tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,058 Commits 6 Branches 20 Tags 98 MiB
Commit Graph

7058 Commits

Author SHA1 Message Date
Darren Tucker 234557762b - dtucker@cvs.openbsd.org 2013/11/04 12:27:42 
[regress/rekey.sh]
     Test rekeying with all KexAlgorithms.
 2013-11-07 15:00:51 +11:00
Darren Tucker bbfb9b0f38 - markus@cvs.openbsd.org 2013/11/02 22:39:53 
[regress/kextype.sh]
     add curve25519-sha256@libssh.org
 2013-11-07 14:56:43 +11:00
Darren Tucker aa19548a98 - djm@cvs.openbsd.org 2013/10/09 23:44:14 
[regress/Makefile] (ID sync only)
     regression test for sftp request white/blacklisting and readonly mode.
 2013-11-07 14:50:09 +11:00
Damien Miller c8908aabff - djm@cvs.openbsd.org 2013/11/06 23:05:59 
[ssh-pkcs11.c]
     from portable: s/true/true_val/ to avoid name collisions on dump platforms
     RCSID sync only
 2013-11-07 13:38:35 +11:00
Damien Miller 49c145c5e8 - markus@cvs.openbsd.org 2013/11/06 16:52:11 
[monitor_wrap.c]
     fix rekeying for AES-GCM modes; ok deraadt
 2013-11-07 13:35:39 +11:00
Damien Miller 67a8800f29 - markus@cvs.openbsd.org 2013/11/04 11:51:16 
[monitor.c]
     fix rekeying for KEX_C25519_SHA256; noted by dtucker@
     RCSID sync only; I thought this was a merge botch and fixed it already
 2013-11-07 13:32:51 +11:00
Damien Miller df8b030b15 - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms 
that lack it but have arc4random_uniform()
 2013-11-07 13:28:16 +11:00
Damien Miller a6fd1d3c38 - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these 2013-11-07 12:03:26 +11:00
Damien Miller c98319750b - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff 2013-11-07 12:00:23 +11:00
Damien Miller 61c5c2319e - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5) 
that got lost in recent merge.
 2013-11-07 11:34:14 +11:00
Damien Miller 094003f545 - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from 
KEX/curve25519 change
 2013-11-04 22:59:27 +11:00
Damien Miller ca67a7eaf8 - djm@cvs.openbsd.org 2013/11/03 10:37:19 
[roaming_common.c]
     fix a couple of function definitions foo() -> foo(void)
     (-Wold-style-definition)
 2013-11-04 09:05:17 +11:00
Damien Miller 0bd8f1519d - markus@cvs.openbsd.org 2013/11/02 22:39:19 
[ssh_config.5 sshd_config.5]
     the default kex is now curve25519-sha256@libssh.org
 2013-11-04 08:55:43 +11:00
Damien Miller 4c3ba0767f - markus@cvs.openbsd.org 2013/11/02 22:34:01 
[auth-options.c]
     no need to include monitor_wrap.h and ssh-gss.h
 2013-11-04 08:40:13 +11:00
Damien Miller 660621b210 - markus@cvs.openbsd.org 2013/11/02 22:24:24 
[kexdhs.c kexecdhs.c]
     no need to include ssh-gss.h
 2013-11-04 08:37:51 +11:00
Damien Miller abdca986de - markus@cvs.openbsd.org 2013/11/02 22:10:15 
[kexdhs.c kexecdhs.c]
     no need to include monitor_wrap.h
 2013-11-04 08:30:05 +11:00
Damien Miller 1e1242604e - markus@cvs.openbsd.org 2013/11/02 21:59:15 
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
     use curve25519 for default key exchange (curve25519-sha256@libssh.org);
     initial patch from Aris Adamantiadis; ok djm@
 2013-11-04 08:26:52 +11:00
Damien Miller d2252c7919 - markus@cvs.openbsd.org 2013/11/02 20:03:54 
[ssh-pkcs11.c]
     support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
     fixes bz#1908; based on patch from Laurent Barbe; ok djm
 2013-11-04 07:41:48 +11:00
Darren Tucker 007e3b357e - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t 
for platforms that don't have them.
