summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-07-17 - djm@cvs.openbsd.org 2008/07/17 08:51:07Damien Miller
[auth2-hostbased.c] strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes report and patch from res AT qoxp.net (bz#1200); ok markus@
2008-07-17 - djm@cvs.openbsd.org 2008/07/17 08:48:00Damien Miller
[sshconnect2.c] strnvis preauth banner; pointed out by mpf@ ok markus@
2008-07-16 - djm@cvs.openbsd.org 2008/07/16 11:52:19Damien Miller
[channels.c] this loop index should be automatic, not static
2008-07-16 - djm@cvs.openbsd.org 2008/07/16 11:51:14Damien Miller
[clientloop.c] rename variable first_gc -> last_gc (since it is actually the last in the list).
2008-07-16 - djm@cvs.openbsd.org 2008/07/15 02:23:14Damien Miller
[sftp.1] number of pipelined requests is now 64; prodded by Iain.Morgan AT nasa.gov
2008-07-14 - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h]Damien Miller
return EAI_FAMILY when trying to lookup unsupported address family; from vinschen AT redhat.com
2008-07-14 - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config]Damien Miller
[contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd] Revamped and simplified Cygwin ssh-host-config script that uses unified csih configuration tool. Requires recent Cygwin. Patch from vinschen AT redhat.com
2008-07-14 - djm@cvs.openbsd.org 2008/07/14 01:55:56Damien Miller
[sftp-server.8] mention requirement for /dev/log inside chroot when using sftp-server with ChrootDirectory
2008-07-14 - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash;Damien Miller
reported by cristian.ionescu-idbohrn AT axis.com
2008-07-14 - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close()Damien Miller
prototype; reported by cristian.ionescu-idbohrn AT axis.com
2008-07-14 - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ toDamien Miller
avoid clash with sin(3) function; reported by cristian.ionescu-idbohrn AT axis.com
2008-07-14 - djm@cvs.openbsd.org 2008/07/13 22:16:03Damien Miller
[sftp.c] increase number of piplelined requests so they properly fill the (recently increased) channel window. prompted by rapier AT psc.edu; ok markus@
2008-07-14 - djm@cvs.openbsd.org 2008/07/13 22:13:07Damien Miller
[channels.c] use struct sockaddr_storage instead of struct sockaddr for accept(2) address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
2008-07-14 - sthen@cvs.openbsd.org 2008/07/13 21:22:52Damien Miller
[ssh-keygen.c] Change "ssh-keygen -F [host] -l" to not display random art unless -v is also specified, making it consistent with the manual and other uses of -l. ok grunk@
2008-07-12 - djm@cvs.openbsd.org 2008/07/12 05:33:41Damien Miller
[scp.1] better description for -i flag: s/RSA authentication/public key authentication/
2008-07-12 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2008/07/12 04:52:50 [channels.c] unbreak; move clearing of cctx struct to before first use reported by dkrause@
2008-07-11 - markus@cvs.openbsd.org 2008/07/10 18:08:11Damien Miller
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c] sync v1 and v2 traffic accounting; add it to sshd, too; ok djm@, dtucker@
2008-07-11 - markus@cvs.openbsd.org 2008/07/10 18:05:58Damien Miller
[channels.c] missing bzero; from mickey; ok djm@
2008-07-11 - stevesk@cvs.openbsd.org 2008/07/07 23:32:51Damien Miller
[key.c] /*NOTREACHED*/ for lint warning: warning: function key_equal falls off bottom without returning value ok djm@
2008-07-11 - stevesk@cvs.openbsd.org 2008/07/07 00:31:41Damien Miller
[ttymodes.c] we don't need arg after the debug3() was removed. from lint. ok djm@
2008-07-09 - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.xDamien Miller
2008-07-09 - (djm) [auth.c] Missing unistd.h for close()Damien Miller
2008-07-09 - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAMDamien Miller
account check failure path. The vulnerable format buffer is supplied from PAM and should not contain attacker-supplied data.
