CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/11/22 15:49:30 Modified files: regress/usr.bin/ssh: Makefile Added files: regress/usr.bin/ssh: keys-command.sh Log message: regress for AuthorizedKeysCommand; hints from markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/11/26 18:02:07 Modified files: share/man/man8 : ssl.8 Log message: this advice was arguable back in 2003 but is spurious now; ok mikeb deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/12/02 13:26:11 Modified files: usr.bin/ssh: ssh_config.5 sshconnect2.c Log message: Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. This allows control of which keys are offered from tokens using IdentityFile. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/12/02 13:34:10 Modified files: usr.bin/ssh: auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c monitor.c monitor.h Log message: Fixes logging of partial authentication when privsep is enabled Previously, we recorded Failed xxx since we reset authenticated before calling auth_log() in auth2.c. This adds an explcit Partial state. Add a submethod to auth_log() to report which submethod is used for keyboard-interactive. Fix multiple authentication when one of the methods is keyboard-interactive. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/12/02 13:42:15 Modified files: usr.bin/ssh: ssh-add.1 ssh-add.c Log message: make deleting explicit keys ssh-add -d symmetric with adding keys - try to delete the corresponding certificate too and respect the -k option to allow deleting of the key only; feedback and ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/12/02 13:46:11 Modified files: usr.bin/ssh: auth-options.c channels.c servconf.c servconf.h serverloop.c session.c sshd_config.5 Log message: make AllowTcpForwarding accept local and remote in addition to its current yes/no to allow the server to specify whether just local or remote TCP forwarding is enabled. ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/12/02 13:47:48 Modified files: regress/usr.bin/ssh: Makefile Added files: regress/usr.bin/ssh: forward-control.sh Log message: regress for AllowTcpForwarding local/remote; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/12/02 17:14:06 Modified files: usr.bin/ssh: auth2-chall.c ssh-keygen.c Log message: Fix compilation with -Wall -Werror (trivial type fixes)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2012/12/11 16:48:07 Modified files: regress/usr.bin/ssh: modpipe.c Log message: include commented RCD ID - it helps our tools to sync with portable OpenSSH
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/01 17:32:07 Modified files: usr.bin/ssh: clientloop.c mux.c Log message: channel_setup_local_fwd_listener() returns 0 on failure, not -ve bz#2055 reported by mathieu.lacage AT gmail.com
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/01 17:33:49 Modified files: usr.bin/ssh: PROTOCOL.agent Log message: correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED bz#2051 from david AT lechnology.com
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/02 22:49:36 Modified files: usr.bin/ssh: servconf.h Log message: add a couple of ServerOptions members that should be copied to the privsep child (for consistency, in this case they happen only to be accessed in the monitor); ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/03 05:49:01 Modified files: usr.bin/ssh: PROTOCOL Log message: fix description of MAC calculation for EtM modes; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/03 05:54:49 Modified files: usr.bin/ssh: sftp-server.8 sftp-server.c Log message: allow specification of an alternate start directory for sftp-server(8) I like this markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/03 16:22:58 Modified files: usr.bin/ssh: ssh-keygen.c Log message: allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/08 22:40:17 Modified files: usr.bin/ssh: ssh-keygen.c Log message: correctly initialise fingerprint type for fingerprinting PKCS#11 keys
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/12 04:22:04 Modified files: usr.bin/ssh: cipher.c Log message: improve error message for integrity failure in AES-GCM modes; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/12 04:23:53 Modified files: regress/usr.bin/ssh: integrity.sh cipher-speed.sh try-ciphers.sh Log message: test AES-GCM modes; feedback markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/17 16:00:01 Modified files: usr.bin/ssh: auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5 usr.bin/ssh/lib: Makefile Added files: usr.bin/ssh: PROTOCOL.krl krl.c krl.h Log message: add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/17 17:24:58 Modified files: usr.bin/ssh: PROTOCOL.krl krl.c krl.h Log message: RCD IDs help us keep portable in synch
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/17 17:45:29 Modified files: regress/usr.bin/ssh: Makefile cert-userkey.sh Added files: regress/usr.bin/ssh: krl.sh Log message: Tests for Key Revocation Lists (KRLs)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/17 20:00:32 Modified files: usr.bin/ssh: krl.c Log message: fix KRL generation bug for list sections
