Age | Commit message (Collapse) | Author |
|
|
|
|
|
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
to use them. Allows building with older OpenSSL versions.
|
|
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
has a /dev/random).
|
|
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
|
|
[uuencode.c]
document what these functions do so I don't ever have to recuse into
b64_pton/ntop to remember their return values
|
|
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
|
|
|
|
|
|
|
|
[version.h]
openssh-5.2
|
|
[sshd_config.5]
missing period
|
|
[ssh_config.5 sshd_config.5]
don't advertise experimental options
|
|
- tobias@cvs.openbsd.org 2009/02/21 19:32:04
[misc.c sftp-server-main.c ssh-keygen.c]
Added missing newlines in error messages.
ok dtucker
|
|
[contrib/suse/openssh.spec] Prepare for 5.2p1
|
|
[schnorr.c]
signature should hash over the entire group, not just the generator
(this is still disabled code)
|
|
[ssh_config]
sync with revised default ciphers; pointed out by dkrause@
|
|
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
|
|
[regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled
interop tests from FATAL error to a warning. Allows some interop
tests to proceed if others are missing necessary prerequisites.
|
|
[PROTOCOL]
mention that eow and no-more-sessions extensions are sent only to
OpenSSH peers
|
|
[packet.c]
check for enc !=NULL in packet_start_discard
|
|
[ssh_config.5]
kill trailing whitespace;
|
|
[ssh_config.5]
document RemoteForward usage with 0 listen port
|
|
[ssh.1]
consistency: Dq => Ql
|
|
[ssh.1]
document -R0:... usage
|
|
[monitor.c]
some paranoia: check that the serialised key is really KEY_RSA before
diddling its internals
|
|
[serverloop.c]
tighten check for -R0:... forwarding: only allow dynamic allocation
if want_reply is set in the packet
|
|
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
[readconf.h serverloop.c ssh.c]
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
|
|
[sftp.c]
Initialize a few variables to prevent spurious "may be used
uninitialized" warnings from newer gcc's. ok djm@
|
|
OSX provides a getlastlogxbyname function that automates the reading of
a lastlog file. Also, the pututxline function will update lastlog so
there is no need for loginrec.c to do it explicitly. Collapse some
overly verbose code while I'm in there.
|
|
set ownership and modes, so avoid explicitly setting them
|
|
channels.c too, so move the definition for non-IP6 platforms to defines.h
where it can be shared.
|
|
|
|
If the CYGWIN environment variable is empty, the installer script
should not install the service with an empty CYGWIN variable, but
rather without setting CYGWNI entirely.
|
|
Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x.
The information given for the setting of the CYGWIN environment variable
is wrong for both releases so I just removed it, together with the
unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
|
|
https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages;
LP: #261884).
|
|
[cipher.c cipher.h packet.c]
Work around the CPNI-957037 Plaintext Recovery Attack by always
reading 256K of data on packet size or HMAC errors (in CBC mode only).
Help, feedback and ok djm@
Feedback from Martin Albrecht and Paterson Kenny
|
|
[ssh_config.5 sshd_config.5]
sync list of preferred ciphers; ok djm@
|
|
[myproposal.h]
prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
modes; ok markus@
|
|
[auth-options.c]
another chunk of a2port() diff that got away. wtfdjm??
|
|
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
|
|
[channels.c]
oops! I committed the wrong version of the Channel->path diff,
it was missing some tweaks suggested by stevesk@
|
|
[channels.c channels.h session.c]
make Channel->path an allocated string, saving a few bytes here and
there and fixing bz#1380 in the process; ok markus@
|
|
[readconf.c]
1) use obsolete instead of alias for consistency
2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is
so move the comment.
3) reorder so like options are together
ok djm@
|
|
[channels.c]
support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
"looks ok" markus@
|
|
[kexgexs.c]
fix hash calculation for KEXGEX: hash over the original client-supplied
values and not the sanity checked versions that we acutally use;
bz#1540 reported by john.smith AT arrows.demon.co.uk
ok markus@
|
|
[channels.c]
call channel destroy callbacks on receipt of open failure messages.
fixes client hangs when connecting to a server that has MaxSessions=0
set spotted by imorgan AT nas.nasa.gov; ok markus@
|
|
[sshd_config.5]
add AllowAgentForwarding to available Match keywords list
ok djm
|
|
[pathnames.h]
no need to escape single quotes in comments
|
|
[ssh-keyscan.1]
fix example, default key type is rsa for 3+ years; from
frederic.perrin@resel.fr
|