5c96a154c7
- (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE
...
and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
detecting toolchain-related problems; ok dtucker
2014-01-21 13:10:26 +11:00
9464ba6fb3
- (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
...
with sftp chroot support. Move set_id call after chroot.
2014-01-20 17:59:28 -08:00
a6d573caa1
- (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
...
tests in the configure output. ok djm.
2014-01-21 12:50:46 +11:00
096118dc73
- (dtucker) [configure.ac] Make PIE a configure-time option which defaults
...
to on platforms where it's known to be reliably detected and off elsewhere.
Works around platforms such as FreeBSD 9.1 where it does not interop with
-ftrapv (it seems to work but fails when trying to link ssh). ok djm@
2014-01-21 12:48:51 +11:00
f9df7f6f47
- (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
...
skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
2014-01-20 20:07:15 +11:00
c74e70eb52
- (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
...
implementation does not have krb5_cc_new_unique, similar to what we do
in auth-krb5.c.
2014-01-20 13:18:09 +11:00
3510979e83
- djm@cvs.openbsd.org 2014/01/20 00:08:48
...
[digest.c]
memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
2014-01-20 12:41:53 +11:00
7eee358d7a
- dtucker@cvs.openbsd.org 2014/01/19 11:21:51
...
[addrmatch.c]
Cast the sizeof to socklen_t so it'll work even if the supplied len is
negative. Suggested by and ok djm, ok deraadt.
2014-01-19 22:37:02 +11:00
b7e01c09b5
- djm@cvs.openbsd.org 2014/01/19 04:48:08
...
[ssh_config.5]
fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
2014-01-19 22:36:13 +11:00
7b1ded04ad
- dtucker@cvs.openbsd.org 2014/01/19 04:17:29
...
[canohost.c addrmatch.c]
Cast socklen_t when comparing to size_t and use socklen_t to iterate over
the ip options, both to prevent signed/unsigned comparison warnings.
Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
2014-01-19 15:30:02 +11:00
293ee3c9f0
- dtucker@cvs.openbsd.org 2014/01/18 09:36:26
...
[session.c]
explicitly define USE_PIPES to 1 to prevent redefinition warnings in
portable on platforms that use pipes for everything. From redhat @
redhat.
2014-01-19 15:28:01 +11:00
2aca159d05
- dtucker@cvs.openbsd.org 2014/01/17 06:23:24
...
[sftp-server.c]
fix log message statvfs. ok djm
2014-01-19 15:25:34 +11:00
841f7da89a
- (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
...
return value check for cap_enter() consistent with the other uses in
FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140.
2014-01-18 22:12:15 +11:00
fdce373166
- (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
...
optind) are defined in getopt.h already. Unfortunately they are defined as
"declspec(dllimport)" for historical reasons, because the GNU linker didn't
allow auto-import on PE/COFF targets way back when. The problem is the
dllexport attributes collide with the definitions in the various source
files in OpenSSH, which obviousy define the variables without
declspec(dllimport). The least intrusive way to get rid of these warnings
is to disable warnings for GCC compiler attributes when building on Cygwin.
Patch from vinschen at redhat.com.
2014-01-18 21:12:42 +11:00
1411c9263f
- (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
...
declarations that stopped being included when we stopped including
<windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at
redhat.com.
2014-01-18 21:03:59 +11:00
89c532d843
- (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch
...
from vinschen at redhat.com
2014-01-18 20:43:49 +11:00
355f861022
- (dtucker) [defines.h] Move our definitions of uintXX_t types down to after
...
they're defined if we have to define them ourselves. Fixes builds on old
AIX.
2014-01-18 00:12:38 +11:00
a3357661ee
- (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on
...
Solaris.
2014-01-18 00:03:57 +11:00
9edcbff46f
- (dtucker) [configure.ac] Have --without-toolchain-hardening not turn off
...
stack-protector since that has a separate flag that's been around a while.
2014-01-17 21:54:32 +11:00
6d725687c4
- (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
2014-01-17 19:17:34 +11:00
5055699c7f
- (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
...
need them to cut down on the name collisions.
2014-01-17 18:48:22 +11:00
a5cf1e220d
- (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
...
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
to be useful (and for the regression tests to pass) on platforms that
have statfs and fstatfs. ok djm@
2014-01-17 18:10:58 +11:00
1357d71d7b
- (dtucker) Fix typo in #ifndef.
2014-01-17 18:00:40 +11:00
d23a91ffb2
- (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
...
openbsd-compat/openssl-compat.h] Add compatibility layer for older
openssl versions. ok djm@
2014-01-17 17:32:30 +11:00
868ea1ea1c
- (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
...
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
[sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2014-01-17 16:47:04 +11:00
a9d186a8b5
- dtucker@cvs.openbsd.org 2014/01/17 05:26:41
...
[digest.c]
remove unused includes. ok djm@
2014-01-17 16:30:49 +11:00
5f1c57a7a7
- djm@cvs.openbsd.org 2014/01/17 00:21:06
...
[sftp-client.c]
signed/unsigned comparison warning fix; from portable (Id sync only)
2014-01-17 16:29:45 +11:00
c548722361
- (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
...
separate lines and alphabetize for easier diffing of changes.
