| Age | Commit message (Collapse) | Author |
|---|
|
check into platform.c
|
|
non-LOGIN_CAP case into platform.c.
|
|
platform.c.
|
|
|
|
platform.c
|
|
the LOGIN_CAP case into platform.c.
|
|
retain previous behavior.
|
|
|
|
platform.c
|
|
after the user's groups are established and move the selinux calls into it.
|
|
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
|
|
int. Should fix bz#1817 cleanly; ok dtucker@
|
|
[sftp-server.c]
umask should be parsed as octal. reported by candland AT xmission.com;
ok markus@
|
|
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
knock out some "-*- nroff -*-" lines;
|
|
[authfile.c key.c key.h ssh-keygen.c]
fix a possible NULL deref on loading a corrupt ECDH key
store ECDH group information in private keys files as "named groups"
rather than as a set of explicit group parameters (by setting
the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
retrieves the group's OpenSSL NID that we need for various things.
|
|
[regress/Makefile regress/kextype.sh]
regress test for each of the key exchange algorithms that we support
|
|
native one.
|
|
1.12 to unbreak Solaris build.
ok djm@
|
|
have it.
|
|
which don't have ECC support in libcrypto.
|
|
which don't have ECC support in libcrypto.
|
|
[sftp.c]
escape '[' in filename tab-completion; fix a type while there.
ok djm@
|
|
|
|
[regress/cert-hostkey.sh regress/cert-userkey.sh]
tests for ECDSA certificates
|
|
- dtucker@cvs.openbsd.org 2010/10/12 02:22:24
[mux.c]
Typo in confirmation message. bz#1827, patch from imorgan at nas nasa gov
|
|
|
|
bz#1825, reported by foo AT mailinator.com
|
|
dr AT vasco.com
|
|
|
|
|
|
|
|
[sshconnect.c]
swapped args to kill(2)
|
|
[clientloop.c ssh.c sshconnect.c sshconnect.h]
kill proxy command on fatal() (we already kill it on clean exit);
ok markus@
|
|
[sftp.c sshconnect.c]
use default shell /bin/sh if $SHELL is ""; ok markus@
|
|
[cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
adapt to API changes in openssl-1.0.0a
NB. contains compat code to select correct API for older OpenSSL
|
|
|
|
|
|
|
|
[servconf.c]
prevent free() of string in .rodata when overriding AuthorizedKeys in
a Match block; patch from rein AT basefarm.no
|
|
[sftp.c]
when performing an "ls" in columnated (short) mode, only call
ioctl(TIOCGWINSZ) once to get the window width instead of per-
filename
|
|
[sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
rountrips to fetch per-file stat(2) information.
NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
match.
|
|
[misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
[openbsd-compat/timingsafe_bcmp.c]
Add timingsafe_bcmp(3) to libc, mention that it's already in the
kernel in kern(9), and remove it from OpenSSH.
ok deraadt@, djm@
NB. re-added under openbsd-compat/ for portable OpenSSH
|
|
[scp.1 sftp.1]
add KexAlgorithms to the -o list;
|
|
[sftp.c]
add [-l limit] to usage();
|
|
[atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
[sftp-client.h sftp.1 sftp.c]
add an option per-read/write callback to atomicio
factor out bandwidth limiting code from scp(1) into a generic bandwidth
limiter that can be attached using the atomicio callback mechanism
add a bandwidth limit option to sftp(1) using the above
"very nice" markus@
|
|
[ssh.1 ssh_config.5]
ssh.1: add kexalgorithms to the -o list
ssh_config.5: format the kexalgorithms in a more consistent
(prettier!) way
ok djm
|
|
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
|
|
[mux.c]
"atomically" create the listening mux socket by binding it on a temorary
name and then linking it into position after listen() has succeeded.
this allows the mux clients to determine that the server socket is
either ready or stale without races. stale server sockets are now
automatically removed
ok deraadt
|
|
[jpake.c]
missing #include
|
|
[jpake.c schnorr.c]
check that received values are smaller than the group size in the
disabled and unfinished J-PAKE code.
avoids catastrophic security failure found by Sebastien Martini
|
