summaryrefslogtreecommitdiff
path: root/Makefile.in
AgeCommit message (Collapse)Author
2012-10-05 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom"Darren Tucker
2012-10-05 - [Makefile umac.c] Add special-case target to build umac128.o.Darren Tucker
2012-04-04 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandboxDamien Miller
mode for Linux's new seccomp filter; patch from Will Drewry; feedback and ok dtucker@
2011-08-06 - djm@cvs.openbsd.org 2011/06/23 23:35:42Damien Miller
[monitor.c] ignore EINTR errors from poll()
2011-06-27 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox forDamien Miller
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing markus@
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 21:57:01Damien Miller
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@
2011-05-05 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]Damien Miller
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] [regress/README.regress] Remove ssh-rand-helper and all its tentacles. PRNGd seeding has been rolled into entropy.c directly. Thanks to tim@ for testing on affected platforms.
2011-01-25 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.cDamien Miller
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-17- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.hDarren Tucker
configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-16 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-basedDarren Tucker
on configurations that don't have it.
2011-01-14 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating inDamien Miller
host-key-force target rather than a substitution that is replaced with a comment so that the Makefile.in is still a syntactically valid Makefile (useful to run the distprep target)
2011-01-12 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generatingTim Rice
ecdsa keys. ok djm.
2011-01-12 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djmTim Rice
2011-01-09 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted byDamien Miller
openssh AT roumenpetrov.info
2011-01-04 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpageDamien Miller
formatter if it is present, followed by nroff and groff respectively. Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports in favour of mandoc). feedback and ok tim
2011-01-03 - (djm) [Makefile.in] revert local hack I didn't intend to commitDamien Miller
2011-01-02 - (djm) [configure.ac] Check whether libdes is needed when buildingDamien Miller
with Heimdal krb5 support. On OpenBSD this library no longer exists, so linking it unconditionally causes a build failure; ok dtucker
2010-08-31 - (djm) [Makefile.in] Add new ECC filesDamien Miller
2010-05-12 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solveDarren Tucker
circular dependency problem on old or odd platforms. From Tom Lane, ok djm@.
2010-03-14 - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat forDamien Miller
ssh-pkcs11-helper to repair static builds (we do the same for ssh-keyscan). Reported by felix-mindrot AT fefe.de
2010-03-11 - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.Tim Rice
Patch from Corinna Vinschen.
2010-03-11 - (tim) [openssh/Makefile.in] Now that scard is gone, no need toTim Rice
make $(datadir)
2010-02-24 - (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helperDamien Miller
2010-02-12 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]Damien Miller
[scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java] Remove obsolete smartcard support
2010-02-12 - markus@cvs.openbsd.org 2010/02/08 10:50:20Damien Miller
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
2010-01-08 - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines.Darren Tucker
2010-01-08 - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import newDarren Tucker
files for roaming and add to Makefile.
2009-10-02 - (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps.Damien Miller
spotted by des AT des.no
2009-08-28 - (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variablesDamien Miller
in argv, so pass them in the environment; ok dtucker@
2009-06-21 - andreas@cvs.openbsd.org 2009/05/28 16:50:16Darren Tucker
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c monitor.c Added roaming.h roaming_common.c roaming_dummy.c] Keep track of number of bytes read and written. Needed for upcoming changes. Most code from Martin Forssen, maf at appgate dot com. ok markus@ Also, applied appropriate changes to Makefile.in
2008-11-05 - djm@cvs.openbsd.org 2008/11/04 08:22:13Damien Miller
[auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] [Makefile.in] Add support for an experimental zero-knowledge password authentication method using the J-PAKE protocol described in F. Hao, P. Ryan, "Password Authenticated Key Exchange by Juggling", 16th Workshop on Security Protocols, Cambridge, April 2008. This method allows password-based authentication without exposing the password to the server. Instead, the client and server exchange cryptographic proofs to demonstrate of knowledge of the password while revealing nothing useful to an attacker or compromised endpoint. This is experimental, work-in-progress code and is presently compiled-time disabled (turn on -DJPAKE in Makefile.inc). "just commit it. It isn't too intrusive." deraadt@
2008-07-09 - (djm) [Makefile.in] Print "all tests passed" when all regress tests passDamien Miller
2008-07-05 - (djm) [Makefile.in] Pass though pass to conch for interop testsDamien Miller
2008-06-26 - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD.Damien Miller
(bz#1372)
2008-06-11 - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now.Darren Tucker
2008-06-11 - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as wellDarren Tucker
as environment.
2008-06-11 - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6Darren Tucker
specific tests on platforms that don't do IPv6.
2008-06-10 - (dtucker) OpenBSD CVS SyncDarren Tucker
- djm@cvs.openbsd.org 2008/06/10 03:57:27 [servconf.c match.h sshd_config.5] support CIDR address matching in sshd_config "Match address" blocks, with full support for negation and fall-back to classic wildcard matching. For example: Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* PasswordAuthentication yes addrmatch.c code mostly lifted from flowd's addr.c feedback and ok dtucker@
2008-05-19 - djm@cvs.openbsd.org 2008/05/09 14:18:44Damien Miller
[clientloop.c clientloop.h ssh.c mux.c] tidy up session multiplexing code, moving it into its own file and making the function names more consistent - making ssh.c and clientloop.c a fair bit more readable. ok markus@
2008-03-13 - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) andDamien Miller
puttygen(1) by $PATH
2008-03-13 - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note toDamien Miller
self: make changes to Makefile.in next time, not the generated Makefile).
2008-02-10 - djm@cvs.openbsd.org 2008/02/08 23:24:07Damien Miller
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
2008-02-10 - djm@cvs.openbsd.org 2008/02/08 23:24:07Damien Miller
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
2007-06-11 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34Damien Miller
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1] [ssh_config.5 sshd.8 sshd_config.5] Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
2007-03-25 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,Darren Tucker
LIBWRAP and LIBPAM variables in Makefile with the general-purpose SSHDLIBS. "I like" djm@
2006-10-23 - (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keepTim Rice
autoconf 2.60 from complaining.
2006-09-12 - (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]Damien Miller
Support SMF in Solaris Packages if enabled by configure. Patch from Chad Mynhier, tested by dtucker@
2006-08-31 - (djm) [CREDITS LICENCE Makefile.in auth.c configure.ac includes.h ]Damien Miller
[platform.c platform.h sshd.c openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c] [openbsd-compat/port-solaris.h] Add support for Solaris process contracts, enabled with --use-solaris-contracts. Patch from Chad Mynhier, tweaked by dtucker@ and myself; ok dtucker@
2006-08-22 - (dtucker) [Makefile.in] Bug #1177: fix incorrect path for sshrc inDarren Tucker
Makefile. Patch from santhi.amirta at gmail, ok djm.
2006-07-24 - (djm) [Makefile.in]Damien Miller
Remove generated openbsd-compat/regress/Makefile in distclean target