openssh - Mirror of https://anongit.mindrot.org/openssh.git

Age	Commit message (Collapse)	Author
2013-02-26	- (tim) [regress/krl.sh] keep old solaris awk from hanging.	Tim Rice

2013-02-26	- (tim) [regress/integrity.sh] keep old solaris awk from hanging.	Tim Rice

2013-02-26	- (tim) [regress/integrity.sh] shell portability fix.	Tim Rice

2013-02-26	- (tim) [regress/forward-control.sh] use sh in case login shell is csh.	Tim Rice

2013-02-27	- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]	Damien Miller
	[contrib/suse/openssh.spec] Crank version numbers
2013-02-26	- (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage	Damien Miller
	for UsePAM=yes configuration
2013-02-26	- djm@cvs.openbsd.org 2013/02/20 08:27:50	Damien Miller
	[integrity.sh] Add an option to modpipe that warns if the modification offset it not reached in it's stream and turn it on for t-integrity. This should catch cases where the session is not fuzzed for being too short (cf. my last "oops" commit)
2013-02-25	- (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed	Darren Tucker
	to use Solaris native GSS libs. Patch from Pierre Ossman.
2013-02-25	welcome to 2013	Darren Tucker

2013-02-23	- (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer	Damien Miller
	bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. ok tim
2013-02-22	- (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux	Damien Miller
	seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; ok dtucker
2013-02-22	- (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named	Darren Tucker
	libgss too. Patch from Pierre Ossman, ok djm.
2013-02-22	- (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to	Darren Tucker
	ssh(1) since they're not needed. Patch from Pierre Ossman.
2013-02-20	- (tim) [regress/forward-control.sh] shell portability fix.	Tim Rice

2013-02-20	- djm@cvs.openbsd.org 2013/02/20 08:29:27	Damien Miller
	[regress/modpipe.c] s/Id/OpenBSD/ in RCS tag
2013-02-20	- djm@cvs.openbsd.org 2013/02/20 08:27:50	Damien Miller
	[regress/integrity.sh regress/modpipe.c] Add an option to modpipe that warns if the modification offset it not reached in it's stream and turn it on for t-integrity. This should catch cases where the session is not fuzzed for being too short (cf. my last "oops" commit)
2013-02-19	- (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded	Tim Rice
	err.h include from krl.c. Additional portability fixes for modpipe. OK djm
2013-02-19	- (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.	Tim Rice

2013-02-19	- (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that	Damien Miller
	lack support for SHA2.
2013-02-19	- djm@cvs.openbsd.org 2013/02/19 02:14:09	Damien Miller
	[integrity.sh] oops, forgot to increase the output of the ssh command to ensure that we actually reach $offset
2013-02-19	- djm@cvs.openbsd.org 2013/02/18 22:26:47	Damien Miller
	[integrity.sh] crank the offset yet again; it was still fuzzing KEX one of Darren's portable test hosts at 2800
2013-02-18	- djm@cvs.openbsd.org 2013/02/17 23:16:55	Damien Miller
	[integrity.sh] make the ssh command generates some output to ensure that there are at least offset+tries bytes in the stream.
2013-02-16	- djm@cvs.openbsd.org 2013/02/16 06:08:45	Damien Miller
	[integrity.sh] make sure the fuzz offset is actually past the end of KEX for all KEX types. diffie-hellman-group-exchange-sha256 requires an offset around 2700. Noticed via test failures in portable OpenSSH on platforms that lack ECC and this the more byte-frugal ECDH KEX algorithms.
2013-02-15	- (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes	Darren Tucker
	an argument. Pointed out by djm.
2013-02-15	- (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,	Darren Tucker
	group strto* function prototypes together.
2013-02-15	- dtucker@cvs.openbsd.org 2013/02/15 00:21:01	Damien Miller
	[sshconnect2.c] Warn more loudly if an IdentityFile provided by the user cannot be read. bz #1981, ok djm@
2013-02-15	- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c	Darren Tucker
	openbsd-compat/openbsd-compat.h] Add strtoull to compat library for platforms that don't have it.
2013-02-15	spacing	Darren Tucker