2014-01-17 15:12:16 +11:00
acad351a5b
- (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that
...
don't have them.
2014-01-17 14:20:05 +11:00
c3ed065ce8
- (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
...
#ifdef HAVE_STDINT_H.
2014-01-17 14:18:45 +11:00
f45f78ae43
- (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include
...
includes.h to pull in all of the compatibility stuff.
2014-01-17 12:43:43 +11:00
99df369d03
- (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
2014-01-17 12:42:17 +11:00
ac413b62ea
- (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
2014-01-17 12:31:33 +11:00
1c4a011e9c
- (dtucker) [loginrec.c] Cast to the types specfied in the format
...
specification to prevent warnings.
2014-01-17 12:23:23 +11:00
c3d483f9a8
- (djm) [sftp-client.c] signed/unsigned comparison fix
2014-01-17 11:20:26 +11:00
fd994379dd
- (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
...
hardening flags including -fstack-protector-strong. These default to on
if the toolchain supports them, but there is a configure-time knob
(--without-hardening) to disable them if necessary. ok djm@
2014-01-17 09:53:24 +11:00
366224d217
- (djm) [README] update release notes URL.
2014-01-16 18:51:44 +11:00
2ae77e64f8
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Crank RPM spec version numbers.
2014-01-16 18:51:07 +11:00
0fa29e6d77
- djm@cvs.openbsd.org 2014/01/16 07:32:00
...
[version.h]
openssh-6.5
2014-01-16 18:42:31 +11:00
52c371cd6d
- djm@cvs.openbsd.org 2014/01/16 07:31:09
...
[sftp-client.c]
needless and incorrect cast to size_t can break resumption of
large download; patch from tobias@
2014-01-16 18:42:10 +11:00
91b580e4be
- djm@cvs.openbsd.org 2014/01/12 08:13:13
...
[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
[kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
avoid use of OpenSSL BIGNUM type and functions for KEX with
Curve25519 by adding a buffer_put_bignum2_from_string() that stores
a string using the bignum encoding rules. Will make it easier to
build a reduced-feature OpenSSH without OpenSSL in the future;
ok markus@
2014-01-12 19:21:22 +11:00
af5d4481f4
- djm@cvs.openbsd.org 2014/01/10 05:59:19
...
[sshd_config]
the /etc/ssh/ssh_host_ed25519_key is loaded by default too
2014-01-12 19:20:47 +11:00
58cd63bc63
- djm@cvs.openbsd.org 2014/01/09 23:26:48
...
[sshconnect.c sshd.c]
ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
deranged and might make some attacks on KEX easier; ok markus@
2014-01-10 10:59:24 +11:00
b3051d01e5
- djm@cvs.openbsd.org 2014/01/09 23:20:00
...
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
[kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
[schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
2014-01-10 10:58:53 +11:00
e00e413dd1
- guenther@cvs.openbsd.org 2014/01/09 03:26:00
...
[sftp-common.c]
When formating the time for "ls -l"-style output, show dates in the future
with the year, and rearrange a comparison to avoid a potentional signed
arithmetic overflow that would give the wrong result.
ok djm@
2014-01-10 10:40:45 +11:00
3e49853650
- tedu@cvs.openbsd.org 2014/01/04 17:50:55
...
[mac.c monitor_mm.c monitor_mm.h xmalloc.c]
use standard types and formats for size_t like variables. ok dtucker
2014-01-10 10:37:05 +11:00
a9c1e500ef
- (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
2014-01-08 16:13:12 +11:00
324541e526
- djm@cvs.openbsd.org 2013/12/30 23:52:28
...
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
[sshconnect.c sshconnect2.c sshd.c]
refuse RSA keys from old proprietary clients/servers that use the
obsolete RSA+MD5 signature scheme. it will still be possible to connect
with these clients/servers but only DSA keys will be accepted, and we'll
deprecate them entirely in a future release. ok markus@
2013-12-31 12:25:40 +11:00
9f4c8e797e
- (djm) [regress/Makefile] Add some generated files for cleaning
2013-12-29 17:57:46 +11:00
106bf1ca3c
- djm@cvs.openbsd.org 2013/12/29 05:57:02
...
[sshconnect.c]
when showing other hostkeys, don't forget Ed25519 keys
2013-12-29 17:54:03 +11:00
0fa47cfb32
- djm@cvs.openbsd.org 2013/12/29 05:42:16
...
[ssh.c]
don't forget to load Ed25519 certs too
2013-12-29 17:53:39 +11:00
b9a95490da
- djm@cvs.openbsd.org 2013/12/29 04:35:50
...
[authfile.c]
don't refuse to load Ed25519 certificates
2013-12-29 17:50:15 +11:00
f72cdde6e6
- djm@cvs.openbsd.org 2013/12/29 04:29:25
...
[authfd.c]
allow deletion of ed25519 keys from the agent
2013-12-29 17:49:55 +11:00
29ace1cb68
- djm@cvs.openbsd.org 2013/12/29 04:20:04
...
[key.c]
to make sure we don't omit any key types as valid CA keys again,
factor the valid key type check into a key_type_is_valid_ca()
function
2013-12-29 17:49:31 +11:00
9de4fcdc5a
- djm@cvs.openbsd.org 2013/12/29 02:49:52
...
