summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-12-03 - djm@cvs.openbsd.org 2012/10/19 05:10:42Damien Miller
[regress/cert-userkey.sh] include a serial number when generating certs
2012-12-03 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48Damien Miller
[regress/cipher-speed.sh regress/try-ciphers.sh] Add umac-128@openssh.com to the list of MACs to be tested
2012-12-03 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30Damien Miller
[regress/multiplex.sh] Use 'kill -0' to test for the presence of a pid since it's more portable
2012-12-03 - djm@cvs.openbsd.org 2012/12/02 20:34:10Damien Miller
[auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] [monitor.c monitor.h] Fixes logging of partial authentication when privsep is enabled Previously, we recorded "Failed xxx" since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit "Partial" state. Add a "submethod" to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@
2012-12-03 - djm@cvs.openbsd.org 2012/12/02 20:46:11Damien Miller
[auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] [sshd_config.5] make AllowTcpForwarding accept "local" and "remote" in addition to its current "yes"/"no" to allow the server to specify whether just local or remote TCP forwarding is enabled. ok markus@
2012-12-03 - djm@cvs.openbsd.org 2012/12/02 20:42:15Damien Miller
[ssh-add.1 ssh-add.c] make deleting explicit keys "ssh-add -d" symmetric with adding keys - try to delete the corresponding certificate too and respect the -k option to allow deleting of the key only; feedback and ok markus@
2012-12-03 - djm@cvs.openbsd.org 2012/12/02 20:26:11Damien Miller
[ssh_config.5 sshconnect2.c] Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. This allows control of which keys are offered from tokens using IdentityFile. ok markus@
2012-12-03 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to getDamien Miller
TAILQ_FOREACH_SAFE needed for upcoming changes.
2012-11-14 - djm@cvs.openbsd.org 2012/11/14 02:32:15Damien Miller
[ssh-keygen.c] allow the full range of unsigned serial numbers; 'fine' deraadt@
2012-11-14 - djm@cvs.openbsd.org 2012/11/14 02:24:27Damien Miller
[auth2-pubkey.c] fix username passed to helper program prepare stdio fds before closefrom() spotted by landry@
2012-11-07 - jmc@cvs.openbsd.org 2012/09/26 17:34:38Damien Miller
[moduli.5] last stage of rfc changes, using consistent Rs/Re blocks, and moving the references into a STANDARDS section;
2012-11-07 - eric@cvs.openbsd.org 2011/11/28 08:46:27Damien Miller
[moduli.5] fix formula ok djm@
2012-11-05 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms thatDarren Tucker
don't have it. Spotted by tim@.
2012-11-05 - (dtucker) [uidswap.c openbsd-compat/Makefile.inDarren Tucker
openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids and gids from uidswap.c to the compat library, which allows it to work with the new setresuid calls in auth2-pubkey. with tim@, ok djm@
2012-11-04 - djm@cvs.openbsd.org 2012/11/04 11:09:15Damien Miller
[auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c] [sshd_config.5] Support multiple required authentication via an AuthenticationMethods option. This option lists one or more comma-separated lists of authentication method names. Successful completion of all the methods in any list is required for authentication to complete; feedback and ok markus@
2012-11-04 - djm@cvs.openbsd.org 2012/11/04 10:38:43Damien Miller
[auth2-pubkey.c sshd.c sshd_config.5] Remove default of AuthorizedCommandUser. Administrators are now expected to explicitly specify a user. feedback and ok markus@
2012-11-04 - OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2012/10/31 08:04:50 [sshd_config.5] tweak previous;
2012-10-31 - djm@cvs.openbsd.org 2012/10/30 21:29:55Damien Miller
[auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] [sshd.c sshd_config sshd_config.5] new sshd_config option AuthorizedKeysCommand to support fetching authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run as the target server user unless another specified via a new AuthorizedKeysCommandUser option. patch originally by jchadima AT redhat.com, reworked by me; feedback and ok markus@
2012-10-31 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2012/10/05 12:34:39 [sftp.c] fix signed vs unsigned warning; feedback & ok: djm@
2012-10-18 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up inTim Rice
the generated file as intended.
