summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:31:38Damien Miller
[readconf.c ssh_config.5] support negated Host matching, e.g. Host *.example.org !c.example.org User mekmitasdigoat Will match "a.example.org", "b.example.org", but not "c.example.org" ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:18:02Damien Miller
[ssh.c ssh_config.5] add a %L expansion (short-form of the local host name) for ControlPath; sync some more expansions with LocalCommand; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:14:05Damien Miller
[packet.c packet.h] set traffic class for IPv6 traffic as we do for IPv4 TOS; patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 02:05:41Damien Miller
[sshconnect2.c] fix memory leak; bz#1849 ok dtucker@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 01:09:53Damien Miller
[sftp.1] mention that IPv6 addresses must be enclosed in square brackets; bz#1845
2011-05-15 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35Damien Miller
[sshd_config] clarify language about overriding defaults. bz#1892, from Petr Cerny
2011-05-15 - djm@cvs.openbsd.org 2011/05/05 05:12:08Damien Miller
[mux.c] gracefully fall back when ControlPath is too large for a sockaddr_un. ok markus@ as part of a larger diff
2011-05-10 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fixDarren Tucker
--with-ssl-engine which was broken with the change from deprecated SSLeay_add_all_algorithms(). ok djm
2011-05-06 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototypeDarren Tucker
for closefrom() in test code. Report from Dan Wallis via Gentoo.
2011-05-04 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@Tim Rice
2011-05-04 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILETim Rice
so autoreconf 2.68 is happy.
2011-05-05 - djm@cvs.openbsd.org 2011/05/04 21:15:29Damien Miller
[authfile.c authfile.h ssh-add.c] allow "ssh-add - < key"; feedback and ok markus@
2011-05-05 - djm@cvs.openbsd.org 2011/04/18 00:46:05Damien Miller
[ssh-keygen.c] certificate options are supposed to be packed in lexical order of option name (though we don't actually enforce this at present). Move one up that was out of sequence
2011-05-05 - djm@cvs.openbsd.org 2011/04/17 22:42:42Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests; ok markus@
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:09:37Damien Miller
[ssh-keygen.1] mention valid -b sizes for ECDSA keys; bz#1862
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:02:48Damien Miller
[ssh-keygen.1] improve wording; bz#1861
2011-05-05 - djm@cvs.openbsd.org 2011/04/12 05:32:49Damien Miller
[sshd.c] exit with 0 status on SIGTERM; bz#1879
2011-05-05 - djm@cvs.openbsd.org 2011/04/12 04:23:50Damien Miller
[ssh-keygen.c] fix -Wshadow
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17Damien Miller
[misc.c misc.h servconf.c] print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54Damien Miller
[ssh-keygen.c] use strcasecmp() for "clear" cert permission option also; ok djm
2011-05-05 - jmc@cvs.openbsd.org 2011/03/24 15:29:30Damien Miller
[ssh-keygen.1] zap trailing whitespace;
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04Damien Miller
[ssh-keygen.c] remove -d, documentation removed >10 years ago; ok markus
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56Damien Miller
[ssh-keygen.1] -q not used in /etc/rc now so remove statement.
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22Damien Miller
[ssh-keygen.1 ssh-keygen.c] Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This will be used by /etc/rc to generate new host keys. Idea from deraadt. ok deraadt
2011-05-05 - okan@cvs.openbsd.org 2011/03/15 10:36:02Damien Miller
[ssh-keyscan.c] use timerclear macro ok djm@
2011-05-05 - djm@cvs.openbsd.org 2011/03/10 11:34:25Damien Miller
[auth.h] allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/03/10 02:52:57 [auth2-gss.c auth2.c] allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]Damien Miller
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] [regress/README.regress] Remove ssh-rand-helper and all its tentacles. PRNGd seeding has been rolled into entropy.c directly. Thanks to tim@ for testing on affected platforms.
2011-05-05 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOSDamien Miller
definitions.
2011-04-12s/recommended/required in warning:Damien Miller
"It is recommended that your private key files are NOT accessible by others." since there is no way to skip this check; bz#1878
2011-03-28(whitespace change to test sync to hg)Damien Miller
2011-02-21 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of theDarren Tucker
Cygwin-specific service installer script ssh-host-config. The actual functionality is the same, the revisited version is just more exact when it comes to check for problems which disallow to run certain aspects of the script. So, part of this script and the also rearranged service helper script library "csih" is to check if all the tools required to run the script are available on the system. The new script also is more thorough to inform the user why the script failed. Patch from vinschen at redhat com.
2011-02-18 - djm@cvs.openbsd.org 2011/02/16 00:31:14Damien Miller
[ssh-keysign.c] make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
2011-02-06 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA keyDarren Tucker
generation and simplify. Patch from Corinna Vinschen.
2011-02-06 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error inDarren Tucker
selinux code. Patch from Leonardo Chiquitto.
2011-02-04 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] update versions in docs and spec files. - Release OpenSSH 5.8p1
2011-02-04 - djm@cvs.openbsd.org 2011/02/04 00:44:43Damien Miller
[version.h] openssh-5.8
2011-02-04 - djm@cvs.openbsd.org 2011/02/04 00:44:21Damien Miller
[key.c] fix uninitialised nonce variable; reported by Mateusz Kocielski
2011-02-04 - djm@cvs.openbsd.org 2011/01/31 21:42:15Damien Miller
[PROTOCOL.mux] cut'n'pasto; from bert.wesarg AT googlemail.com
2011-01-28 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabledDamien Miller
before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851
2011-01-2620110127Tim Rice
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white space changes for consistency/readability. Makes autoconf 2.68 happy. "Nice work" djm
2011-01-2620110127Tim Rice
- (tim) [config.guess config.sub] Sync with upstream.
2011-01-25 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.cDamien Miller
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-22 - (djm) Release 5.7p1Damien Miller
2011-01-22trim entries older than 5.5p1Damien Miller
2011-01-22 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] update versions in docs and spec files.
2011-01-22 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/01/22 09:18:53 [version.h] crank to OpenSSH-5.7
2011-01-22 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] AddDarren Tucker
RSA_get_default_method() for the benefit of openssl versions that don't have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, ok djm@.
2011-01-19 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior toDamien Miller
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- release testing (random crashes and failure to load ECC keys). ok dtucker@
2011-01-18 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile insteadTim Rice
of RPM so build completes. Signatures were changed to .asc since 4.1p1.