[key.c]
correct comment for key_drop_cert()
2013-12-29 17:49:13 +11:00
5baeacf8a8
- djm@cvs.openbsd.org 2013/12/29 02:37:04
...
[key.c]
correct comment for key_to_certified()
2013-12-29 17:48:55 +11:00
83f2fe26cb
- djm@cvs.openbsd.org 2013/12/29 02:28:10
...
[key.c]
allow ed25519 keys to appear as certificate authorities
2013-12-29 17:48:38 +11:00
06122e9a74
- djm@cvs.openbsd.org 2013/12/27 22:37:18
...
[ssh-rsa.c]
correct comment
2013-12-29 17:48:15 +11:00
3e19295c3a
- djm@cvs.openbsd.org 2013/12/27 22:30:17
...
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
make the original RSA and DSA signing/verification code look more like
the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
2013-12-29 17:47:50 +11:00
137977180b
- tedu@cvs.openbsd.org 2013/12/21 07:10:47
...
[ssh-keygen.1]
small typo
2013-12-29 17:47:14 +11:00
339a48fe7f
- djm@cvs.openbsd.org 2013/12/19 22:57:13
...
[poly1305.c poly1305.h]
use full name for author, with his permission
2013-12-29 17:46:49 +11:00
0b36c83148
- djm@cvs.openbsd.org 2013/12/19 01:19:41
...
[ssh-agent.c]
bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
ok dtucker
2013-12-29 17:45:51 +11:00
4def184e9b
- djm@cvs.openbsd.org 2013/12/19 01:04:36
...
[channels.c]
bz#2147: fix multiple remote forwardings with dynamically assigned
listen ports. In the s->c message to open the channel we were sending
zero (the magic number to request a dynamic port) instead of the actual
listen port. The client therefore had no way of discriminating between
them.
Diagnosis and fix by ronf AT timeheart.net
2013-12-29 17:45:26 +11:00
bf25d114e2
- djm@cvs.openbsd.org 2013/12/19 00:27:57
...
[auth-options.c]
simplify freeing of source-address certificate restriction
2013-12-29 17:44:56 +11:00
bb3dafe702
- dtucker@cvs.openbsd.org 2013/12/19 00:19:12
...
[serverloop.c]
Cast client_alive_interval to u_int64_t before assinging to
max_time_milliseconds to avoid potential integer overflow in the timeout.
bz#2170, patch from Loganaden Velvindron, ok djm@
2013-12-29 17:44:29 +11:00
ef275ead3d
- djm@cvs.openbsd.org 2013/12/19 00:10:30
...
[ssh-add.c]
skip requesting smartcard PIN when removing keys from agent; bz#2187
patch from jay AT slushpupie.com; ok dtucker
2013-12-29 17:44:07 +11:00
7d97fd9a1c
- (djm) [loginrec.c] Check for username truncation when looking up lastlog
...
entries
2013-12-29 17:40:18 +11:00
77244afe3b
20131221
...
- (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
2013-12-21 17:02:39 +11:00
53f8e784dc
- (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
...
Patch from Loganaden Velvindron.
2013-12-19 11:31:44 +11:00
1fcec9d4f2
- (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
...
greater than 11 either rather than just 11. Patch from Tomas Kuthan.
2013-12-19 11:00:12 +11:00
6674eb9683
- markus@cvs.openbsd.org 2013/12/17 10:36:38
...
[crypto_api.h]
I've assempled the header file by cut&pasting from generated headers
and the source files.
2013-12-18 17:50:39 +11:00
d58a596442
- djm@cvs.openbsd.org 2013/12/15 21:42:35
...
[cipher-chachapoly.c]
add some comments and constify a constant
2013-12-18 17:50:13 +11:00
059321d19a
- pascal@cvs.openbsd.org 2013/12/15 18:17:26
...
[ssh-add.c]
Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
ok markus@
2013-12-18 17:49:48 +11:00
155b5a5bf1
- markus@cvs.openbsd.org 2013/12/09 11:08:17
...
[crypto_api.h]
remove unused defines
2013-12-18 17:48:32 +11:00
8a56dc2b6b
- markus@cvs.openbsd.org 2013/12/09 11:03:45
...
[blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
Add Authors for the public domain ed25519/nacl code.
see also http://nacl.cr.yp.to/features.html
All of the NaCl software is in the public domain.
and http://ed25519.cr.yp.to/software.html
The Ed25519 software is in the public domain.
2013-12-18 17:48:11 +11:00
6575c3acf3
- dtucker@cvs.openbsd.org 2013/12/08 09:53:27
...
[sshd_config.5]
Use a literal for the default value of KEXAlgorithms. ok deraadt jmc
2013-12-18 17:47:02 +11:00
8ba0ead698
- naddy@cvs.openbsd.org 2013/12/07 11:58:46
...
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
add missing mentions of ed25519; ok djm@
2013-12-18 17:46:27 +11:00
4f752cf71c
- djm@cvs.openbsd.org 2013/12/07 08:08:26
...
[ssh-keygen.1]
document -a and -o wrt new key format
2013-12-18 17:45:35 +11:00
6d6fcd14e2
- (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
...
[regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
filesystem before running agent-ptrace.sh; ok dtucker
2013-12-08 15:53:28 +11:00
7e6e42fb53
- (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
...
