summaryrefslogtreecommitdiff
path: root/ChangeLog
AgeCommit message (Collapse)Author
2011-05-20 - djm@cvs.openbsd.org 2011/05/17 07:13:31Damien Miller
[key.c] fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :)
2011-05-20 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/05/15 08:09:01 [authfd.c monitor.c serverloop.c] use FD_CLOEXEC consistently; patch from zion AT x96.org
2011-05-20 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2Damien Miller
2011-05-20 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-optionsDamien Miller
options, we should corresponding -W-option when trying to determine whether it is accepted. Also includes a warning fix on the program fragment uses (bad main() return type). bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2011-05-20 - (djm) [session.c] call setexeccon() before executing passwd for pwDamien Miller
changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
2011-05-15 - (djm) [packet.c] unbreak portability #endifDamien Miller
2011-05-15 - djm@cvs.openbsd.org 2011/05/13 00:05:36Damien Miller
[authfile.c] warn on unexpected key type in key_parse_private_type()
2011-05-15 - djm@cvs.openbsd.org 2011/05/11 04:47:06Damien Miller
[auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] remove support for authorized_keys2; it is a relic from the early days of protocol v.2 support and has been undocumented for many years; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/10 05:46:46Damien Miller
[authfile.c] despam debug() logs by detecting that we are trying to load a private key in key_try_load_public() and returning early; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/08 12:52:01Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c] improve our behaviour when TTY allocation fails: if we are in RequestTTY=auto mode (the default), then do not treat at TTY allocation error as fatal but rather just restore the local TTY to cooked mode and continue. This is more graceful on devices that never allocate TTYs. If RequestTTY is set to "yes" or "force", then failure to allocate a TTY is fatal. ok markus@
2011-05-15 - jmc@cvs.openbsd.org 2011/05/07 23:20:25Damien Miller
[ssh.1] +.It RequestTTY
2011-05-15 - jmc@cvs.openbsd.org 2011/05/07 23:19:39Damien Miller
[ssh_config.5] - tweak previous - come consistency fixes ok djm
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 22:20:10Damien Miller
[PROTOCOL.mux] fix numbering; from bert.wesarg AT googlemail.com
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:38:58Damien Miller
[ssh.c] fix dropping from previous diff
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:34:32Damien Miller
[clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] Add a RequestTTY ssh_config option to allow configuration-based control over tty allocation (like -t/-T); ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:31:38Damien Miller
[readconf.c ssh_config.5] support negated Host matching, e.g. Host *.example.org !c.example.org User mekmitasdigoat Will match "a.example.org", "b.example.org", but not "c.example.org" ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:18:02Damien Miller
[ssh.c ssh_config.5] add a %L expansion (short-form of the local host name) for ControlPath; sync some more expansions with LocalCommand; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 21:14:05Damien Miller
[packet.c packet.h] set traffic class for IPv6 traffic as we do for IPv4 TOS; patch from lionel AT mamane.lu via Colin Watson in bz#1855; ok markus@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 02:05:41Damien Miller
[sshconnect2.c] fix memory leak; bz#1849 ok dtucker@
2011-05-15 - djm@cvs.openbsd.org 2011/05/06 01:09:53Damien Miller
[sftp.1] mention that IPv6 addresses must be enclosed in square brackets; bz#1845
2011-05-15 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35Damien Miller
[sshd_config] clarify language about overriding defaults. bz#1892, from Petr Cerny
2011-05-15 - djm@cvs.openbsd.org 2011/05/05 05:12:08Damien Miller
[mux.c] gracefully fall back when ControlPath is too large for a sockaddr_un. ok markus@ as part of a larger diff
2011-05-10 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fixDarren Tucker
--with-ssl-engine which was broken with the change from deprecated SSLeay_add_all_algorithms(). ok djm
2011-05-06 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototypeDarren Tucker
for closefrom() in test code. Report from Dan Wallis via Gentoo.
