summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:52:55Damien Miller
[sshconnect.c] remove extra newline
2011-05-29 - djm@cvs.openbsd.org 2011/05/23 03:33:38Damien Miller
[auth.c] make secure_filename() spam debug logs less
2011-05-29OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/05/23 03:30:07 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] allow AuthorizedKeysFile to specify multiple files, separated by spaces. Bring back authorized_keys2 as a default search path (to avoid breaking existing users of this file), but override this in sshd_config so it will be no longer used on fresh installs. Maybe in 2015 we can remove it entierly :) feedback and ok markus@ dtucker@
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30Damien Miller
[dynamic-forward.sh] fix dumb error in dynamic-forward test
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50Damien Miller
[dynamic-forward.sh] Prevent races in dynamic forwarding test; ok djm
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 02:43:36Damien Miller
[cert-hostkey.sh] another attempt to generate a v00 ECDSA key that broke the test ID sync only - portable already had this somehow
2011-05-20 - djm@cvs.openbsd.org 2011/05/17 07:13:31Damien Miller
[regress/cert-userkey.sh] fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :)
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 03:25:45Damien Miller
[monitor.c monitor_wrap.c servconf.c servconf.h] use a macro to define which string options to copy between configs for Match. This avoids problems caused by forgetting to keep three code locations in perfect sync and ordering "this is at once beautiful and horrible" + ok dtucker@
2011-05-20 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19Damien Miller
[servconf.c] Add comment documenting what should be after the preauth check. ok djm
2011-05-20 - djm@cvs.openbsd.org 2011/05/20 00:55:02Damien Miller
[servconf.c] the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile and AuthorizedPrincipalsFile were not being correctly applied in Match blocks, despite being overridable there; ok dtucker@
2011-05-20 - djm@cvs.openbsd.org 2011/05/17 07:13:31Damien Miller
[key.c] fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :)
2011-05-20 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/05/15 08:09:01 [authfd.c monitor.c serverloop.c] use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2Damien Miller
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 - (djm) [session.c] call setexeccon() before executing passwd for pwDamien Miller
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
2011-05-15 - (djm) [packet.c] unbreak portability #endifDamien Miller
2011-05-15 - djm@cvs.openbsd.org 2011/05/13 00:05:36Damien Miller
[authfile.c] warn on unexpected key type in key_parse_private_type()
2011-05-15 - djm@cvs.openbsd.org 2011/05/11 04:47:06Damien Miller
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] remove support for authorized_keys2; it is a relic from the early days of protocol v.2 support and has been undocumented for many years; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/10 05:46:46Damien Miller
[authfile.c] despam debug() logs by detecting that we are trying to load a private key in key_try_load_public() and returning early; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/08 12:52:01Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c] improve our behaviour when TTY allocation fails: if we are in RequestTTY=auto mode (the default), then do not treat at TTY allocation error as fatal but rather just restore the local TTY to cooked mode and continue. This is more graceful on devices that never allocate TTYs. If RequestTTY is set to "yes" or "force", then failure to allocate a TTY is fatal. ok markus@
2011-05-15 - jmc@cvs.openbsd.org 2011/05/07 23:20:25Damien Miller
[ssh.1] +.It RequestTTY
2011-05-15 - jmc@cvs.openbsd.org 2011/05/07 23:19:39Damien Miller
[ssh_config.5] - tweak previous - come consistency fixes ok djm
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 22:20:10Damien Miller
[PROTOCOL.mux] fix numbering; from bert.wesarg AT googlemail.com
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:38:58Damien Miller
[ssh.c] fix dropping from previous diff
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:34:32Damien Miller
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] Add a RequestTTY ssh_config option to allow configuration-based control over tty allocation (like -t/-T); ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:31:38Damien Miller
[readconf.c ssh_config.5] support negated Host matching, e.g. Host *.example.org !c.example.org User mekmitasdigoat Will match "a.example.org", "b.example.org", but not "c.example.org" ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:18:02Damien Miller
[ssh.c ssh_config.5] add a %L expansion (short-form of the local host name) for ControlPath; sync some more expansions with LocalCommand; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:14:05Damien Miller
[packet.c packet.h] set traffic class for IPv6 traffic as we do for IPv4 TOS; patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 02:05:41Damien Miller
[sshconnect2.c] fix memory leak; bz#1849 ok dtucker@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 01:09:53Damien Miller
[sftp.1] mention that IPv6 addresses must be enclosed in square brackets; bz#1845
2011-05-15 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35Damien Miller
[sshd_config] clarify language about overriding defaults. bz#1892, from Petr Cerny
2011-05-15 - djm@cvs.openbsd.org 2011/05/05 05:12:08Damien Miller
[mux.c] gracefully fall back when ControlPath is too large for a sockaddr_un. ok markus@ as part of a larger diff
2011-05-10 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fixDarren Tucker
--with-ssl-engine which was broken with the change from deprecated SSLeay_add_all_algorithms(). ok djm
2011-05-06 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototypeDarren Tucker
for closefrom() in test code. Report from Dan Wallis via Gentoo.
2011-05-04 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@Tim Rice
2011-05-04 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILETim Rice
so autoreconf 2.68 is happy.
2011-05-05 - djm@cvs.openbsd.org 2011/05/04 21:15:29Damien Miller
[authfile.c authfile.h ssh-add.c] allow "ssh-add - < key"; feedback and ok markus@
2011-05-05 - djm@cvs.openbsd.org 2011/04/18 00:46:05Damien Miller
[ssh-keygen.c] certificate options are supposed to be packed in lexical order of option name (though we don't actually enforce this at present). Move one up that was out of sequence
2011-05-05 - djm@cvs.openbsd.org 2011/04/17 22:42:42Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests; ok markus@
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:09:37Damien Miller
[ssh-keygen.1] mention valid -b sizes for ECDSA keys; bz#1862
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:02:48Damien Miller
[ssh-keygen.1] improve wording; bz#1861
2011-05-05 - djm@cvs.openbsd.org 2011/04/12 05:32:49Damien Miller
[sshd.c] exit with 0 status on SIGTERM; bz#1879
2011-05-05 - djm@cvs.openbsd.org 2011/04/12 04:23:50Damien Miller
[ssh-keygen.c] fix -Wshadow
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17Damien Miller
[misc.c misc.h servconf.c] print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54Damien Miller
[ssh-keygen.c] use strcasecmp() for "clear" cert permission option also; ok djm
2011-05-05 - jmc@cvs.openbsd.org 2011/03/24 15:29:30Damien Miller
[ssh-keygen.1] zap trailing whitespace;
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04Damien Miller
[ssh-keygen.c] remove -d, documentation removed >10 years ago; ok markus
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56Damien Miller
[ssh-keygen.1] -q not used in /etc/rc now so remove statement.
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22Damien Miller
[ssh-keygen.1 ssh-keygen.c] Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This will be used by /etc/rc to generate new host keys. Idea from deraadt. ok deraadt