Vinschen
2013-12-08 08:23:08 +11:00
da3ca351b4
- (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
...
Loganaden Velvindron @ AfriNIC in bz#2179
2013-12-07 21:43:46 +11:00
eb401585bb
- (djm) [regress/cert-hostkey.sh] Fix merge botch
2013-12-07 17:07:15 +11:00
f54542af3a
- markus@cvs.openbsd.org 2013/12/06 13:52:46
...
[regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
[regress/cert-userkey.sh regress/keytype.sh]
test ed25519 support; from djm@
2013-12-07 16:32:44 +11:00
f104da263d
- (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
...
[openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
Linux
2013-12-07 12:37:53 +11:00
1ff130dac9
- [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
...
[openbsd-compat/blf.h openbsd-compat/blowfish.c]
[openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
portable.
2013-12-07 11:51:51 +11:00
4260828a29
- [authfile.c] Conditionalise inclusion of util.h
2013-12-07 11:38:03 +11:00
a913442bac
- [Makefile.in] Add ed25519 sources
2013-12-07 11:35:36 +11:00
ca570a519c
- djm@cvs.openbsd.org 2013/12/07 00:19:15
...
[key.c]
set k->cert = NULL after freeing it
2013-12-07 11:29:09 +11:00
3cccc0e155
- [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
...
[ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
2013-12-07 11:27:47 +11:00
a7827c11b3
- jmc@cvs.openbsd.org 2013/12/06 15:29:07
...
[sshd.8]
missing comma;
2013-12-07 11:24:30 +11:00
5be9d9e3cb
- markus@cvs.openbsd.org 2013/12/06 13:39:49
...
[authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
[servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
[ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
[sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
[fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
support ed25519 keys (hostkeys and user identities) using the public
domain ed25519 reference code from SUPERCOP, see
http://ed25519.cr.yp.to/software.html
feedback, help & ok djm@
2013-12-07 11:24:01 +11:00
bcd00abd84
- markus@cvs.openbsd.org 2013/12/06 13:34:54
...
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@
2013-12-07 10:41:55 +11:00
f0e9060d23
- markus@cvs.openbsd.org 2013/12/06 13:30:08
...
[authfd.c key.c key.h ssh-agent.c]
move private key (de)serialization to key.c; ok djm
2013-12-07 10:40:26 +11:00
0f8536da23
- djm@cvs.openbsd.org 2013/12/06 03:40:51
...
[ssh-keygen.c]
remove duplicated character ('g') in getopt() string;
document the (few) remaining option characters so we don't have to
rummage next time.
2013-12-07 10:31:37 +11:00
393920745f
- djm@cvs.openbsd.org 2013/12/05 22:59:45
...
[sftp-client.c]
fix memory leak in error path in do_readdir(); pointed out by
Loganaden Velvindron @ AfriNIC in bz#2163
2013-12-07 10:31:08 +11:00
534b2ccade
- djm@cvs.openbsd.org 2013/12/05 01:16:41
...
[servconf.c servconf.h]
bz#2161 - fix AuthorizedKeysCommand inside a Match block and
rearrange things so the same error is harder to make next time;
with and ok dtucker@
2013-12-05 14:07:27 +11:00
8369c8e61a
- (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
...
-L location for libedit. Patch from Serge van den Boom.
2013-12-05 11:00:16 +11:00
9275df3e0a
- djm@cvs.openbsd.org 2013/12/04 04:20:01
...
[sftp-client.c]
bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
AfriNIC
2013-12-05 10:26:32 +11:00
960f6a2b52
- djm@cvs.openbsd.org 2013/12/02 03:13:14
...
[cipher.c]
correct bzero of chacha20+poly1305 key context. bz#2177 from
Loganaden Velvindron @ AfriNIC
Also make it a memset for consistency with the rest of cipher.c
2013-12-05 10:26:14 +11:00
f7e8a8796d
- djm@cvs.openbsd.org 2013/12/02 03:09:22
...
[key.c]
make key_to_blob() return a NULL blob on failure; part of
bz#2175 from Loganaden Velvindron @ AfriNIC
2013-12-05 10:25:51 +11:00
f1e44ea9d9
- djm@cvs.openbsd.org 2013/12/02 02:56:17
...
[ssh-pkcs11-helper.c]
use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
2013-12-05 10:23:21 +11:00
114e540b15
- djm@cvs.openbsd.org 2013/12/02 02:50:27
...
[PROTOCOL.chacha20poly1305]
typo; from Jon Cave
2013-12-05 10:22:57 +11:00
e4870c0906
- djm@cvs.openbsd.org 2013/12/01 23:19:05
...
[PROTOCOL]
mention curve25519-sha256@libssh.org key exchange algorithm
2013-12-05 10:22:39 +11:00
1d2f8804a6
- deraadt@cvs.openbsd.org 2013/11/26 19:15:09
...
[pkcs11.h]
cleanup 1 << 31 idioms. Resurrection of this issue pointed out by
Eitan Adler ok markus for ssh, implies same change in kerberosV
2013-12-05 10:22:03 +11:00
bdb352a54f
- jmc@cvs.openbsd.org 2013/11/26 12:14:54
...