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/24 14:45:37 Modified files: usr.bin/ssh: krl.c Log message: fix handling of (unused) KRL signatures; skip string in correct buffer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/24 15:08:56 Modified files: usr.bin/ssh: krl.c Log message: skip serial lookup when cert's serial number is zero
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/25 03:22:19 Modified files: usr.bin/ssh: krl.c Log message: redo last commit without the vi-vomit that snuck in: skip serial lookup when cert's serial number is zero (now with 100% better comment)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/25 23:10:22 Modified files: lib/libssl/crypto: Makefile shlib_version lib/libssl/man : Makefile lib/libssl/src/crypto/evp: evp.h Removed files: lib/libssl/src/crypto/acss: acss.h acss_enc.c acss_skey.c lib/libssl/src/crypto/evp: e_acss.c lib/libssl/src/doc/crypto: acss.pod Log message: remove ACSS, crank libcrypto major; ok markus@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/25 23:11:05 Modified files: usr.bin/ssh: cipher.c Log message: remove ACSS, now that it is gone from libcrypto too
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/01/27 03:06:12 Modified files: usr.bin/ssh: krl.c Log message: actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/07 17:41:12 Modified files: usr.bin/ssh: sftp.c Log message: fix NULL deref when built without libedit and control characters entered as command; debugging and patch from Iain Morgan an Loganaden Velvindron in bz#1956
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/10 16:32:10 Modified files: usr.bin/ssh: ssh-keygen.c Log message: append to moduli file when screening candidates rather than overwriting. allows resumption of interrupted screen; patch from Christophe Garault in bz#1957; ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/10 16:35:24 Modified files: usr.bin/ssh: packet.c Log message: record Received disconnect messages at ERROR rather than INFO priority, since they are abnormal and result in a non-zero ssh exit status; patch from Iain Morgan in bz#2057; ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/11 16:58:51 Modified files: regress/usr.bin/ssh: try-ciphers.sh Log message: remove acss here too
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/14 14:35:59 Modified files: usr.bin/ssh: auth2-pubkey.c Log message: Correct error message that had a typo and was logging the wrong thing; patch from Petr Lautrbach
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/15 23:08:45 Modified files: regress/usr.bin/ssh: integrity.sh Log message: make sure the fuzz offset is actually past the end of KEX for all KEX types. diffie-hellman-group-exchange-sha256 requires an offset around 2700. Noticed via test failures in portable OpenSSH on platforms that lack ECC and this the more byte-frugal ECDH KEX algorithms.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/17 16:16:55 Modified files: regress/usr.bin/ssh: integrity.sh Log message: make the ssh command generates some output to ensure that there are at least offset+tries bytes in the stream.
Re: CVS: cvs.openbsd.org: src
On Sun, 17 Feb 2013, Darren Tucker wrote: On Sun, Feb 17, 2013 at 01:46:29AM +1100, Darren Tucker wrote: OK that's not intended behaviour. I'll look at it tomorrow and either fix it or revert it. The problem was I didn't distinguish the default-provided IdentityFiles. Please try this. @@ -582,9 +602,7 @@ parse_yesnoask: if (*intptr = SSH_MAX_IDENTITY_FILES) fatal(%.200s line %d: Too many identity files specified (max %d)., filename, linenum, SSH_MAX_IDENTITY_FILES); - charptr = options-identity_files[*intptr]; - *charptr = xstrdup(arg); - *intptr = *intptr + 1; + add_identity_file(options, NULL, arg, 1); Does it make sense to remove the (*intptr = SSH_MAX_IDENTITY_FILES) check here too? ok either way
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/18 15:26:47 Modified files: regress/usr.bin/ssh: integrity.sh Log message: crank the offset yet again; it was still fuzzing KEX one of Darren's portable test hosts at 2800
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/18 19:14:09 Modified files: regress/usr.bin/ssh: integrity.sh Log message: oops, forgot to increase the output of the ssh command to ensure that we actually reach $offset
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/20 01:29:27 Modified files: regress/usr.bin/ssh: modpipe.c Log message: s/Id/OpenBSD/ in RCS tag