2011-05-04 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@Tim Rice
2011-05-04 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILETim Rice
so autoreconf 2.68 is happy.
2011-05-05 - djm@cvs.openbsd.org 2011/05/04 21:15:29Damien Miller
[authfile.c authfile.h ssh-add.c] allow "ssh-add - < key"; feedback and ok markus@
2011-05-05 - djm@cvs.openbsd.org 2011/04/18 00:46:05Damien Miller
[ssh-keygen.c] certificate options are supposed to be packed in lexical order of option name (though we don't actually enforce this at present). Move one up that was out of sequence
2011-05-05 - djm@cvs.openbsd.org 2011/04/17 22:42:42Damien Miller
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] allow graceful shutdown of multiplexing: request that a mux server removes its listener socket and refuse future multiplexing requests; ok markus@
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:09:37Damien Miller
[ssh-keygen.1] mention valid -b sizes for ECDSA keys; bz#1862
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:02:48Damien Miller
[ssh-keygen.1] improve wording; bz#1861
2011-05-05 - djm@cvs.openbsd.org 2011/04/12 05:32:49Damien Miller
[sshd.c] exit with 0 status on SIGTERM; bz#1879
2011-05-05 - djm@cvs.openbsd.org 2011/04/12 04:23:50Damien Miller
[ssh-keygen.c] fix -Wshadow
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17Damien Miller
[misc.c misc.h servconf.c] print ipqos friendly string for sshd -T; ok markus # sshd -Tf sshd_config|grep ipqos ipqos lowdelay throughput
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54Damien Miller
[ssh-keygen.c] use strcasecmp() for "clear" cert permission option also; ok djm
2011-05-05 - jmc@cvs.openbsd.org 2011/03/24 15:29:30Damien Miller
[ssh-keygen.1] zap trailing whitespace;
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04Damien Miller
[ssh-keygen.c] remove -d, documentation removed >10 years ago; ok markus
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56Damien Miller
[ssh-keygen.1] -q not used in /etc/rc now so remove statement.
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22Damien Miller
[ssh-keygen.1 ssh-keygen.c] Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This will be used by /etc/rc to generate new host keys. Idea from deraadt. ok deraadt
2011-05-05 - okan@cvs.openbsd.org 2011/03/15 10:36:02Damien Miller
[ssh-keyscan.c] use timerclear macro ok djm@
2011-05-05 - djm@cvs.openbsd.org 2011/03/10 11:34:25Damien Miller
[auth.h] allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 - OpenBSD CVS SyncDamien Miller
- djm@cvs.openbsd.org 2011/03/10 02:52:57 [auth2-gss.c auth2.c] allow GSSAPI authentication to detect when a server-side failure causes authentication failure and don't count such failures against MaxAuthTries; bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]Damien Miller
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] [regress/README.regress] Remove ssh-rand-helper and all its tentacles. PRNGd seeding has been rolled into entropy.c directly. Thanks to tim@ for testing on affected platforms.
2011-05-05 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOSDamien Miller
definitions.
2011-03-28(whitespace change to test sync to hg)Damien Miller
2011-02-21 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of theDarren Tucker
Cygwin-specific service installer script ssh-host-config. The actual functionality is the same, the revisited version is just more exact when it comes to check for problems which disallow to run certain aspects of the script. So, part of this script and the also rearranged service helper script library "csih" is to check if all the tools required to run the script are available on the system. The new script also is more thorough to inform the user why the script failed. Patch from vinschen at redhat com.
2011-02-18 - djm@cvs.openbsd.org 2011/02/16 00:31:14Damien Miller
[ssh-keysign.c] make hostbased auth with ECDSA keys work correctly. Based on patch by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
2011-02-06 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA keyDarren Tucker
generation and simplify. Patch from Corinna Vinschen.
2011-02-06 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error inDarren Tucker
selinux code. Patch from Leonardo Chiquitto.
2011-02-04 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] update versions in docs and spec files. - Release OpenSSH 5.8p1