[ssh.1 ssh.c]
- put -Q in the right place
- Ar was a poor choice for the arguments to -Q. i've chosen an
admittedly equally poor Cm, at least consistent with the rest
of the docs. also no need for multiple instances
- zap a now redundant Nm
- usage() sync
2013-12-05 10:20:52 +11:00
d937dc084a
- deraadt@cvs.openbsd.org 2013/11/25 18:04:21
...
[ssh.1 ssh.c]
improve -Q usage and such. One usage change is that the option is now
case-sensitive
ok dtucker markus djm
2013-12-05 10:19:54 +11:00
dec0393f7e
- jmc@cvs.openbsd.org 2013/11/21 08:05:09
...
[ssh_config.5 sshd_config.5]
no need for .Pp before displays;
2013-12-05 10:18:43 +11:00
8a073cf579
- djm@cvs.openbsd.org 2013/11/21 03:18:51
...
[regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
[regress/try-ciphers.sh]
use new "ssh -Q cipher-auth" query to obtain lists of authenticated
encryption ciphers instead of specifying them manually; ensures that
the new chacha20poly1305@openssh.com mode is tested;
ok markus@ and naddy@ as part of the diff to add
chacha20poly1305@openssh.com
2013-11-21 14:26:18 +11:00
ea61b2179f
- djm@cvs.openbsd.org 2013/11/21 03:16:47
...
[regress/modpipe.c]
use unsigned long long instead of u_int64_t here to avoid warnings
on some systems portable OpenSSH is built on.
2013-11-21 14:25:15 +11:00
36aba25b04
- djm@cvs.openbsd.org 2013/11/21 03:15:46
...
[regress/krl.sh]
add some reminders for additional tests that I'd like to implement
2013-11-21 14:24:42 +11:00
fa7a20bc28
- naddy@cvs.openbsd.org 2013/11/18 05:09:32
...
[regress/forward-control.sh]
bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
to successfully run this; ok djm@
(ID sync only; our timeouts are already longer)
2013-11-21 14:24:08 +11:00
0fde8acdad
- djm@cvs.openbsd.org 2013/11/21 00:45:44
...
[Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
[chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
[dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
[ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
cipher "chacha20-poly1305@openssh.com" that combines Daniel
Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode.
Inspired by and similar to Adam Langley's proposal for TLS:
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
but differs in layout used for the MAC calculation and the use of a
second ChaCha20 instance to separately encrypt packet lengths.
Details are in the PROTOCOL.chacha20poly1305 file.
Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
ok markus@ naddy@
2013-11-21 14:12:23 +11:00
fdb2306acd
- deraadt@cvs.openbsd.org 2013/11/20 20:54:10
...
[canohost.c clientloop.c match.c readconf.c sftp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
2013-11-21 13:57:15 +11:00
e00167307e
- deraadt@cvs.openbsd.org 2013/11/20 20:53:10
...
[scp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus
2013-11-21 13:56:49 +11:00
23e00aa6ba
- djm@cvs.openbsd.org 2013/11/20 02:19:01
...
[sshd.c]
delay closure of in/out fds until after "Bad protocol version
identification..." message, as get_remote_ipaddr/get_remote_port
require them open.
2013-11-21 13:56:28 +11:00
867e6934be
- markus@cvs.openbsd.org 2013/11/13 13:48:20
...
[ssh-pkcs11.c]
add missing braces found by pedro
2013-11-21 13:56:06 +11:00
0600c7020f
- dtucker@cvs.openbsd.org 2013/11/08 11:15:19
...
[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
[uidswap.c] Include stdlib.h for free() as per the man page.
2013-11-21 13:55:43 +11:00
b6a75b0b93
- (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
...
querying the ones that are compiled in.
2013-11-10 20:25:22 +11:00
2c89430119
- (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
2013-11-10 12:38:42 +11:00
dd5264db5f
- (dtucker) [configure.ac] Add missing "test".
2013-11-09 22:32:51 +11:00
95cb2d4eb0
- (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
2013-11-09 22:02:31 +11:00
37bcef51b3
- (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
...
NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
latter actually works before using it. Fedora (at least) has NID_secp521r1
that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897 ).
2013-11-09 18:39:25 +11:00
6e2fe81f92
- dtucker@cvs.openbsd.org 2013/11/09 05:41:34
...
[regress/test-exec.sh regress/rekey.sh]
Use smaller test data files to speed up tests. Grow test datafiles
where necessary for a specific test.
2013-11-09 16:55:03 +11:00
aff7ef1bb8
- (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
...
rather than testing and generating each key, call ssh-keygen -A.
Patch from vinschen at redhat.com.
2013-11-09 00:19:22 +11:00
882abfd3fb
- (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
...
and pass in TEST_ENV. Unknown options cause stderr to get polluted
and the stderr-data test to fail.
2013-11-09 00:17:41 +11:00
8c333ec23b
- (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
...
warnings.
2013-11-08 21:12:58 +11:00
d94240b2f6
- (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
2013-11-08 21:10:04 +11:00
1c8ce34909
- (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
...
EVP_sha256.
2013-11-08 19:50:32 +11:00
ccdb9bec46
- (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
...
arc4random_stir for platforms that have arc4random but don't have
arc4random_stir (right now this is only OpenBSD -current).