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/02/22 15:09:01 Modified files: usr.bin/ssh: ssh.c Log message: Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier version)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/03/06 16:35:23 Modified files: usr.bin/ssh: session.c Log message: fatal() when ChrootDirectory specified by running without root privileges; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/03/06 16:36:53 Modified files: usr.bin/ssh: readconf.c Log message: g/c unused variable (-Wunused)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/03/06 17:20:00 Modified files: usr.bin/ssh: auth2-pubkey.c monitor.c Log message: reconstruct the original username that was sent by the client, which may have included a style (e.g. root:skey) when checking public key signatures. Fixes public key and hostbased auth when the client specified a style; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/03/06 17:20:34 Modified files: regress/usr.bin/ssh: proxy-connect.sh Log message: repeat test with a style appended to the username
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/03/07 23:32:58 Modified files: usr.bin/ssh: ssh.c Log message: allow ssh -f none ... ok markus@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: d...@cvs.openbsd.org2013/03/21 18:02:52 Modified files: openssh: ftp.html index.html openbsd.html Added files: openssh/txt: release-6.2 Log message: release OpenSSH 6.2
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: d...@cvs.openbsd.org2013/03/21 18:04:46 Modified files: openssh/txt: release-6.2 Log message: fill in SHA1 sums
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: d...@cvs.openbsd.org2013/03/21 19:03:37 Modified files: openssh: report.html Log message: update bugzilla link
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/04 18:14:00 Modified files: usr.bin/ssh: auth2-gss.c krl.c sshconnect2.c Log message: hush some {unused, printf type} warnings
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/04 18:31:49 Modified files: usr.bin/ssh: pathnames.h Log message: use the existing _PATH_SSH_USER_RC define to construct the other pathnames; bz#2077, ok dtucker@ (no binary change)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/04 18:58:51 Modified files: usr.bin/ssh: mux.c Log message: cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too (in addition to ones already in OPEN); bz#2079, ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/10 20:27:50 Modified files: usr.bin/ssh: packet.c Log message: quiet disconnect notifications on the server from error() back to logit() if it is a normal client closure; bz#2057 ok+feedback dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/17 20:16:08 Modified files: usr.bin/ssh: sftp.c Log message: make sftp -q do what it says on the sticker: hush everything but errors; ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/17 20:46:12 Modified files: regress/usr.bin/ssh: Makefile Added files: regress/usr.bin/ssh: sftp-chroot.sh Log message: test sshd ChrootDirectory+internal-sftp; feedback ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/18 19:00:10 Modified files: usr.bin/ssh: sshd_config.5 Log message: document the requirment that the AuthorizedKeysCommand be owned by root; ok dtucker@ markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/18 19:01:00 Modified files: usr.bin/ssh: ssh-keygen.c Log message: fix some memory leaks; bz#2088 ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/18 19:03:01 Modified files: usr.bin/ssh: session.c Log message: reintroduce 1.262 without the connection-killing bug: fatal() when ChrootDirectory specified by running without root privileges; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/18 19:06:50 Modified files: usr.bin/ssh: authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c key.c key.h mac.c mac.h packet.c ssh.1 ssh.c Log message: add the ability to query supported ciphers, MACs, key type and KEX algorithms to ssh. Includes some refactoring of KEX and key type handling to be table-driven; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/19 05:10:18 Modified files: usr.bin/ssh: ssh.c Log message: add -Q to usage; reminded by jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/04/19 06:07:08 Modified files: usr.bin/ssh: kex.c Log message: remove duplicated list entry pointed out by naddy@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/05/09 21:40:07 Modified files: usr.bin/ssh: sshconnect2.c Log message: fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from Colin Watson
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/05/09 21:46:14 Modified files: regress/usr.bin/ssh: modpipe.c Log message: sync some portability changes from portable OpenSSH
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/05/09 22:08:01 Modified files: usr.bin/ssh: key.c Log message: memleak in cert_free(), wasn't actually freeing the struct; bz#2096 from shm AT digitalsun.pl
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: d...@cvs.openbsd.org2013/05/15 20:34:30 Modified files: openssh: index.html Added files: openssh/txt: release-6.2p2 Log message: Release Portable OpenSSH 6.2p2
