summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-05-05 - okan@cvs.openbsd.org 2011/03/15 10:36:02Damien Miller
[ssh-keyscan.c] use timerclear macro ok djm@
2011-05-05 - djm@cvs.openbsd.org 2011/03/10 11:34:25Damien Miller
[auth.h] allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/03/10 02:52:57 [auth2-gss.c auth2.c] allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]Damien Miller
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] [regress/README.regress] Remove ssh-rand-helper and all its tentacles. PRNGd seeding has been rolled into entropy.c directly. Thanks to tim@ for testing on affected platforms.
2011-05-05 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOSDamien Miller
definitions.
2011-04-12s/recommended/required in warning:Damien Miller
"It is recommended that your private key files are NOT accessible by others." since there is no way to skip this check; bz#1878
2011-03-28(whitespace change to test sync to hg)Damien Miller
2011-02-21 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of theDarren Tucker
Cygwin-specific service installer script ssh-host-config. The actual functionality is the same, the revisited version is just more exact when it comes to check for problems which disallow to run certain aspects of the script. So, part of this script and the also rearranged service helper script library "csih" is to check if all the tools required to run the script are available on the system. The new script also is more thorough to inform the user why the script failed. Patch from vinschen at redhat com.
2011-02-18 - djm@cvs.openbsd.org 2011/02/16 00:31:14Damien Miller
[ssh-keysign.c] make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
2011-02-06 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA keyDarren Tucker
generation and simplify. Patch from Corinna Vinschen.
2011-02-06 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error inDarren Tucker
selinux code. Patch from Leonardo Chiquitto.
2011-02-04 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] update versions in docs and spec files. - Release OpenSSH 5.8p1
2011-02-04 - djm@cvs.openbsd.org 2011/02/04 00:44:43Damien Miller
[version.h] openssh-5.8
2011-02-04 - djm@cvs.openbsd.org 2011/02/04 00:44:21Damien Miller
[key.c] fix uninitialised nonce variable; reported by Mateusz Kocielski
2011-02-04 - djm@cvs.openbsd.org 2011/01/31 21:42:15Damien Miller
[PROTOCOL.mux] cut'n'pasto; from bert.wesarg AT googlemail.com
2011-01-28 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabledDamien Miller
before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851
2011-01-2620110127Tim Rice
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white space changes for consistency/readability. Makes autoconf 2.68 happy. "Nice work" djm
2011-01-2620110127Tim Rice
- (tim) [config.guess config.sub] Sync with upstream.
2011-01-25 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.cDamien Miller
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-22 - (djm) Release 5.7p1Damien Miller
2011-01-22trim entries older than 5.5p1Damien Miller
2011-01-22 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] update versions in docs and spec files.
2011-01-22 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/01/22 09:18:53 [version.h] crank to OpenSSH-5.7
2011-01-22 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker
RSA_get_default_method() for the benefit of openssl versions that don't have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, ok djm@.
2011-01-19 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior toDamien Miller
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- release testing (random crashes and failure to load ECC keys). ok dtucker@
2011-01-18 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile insteadTim Rice
of RPM so build completes. Signatures were changed to .asc since 4.1p1.
2011-01-17- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.hDarren Tucker
configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror onDarren Tucker
the tinderbox.
2011-01-16 - (tim) [regress/agent-getpeereid.sh] shell portability fix.Tim Rice
2011-01-17 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]Damien Miller
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are disabled on platforms that do not support them; add a "config_defined()" shell function that greps for defines in config.h and use them to decide on feature tests. Convert a couple of existing grep's over config.h to use the new function Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent backslash characters in filenames, enable it for Cygwin and use it to turn of tests for quotes backslashes in sftp-glob.sh. based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-17 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the newDarren Tucker
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback to the old values. Feedback from vapier at gentoo org and djm, ok djm.
2011-01-17 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when runningDamien Miller
ssh-add to avoid $SUDO failures on Linux
2011-01-17 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by addingDamien Miller
its unique snowflake of a gdb error to the ones we look for.
2011-01-17 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one inDamien Miller
$PATH, fix cleanup of droppings; reported by openssh AT roumenpetrov.info; ok dtucker@
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 12:05:59Damien Miller
[clientloop.c] a couple more tweaks to the post-close protocol 1 stderr/stdout flush: now that we use atomicio(), convert them from while loops to if statements add test and cast to compile cleanly with -Wsigned
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 11:50:36Damien Miller
[sshconnect.c] reset the SIGPIPE handler when forking to execute child processes; ok dtucker@
2011-01-16 - djm@cvs.openbsd.org 2011/01/16 11:50:05Damien Miller
[clientloop.c] Use atomicio when flushing protocol 1 std{out,err} buffers at session close. This was a latent bug exposed by setting a SIGCHLD handler and spotted by kevin.brott AT gmail.com; ok dtucker@
2011-01-16 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-basedDarren Tucker
on configurations that don't have it.
2011-01-16not February yet...Darren Tucker
2011-01-13 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around someTim Rice
ecdsa bits.
2011-01-13 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.Tim Rice
2011-01-14 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating inDamien Miller
host-key-force target rather than a substitution that is replaced with a comment so that the Makefile.in is still a syntactically valid Makefile (useful to run the distprep target)
2011-01-14 - djm@cvs.openbsd.org 2011/01/13 21:55:25Damien Miller
[PROTOCOL.mux] correct protocol names and add a couple of missing protocol number defines; patch from bert.wesarg AT googlemail.com
2011-01-14 - djm@cvs.openbsd.org 2011/01/13 21:54:53Damien Miller
[mux.c] correct error messages; patch from bert.wesarg AT googlemail.com
2011-01-13 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256Damien Miller
should not depend on ECC support
2011-01-13 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and badDamien Miller
#define that was causing diffie-hellman-group-exchange-sha256 to be incorrectly disabled
2011-01-13 - (djm) [regress/Makefile] add a few more generated files to the cleanDamien Miller
target
2011-01-13 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoidDamien Miller
gcc warning on platforms where it defaults to int
2011-01-12 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generatingTim Rice
ecdsa keys. ok djm.
2011-01-12 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djmTim Rice