2013-11-08 18:54:38 +11:00
3420a50169
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update version numbers following release.
2013-11-08 16:48:13 +11:00
3ac4a234df
- djm@cvs.openbsd.org 2013/11/08 01:38:11
...
[version.h]
openssh-6.4
2013-11-08 12:39:49 +11:00
6c81fee693
- djm@cvs.openbsd.org 2013/11/08 00:39:15
...
[auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
[clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
[sftp-client.c sftp-glob.c]
use calloc for all structure allocations; from markus@
2013-11-08 12:19:55 +11:00
690d989008
- dtucker@cvs.openbsd.org 2013/11/07 11:58:27
...
[cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
Output the effective values of Ciphers, MACs and KexAlgorithms when
the default has not been overridden. ok markus@
2013-11-08 12:16:49 +11:00
08998c5fb9
- dtucker@cvs.openbsd.org 2013/11/08 01:06:14
...
[regress/rekey.sh]
Rekey less frequently during tests to speed them up
2013-11-08 12:11:46 +11:00
4bf7e50e53
- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
...
variable. It's no longer used now that we get the supported MACs from
ssh -Q.
2013-11-07 22:33:48 +11:00
6e9d6f4112
- dtucker@cvs.openbsd.org 2013/11/07 04:26:56
...
[regress/kextype.sh]
trailing space
2013-11-07 15:32:37 +11:00
74cbc22529
- dtucker@cvs.openbsd.org 2013/11/07 03:55:41
...
[regress/kextype.sh]
Use ssh -Q to get kex types instead of a static list.
2013-11-07 15:26:12 +11:00
a955041c93
- dtucker@cvs.openbsd.org 2013/11/07 02:48:38
...
[regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
Use ssh -Q instead of hardcoding lists of ciphers or MACs.
2013-11-07 15:21:19 +11:00
06595d6395
- dtucker@cvs.openbsd.org 2013/11/07 01:12:51
...
[regress/rekey.sh]
Factor out the data transfer rekey tests
2013-11-07 15:08:02 +11:00
651dc8b259
- dtucker@cvs.openbsd.org 2013/11/07 00:12:05
...
[regress/rekey.sh]
Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
the GCM ciphers.
2013-11-07 15:04:44 +11:00
234557762b
- dtucker@cvs.openbsd.org 2013/11/04 12:27:42
...
[regress/rekey.sh]
Test rekeying with all KexAlgorithms.
2013-11-07 15:00:51 +11:00
bbfb9b0f38
- markus@cvs.openbsd.org 2013/11/02 22:39:53
...
[regress/kextype.sh]
add curve25519-sha256@libssh.org
2013-11-07 14:56:43 +11:00
aa19548a98
- djm@cvs.openbsd.org 2013/10/09 23:44:14
...
[regress/Makefile] (ID sync only)
regression test for sftp request white/blacklisting and readonly mode.
2013-11-07 14:50:09 +11:00
c8908aabff
- djm@cvs.openbsd.org 2013/11/06 23:05:59
...
[ssh-pkcs11.c]
from portable: s/true/true_val/ to avoid name collisions on dump platforms
RCSID sync only
2013-11-07 13:38:35 +11:00
49c145c5e8
- markus@cvs.openbsd.org 2013/11/06 16:52:11
...
[monitor_wrap.c]
fix rekeying for AES-GCM modes; ok deraadt
2013-11-07 13:35:39 +11:00
67a8800f29
- markus@cvs.openbsd.org 2013/11/04 11:51:16
...
[monitor.c]
fix rekeying for KEX_C25519_SHA256; noted by dtucker@
RCSID sync only; I thought this was a merge botch and fixed it already
2013-11-07 13:32:51 +11:00
df8b030b15
- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
...
that lack it but have arc4random_uniform()
2013-11-07 13:28:16 +11:00
a6fd1d3c38
- (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
2013-11-07 12:03:26 +11:00
c98319750b
- (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
2013-11-07 12:00:23 +11:00
61c5c2319e
- (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
...
that got lost in recent merge.
2013-11-07 11:34:14 +11:00
094003f545
- (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
...
KEX/curve25519 change
2013-11-04 22:59:27 +11:00
ca67a7eaf8
- djm@cvs.openbsd.org 2013/11/03 10:37:19
...
[roaming_common.c]
fix a couple of function definitions foo() -> foo(void)
(-Wold-style-definition)
2013-11-04 09:05:17 +11:00
0bd8f1519d
- markus@cvs.openbsd.org 2013/11/02 22:39:19
...
[ssh_config.5 sshd_config.5]
the default kex is now curve25519-sha256@libssh.org
2013-11-04 08:55:43 +11:00
4c3ba0767f
- markus@cvs.openbsd.org 2013/11/02 22:34:01
...
[auth-options.c]
no need to include monitor_wrap.h and ssh-gss.h
2013-11-04 08:40:13 +11:00
660621b210
- markus@cvs.openbsd.org 2013/11/02 22:24:24
...
[kexdhs.c kexecdhs.c]
no need to include ssh-gss.h
2013-11-04 08:37:51 +11:00
abdca986de
- markus@cvs.openbsd.org 2013/11/02 22:10:15
...