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/05/15 22:27:50 Modified files: usr.bin/ssh: readconf.c readconf.h ssh_config.5 Log message: add the ability to ignore specific unrecognised ssh_config options; bz#866; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/05/16 18:13:14 Modified files: usr.bin/ssh: addrmatch.c auth-chall.c auth-options.c auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c auth2-hostbased.c auth2-jpake.c auth2-kbdint.c auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c bufbn.c bufec.c buffer.c canohost.c channels.c cipher-3des1.c cipher.c clientloop.c compat.c dns.c groupaccess.c gss-genr.c hostfile.c jpake.c kex.c kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c key.c mac.c match.c misc.c moduli.c monitor.c monitor_mm.c monitor_wrap.c mux.c packet.c readconf.c readpass.c roaming_client.c rsa.c schnorr.c scp.c servconf.c serverloop.c session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c umac.c uuencode.c xmalloc.c xmalloc.h Log message: bye, bye xfree(); ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/05/18 20:38:28 Modified files: usr.bin/ssh: auth2-pubkey.c Log message: fix failure to recognise cert-authority keys if a key of a different type appeared in authorized_keys before it; ok markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/05/18 20:42:42 Modified files: usr.bin/ssh: auth-rsa.c auth.c auth.h auth1.c auth2.c key.c key.h monitor.c Log message: Standardise logging of supplemental information during userauth. Keys and ruser is now logged in the auth success/failure message alongside the local username, remote host/port and protocol in use. Certificates contents and CA are logged too. Pushing all logging onto a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries. I like it markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/06/04 23:45:54 Modified files: sys/crypto : idgen.c idgen.h Log message: fix a bug that caused time-based rekeys to happen too frequently. rename the structure internals to id32_* in anticipation of an idgen16() that might come in the future.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/06/20 18:34:49 Modified files: usr.bin/ssh: auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c Log message: for hostbased authentication, print the client host and user on the auth success/failure line; bz#2064, ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/06/20 18:37:49 Modified files: usr.bin/ssh: ssh_config.5 Log message: explicitly mention that IdentitiesOnly can be used with IdentityFile to control which keys are offered from an agent.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/06/20 20:26:26 Modified files: regress/usr.bin/ssh: sftp-cmds.sh test-exec.sh Log message: unbreak sftp-cmds for renamed test data (s/ls/data/)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/06/20 23:42:32 Modified files: usr.bin/ssh: dh.c Log message: sprinkle in some error() to explain moduli(5) parse failures
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/06/20 23:43:10 Modified files: usr.bin/ssh: scp.c Log message: make this -Wsign-compare clean after time_t conversion
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/06/22 00:31:57 Modified files: usr.bin/ssh: scp.c Log message: improved time_t overflow check suggested by guenther@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/11 18:20:00 Modified files: usr.bin/ssh: auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c sftp.c ssh-keygen.c ssh-pkcs11.c Log message: fix pointer-signedness warnings from clang/llvm-3.3; seems nice deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/11 18:43:50 Modified files: usr.bin/ssh: misc.c Log message: in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when errno == 0. Avoids confusing error message in some broken resolver cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/11 23:42:03 Modified files: usr.bin/ssh: ssh-keygen.c Log message: do_print_resource_record() can never be called with a NULL filename, so don't attempt (and bungle) asking for one if it has not been specified bz#2127 ok dtucker@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/11 23:48:55 Modified files: usr.bin/ssh: ssh.c Log message: set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
Re: CVS: cvs.openbsd.org: src
On Tue, 16 Jul 2013, Joel Sing wrote: CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2013/07/16 07:22:55 Modified files: usr.sbin/httpd/src/modules/ssl: mod_ssl.c mod_ssl.h ssl_engine_config.c ssl_engine_init.c Log message: Disable SSL compression in order to mitigate CRIME attacks. Add an SSLCompression option so that it can be turned back on, however on this is currently a no-op due to the compile options for libssl. specifically, we turn compression off at compile time in our libssl so we aren't victim to the CRIME attack anyway.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/17 19:12:27 Modified files: usr.bin/ssh: ssh.1 Log message: be more exact wrt perms for ~/.ssh/config; bz#2078
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/19 19:43:46 Modified files: usr.bin/ssh: umac.c Log message: use a union to ensure correct alignment; ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/19 19:44:37 Modified files: usr.bin/ssh: ssh-keygen.c ssh.c Log message: More useful error message on missing current user in /etc/passwd