2008-07-09 - (djm) [Makefile.in] Print "all tests passed" when all regress tests passDamien Miller
2008-07-05 - djm@cvs.openbsd.org 2008/07/05 05:16:01Damien Miller
[PROTOCOL] grammar
2008-07-05 - (djm) [configure.ac] unbreak: remove extra closing braceDamien Miller
2008-07-05 - (djm) [Makefile.in] Pass though pass to conch for interop testsDamien Miller
2008-07-05 - djm@cvs.openbsd.org 2008/07/04 23:30:16Damien Miller
[auth1.c auth2.c] Make protocol 1 MaxAuthTries logic match protocol 2's. Do not treat the first protocol 2 authentication attempt as a failure IFF it is for method "none". Makes MaxAuthTries' user-visible behaviour identical for protocol 1 vs 2. ok dtucker@
2008-07-05 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2008/07/04 23:08:25 [packet.c] handle EINTR in packet_write_poll()l ok dtucker@
2008-07-05 - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov forDamien Miller
Tru64. readv doesn't seem to be a comparable object there. bz#1386, patch from dtucker@ ok me
2008-07-05 - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowedDamien Miller
passwords disabled. bz#1083 report & patch from senthilkumar_sen AT hotpop.com, w/ dtucker@
2008-07-04 - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]Damien Miller
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on some platforms (HP nonstop) it is a distinct errno; bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2008-07-04 - djm@cvs.openbsd.org 2008/06/30 10:43:03Darren Tucker
[regress/conch-ciphers.sh] explicitly disable conch options that could interfere with the test
2008-07-04 - djm@cvs.openbsd.org 2008/06/30 10:31:11Darren Tucker
[putty-transfer.sh putty-kex.sh putty-ciphers.sh] remove "set -e" left over from debugging
2008-07-04 - djm@cvs.openbsd.org 2008/06/30 08:07:34Darren Tucker
[key-options.sh] shell portability: use "=" instead of "==" in test(1) expressions, double-quote string with backslash escaped /
2008-07-04 - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if linkDarren Tucker
returns EXDEV. Patch from Mike Garrison, ok djm@
2008-07-04 - dtucker@cvs.openbsd.org 2008/07/04 03:47:02Darren Tucker
[monitor.c] Make debug a little clearer. ok djm@
2008-07-04 - djm@cvs.openbsd.org 2008/07/04 03:44:59Darren Tucker
[servconf.c groupaccess.h groupaccess.c] support negation of groups in "Match group" block (bz#1315); ok dtucker@
2008-07-04 - otto@cvs.openbsd.org 2008/07/03 21:46:58Darren Tucker
[auth2-pubkey.c] avoid nasty double free; ok dtucker@ djm@
2008-07-04 - djm@cvs.openbsd.org 2008/07/02 13:47:39Darren Tucker
[ssh.1 ssh.c] When forking after authentication ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until after replies for any -R forwards have been seen. Allows for robust detection of -R forward failure when using -f (similar to bz#92); ok dtucker@
2008-07-04 - djm@cvs.openbsd.org 2008/07/02 13:30:34Darren Tucker
[auth2.c] really really remove the freebie "none" auth try for protocol 2
2008-07-02 - djm@cvs.openbsd.org 2008/07/02 12:36:39Darren Tucker
[auth2-none.c auth2.c] Make protocol 2 MaxAuthTries behaviour a little more sensible: Check whether client has exceeded MaxAuthTries before running an authentication method and skip it if they have, previously it would always allow one try (for "none" auth). Preincrement failure count before post-auth test - previously this checked and postincremented, also to allow one "none" try. Together, these two changes always count the "none" auth method which could be skipped by a malicious client (e.g. an SSH worm) to get an extra attempt at a real auth method. They also make MaxAuthTries=0 a useful way to block users entirely (esp. in a sshd_config Match block). Also, move sending of any preauth banner from "none" auth method to the first call to input_userauth_request(), so worms that skip the "none" method get to see it too.
2008-07-02 - dtucker@cvs.openbsd.org 2008/07/02 12:03:51Darren Tucker
[auth-rsa.c auth.c auth2-pubkey.c auth.h] Merge duplicate host key file checks, based in part on a patch from Rob Holland via bz #1348 . Also checks for non-regular files during protocol 1 RSA auth. ok djm@
2008-07-02 - djm@cvs.openbsd.org 2008/07/02 02:24:18Darren Tucker
[sshd_config sshd_config.5 sshd.8 servconf.c] increase default size of ssh protocol 1 ephemeral key from 768 to 1024 bits; prodded by & ok dtucker@ ok deraadt@
2008-07-02 - stevesk@cvs.openbsd.org 2008/07/01 23:12:47Darren Tucker
[PROTOCOL.agent] fix some typos; ok djm@
2008-07-02 - dtucker@cvs.openbsd.org 2008/07/01 07:24:22Darren Tucker
[sshconnect.c sshd.c] Send CR LF during protocol banner exchanges, but only for Protocol 2 only, in order to comply with RFC 4253. bz #1443, ok djm@
2008-07-02 - dtucker@cvs.openbsd.org 2008/07/01 07:20:52Darren Tucker
[sshconnect.c] Check ExitOnForwardFailure if forwardings are disabled due to a failed host key check. ok djm@
2008-07-02 - djm@cvs.openbsd.org 2008/06/30 12:18:34Darren Tucker
[PROTOCOL] clarify that eow@openssh.com is only sent on session channels
2008-07-02 - djm@cvs.openbsd.org 2008/06/30 12:16:02Darren Tucker
[nchan.c] only send eow@openssh.com notifications for session channels; ok! markus@
2008-07-02 - djm@cvs.openbsd.org 2008/06/30 12:15:39Darren Tucker
[serverloop.c] only pass channel requests on session channels through to the session channel handler, avoiding spurious log messages; ok! markus@