[kexdhs.c kexecdhs.c]
no need to include monitor_wrap.h
2013-11-04 08:30:05 +11:00
1e1242604e
- markus@cvs.openbsd.org 2013/11/02 21:59:15
...
[kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
use curve25519 for default key exchange (curve25519-sha256@libssh.org );
initial patch from Aris Adamantiadis; ok djm@
2013-11-04 08:26:52 +11:00
d2252c7919
- markus@cvs.openbsd.org 2013/11/02 20:03:54
...
[ssh-pkcs11.c]
support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
fixes bz#1908; based on patch from Laurent Barbe; ok djm
2013-11-04 07:41:48 +11:00
007e3b357e
- (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
...
for platforms that don't have them.
2013-11-03 18:43:55 +11:00
710f374735
- (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
...
vsnprintf. From eric at openbsd via chl@.
2013-11-03 17:20:34 +11:00
d527704523
- (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
...
From OpenSMTPD where it prevents "implicit declaration" warnings (it's
a no-op in OpenSSH). From chl at openbsd.
2013-11-03 16:30:46 +11:00
63857c9340
- jmc@cvs.openbsd.org 2013/10/29 18:49:32
...
[sshd_config.5]
pty(4), not pty(7);
2013-10-30 22:31:06 +11:00
5ff30c6b68
- djm@cvs.openbsd.org 2013/10/29 09:48:02
...
[servconf.c servconf.h session.c sshd_config sshd_config.5]
shd_config PermitTTY to disallow TTY allocation, mirroring the
longstanding no-pty authorized_keys option;
bz#2070, patch from Teran McKinney; ok markus@
2013-10-30 22:21:50 +11:00
4a3a9d4bbf
- djm@cvs.openbsd.org 2013/10/29 09:42:11
...
[key.c key.h]
fix potential stack exhaustion caused by nested certificates;
report by Mateusz Kocielski; ok dtucker@ markus@
2013-10-30 22:19:47 +11:00
28631ceaa7
- djm@cvs.openbsd.org 2013/10/25 23:04:51
...
[ssh.c]
fix crash when using ProxyCommand caused by previous commit - was calling
freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
2013-10-26 10:07:56 +11:00
26506ad293
- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
...
unnecessary arc4random_stir() calls. The only ones left are to ensure
that the PRNG gets a different state after fork() for platforms that
have broken the API.
2013-10-26 10:05:46 +11:00
bd43e88723
- (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
2013-10-24 12:22:49 -07:00
a90c033808
- djm@cvs.openbsd.org 2013/10/24 08:19:36
...
[ssh.c]
fix bug introduced in hostname canonicalisation commit: don't try to
resolve hostnames when a ProxyCommand is set unless the user has forced
canonicalisation; spotted by Iain Morgan
2013-10-24 21:03:17 +11:00
cf31f38634
- dtucker@cvs.openbsd.org 2013/10/24 00:51:48
...
[readconf.c servconf.c ssh_config.5 sshd_config.5]
Disallow empty Match statements and add "Match all" which matches
everything. ok djm, man page help jmc@
2013-10-24 21:02:56 +11:00
4bedd4032a
- dtucker@cvs.openbsd.org 2013/10/24 00:49:49
...
[moduli.c]
Periodically print progress and, if possible, expected time to completion
when screening moduli for DH groups. ok deraadt djm
2013-10-24 21:02:26 +11:00
5ecb416298
- djm@cvs.openbsd.org 2013/10/23 23:35:32
...
[sshd.c]
include local address and port in "Connection from ..." message (only
shown at loglevel>=verbose)
2013-10-24 21:02:02 +11:00
03bf2e61ad
- dtucker@cvs.openbsd.org 2013/10/23 05:40:58
...
[servconf.c]
fix comment
2013-10-24 21:01:26 +11:00
8f18731914
- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
...
rather than full client name which may be of form user@REALM;
patch from Miguel Sanders; ok dtucker@
2013-10-24 10:53:02 +11:00
5b01b0dcb4
- djm@cvs.openbsd.org 2013/10/23 04:16:22
...
[ssh-keygen.c]
Make code match documentation: relative-specified certificate expiry time
should be relative to current time and not the validity start time.
Reported by Petr Lautrbach; ok deraadt@
2013-10-23 16:31:31 +11:00
eff5cada58
- djm@cvs.openbsd.org 2013/10/23 03:05:19
...
[readconf.c ssh.c]
comment
2013-10-23 16:31:10 +11:00
084bcd24e9
- djm@cvs.openbsd.org 2013/10/23 03:03:07
...
[readconf.c]
Hostname may have %h sequences that should be expanded prior to Match
evaluation; spotted by Iain Morgan
2013-10-23 16:30:51 +11:00
8e5a67f469
- jmc@cvs.openbsd.org 2013/10/20 18:00:13
...
[ssh_config.5]
tweak the "exec" description, as worded by djm;
2013-10-23 16:30:25 +11:00
c0049bd0bc
- djm@cvs.openbsd.org 2013/10/20 09:51:26
...
[scp.1 sftp.1]
add canonicalisation options to -o lists
2013-10-23 16:29:59 +11:00
8a04be795f
- djm@cvs.openbsd.org 2013/10/20 06:19:28
...