2013-02-15	- (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]	Darren Tucker
	Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2013-02-15	- djm@cvs.openbsd.org 2013/02/14 21:35:59	Damien Miller
	[auth2-pubkey.c] Correct error message that had a typo and was logging the wrong thing; patch from Petr Lautrbach
2013-02-15	- (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from	Damien Miller
	Iain Morgan
2013-02-14	- (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead	Damien Miller
	of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by Iain Morgan
2013-02-14	- (djm) [regress/krl.sh] typo; found by Iain Morgan	Damien Miller

2013-02-14	- (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.	Damien Miller

2013-02-12	- (djm) [regress/try-ciphers.sh] clean up CVS merge botch	Damien Miller

2013-02-12	- djm@cvs.openbsd.org 2013/02/11 23:58:51	Damien Miller
	[try-ciphers.sh] remove acss here too
2013-02-12	- dtucker@cvs.openbsd.org 2013/02/11 21:21:58	Damien Miller
	[sshd.c] Add openssl version to debug output similar to the client. ok markus@
2013-02-12	- djm@cvs.openbsd.org 2013/02/10 23:35:24	Damien Miller
	[packet.c] record "Received disconnect" messages at ERROR rather than INFO priority, since they are abnormal and result in a non-zero ssh exit status; patch from Iain Morgan in bz#2057; ok dtucker@
2013-02-12	- djm@cvs.openbsd.org 2013/02/10 23:32:10	Damien Miller
	[ssh-keygen.c] append to moduli file when screening candidates rather than overwriting. allows resumption of interrupted screen; patch from Christophe Garault in bz#1957; ok dtucker@
2013-02-12	- markus@cvs.openbsd.org 2013/02/10 21:19:34	Damien Miller
	[version.h] openssh 6.2
2013-02-12	- djm@cvs.openbsd.org 2013/02/08 00:41:12	Damien Miller
	[sftp.c] fix NULL deref when built without libedit and control characters entered as command; debugging and patch from Iain Morgan an Loganaden Velvindron in bz#1956
2013-02-12	- dtucker@cvs.openbsd.org 2013/02/06 00:22:21	Damien Miller
	[auth.c] Fix comment, from jfree.e1 at gmail
2013-02-12	- dtucker@cvs.openbsd.org 2013/02/06 00:20:42	Damien Miller
	[servconf.c sshd_config sshd_config.5] Change default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections. This will make it harder to DoS as CPUs have come a long way since the original value was set back in 2000. Prompted by nion at debian org, ok markus@
2013-02-12	- djm@cvs.openbsd.org 2013/01/27 10:06:12	Damien Miller
	[krl.c] actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
2013-02-12	- djm@cvs.openbsd.org 2013/01/26 06:11:05	Damien Miller
	[Makefile.in acss.c acss.h cipher-acss.c cipher.c] [openbsd-compat/openssl-compat.h] remove ACSS, now that it is gone from libcrypto too
2013-02-12	- djm@cvs.openbsd.org 2013/01/25 10:22:19	Damien Miller
	[krl.c] redo last commit without the vi-vomit that snuck in: skip serial lookup when cert's serial number is zero (now with 100% better comment)
2013-02-12	- krw@cvs.openbsd.org 2013/01/25 05:00:27	Damien Miller
	[krl.c] Revert last. Breaks due to likely typo. Let djm@ fix later. ok djm@ via dlg@
2013-02-12	- djm@cvs.openbsd.org 2013/01/24 22:08:56	Damien Miller
	[krl.c] skip serial lookup when cert's serial number is zero
2013-02-12	- (djm) OpenBSD CVS Sync	Damien Miller
	- djm@cvs.openbsd.org 2013/01/24 21:45:37 [krl.c] fix handling of (unused) KRL signatures; skip string in correct buffer
2013-02-11	- (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old	Damien Miller
	libcrypto that lacks EVP_CIPHER_CTX_ctrl