sonic-openssh

Граф коммитов

Автор	SHA1	Сообщение	Дата
Damien Miller	3ac4a234df	- djm@cvs.openbsd.org 2013/11/08 01:38:11 [version.h] openssh-6.4	2013-11-08 12:39:49 +11:00
Damien Miller	6c81fee693	- djm@cvs.openbsd.org 2013/11/08 00:39:15 [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] [sftp-client.c sftp-glob.c] use calloc for all structure allocations; from markus@	2013-11-08 12:19:55 +11:00
Damien Miller	690d989008	- dtucker@cvs.openbsd.org 2013/11/07 11:58:27 [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c] Output the effective values of Ciphers, MACs and KexAlgorithms when the default has not been overridden. ok markus@	2013-11-08 12:16:49 +11:00
Darren Tucker	08998c5fb9	- dtucker@cvs.openbsd.org 2013/11/08 01:06:14 [regress/rekey.sh] Rekey less frequently during tests to speed them up	2013-11-08 12:11:46 +11:00
Darren Tucker	4bf7e50e53	- (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment variable. It's no longer used now that we get the supported MACs from ssh -Q.	2013-11-07 22:33:48 +11:00
Darren Tucker	6e9d6f4112	- dtucker@cvs.openbsd.org 2013/11/07 04:26:56 [regress/kextype.sh] trailing space	2013-11-07 15:32:37 +11:00
Darren Tucker	74cbc22529	- dtucker@cvs.openbsd.org 2013/11/07 03:55:41 [regress/kextype.sh] Use ssh -Q to get kex types instead of a static list.	2013-11-07 15:26:12 +11:00
Darren Tucker	a955041c93	- dtucker@cvs.openbsd.org 2013/11/07 02:48:38 [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh] Use ssh -Q instead of hardcoding lists of ciphers or MACs.	2013-11-07 15:21:19 +11:00
Darren Tucker	06595d6395	- dtucker@cvs.openbsd.org 2013/11/07 01:12:51 [regress/rekey.sh] Factor out the data transfer rekey tests	2013-11-07 15:08:02 +11:00
Darren Tucker	651dc8b259	- dtucker@cvs.openbsd.org 2013/11/07 00:12:05 [regress/rekey.sh] Test rekeying for every Cipher, MAC and KEX, plus test every KEX with the GCM ciphers.	2013-11-07 15:04:44 +11:00
Darren Tucker	234557762b	- dtucker@cvs.openbsd.org 2013/11/04 12:27:42 [regress/rekey.sh] Test rekeying with all KexAlgorithms.	2013-11-07 15:00:51 +11:00
Darren Tucker	bbfb9b0f38	- markus@cvs.openbsd.org 2013/11/02 22:39:53 [regress/kextype.sh] add curve25519-sha256@libssh.org	2013-11-07 14:56:43 +11:00
Darren Tucker	aa19548a98	- djm@cvs.openbsd.org 2013/10/09 23:44:14 [regress/Makefile] (ID sync only) regression test for sftp request white/blacklisting and readonly mode.	2013-11-07 14:50:09 +11:00
Damien Miller	c8908aabff	- djm@cvs.openbsd.org 2013/11/06 23:05:59 [ssh-pkcs11.c] from portable: s/true/true_val/ to avoid name collisions on dump platforms RCSID sync only	2013-11-07 13:38:35 +11:00
Damien Miller	49c145c5e8	- markus@cvs.openbsd.org 2013/11/06 16:52:11 [monitor_wrap.c] fix rekeying for AES-GCM modes; ok deraadt	2013-11-07 13:35:39 +11:00
Damien Miller	67a8800f29	- markus@cvs.openbsd.org 2013/11/04 11:51:16 [monitor.c] fix rekeying for KEX_C25519_SHA256; noted by dtucker@ RCSID sync only; I thought this was a merge botch and fixed it already	2013-11-07 13:32:51 +11:00
Damien Miller	df8b030b15	- (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms that lack it but have arc4random_uniform()	2013-11-07 13:28:16 +11:00
Damien Miller	a6fd1d3c38	- (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these	2013-11-07 12:03:26 +11:00
Damien Miller	c98319750b	- (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff	2013-11-07 12:00:23 +11:00
Damien Miller	61c5c2319e	- (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5) that got lost in recent merge.	2013-11-07 11:34:14 +11:00
Damien Miller	094003f545	- (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from KEX/curve25519 change	2013-11-04 22:59:27 +11:00
Damien Miller	ca67a7eaf8	- djm@cvs.openbsd.org 2013/11/03 10:37:19 [roaming_common.c] fix a couple of function definitions foo() -> foo(void) (-Wold-style-definition)	2013-11-04 09:05:17 +11:00
Damien Miller	0bd8f1519d	- markus@cvs.openbsd.org 2013/11/02 22:39:19 [ssh_config.5 sshd_config.5] the default kex is now curve25519-sha256@libssh.org	2013-11-04 08:55:43 +11:00
Damien Miller	4c3ba0767f	- markus@cvs.openbsd.org 2013/11/02 22:34:01 [auth-options.c] no need to include monitor_wrap.h and ssh-gss.h	2013-11-04 08:40:13 +11:00
Damien Miller	660621b210	- markus@cvs.openbsd.org 2013/11/02 22:24:24 [kexdhs.c kexecdhs.c] no need to include ssh-gss.h	2013-11-04 08:37:51 +11:00
Damien Miller	abdca986de	- markus@cvs.openbsd.org 2013/11/02 22:10:15 [kexdhs.c kexecdhs.c] no need to include monitor_wrap.h	2013-11-04 08:30:05 +11:00
Damien Miller	1e1242604e	- markus@cvs.openbsd.org 2013/11/02 21:59:15 [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] use curve25519 for default key exchange (curve25519-sha256@libssh.org); initial patch from Aris Adamantiadis; ok djm@	2013-11-04 08:26:52 +11:00
