summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-03-22 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Crank version numbers
2010-03-22 - djm@cvs.openbsd.org 2010/03/16 16:36:49Damien Miller
[version.h] crank version to openssh-5.5 since we have a few fixes since 5.4; requested deraadt@ kettenis@
2010-03-22 - stevesk@cvs.openbsd.org 2010/03/16 15:46:52Damien Miller
[auth-options.c] spelling in error message. ok djm kettenis
2010-03-22 - stevesk@cvs.openbsd.org 2010/03/15 19:40:02Damien Miller
[key.c key.h ssh-keygen.c] also print certificate type (user or host) for ssh-keygen -L ok djm kettenis
2010-03-22 - jmc@cvs.openbsd.org 2010/03/13 23:38:13Damien Miller
[ssh-keygen.1] fix a formatting error (args need quoted); noted by stevesk
2010-03-22 - djm@cvs.openbsd.org 2010/03/13 21:45:46Damien Miller
[ssh-keygen.1] Certificates are named *-cert.pub, not *_cert.pub; committing a diff from stevesk@ ok me
2010-03-22 - djm@cvs.openbsd.org 2010/03/13 21:10:38Damien Miller
[clientloop.c] protocol conformance fix: send language tag when disconnecting normally; spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
2010-03-22 - markus@cvs.openbsd.org 2010/03/12 11:37:40Damien Miller
[servconf.c] do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths free() (not xfree()) the buffer returned by getcwd()
2010-03-22 - djm@cvs.openbsd.org 2010/03/12 01:06:25Damien Miller
[servconf.c] unbreak AuthorizedKeys option with a $HOME-relative path; reported by vinschen AT redhat.com, ok dtucker@
2010-03-22 - djm@cvs.openbsd.org 2010/03/10 23:27:17Damien Miller
[auth2-pubkey.c] correct certificate logging and make it more consistent between authorized_keys and TrustedCAKeys; ok markus@
2010-03-22 - jmc@cvs.openbsd.org 2010/03/10 07:40:35Damien Miller
[ssh-keygen.1] typos; from Ross Richardson closes prs 6334 and 6335
2010-03-22 - jmc@cvs.openbsd.org 2010/03/08 09:41:27Damien Miller
[ssh-keygen.1] sort the list of constraints (to -O); ok djm
2010-03-14 - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat forDamien Miller
ssh-pkcs11-helper to repair static builds (we do the same for ssh-keyscan). Reported by felix-mindrot AT fefe.de
2010-03-14 - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fixDamien Miller
compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot AT fefe.de
2010-03-11 - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to installTim Rice
on a Cygwin installation. Patch from Corinna Vinschen.
2010-03-11 - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.Tim Rice
Patch from Corinna Vinschen.
2010-03-11 - (tim) [openssh/Makefile.in] Now that scard is gone, no need toTim Rice
make $(datadir)
2010-03-10 - (tim) [contrib/suse/openssh.spec] crank version number here too.Tim Rice
report by imorgan AT nas.nasa.gov
2010-03-09 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFODarren Tucker
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-08 - djm@cvs.openbsd.org 2010/03/08 00:28:55Damien Miller
[ssh-keygen.1] document permit-agent-forwarding certificate constraint; patch from stevesk@
2010-03-08 - (djm) Release OpenSSH-5.4p1Damien Miller
2010-03-08 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
crank version numbers
2010-03-08 - djm@cvs.openbsd.org 2010/03/07 22:16:01Damien Miller
[ssh-keygen.c] make internal strptime string match strftime format; suggested by vinschen AT redhat.com and markus@
2010-03-08 - (djm) OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/03/07 22:01:32 [version.h] openssh-5.4
2010-03-07 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13Darren Tucker
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c] Hold authentication debug messages until after successful authentication. Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
2010-03-07 - (dtucker) [session.c] Also initialize creds to NULL for handing toDarren Tucker
setpcred.
2010-03-07 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot andDarren Tucker
do not set real uid, since that's needed for the chroot, and will be set by permanently_set_uid.
