summaryrefslogtreecommitdiff
path: root/ChangeLog
AgeCommit message (Collapse)Author
2007-06-14 - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move theDarren Tucker
USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be shared with umac.c. Allows building with OpenSSL 0.9.5 again including umac support. With tim@ djm@, ok djm.
2007-06-13 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28Darren Tucker
[scp.c] Encode filename with strnvis if the name contains a newline (which can't be represented in the scp protocol), from bz #891. ok markus@
2007-06-13 - jmc@cvs.openbsd.org 2007/06/12 13:43:55Darren Tucker
[ssh.1] add -K to SYNOPSIS;
2007-06-13 - jmc@cvs.openbsd.org 2007/06/12 13:41:03Darren Tucker
[ssh-add.1] identies -> identities;
2007-06-12 - dtucker@cvs.openbsd.org 2007/06/12 11:56:15Darren Tucker
[gss-genr.c] Pass GSS OID to gss_display_status to provide better information in error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 11:45:27Darren Tucker
[ssh.c] improved exit message from multiplex slave sessions; bz #1262 reported by alexandre.nunes AT gmail.com; ok dtucker@
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 11:15:17Darren Tucker
[ssh.c ssh.1] Add "-K" flag for ssh to set GSSAPIAuthentication=yes and GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI) and is useful for hosts with /home on Kerberised NFS; bz #1312 patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 11:11:08Darren Tucker
[ssh.c] fix slave exit value when a control master goes away without passing the full exit status by ensuring that the slave reads a full int. bz#1261 reported by frekko AT gmail.com; ok markus@ dtucker@
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 08:24:20Darren Tucker
[scp.c] make scp try to skip FIFOs rather than blocking when nothing is listening. depends on the platform supporting sane O_NONBLOCK semantics for open on FIFOs (apparently POSIX does not mandate this), which OpenBSD does. bz #856; report by cjwatson AT debian.org; ok markus@
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 08:20:00Darren Tucker
[ssh-gss.h gss-serv.c gss-genr.c] relocate server-only GSSAPI code from libssh to server; bz #1225 patch from simon AT sxw.org.uk; ok markus@ dtucker@
2007-06-12 - djm@cvs.openbsd.org 2007/06/12 07:41:00Darren Tucker
[ssh-add.1] better document ssh-add's -d option (delete identies from agent), bz#1224 new text based on some provided by andrewmc-debian AT celt.dias.ie; ok dtucker@
2007-06-12 - markus@cvs.openbsd.org 2007/06/11 09:14:00Darren Tucker
[channels.h] increase default channel windows; ok djm
2007-06-11 - markus@cvs.openbsd.org 2007/06/11 08:04:44Damien Miller
[channels.c] send 'window adjust' messages every tree packets and do not wait until 50% of the window is consumed. ok djm dtucker
2007-06-11 - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. ShouldDarren Tucker
prevent warnings about redefinitions of various things in paths.h. Spotted by cartmanltd at hotmail.com.
2007-06-11 - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"Darren Tucker
argument to nanosleep may be NULL. Currently this never happens in OpenSSH, but check anyway in case this changes or the code gets used elsewhere.
2007-06-11 - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), thenDamien Miller
fallback to provided bit-swizzing functions
2007-06-11 - jmc@cvs.openbsd.org 2007/06/08 07:48:09Damien Miller
[sshd_config.5] oops, here too: put the MAC list into a display, like we do for ciphers, since groff has trouble with wide lines;
2007-06-11 - jmc@cvs.openbsd.org 2007/06/08 07:43:46Damien Miller
[ssh_config.5] put the MAC list into a display, like we do for ciphers, since groff has trouble handling wide lines;
2007-06-11 - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40Damien Miller
[ssh_config] Add a "MACs" line after "Ciphers" with the default MAC algorithms, to ease people who want to tweak both (eg. for performance reasons). ok deraadt@ djm@ dtucker@
2007-06-11 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34Damien Miller
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] [ssh_config.5 sshd.8 sshd_config.5] Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
2007-06-11 - (djm) Bugzilla #1306: silence spurious error messages from hang-on-exitDamien Miller
fix; tested by dtucker@ and jochen.kirn AT gmail.com
2007-06-05 - (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.Darren Tucker
2007-06-05 - (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex soDarren Tucker
mindrot's cvs doesn't expand it on us.