Damien Miller	d2252c7919	- markus@cvs.openbsd.org 2013/11/02 20:03:54 [ssh-pkcs11.c] support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys; fixes bz#1908; based on patch from Laurent Barbe; ok djm	2013-11-04 07:41:48 +11:00
Darren Tucker	007e3b357e	- (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t for platforms that don't have them.	2013-11-03 18:43:55 +11:00
Darren Tucker	710f374735	- (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd vsnprintf. From eric at openbsd via chl@.	2013-11-03 17:20:34 +11:00
Darren Tucker	d527704523	- (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep. From OpenSMTPD where it prevents "implicit declaration" warnings (it's a no-op in OpenSSH). From chl at openbsd.	2013-11-03 16:30:46 +11:00
Damien Miller	63857c9340	- jmc@cvs.openbsd.org 2013/10/29 18:49:32 [sshd_config.5] pty(4), not pty(7);	2013-10-30 22:31:06 +11:00
Damien Miller	5ff30c6b68	- djm@cvs.openbsd.org 2013/10/29 09:48:02 [servconf.c servconf.h session.c sshd_config sshd_config.5] shd_config PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option; bz#2070, patch from Teran McKinney; ok markus@	2013-10-30 22:21:50 +11:00
Damien Miller	4a3a9d4bbf	- djm@cvs.openbsd.org 2013/10/29 09:42:11 [key.c key.h] fix potential stack exhaustion caused by nested certificates; report by Mateusz Kocielski; ok dtucker@ markus@	2013-10-30 22:19:47 +11:00
Damien Miller	28631ceaa7	- djm@cvs.openbsd.org 2013/10/25 23:04:51 [ssh.c] fix crash when using ProxyCommand caused by previous commit - was calling freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@	2013-10-26 10:07:56 +11:00
Damien Miller	26506ad293	- (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove unnecessary arc4random_stir() calls. The only ones left are to ensure that the PRNG gets a different state after fork() for platforms that have broken the API.	2013-10-26 10:05:46 +11:00
Tim Rice	bd43e88723	- (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"	2013-10-24 12:22:49 -07:00
Damien Miller	a90c033808	- djm@cvs.openbsd.org 2013/10/24 08:19:36 [ssh.c] fix bug introduced in hostname canonicalisation commit: don't try to resolve hostnames when a ProxyCommand is set unless the user has forced canonicalisation; spotted by Iain Morgan	2013-10-24 21:03:17 +11:00
Damien Miller	cf31f38634	- dtucker@cvs.openbsd.org 2013/10/24 00:51:48 [readconf.c servconf.c ssh_config.5 sshd_config.5] Disallow empty Match statements and add "Match all" which matches everything. ok djm, man page help jmc@	2013-10-24 21:02:56 +11:00
Damien Miller	4bedd4032a	- dtucker@cvs.openbsd.org 2013/10/24 00:49:49 [moduli.c] Periodically print progress and, if possible, expected time to completion when screening moduli for DH groups. ok deraadt djm	2013-10-24 21:02:26 +11:00
Damien Miller	5ecb416298	- djm@cvs.openbsd.org 2013/10/23 23:35:32 [sshd.c] include local address and port in "Connection from ..." message (only shown at loglevel>=verbose)	2013-10-24 21:02:02 +11:00
Damien Miller	03bf2e61ad	- dtucker@cvs.openbsd.org 2013/10/23 05:40:58 [servconf.c] fix comment	2013-10-24 21:01:26 +11:00
Damien Miller	8f18731914	- (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check rather than full client name which may be of form user@REALM; patch from Miguel Sanders; ok dtucker@	2013-10-24 10:53:02 +11:00
Damien Miller	5b01b0dcb4	- djm@cvs.openbsd.org 2013/10/23 04:16:22 [ssh-keygen.c] Make code match documentation: relative-specified certificate expiry time should be relative to current time and not the validity start time. Reported by Petr Lautrbach; ok deraadt@	2013-10-23 16:31:31 +11:00
Damien Miller	eff5cada58	- djm@cvs.openbsd.org 2013/10/23 03:05:19 [readconf.c ssh.c] comment	2013-10-23 16:31:10 +11:00
Damien Miller	084bcd24e9	- djm@cvs.openbsd.org 2013/10/23 03:03:07 [readconf.c] Hostname may have %h sequences that should be expanded prior to Match evaluation; spotted by Iain Morgan	2013-10-23 16:30:51 +11:00
Damien Miller	8e5a67f469	- jmc@cvs.openbsd.org 2013/10/20 18:00:13 [ssh_config.5] tweak the "exec" description, as worded by djm;	2013-10-23 16:30:25 +11:00
Damien Miller	c0049bd0bc	- djm@cvs.openbsd.org 2013/10/20 09:51:26 [scp.1 sftp.1] add canonicalisation options to -o lists	2013-10-23 16:29:59 +11:00
Damien Miller	8a04be795f	- djm@cvs.openbsd.org 2013/10/20 06:19:28 [readconf.c ssh_config.5] rename "command" subclause of the recently-added "Match" keyword to "exec"; it's shorter, clearer in intent and we might want to add the ability to match against the command being executed at the remote end in the future.	2013-10-23 16:29:40 +11:00
Damien Miller	5c86ebdf83	- djm@cvs.openbsd.org 2013/10/20 04:39:28 [ssh_config.5] document % expansions performed by "Match command ..."	2013-10-23 16:29:12 +11:00

1 2 3 4 5 ...

7068 Коммитов Все ветки Поиск

7068 Коммитов

Все ветки