2012-10-05 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom"Darren Tucker
2012-10-05 - [umac.c] Enforce allowed umac output sizes. From djm@.Darren Tucker
2012-10-05 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19Darren Tucker
[regress/multiplex.sh] use -Ocheck and waiting for completions by PID to make multiplexing test less racy and (hopefully) more reliable on slow hardware.
2012-10-05 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21Darren Tucker
[regress/multiplex.sh] Log -O cmd output to the log file and make logging consistent with the other tests. Test clean shutdown of an existing channel when testing "stop".
2012-10-05 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25Darren Tucker
[multiplex.sh] Add test for ssh -Ostop
2012-10-05 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07Darren Tucker
[regress/try-ciphers.sh] Restore missing space. (Id sync only).
2012-10-05 - [Makefile umac.c] Add special-case target to build umac128.o.Darren Tucker
2012-10-05remove stray '+' from syncDarren Tucker
2012-10-05 - markus@cvs.openbsd.org 2012/10/04 13:21:50Darren Tucker
[myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] add umac128 variant; ok djm@ at n2k12 (note: further Makefile work is required)
2012-10-05 - djm@cvs.openbsd.org 2012/10/02 07:07:45Darren Tucker
[ssh-keygen.c] fix -z option, broken in revision 1.215
2012-10-05 - naddy@cvs.openbsd.org 2012/10/01 13:59:51Darren Tucker
[monitor_wrap.c] pasto; ok djm@
2012-10-05 - jmc@cvs.openbsd.org 2012/09/26 16:12:13Darren Tucker
[ssh.1] last stage of rfc changes, using consistent Rs/Re blocks, and moving the references into a STANDARDS section;
2012-10-05 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04Darren Tucker
[sftp.c] Fix handling of filenames containing escaped globbing characters and escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07Darren Tucker
[sftp.c] Fix improper handling of absolute paths when PWD is part of the completed path. Patch from Jean-Marc Robert via tech@, ok djm.
2012-10-05 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12Darren Tucker
[sftp.c] Add bounds check on sftp tab-completion. Part of a patch from from Jean-Marc Robert via tech@, ok djm
2012-10-05 - markus@cvs.openbsd.org 2012/09/17 13:04:11Darren Tucker
[packet.c] clear old keys on rekeing; ok djm
2012-10-05 - (dtucker) OpenBSD CVS SyncDarren Tucker
- djm@cvs.openbsd.org 2012/09/17 09:54:44 [sftp.c] an XXX for later
2012-09-17 - markus@cvs.openbsd.org 2012/09/14 16:51:34Darren Tucker
[sshconnect.c] remove unused variable
2012-09-17 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36Darren Tucker
[servconf.c] Fix comment line length
2012-09-07Fix author's name for RFC6594 SSHFP changeDarren Tucker
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21Darren Tucker
[clientloop.c] when muxmaster is run with -N, make it shut down gracefully when a client sends it "-O stop" rather than hanging around (bz#1985). ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21Darren Tucker
[clientloop.c] Merge escape help text for ~v and ~V; ok djm@
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19Darren Tucker
[clientloop.c] Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
2012-09-07 - jmc@cvs.openbsd.org 2012/09/06 13:57:42Darren Tucker
[ssh.1] missing letter in previous;
2012-09-07 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@ (note: previous commit with this description was a mistake on my part while pulling changes from OpenBSD)
2012-09-07bz#2039: add acknowledgement of the original authors of the ECDSA SSHFP DNSDarren Tucker
work. From Ondřej Surý.
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13Darren Tucker
[clientloop.c] Make the escape command help (~?) context sensitive so that only commands that will work in the current session are shown. ok markus@
2012-09-06 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39Darren Tucker
[clientloop.c log.c ssh.1 log.h] Add ~v and ~V escape sequences to raise and lower the logging level respectively. Man page help from jmc, ok deraadt jmc
2012-09-06 - djm@cvs.openbsd.org 2012/08/17 01:30:00Darren Tucker
[compat.c sshconnect.c] Send client banner immediately, rather than waiting for the server to move first for SSH protocol 2 connections (the default). Patch based on one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
2012-09-06 - djm@cvs.openbsd.org 2012/08/17 01:25:58Darren Tucker
[ssh-keygen.c] print details of which host lines were deleted when using "ssh-keygen -R host"; ok markus@