summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 05:42:32Damien Miller
[dh.c] sprinkle in some error() to explain moduli(5) parse failures
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 00:37:49Damien Miller
[ssh_config.5] explicitly mention that IdentitiesOnly can be used with IdentityFile to control which keys are offered from an agent.
2013-07-18 - djm@cvs.openbsd.org 2013/06/21 00:34:49Damien Miller
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c] for hostbased authentication, print the client host and user on the auth success/failure line; bz#2064, ok dtucker@
2013-07-18 - markus@cvs.openbsd.org 2013/06/20 19:15:06Damien Miller
[krl.c] don't leak the rdata blob on errors; ok djm@
2013-07-18 - guenther@cvs.openbsd.org 2013/06/17 04:48:42Damien Miller
[scp.c] Handle time_t values as long long's when formatting them and when parsing them from remote servers. Improve error checking in parsing of 'T' lines. ok dtucker@ deraadt@
2013-07-18 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44Damien Miller
[readconf.c] revert 1.203 while we investigate crashes reported by okan@
2013-07-02 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-configDarren Tucker
contrib/cygwin/ssh-user-config] Modernizes and improve readability of the Cygwin README file (which hasn't been updated for ages), drop unsupported OSes from the ssh-host-config help text, and drop an unneeded option from ssh-user-config. Patch from vinschen at redhat com.
2013-06-11 - (dtucker) [myproposal.h] Make the conditional algorithm support consistentDarren Tucker
and add some comments so it's clear what goes where.
2013-06-11 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't haveDarren Tucker
the required OpenSSL support. Patch from naddy at freebsd.
2013-06-11 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupportedDarren Tucker
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2013-06-10 - dtucker@cvs.openbsd.org 2013/06/07 15:37:52Damien Miller
[channels.c channels.h clientloop.c] Add an "ABANDONED" channel state and use for mux sessions that are disconnected via the ~. escape sequence. Channels in this state will be able to close if the server responds, but do not count as active channels. This means that if you ~. all of the mux clients when using ControlPersist on a broken network, the backgrounded mux master will exit when the Control Persist time expires rather than hanging around indefinitely. bz#1917, also reported and tested by tedu@. ok djm@ markus@.
2013-06-06 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater forDarren Tucker
platforms that don't have multibyte character support (specifically, mblen).
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28Darren Tucker
[readconf.c] plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38Darren Tucker
[sshconnect2.c] Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50Darren Tucker
[sshd.c] When running sshd -D, close stderr unless we have explicitly requesting logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch so, err, ok dtucker.
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/05 02:07:29Darren Tucker
[mux.c] fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967, ok djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36Darren Tucker
[sftp.c] Make sftp's libedit interface marginally multibyte aware by building up the quoted string by character instead of by byte. Prevents failures when linked against a libedit built with wide character support (bz#1990). "looks ok" djm
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23Darren Tucker
[scp.c] use MAXPATHLEN for buffer size instead of fixed value. ok markus
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18Darren Tucker
[mac.c] force the MAC output to be 64-bit aligned so umac won't see unaligned accesses on strict-alignment architectures. bz#2101, patch from tomas.kuthan at oracle.com, ok djm@
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29Darren Tucker
[clientloop.h clientloop.c mux.c] No need for the mux cleanup callback to be visible so restore it to static and call it through the detach_user function pointer. ok djm@
2013-06-06 - dtucker@cvs.openbsd.org 2013/06/02 21:01:51Darren Tucker
[channels.h] typo in comment
2013-06-06 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when buildingDarren Tucker
modpipe in case there's anything in there we need.
2013-06-06 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, theDarren Tucker
forwarding test is extremely slow copying data on some machines so switch back to copying the much smaller ls binary until we can figure out why this is.
2013-06-05 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.Darren Tucker
Patch from cjwatson at debian.
2013-06-05 - (dtucker) Enable sha256 kex methods based on the presence of the necessaryDarren Tucker
functions, not from the openssl version.
2013-06-04 - (dtucker) [configure.ac] Some other platforms need sys/types.h beforeDarren Tucker
sys/socket.h.
2013-06-03 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.Darren Tucker
2013-06-02 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtuckerTim Rice
2013-06-02 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.Tim Rice
feedback and ok dtucker
2013-06-02 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh weTim Rice
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep dealing with shell portability issues in regression tests, we let configure find us a capable shell on those platforms with an old /bin/sh.
2013-06-03 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.Darren Tucker
Patch from Nathan Osman.
2013-06-03 - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platformsDarren Tucker
to prevent noise from configure. Patch from Nathan Osman.
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58Darren Tucker
[ssh-agent.c] Make parent_alive_interval time_t to avoid signed/unsigned comparison
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/02 13:33:05Darren Tucker
[progressmeter.c] Add misc.h for monotime prototype. (id sync only)
2013-06-0120130602Tim Rice
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy linking regress/modpipe.
2013-06-02 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.Darren Tucker
2013-06-02fix typoDarren Tucker
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50Darren Tucker
[sftp-client.c] Update progressmeter when data is acked, not when it's sent. bz#2108, from Debian via Colin Watson, ok djm@
2013-06-02 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fallDarren Tucker
back to time(NULL) if we can't find it anywhere.
2013-06-02 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.cDarren Tucker
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free.
2013-06-02Remove stray '+' accidentally introduced in syncDarren Tucker
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 20:59:25Darren Tucker
[scp.c sftp-client.c] Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch from Nathan Osman via bz#2113. ok deraadt. (note: corrected bug number from 2085)
2013-06-02 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52Darren Tucker
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c channels.c sandbox-systrace.c] Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
2013-06-02 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10Darren Tucker
[ssh-agent.c] Use time_t where appropriate. ok djm
2013-06-02 - djm@cvs.openbsd.org 2013/05/19 02:42:42Darren Tucker
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] Standardise logging of supplemental information during userauth. Keys and ruser is now logged in the auth success/failure message alongside the local username, remote host/port and protocol in use. Certificates contents and CA are logged too. Pushing all logging onto a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. "I like it" markus@
2013-06-02 - djm@cvs.openbsd.org 2013/05/19 02:38:28Darren Tucker
[auth2-pubkey.c] fix failure to recognise cert-authority keys if a key of a different type appeared in authorized_keys before it; ok markus@
2013-06-02 - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
2013-06-02 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITSDarren Tucker
rather than trying to enumerate the plaforms that don't have them. Based on a patch from Nathan Osman, with help from tim@.
2013-06-02 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back toDarren Tucker
using openssl's DES_crpyt function on platorms that don't have a native one, eg Android. Based on a patch from Nathan Osman.
2013-05-30 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a nullDarren Tucker
implementation of endgrent for platforms that don't have it (eg Android). Loosely based on a patch from Nathan Osman, ok djm