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/19 19:50:20 Modified files: usr.bin/ssh: ssh-agent.c Log message: call cleanup_handler on SIGINT when in debug mode to ensure sockets are cleaned up on manual exit; bz#2120
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/19 19:55:13 Modified files: usr.bin/ssh/sshd: Makefile usr.bin/ssh/ssh: Makefile usr.bin/ssh: gss-serv.c gss-serv-krb5.c auth-krb5.c Log message: fix kerberos/GSSAPI deprecation warnings and linking; looks okay millert@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/20 16:20:43 Modified files: usr.bin/ssh: krl.c Log message: fix verification error in (as-yet usused) KRL signature checking path
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/21 23:00:17 Modified files: usr.bin/ssh: umac.c Log message: make MAC key, data to be hashed and nonce for final hash const; checked with -Wcast-qual
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/22 06:20:02 Modified files: usr.bin/ssh: umac.h Log message: oops, forgot to commit corresponding header change; spotted by jsg and jasper
Re: CVS: cvs.openbsd.org: src
apologies; I forgot to commit the header. Fixed now On Mon, 22 Jul 2013, Jasper Lievisse Adriaanse wrote: On Sun, Jul 21, 2013 at 11:00:17PM -0600, Damien Miller wrote: CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/21 23:00:17 Modified files: usr.bin/ssh: umac.c Log message: make MAC key, data to be hashed and nonce for final hash const; checked with -Wcast-qual Hi, It seems this commit broke the tree: cc -O2 -pipe -g -I/usr/src/usr.bin/ssh/lib/.. -DENABLE_PKCS11 -DHAVE_DLOPEN -DKRB5 -I/usr/include/kerberosV -DGSSAPI -I/usr/src/usr.bin/ssh/lib/.. -DENABLE_PKCS11 -c /usr/src/usr.bin/ssh/lib/../umac.c -o umac.o /usr/src/usr.bin/ssh/lib/../umac.c:1213: error: conflicting types for 'umac_new' /usr/src/usr.bin/ssh/lib/../umac.h:55: error: previous declaration of 'umac_new' was here /usr/src/usr.bin/ssh/lib/../umac.c:1238: error: conflicting types for 'umac_final' /usr/src/usr.bin/ssh/lib/../umac.h:68: error: previous declaration of 'umac_final' was here /usr/src/usr.bin/ssh/lib/../umac.c:1251: error: conflicting types for 'umac_update' /usr/src/usr.bin/ssh/lib/../umac.h:65: error: previous declaration of 'umac_update' was here -- Cheers, Jasper Stay Hungry. Stay Foolish
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/24 18:29:11 Modified files: usr.bin/ssh: ssh.c Log message: daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure it is fully detached from its controlling terminal. based on debugging and patch from tedu@ ok dtucker@ be careful deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/24 18:56:52 Modified files: usr.bin/ssh: sftp-client.c sftp-client.h sftp.1 sftp.c Log message: sftp support for resuming partial downloads; patch mostly by Loganaden Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@ Just be careful deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/07/24 18:57:37 Modified files: usr.bin/ssh: version.h Log message: openssh-6.3 for release
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/06 17:03:49 Modified files: usr.bin/ssh: sftp.c Log message: fix some whitespace at EOL make list of commands an enum rather than a long list of defines add -a to usage()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/06 17:05:02 Modified files: usr.bin/ssh: sftp.1 Log message: document top-level -a option (the -a option to 'get' was already documented)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/06 17:06:01 Modified files: usr.bin/ssh: servconf.c Log message: add cast to avoid format warning; from portable
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/07 22:52:04 Modified files: usr.bin/ssh: sftp.c Log message: fix two year old regression: symlinking a file would incorrectly canonicalise the target path. bz#2129 report from delphij AT freebsd.org
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/07 23:04:03 Modified files: usr.bin/ssh: sftp.c sftp-client.c sftp-client.h Log message: add a -l flag for the rename command to force it to use the silly standard SSH_FXP_RENAME command instead of the POSIX-rename- like posix-ren...@openssh.com extension. intended for use in regress tests, so no documentation.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/08 21:37:25 Modified files: usr.bin/ssh: sftp.c Log message: do getopt parsing for all sftp commands (with an empty optstring for commands without arguments) to ensure consistent behaviour
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/08 21:39:13 Modified files: usr.bin/ssh: sftp-client.c Log message: two problems found by a to-be-committed regress test: 1) msg_id was not being initialised so was starting at a random value from the heap (harmless, but confusing). 2) some error conditions were not being propagated back to the caller
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2013/08/08 21:56:42 Modified files: usr.bin/ssh: sftp.c Log message: enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word; matching ksh's relatively recent change.