summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-12-03 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)Damien Miller
instead of (arc4random() % range)
2010-12-01 - djm@cvs.openbsd.org 2010/11/29 23:45:51Damien Miller
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] [sshconnect.h sshconnect2.c] automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. This avoids hostkey warnings when connecting to servers with new ECDSA keys that are preferred by default; with markus@
2010-12-01 - markus@cvs.openbsd.org 2010/11/29 18:57:04Damien Miller
[authfile.c] correctly load comment for encrypted rsa1 keys; report/fix Joachim Schipper; ok djm@
2010-12-01 - djm@cvs.openbsd.org 2010/11/26 05:52:49Damien Miller
[scp.c] Pass through ssh command-line flags and options when doing remote-remote transfers, e.g. to enable agent forwarding which is particularly useful in this case; bz#1837 ok dtucker@
2010-12-01 - djm@cvs.openbsd.org 2010/11/25 04:10:09Damien Miller
[session.c] replace close() loop for fds 3->64 with closefrom(); ok markus deraadt dtucker
2010-12-01 - djm@cvs.openbsd.org 2010/11/24 01:24:14Damien Miller
[channels.c] remove a debug() that pollutes stderr on client connecting to a server in debug mode (channel_close_fds is called transitively from the session code post-fork); bz#1719, ok dtucker
2010-12-01 - djm@cvs.openbsd.org 2010/11/23 23:57:24Damien Miller
[clientloop.c] avoid NULL deref on receiving a channel request on an unknown or invalid channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 - djm@cvs.openbsd.org 2010/11/23 02:35:50Damien Miller
[auth.c] use strict_modes already passed as function argument over referencing global options.strict_modes
2010-12-01 - djm@cvs.openbsd.org 2010/11/21 10:57:07Damien Miller
[authfile.c] Refactor internals of private key loading and saving to work on memory buffers rather than directly on files. This will make a few things easier to do in the future; ok markus@
2010-12-01 - djm@cvs.openbsd.org 2010/11/21 01:01:13Damien Miller
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] honour $TMPDIR for client xauth and ssh-agent temporary directories; feedback and ok markus@
2010-12-01 - OpenBSD CVS SyncDamien Miller
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38 [auth2-pubkey.c] clean up cases of ;;
2010-11-24 - (djm) [defines.h] Add IP DSCP definesDamien Miller
2010-11-24 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".Darren Tucker
2010-11-24 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allowDamien Miller
group read/write. ok dtucker@
2010-11-24 - (dtucker) [platform.c session.c] Move the getluid call out of session.c andDarren Tucker
into the platform-specific code Only affects SCO, tested by and ok tim@.
2010-11-22 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patchDarren Tucker
from vapier at gentoo org.
2010-11-20 - jmc@cvs.openbsd.org 2010/11/18 15:01:00Damien Miller
[scp.1 sftp.1 ssh.1 sshd_config.5] add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 - jmc@cvs.openbsd.org 2010/11/15 07:40:14Damien Miller
[ssh_config.5] libary -> library;
2010-11-20 - djm@cvs.openbsd.org 2010/11/13 23:27:51Damien Miller
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 - djm@cvs.openbsd.org 2010/11/10 01:33:07Damien Miller
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. these have been around for years by this time. ok markus
2010-11-20 - djm@cvs.openbsd.org 2010/11/05 02:46:47Damien Miller
[packet.c] whitespace KNF
2010-11-11 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys onDamien Miller
platforms that don't support ECC. Fixes some spurious warnings reported by tim@
2010-11-08 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] AddTim Rice
support for platforms missing isblank(). ok djm@
2010-11-08 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.Tim Rice
Feedback from dtucker@
2010-11-07 - (tim) [regress/kextype.sh] Shell portability fix.Tim Rice
2010-11-07 - (tim) [regress/Makefile] Fixes to allow building/testing outside sourceTim Rice
tree.
2010-11-07 - (dtucker) [platform.c] includes.h instead of defines.h so that we getDarren Tucker
the correct typedefs.
2010-11-05 - (dtucker) [platform.c] Need servconf.h and extern options.Darren Tucker
2010-11-05 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is notDarren Tucker
strictly correct since while ECC requires sha256 the reverse is not true however it does prevent spurious test failures.
2010-11-05 - (dtucker) [regress/kextype.sh] Add missing "test".Darren Tucker
2010-11-05 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]Darren Tucker
Import recent changes to regress/Makefile, pass a flag to enable ECC tests from configure through to regress/Makefile and use it in the tests.
2010-11-05 - (dtucker) [regress/keytype.sh] Import new test.Darren Tucker
2010-11-05 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-caseDarren Tucker
check into platform.c
2010-11-05 - (dtucker) [platform.c session.c] Move PAM credential establishment for theDarren Tucker
non-LOGIN_CAP case into platform.c.
2010-11-05 - (dtucker) [platform.c session.c] Move irix setusercontext fragment intoDarren Tucker
platform.c.
2010-11-05 - (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c.Darren Tucker
2010-11-05 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment intoDarren Tucker
platform.c
2010-11-05 - (dtucker) [platform.c session.c] Move the PAM credential establishment forDarren Tucker
the LOGIN_CAP case into platform.c.
2010-11-05 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root toDarren Tucker
retain previous behavior.
2010-11-05 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.Darren Tucker
2010-11-05 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack intoDarren Tucker
platform.c
2010-11-05 - (dtucker) [platform.c platform.h session.c] Add a platform hook to runDarren Tucker
after the user's groups are established and move the selinux calls into it.
2010-11-05 - (dtucker) [configure.ac platform.{c,h} session.cDarren Tucker
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. Patch from cory.erickson at csu mnscu edu with a bit of rework from me. ok djm@
2010-11-05 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead ofDamien Miller
int. Should fix bz#1817 cleanly; ok dtucker@
2010-11-05 - djm@cvs.openbsd.org 2010/11/04 02:45:34Damien Miller
[sftp-server.c] umask should be parsed as octal. reported by candland AT xmission.com; ok markus@
2010-11-05 - jmc@cvs.openbsd.org 2010/10/28 18:33:28Damien Miller
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines;
2010-11-05 - djm@cvs.openbsd.org 2010/10/28 11:22:09Damien Miller
[authfile.c key.c key.h ssh-keygen.c] fix a possible NULL deref on loading a corrupt ECDH key store ECDH group information in private keys files as "named groups" rather than as a set of explicit group parameters (by setting the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and retrieves the group's OpenSSL NID that we need for various things.
2010-11-05 - djm@cvs.openbsd.org 2010/09/22 12:26:05Damien Miller
[regress/Makefile regress/kextype.sh] regress test for each of the key exchange algorithms that we support
2010-11-02Drop override for desktop-file-but-no-dh_desktop-call, which Lintian noColin Watson
longer issues.
2010-10-26releasing version 1:5.6p1-2Colin Watson