/07/06 01:47:38Damien Miller
[ssh.c] move setting of tty_flag to after config parsing so RequestTTY options are correctly picked up. bz#1995 patch from przemoc AT gmail.com; ok dtucker@
2012-07-06 - djm@cvs.openbsd.org 2012/07/06 01:37:21Damien Miller
[mux.c] fix memory leak of passed-in environment variables and connection context when new session message is malformed; bz#2003 from Bert.Wesarg AT googlemail.com
2012-07-06 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59Damien Miller
[moduli.c ssh-keygen.1 ssh-keygen.c] Add options to specify starting line number and number of lines to process when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
2012-07-06 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has noDamien Miller
unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT esperi.org.uk; ok dtucker@
2012-07-06 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter isDamien Miller
not available. Allows use of sshd compiled on host with a filter-capable kernel on hosts that lack the support. bz#2011 ok dtucker@
2012-07-04 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf forDarren Tucker
platforms that don't have it. "looks good" tim@
2012-07-03 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or notDarren Tucker
setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its benefit is minor, so it's not worth disabling the sandbox if it doesn't work.
2012-07-03 - (dtucker) [configure.ac] Detect platforms that can't use select(2) withDarren Tucker
setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
2012-07-03 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.Darren Tucker
2012-07-03 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]Darren Tucker
Move cygwin detection to test-exec and use to skip reexec test on cygwin.
2012-07-03 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06Darren Tucker
[regress/connect-privsep.sh] remove exit from end of test since it prevents reporting failure
2012-07-02 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26Darren Tucker
[ssh-pkcs11-helper.c sftp-client.c] fix a couple of "assigned but not used" warnings. ok markus@
2012-07-02 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03Darren Tucker
[ssh.c] set interactive ToS for forwarded X11 sessions. ok djm@
2012-07-02 - markus@cvs.openbsd.org 2012/06/30 14:35:09Darren Tucker
[sandbox-systrace.c sshd.c] fix a during the load of the sandbox policies (child can still make the read-syscall and wait forever for systrace-answers) by replacing the read/write synchronisation with SIGSTOP/SIGCONT; report and help hshoexer@; ok djm@, dtucker@
2012-07-02 - naddy@cvs.openbsd.org 2012/06/29 13:57:25Darren Tucker
[ssh_config.5 sshd_config.5] match the documented MAC order of preference to the actual one; ok dtucker@
2012-06-30 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't haveDarren Tucker
the required functions in libcrypto.
2012-06-30 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile errorDarren Tucker
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45Darren Tucker
[regress/try-ciphers.sh regress/cipher-speed.sh] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59Darren Tucker
[regress/connect-privsep.sh] test sandbox with every malloc option
2012-06-30 - djm@cvs.openbsd.org 2012/06/01 00:52:52Darren Tucker
[regress/sftp-cmds.sh] don't delete .* on cleanup due to unintended env expansion; pointed out in bz#2014 by openssh AT roumenpetrov.info
2012-06-30 - djm@cvs.openbsd.org 2012/06/01 00:47:35Darren Tucker
[multiplex.sh forwarding.sh] append to rather than truncate test log; bz#2013 from openssh AT roumenpetrov.
2012-06-30 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32Darren Tucker
[regress/addrmatch.sh] Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests to match. Feedback and ok djm@ markus@.
2012-06-30 - naddy@cvs.openbsd.org 2012/06/29 13:57:25Damien Miller
[ssh_config.5 sshd_config.5] match the documented MAC order of preference to the actual one; ok dtucker@ (actual patch accidentally committed with previous)
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45Damien Miller
[mac.c myproposal.h ssh_config.5 sshd_config.5] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus.
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30Damien Miller
[sandbox-systrace.c] Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation sandbox" since malloc now uses it. From johnw.mail at gmail com.
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33Damien Miller
[sftp.c] Remove unused variable leftover from tab-completion changes. From Steve.McClellan at radisys com, ok markus@
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26Damien Miller
[monitor.c sshconnect2.c] remove dead code following 'for (;;)' loops. From Steve.McClellan at radisys com, ok markus@
2012-06-30 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07Damien Miller
[addrmatch.c] fix strlcpy truncation check. from carsten at debian org, ok markus
2012-06-28 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent nullDarren Tucker
pointer deref in the client when built with LDNS and using DNSSEC with a CNAME. Patch from gregdlg+mr at hochet info.
2012-06-22 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs asDarren Tucker
can logon as a service. Patch from vinschen at redhat com.