2010-03-07 - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so thatDarren Tucker
it gets the passwd struct from the LAM that knows about the user which is not necessarily the default. Patch from Alexandre Letourneau.
2010-03-05 - djm@cvs.openbsd.org 2010/03/05 10:28:21Damien Miller
[ssh-add.1 ssh.1 ssh_config.5] mention loading of certificate files from [private]-cert.pub when they are present; feedback and ok jmc@
2010-03-05 - jmc@cvs.openbsd.org 2010/03/05 08:31:20Damien Miller
[ssh.1] document certificate authentication; help/ok djm
2010-03-05 - jmc@cvs.openbsd.org 2010/03/05 06:50:35Damien Miller
[ssh.1 sshd.8] tweak previous;
2010-03-05 - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@Damien Miller
2010-03-05 - djm@cvs.openbsd.org 2010/03/05 02:58:11Damien Miller
[auth.c] make the warning for a revoked key louder and more noticable
2010-03-05 - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failureDamien Miller
on some platforms
2010-03-05 - djm@cvs.openbsd.org 2010/03/04 23:27:25Damien Miller
[auth-options.c ssh-keygen.c] "force-command" is not spelled "forced-command"; spotted by imorgan AT nas.nasa.gov
2010-03-05 - djm@cvs.openbsd.org 2010/03/04 23:19:29Damien Miller
[ssh.1 sshd.8] move section on CA and revoked keys from ssh.1 to sshd.8's known hosts format section and rework it a bit; requested by jmc@
2010-03-05 - djm@cvs.openbsd.org 2010/03/04 23:17:25Damien Miller
[sshd_config.5] missing word; spotted by jmc@
2010-03-05 - jmc@cvs.openbsd.org 2010/03/04 22:52:40Damien Miller
[ssh-keygen.1] fix Bk/Ek;
2010-03-04 - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in olderTim Rice
compilers. OK djm@
2010-03-05 - djm@cvs.openbsd.org 2010/03/04 20:35:08Damien Miller
[ssh-keygen.1 ssh-keygen.c] Add a -L flag to print the contents of a certificate; ok markus@
2010-03-05 - jmc@cvs.openbsd.org 2010/03/04 12:51:25Damien Miller
[ssh.1 sshd_config.5] tweak previous;
2010-03-04 - djm@cvs.openbsd.org 2010/03/04 10:38:23Damien Miller
[regress/cert-hostkey.sh regress/cert-userkey.sh] additional regression tests for revoked keys and TrustedUserCAKeys
2010-03-04 - djm@cvs.openbsd.org 2010/03/03 00:47:23Damien Miller
[regress/cert-hostkey.sh regress/cert-userkey.sh] add an extra test to ensure that authentication with the wrong certificate fails as it should (and it does)
2010-03-04 - djm@cvs.openbsd.org 2010/03/04 10:36:03Damien Miller
[auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c] [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h] [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5] Add a TrustedUserCAKeys option to sshd_config to specify CA keys that are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
2010-03-04 - djm@cvs.openbsd.org 2010/03/04 01:44:57Damien Miller
[key.c] use buffer_get_string_ptr_ret() where we are checking the return value explicitly instead of the fatal()-causing buffer_get_string_ptr()
2010-03-04 - djm@cvs.openbsd.org 2010/03/03 22:50:40Damien Miller
[PROTOCOL.certkeys] s/similar same/similar/; from imorgan AT nas.nasa.gov
2010-03-04 - djm@cvs.openbsd.org 2010/03/03 22:49:50Damien Miller
[sshd.8] the authorized_keys option for CA keys is "cert-authority", not "from=cert-authority". spotted by imorgan AT nas.nasa.gov
2010-03-04 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2010/03/03 01:44:36 [auth-options.c key.c] reject strings with embedded ASCII nul chars in certificate key IDs, principal names and constraints
2010-03-04 - (djm) [regress/Makefile] Cleanup sshd_proxy_origDamien Miller
2010-03-04 - (djm) [.cvsignore] Ignore ssh-pkcs11-helperDamien Miller