 2013-11-03 18:43:55 +11:00
Darren Tucker 710f374735 - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd 
vsnprintf.  From eric at openbsd via chl@.
 2013-11-03 17:20:34 +11:00
Darren Tucker d527704523 - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep. 
From OpenSMTPD where it prevents "implicit declaration" warnings (it's
   a no-op in OpenSSH).  From chl at openbsd.
 2013-11-03 16:30:46 +11:00
Damien Miller 63857c9340 - jmc@cvs.openbsd.org 2013/10/29 18:49:32 
[sshd_config.5]
     pty(4), not pty(7);
 2013-10-30 22:31:06 +11:00
Damien Miller 5ff30c6b68 - djm@cvs.openbsd.org 2013/10/29 09:48:02 
[servconf.c servconf.h session.c sshd_config sshd_config.5]
     shd_config PermitTTY to disallow TTY allocation, mirroring the
     longstanding no-pty authorized_keys option;
     bz#2070, patch from Teran McKinney; ok markus@
 2013-10-30 22:21:50 +11:00
Damien Miller 4a3a9d4bbf - djm@cvs.openbsd.org 2013/10/29 09:42:11 
[key.c key.h]
     fix potential stack exhaustion caused by nested certificates;
     report by Mateusz Kocielski; ok dtucker@ markus@
 2013-10-30 22:19:47 +11:00
Damien Miller 28631ceaa7 - djm@cvs.openbsd.org 2013/10/25 23:04:51 
[ssh.c]
     fix crash when using ProxyCommand caused by previous commit - was calling
     freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
 2013-10-26 10:07:56 +11:00
Damien Miller 26506ad293 - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove 
unnecessary arc4random_stir() calls. The only ones left are to ensure
   that the PRNG gets a different state after fork() for platforms that
   have broken the API.
 2013-10-26 10:05:46 +11:00
Tim Rice bd43e88723 - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd" 2013-10-24 12:22:49 -07:00
Damien Miller a90c033808 - djm@cvs.openbsd.org 2013/10/24 08:19:36 
[ssh.c]
     fix bug introduced in hostname canonicalisation commit: don't try to
     resolve hostnames when a ProxyCommand is set unless the user has forced
     canonicalisation; spotted by Iain Morgan
 2013-10-24 21:03:17 +11:00
Damien Miller cf31f38634 - dtucker@cvs.openbsd.org 2013/10/24 00:51:48 
[readconf.c servconf.c ssh_config.5 sshd_config.5]
     Disallow empty Match statements and add "Match all" which matches
     everything.  ok djm, man page help jmc@
 2013-10-24 21:02:56 +11:00
Damien Miller 4bedd4032a - dtucker@cvs.openbsd.org 2013/10/24 00:49:49 
[moduli.c]
     Periodically print progress and, if possible, expected time to completion
     when screening moduli for DH groups.  ok deraadt djm
 2013-10-24 21:02:26 +11:00
Damien Miller 5ecb416298 - djm@cvs.openbsd.org 2013/10/23 23:35:32 
[sshd.c]
     include local address and port in "Connection from ..." message (only
     shown at loglevel>=verbose)
 2013-10-24 21:02:02 +11:00
Damien Miller 03bf2e61ad - dtucker@cvs.openbsd.org 2013/10/23 05:40:58 
[servconf.c]
     fix comment
 2013-10-24 21:01:26 +11:00
Damien Miller 8f18731914 - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check 
rather than full client name which may be of form user@REALM;
   patch from Miguel Sanders; ok dtucker@
 2013-10-24 10:53:02 +11:00
Damien Miller 5b01b0dcb4 - djm@cvs.openbsd.org 2013/10/23 04:16:22 
[ssh-keygen.c]
     Make code match documentation: relative-specified certificate expiry time
     should be relative to current time and not the validity start time.
