[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in
chroot required). ok markus@
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
compared to hmac-md5. Represents a different approach to message
authentication to that of HMAC that may be beneficial if HMAC based on
one of its underlying hash algorithms is found to be vulnerable to a
new attack. http://www.ietf.org/rfc/rfc4418.txt
in conjunction with and OK djm@
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
[openbsd-compat/port-solaris.h] Add support for Solaris process
contracts, enabled with --use-solaris-contracts. Patch from Chad
Mynhier, tweaked by dtucker@ and myself; ok dtucker@
[bufaux.c bufbn.c Makefile.in]
Move Buffer bignum functions into their own file, bufbn.c. This means
that sftp and sftp-server (which use the Buffer functions in bufaux.c
but not the bignum ones) no longer need to be linked with libcrypto.
ok markus@
[contrib/redhat/sshd.init openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c]
[openbsd-compat/port-linux.h] Add support for SELinux, setting
the execution and TTY contexts. based on patch from Daniel Walsh,
bz #880; ok dtucker@
[openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
limited to IPv4 tunnels only, and most versions don't support the
tap(4) device at all.
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
"make survey" and "make send-survey". This will provide data on the
configure parameters, platform and platform features to the development
team, which will allow (among other things) better targetting of testing.
It's entirely voluntary and is off be default. ok djm@
- hshoexer@cvs.openbsd.org 2004/01/23 17:06:03
[cipher.c]
enable acss for ssh
ok deraadt@ markus@
- (djm) [acss.c acss.h cipher-acss.c] Portable support for ACSS
if libcrypto lacks it
the regression tests from running with Solaris' make. Patch from Brian
Poole (raj at cerias.purdue.edu).
Further info: Solaris' /usr/ccs/bin/make
* requires a space before "+=" (but not "=")
* does not like @for
The bit that relies on a trailing "/" on $OBJ so "rm ${OBJ}$$F works in the
current dir if OBJ isn't set is my fault. Nasty but it works.
Should have added with this sync:
- djm@cvs.openbsd.org 2003/07/28 09:49:56
[ssh-keygen.1 ssh-keygen.c]
Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen.
Based on code from Phil Karn, William Allen Simpson and Niels Provos.
ok markus@, thanks jmc@
Damien Miller
Darren Tucker
Tim Rice
Ben Lindstrom