summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-02-24 - djm@cvs.openbsd.org 2010/02/24 06:21:56Damien Miller
[regress/test-exec.sh] wait for sshd to fully stop in cleanup() function; avoids races in tests that do multiple start_sshd/cleanup cycles; "I hate pidfiles" deraadt@
2010-02-24 - djm@cvs.openbsd.org 2010/02/09 06:29:02Damien Miller
[regress/Makefile] turn on all the malloc(3) checking options when running regression tests. this has caught a few bugs for me in the past; ok dtucker@
2010-02-24 - djm@cvs.openbsd.org 2010/02/09 04:57:36Damien Miller
[regress/addrmatch.sh] clean up droppings
2010-02-24 - dtucker@cvs.openbsd.org 2010/01/11 02:53:44Damien Miller
[regress/forwarding.sh] regress test for stdio forwarding
2010-02-24 - dtucker@cvs.openbsd.org 2009/11/09 04:20:04Damien Miller
[regress/Makefile] add regression test for ssh-keygen pubkey conversions
2010-02-24 - djm@cvs.openbsd.org 2010/02/11 20:37:47Damien Miller
[pathnames.h] correct comment
2010-02-24 - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]Damien Miller
[ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable
2010-02-12- (djm) [configure.ac] Enable PKCS#11 support only when we find a workingDamien Miller
dlopen()
2010-02-12 - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]Damien Miller
Use ssh_get_progname to fill __progname
2010-02-12 - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]Damien Miller
Make it compile on OSX
2010-02-12 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]Damien Miller
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java] Remove obsolete smartcard support
2010-02-12 - jmc@cvs.openbsd.org 2010/02/11 13:23:29Damien Miller
[ssh.1] libarary -> library;
2010-02-12 - markus@cvs.openbsd.org 2010/02/10 23:20:38Damien Miller
[ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5] pkcs#11 is no longer optional; improve wording; ok jmc@
2010-02-12 - djm@cvs.openbsd.org 2010/02/09 06:18:46Damien Miller
[auth.c] unbreak ChrootDirectory+internal-sftp by skipping check for executable shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
2010-02-12 - djm@cvs.openbsd.org 2010/02/09 03:56:28Damien Miller
[buffer.c buffer.h] constify the arguments to buffer_len, buffer_ptr and buffer_dump
2010-02-12 - djm@cvs.openbsd.org 2010/02/09 00:50:59Damien Miller
[ssh-keygen.c] fix -Wall
2010-02-12 - djm@cvs.openbsd.org 2010/02/09 00:50:36Damien Miller
[ssh-agent.c] fallout from PKCS#11: unbreak -D
2010-02-12 - jmc@cvs.openbsd.org 2010/02/08 22:03:05Damien Miller
[ssh-add.1 ssh-keygen.1 ssh.1 ssh.c] tweak previous; ok markus
2010-02-12 - markus@cvs.openbsd.org 2010/02/08 10:50:20Damien Miller
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
2010-02-12 - djm@cvs.openbsd.org 2010/02/02 22:49:34Damien Miller
[bufaux.c] make buffer_get_string_ret() really non-fatal in all cases (it was using buffer_get_int(), which could fatal() on buffer empty); ok markus dtucker
2010-02-10 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS forDamien Miller
getseuserbyname; patch from calebcase AT gmail.com via cjwatson AT debian.org
2010-02-10This should have gone in with the multiplexing merge, but I dropped itDamien Miller
at the time.
2010-02-02 - djm@cvs.openbsd.org 2010/01/30 21:12:08Damien Miller
[channels.c] fake local addr:port when stdio fowarding as some servers (Tectia at least) validate that they are well-formed; reported by imorgan AT nas.nasa.gov ok dtucker
2010-02-02 - djm@cvs.openbsd.org 2010/01/30 21:08:33Damien Miller
[sshd.8] debug output goes to stderr, not "the system log"; ok markus dtucker
2010-01-30 - djm@cvs.openbsd.org 2010/01/30 02:54:53Damien Miller
[mux.c] don't mark channel as read failed if it is already closing; suppresses harmless error messages when connecting to SSH.COM Tectia server report by imorgan AT nas.nasa.gov
2010-01-30 - djm@cvs.openbsd.org 2010/01/29 20:16:17Damien Miller
[mux.c] kill correct channel (was killing already-dead mux channel, not its session channel)
2010-01-30 - djm@cvs.openbsd.org 2010/01/29 00:20:41Damien Miller
[sshd.c] set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com ok dtucker@
2010-01-30 - djm@cvs.openbsd.org 2010/01/28 00:21:18Damien Miller
[clientloop.c] downgrade an error() to a debug() - this particular case can be hit in normal operation for certain sequences of mux slave vs session closure and is harmless
2010-01-29 - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config()Darren Tucker
after registering the hardware engines, which causes the openssl.cnf file to be processed. See OpenSSL's man page for OPENSSL_config(3) for details. Patch from Solomon Peachy, ok djm@.