2007-06-05 - (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags thatDarren Tucker
OpenBSD's cvs now adds.
2007-06-05 - djm@cvs.openbsd.org 2007/06/05 06:52:37Darren Tucker
[kex.c monitor_wrap.c packet.c mac.h kex.h mac.c] Preserve MAC ctx between packets, saving 2xhash calls per-packet. Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
2007-06-05 - djm@cvs.openbsd.org 2007/06/02 09:04:58Darren Tucker
[bufbn.c] memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
2007-06-05 - djm@cvs.openbsd.org 2007/05/31 23:34:29Darren Tucker
[packet.c] gc unreachable code; spotted by Tavis Ormandy
2007-06-05 - jmc@cvs.openbsd.org 2007/05/31 19:20:16Darren Tucker
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] convert to new .Dd format; (We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 - djm@cvs.openbsd.org 2007/05/30 05:58:13Darren Tucker
[kex.c] tidy: KNF, ARGSUSED and u_int
2007-06-05 - djm@cvs.openbsd.org 2007/05/22 10:18:52Darren Tucker
[sshd.c] zap double include; from p_nowaczyk AT o2.pl (not required in -portable, Id sync only)
2007-05-20 - (dtucker) [auth-pam.c] Return empty string if fgets fails inDarren Tucker
sshpam_tty_conv. Patch from ldv at altlinux.org.
2007-05-20 - (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch fromDarren Tucker
ldv at altlinux.org.
2007-05-20 - jolan@cvs.openbsd.org 2007/05/17 23:53:41Darren Tucker
[sshconnect2.c] djm owes me a vb and a tism cd for breaking ssh compilation
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 20:52:13Darren Tucker
[monitor.c] pass received SIGINT from monitor to postauth child so it can clean up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com; ok markus@
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 20:48:13Darren Tucker
[sshconnect2.c] fall back to gethostname() when the outgoing connection is not on a socket, such as is the case when ProxyCommand is used. Gives hostbased auth an opportunity to work; bz#616, report and feedback stuart AT kaloram.com; ok markus@
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 07:55:29Darren Tucker
[sftp-server.c] bz#1286 stop reading and processing commands when input or output buffer is nearly full, otherwise sftp-server would happily try to grow the input/output buffers past the maximum supported by the buffer API and promptly fatal() based on patch from Thue Janus Kristensen; feedback & ok dtucker@
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 07:50:31Darren Tucker
[log.c] save and restore errno when logging; ok deraadt@
2007-05-20 - dtucker@cvs.openbsd.org 2007/04/23 10:15:39Darren Tucker
[servconf.c] Remove debug() left over from development. ok deraadt@
2007-05-20 - stevesk@cvs.openbsd.org 2007/04/18 01:12:43Darren Tucker
[sftp-server.c] cast "%llu" format spec to (unsigned long long); do not assume a u_int64_t arg is the same as 'unsigned long long'. from Dmitry V. Levin <ldv@altlinux.org> ok markus@ 'Yes, that looks correct' millert@
2007-05-20 - stevesk@cvs.openbsd.org 2007/04/14 22:01:58Darren Tucker
[auth2.c] remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
2007-05-0920070509Tim Rice
- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
2007-04-29trim pastoDarren Tucker
2007-04-29 - (dtucker) [configure.ac defines.h] Have configure check for offsetofDarren Tucker
to prevent redefinition warnings.
2007-04-29 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__Darren Tucker
__nonnull__ for versions of GCC that don't support it.
2007-04-29 - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKSDarren Tucker
so we don't get redefinition warnings.
2007-04-29 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.Darren Tucker
2007-04-29 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use theDarren Tucker
platform's _res if it has one. Should fix problem of DNSSEC record lookups on NetBSD as reported by Curt Sampson.
2007-04-29 - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.Darren Tucker
2007-04-29 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.hDarren Tucker
for select(2) prototype.
2007-04-06 - (dtucker) [INSTALL] prngd lives at sourceforge these days.Darren Tucker