     Reported by Petr Lautrbach; ok deraadt@
 2013-10-23 16:31:31 +11:00
Damien Miller eff5cada58 - djm@cvs.openbsd.org 2013/10/23 03:05:19 
[readconf.c ssh.c]
     comment
 2013-10-23 16:31:10 +11:00
Damien Miller 084bcd24e9 - djm@cvs.openbsd.org 2013/10/23 03:03:07 
[readconf.c]
     Hostname may have %h sequences that should be expanded prior to Match
     evaluation; spotted by Iain Morgan
 2013-10-23 16:30:51 +11:00
Damien Miller 8e5a67f469 - jmc@cvs.openbsd.org 2013/10/20 18:00:13 
[ssh_config.5]
     tweak the "exec" description, as worded by djm;
 2013-10-23 16:30:25 +11:00
Damien Miller c0049bd0bc - djm@cvs.openbsd.org 2013/10/20 09:51:26 
[scp.1 sftp.1]
     add canonicalisation options to -o lists
 2013-10-23 16:29:59 +11:00
Damien Miller 8a04be795f - djm@cvs.openbsd.org 2013/10/20 06:19:28 
[readconf.c ssh_config.5]
     rename "command" subclause of the recently-added "Match" keyword to
     "exec"; it's shorter, clearer in intent and we might want to add the
     ability to match against the command being executed at the remote end in
     the future.
 2013-10-23 16:29:40 +11:00
Damien Miller 5c86ebdf83 - djm@cvs.openbsd.org 2013/10/20 04:39:28 
[ssh_config.5]
     document % expansions performed by "Match command ..."
 2013-10-23 16:29:12 +11:00
Damien Miller 4502f88774 - djm@cvs.openbsd.org 2013/10/17 22:08:04 
[sshd.c]
     include remote port in bad banner message; bz#2162
 2013-10-18 10:17:36 +11:00
Damien Miller 1edcbf65eb - jmc@cvs.openbsd.org 2013/10/17 07:35:48 
[sftp.1 sftp.c]
     tweak previous;
 2013-10-18 10:17:17 +11:00
Damien Miller a176e18230 - djm@cvs.openbsd.org 2013/10/09 23:44:14 
[regress/Makefile regress/sftp-perm.sh]
     regression test for sftp request white/blacklisting and readonly mode.
 2013-10-18 09:05:41 +11:00
Damien Miller e3ea09494d - djm@cvs.openbsd.org 2013/10/17 00:46:49 
[ssh.c]
     rearrange check to reduce diff against -portable
     (Id sync only)
 2013-10-17 11:57:23 +11:00
Damien Miller f29238e674 - djm@cvs.openbsd.org 2013/10/17 00:30:13 
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
     fsync@openssh.com protocol extension for sftp-server
     client support to allow calling fsync() faster successful transfer
     patch mostly by imorgan AT nas.nasa.gov; bz#1798
     "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
 2013-10-17 11:48:52 +11:00
Damien Miller 51682faa59 - djm@cvs.openbsd.org 2013/10/16 22:58:01 
[ssh.c ssh_config.5]
     one I missed in previous: s/isation/ization/
 2013-10-17 11:48:31 +11:00
Damien Miller 3850559be9 - djm@cvs.openbsd.org 2013/10/16 22:49:39 
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
     s/canonicalise/canonicalize/ for consistency with existing spelling,
     e.g. authorized_keys; pointed out by naddy@
 2013-10-17 11:48:13 +11:00
Damien Miller 607af3434b - jmc@cvs.openbsd.org 2013/10/16 06:42:25 
[ssh_config.5]
     tweak previous;
 2013-10-17 11:47:51 +11:00
Damien Miller 0faf747e2f - djm@cvs.openbsd.org 2013/10/16 02:31:47 
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
     [sshconnect.c sshconnect.h]
     Implement client-side hostname canonicalisation to allow an explicit
     search path of domain suffixes to use to convert unqualified host names
     to fully-qualified ones for host key matching.
     This is particularly useful for host certificates, which would otherwise
     need to list unqualified names alongside fully-qualified ones (and this
     causes a number of problems).
     "looks fine" markus@
 2013-10-17 11:47:23 +11:00
Damien Miller d77b81f856 - jmc@cvs.openbsd.org 2013/10/15 14:10:25 
[ssh.1 ssh_config.5]
     tweak previous;
 2013-10-17 11:39:00 +11:00