2010-01-28 - djm@cvs.openbsd.org 2010/01/27 19:21:39Damien Miller
[sftp.c] add missing "p" flag to getopt optstring; bz#1704 from imorgan AT nas.nasa.gov
2010-01-28 - djm@cvs.openbsd.org 2010/01/27 13:26:17Damien Miller
[mux.c] fix bug introduced in mux rewrite: In a mux master, when a socket to a mux slave closes before its server session (as may occur when the slave has been signalled), gracefully close the server session rather than deleting its channel immediately. A server may have more messages on that channel to send (e.g. an exit message) that will fatal() the client if they are sent to a channel that has been prematurely deleted. spotted by imorgan AT nas.nasa.gov
2010-01-28 - djm@cvs.openbsd.org 2010/01/26 02:15:20Damien Miller
[mux.c] -Wuninitialized and remove a // comment; from portable (Id sync only)
2010-01-26 - djm@cvs.openbsd.org 2010/01/26 01:28:35Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] rewrite ssh(1) multiplexing code to a more sensible protocol. The new multiplexing code uses channels for the listener and accepted control sockets to make the mux master non-blocking, so no stalls when processing messages from a slave. avoid use of fatal() in mux master protocol parsing so an errant slave process cannot take down a running master. implement requesting of port-forwards over multiplexed sessions. Any port forwards requested by the slave are added to those the master has established. add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. document master/slave mux protocol so that other tools can use it to control a running ssh(1). Note: there are no guarantees that this protocol won't be incompatibly changed (though it is versioned). feedback Salvador Fandino, dtucker@ channel changes ok markus@
2010-01-26 - dtucker@cvs.openbsd.org 2010/01/18 01:50:27Damien Miller
[roaming_client.c] s/long long unsigned/unsigned long long/, from tim via portable (Id sync only, change already in portable)
2010-01-26 - tedu@cvs.openbsd.org 2010/01/17 21:49:09Damien Miller
[ssh-agent.1] Correct and clarify ssh-add's password asking behavior. Improved text dtucker and ok jmc
2010-01-22 - (tim) [configure.ac] Due to constraints in Windows Sockets in terms ofTim Rice
socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size in Cygwin to 65535. Patch from Corinna Vinschen.
2010-01-17Reword comment in last commit for additional clearity.Tim Rice
2010-01-17 - (tim) [configure.ac] Use the C99-conforming functions snprintf() andTim Rice
vsnprintf() named _xsnprintf() and _xvsnprintf() on SVR5 systems.
2010-01-17 - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too.Tim Rice
2010-01-17Oops, forgot to document second change to roaming_client.cTim Rice
s/long long unsigned/unsigned long long/ to keep USL compilers happy.
2010-01-16 - (tim) [roaming_client.c] Use of <sys/queue.h> is not really portable soTim Rice
we use "openbsd-compat/sys-queue.h"
2010-01-16 - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The nativeTim Rice
getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
2010-01-16 - (tim) [regress/portnum.sh] Shell portability fix.Tim Rice
2010-01-16 - (dtucker) [openbsd-compat/openbsd-compat.h] Typo.Darren Tucker
2010-01-16 - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unusedDarren Tucker
variable warnings.
2010-01-16 - markus@cvs.openbsd.org 2010/01/15 09:24:23Darren Tucker
[sftp-common.c] unused
2010-01-16 - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted byDarren Tucker
Tim.
2010-01-16 - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uidDarren Tucker
and group_from_gid.
2010-01-16 - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.hDarren Tucker
so we correctly detect whether or not we have a native user_from_uid.
2010-01-15typoDarren Tucker