[readconf.c ssh_config.5]
rename "command" subclause of the recently-added "Match" keyword to
"exec"; it's shorter, clearer in intent and we might want to add the
ability to match against the command being executed at the remote end in
the future.
2013-10-23 16:29:40 +11:00
5c86ebdf83
- djm@cvs.openbsd.org 2013/10/20 04:39:28
...
[ssh_config.5]
document % expansions performed by "Match command ..."
2013-10-23 16:29:12 +11:00
4502f88774
- djm@cvs.openbsd.org 2013/10/17 22:08:04
...
[sshd.c]
include remote port in bad banner message; bz#2162
2013-10-18 10:17:36 +11:00
1edcbf65eb
- jmc@cvs.openbsd.org 2013/10/17 07:35:48
...
[sftp.1 sftp.c]
tweak previous;
2013-10-18 10:17:17 +11:00
a176e18230
- djm@cvs.openbsd.org 2013/10/09 23:44:14
...
[regress/Makefile regress/sftp-perm.sh]
regression test for sftp request white/blacklisting and readonly mode.
2013-10-18 09:05:41 +11:00
e3ea09494d
- djm@cvs.openbsd.org 2013/10/17 00:46:49
...
[ssh.c]
rearrange check to reduce diff against -portable
(Id sync only)
2013-10-17 11:57:23 +11:00
f29238e674
- djm@cvs.openbsd.org 2013/10/17 00:30:13
...
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
fsync@openssh.com protocol extension for sftp-server
client support to allow calling fsync() faster successful transfer
patch mostly by imorgan AT nas.nasa.gov; bz#1798
"fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-10-17 11:48:52 +11:00
51682faa59
- djm@cvs.openbsd.org 2013/10/16 22:58:01
...
[ssh.c ssh_config.5]
one I missed in previous: s/isation/ization/
2013-10-17 11:48:31 +11:00
3850559be9
- djm@cvs.openbsd.org 2013/10/16 22:49:39
...
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
s/canonicalise/canonicalize/ for consistency with existing spelling,
e.g. authorized_keys; pointed out by naddy@
2013-10-17 11:48:13 +11:00
607af3434b
- jmc@cvs.openbsd.org 2013/10/16 06:42:25
...
[ssh_config.5]
tweak previous;
2013-10-17 11:47:51 +11:00
0faf747e2f
- djm@cvs.openbsd.org 2013/10/16 02:31:47
...
[readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
[sshconnect.c sshconnect.h]
Implement client-side hostname canonicalisation to allow an explicit
search path of domain suffixes to use to convert unqualified host names
to fully-qualified ones for host key matching.
This is particularly useful for host certificates, which would otherwise
need to list unqualified names alongside fully-qualified ones (and this
causes a number of problems).
"looks fine" markus@
2013-10-17 11:47:23 +11:00
d77b81f856
- jmc@cvs.openbsd.org 2013/10/15 14:10:25
...
[ssh.1 ssh_config.5]
tweak previous;
2013-10-17 11:39:00 +11:00
dcd39f29ce
- [ssh.c] g/c unused variable.
2013-10-17 11:31:40 +11:00
386feab0c4
- djm@cvs.openbsd.org 2013/10/14 23:31:01
...
[ssh.c]
whitespace at EOL; pointed out by markus@
2013-10-15 12:14:49 +11:00
e9fc72edd6
- djm@cvs.openbsd.org 2013/10/14 23:28:23
...
[canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
refactor client config code a little:
add multistate option partsing to readconf.c, similar to servconf.c's
existing code.
move checking of options that accept "none" as an argument to readconf.c
add a lowercase() function and use it instead of explicit tolower() in
loops
part of a larger diff that was ok markus@
2013-10-15 12:14:12 +11:00
194fd904d8
- djm@cvs.openbsd.org 2013/10/14 22:22:05
...
[readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
add a "Match" keyword to ssh_config that allows matching on hostname,
user and result of arbitrary commands. "nice work" markus@
2013-10-15 12:13:05 +11:00
71df752de2
- djm@cvs.openbsd.org 2013/10/14 21:20:52
...
[session.c session.h]
Add logging of session starts in a useful format; ok markus@ feedback and
ok dtucker@
2013-10-15 12:12:02 +11:00
6efab27109
- jmc@cvs.openbsd.org 2013/10/14 14:18:56
...
[sftp-server.8 sftp-server.c]
tweak previous;
ok djm
2013-10-15 12:07:05 +11:00
61c7de8a94
- djm@cvs.openbsd.org 2013/10/11 02:53:45
...
[sftp-client.h]
obsolete comment
2013-10-15 12:06:45 +11:00
2f93d0556e
- djm@cvs.openbsd.org 2013/10/11 02:52:23
...
[sftp-client.c]
missed one arg reorder
2013-10-15 12:06:27 +11:00
bda5c84457
- djm@cvs.openbsd.org 2013/10/11 02:45:36
...
[sftp-client.c]
rename flag arguments to be more clear and consistent.
reorder some internal function arguments to make adding additional flags
easier.
no functional change
2013-10-15 12:05:58 +11:00
61ee4d68ca
- djm@cvs.openbsd.org 2013/10/10 01:43:03
...
[sshd.c]
bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
updated; ok dtucker@
2013-10-15 11:56:47 +11:00
Damien Miller
Tim Rice
Darren Tucker