src - OpenBSD base system

Age	Commit message (Collapse)	Author
2009-12-20	fix an incorrect magic number and typo in PROTOCOL; bz#1688	Damien Miller
	report and fix from ueno AT unixuser.org
2009-12-20	When passing user-controlled options with arguments to other programs,	Philip Guenthe
	pass the option and option argument as separate argv entries and not smashed into one (e.g., as -l foo and not -lfoo). Also, always pass a "--" argument to stop option parsing, so that a positional argument that starts with a '-' isn't treated as an option. This fixes some error cases as well as the handling of hostnames and filenames that start with a '-'. Based on a diff by halex@ ok halex@ djm@ deraadt@
2009-12-19	try to clarify ChrootDirectory pathname argument a bit; resulting from	Kevin Steves
	a question on openssh-unix-dev. ok jmc@
2009-12-11	switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537	Markus Friedl
	for the RSA public exponent; discussed with provos; ok djm@
2009-12-06	fix potential divide-by-zero in sftp's "df" output when talking to a server	Darren Tucker
	that reports zero files on the filesystem (Unix filesystems always have at least the root inode). From Steve McClellan at radisys, ok djm@
2009-12-06	use socklen_t for getsockopt optlen parameter; reported by	Damien Miller
	Steve.McClellan AT radisys.com, ok dtucker@
2009-12-06	zap unused variable and strlen; from Steve McClellan, ok djm	Darren Tucker

2009-11-22	make passing of zero-length arguments to ssh safe by	Alexander Hall
	passing "-<switch>" "<value>" rather than "-<switch><value>" ok dtucker@, guenther@, djm@
2009-11-20	correct off-by-one in percent_expand(): we would fatal() when trying	Damien Miller
	to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually work. Note that nothing in OpenSSH actually uses close to this limit at present. bz#1607 from Jan.Pechanec AT Sun.COM
2009-11-20	Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@	Darren Tucker

2009-11-20	bz#1588 change "Connecting to host..." message to "Connected to host."	Damien Miller
	and delay it until after the sftp protocol connection has been established. Avoids confusing sequence of messages when the underlying ssh connection experiences problems. ok dtucker@
2009-11-20	Warn but do not fail if stat()ing the subsystem binary fails. This helps	Darren Tucker
	with chrootdirectory+forcecommand=sftp-server and restricted shells. bz #1599, ok djm.
2009-11-19	bz#1606: error when an attempt is made to connect to a server	Damien Miller
	with ForceCommand=internal-sftp with a shell session (i.e. not a subsystem session). Avoids stuck client when attempting to ssh to such a service. ok dtucker@
2009-11-17	fix incorrect exit status when multiplexing and channel ID 0 is recycled	Damien Miller
	bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
2009-11-11	fix race condition in x11/agent channel allocation: don't read after	Markus Friedl
	the end of the select read/write fdset and make sure a reused FD is not touched before the pre-handlers are called. with and ok djm@
2009-11-10	Set close-on-exec on various descriptors so they don't get leaked to	Darren Tucker
	child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
2009-11-10	clarify that StrictModes does not apply to ChrootDirectory. Permissions	Damien Miller
	and ownership are always checked when chrooting. bz#1532
2009-11-10	explain the constraints on LocalCommand some more so people don't	Damien Miller
	try to abuse it.
2009-10-28	tweak previous;	Jason McIntyre

2009-10-28	Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.	Reyk Floeter
	ok markus@
2009-10-24	Request roaming to be enabled if UseRoaming is true and the server	Andreas Gunnarsson
	supports it. ok markus@
2009-10-24	Do the actual suspend/resume in the client. This won't be useful until	Andreas Gunnarsson
	the server side supports roaming. Most code from Martin Forssen, maf at appgate dot com. Some changes by me and markus@ ok markus@
2009-10-24	Define the KEX messages used when resuming a suspended connection.	Andreas Gunnarsson
	ok markus@
2009-10-24	Dummy implementation of wait_for_roaming_reconnect() for the server side.	Andreas Gunnarsson
	It doesn't do anything yet but is needed for upcoming changes in roaming_common.c ok markus@
2009-10-24	client_loop() must detect if the session has been suspended and resumed,	Andreas Gunnarsson
	and take appropriate action in that case. From Martin Forssen, maf at appgate dot com ok markus@
2009-10-24	Let the client detect if the server supports roaming by looking	Andreas Gunnarsson
	for the resume@appgate.com kex algorithm. ok markus@
2009-10-24	Declarations needed for upcoming changes.	Andreas Gunnarsson
	ok markus@
2009-10-24	ssh-keygen now uses AES-128 for private keys	Darren Tucker

2009-10-23	disallow a hostile server from checking jpake auth by sending an	Damien Miller
	out-of-sequence success message. (doesn't affect code enabled by default)
2009-10-22	switch from 3DES to AES-128 for encryption of passphrase-protected	Damien Miller
	SSH protocol 2 private keys; ok several
2009-10-22	write UNIX-domain in a more consistent way; while here, replace a	Igor Sobrado
	few remaining ".Tn UNIX" macros with ".Ux" ones. pointed out by ratchov@, thanks! ok jmc@
2009-10-22	use the UNIX-related macros (.At and .Ux) where appropriate.	Igor Sobrado
	ok jmc@
2009-10-17	sort flags.	Igor Sobrado

2009-10-11	mention the host name that we are looking for in check_host_in_hostfile()	Damien Miller

2009-10-11	d_type isn't portable so use lstat to get dirent modes. Suggested by and	Darren Tucker
	"looks sane" deraadt@
2009-10-08	some tweaks now that protocol 1 is not offered by default; ok markus	Jason McIntyre

2009-10-08	disable protocol 1 by default (after a transition period of about 10 years)	Markus Friedl
	ok deraadt
2009-10-06	bz#1596: fflush(NULL) before exec() to ensure that everying (motd	Damien Miller
	in particular) has made it out before the streams go away.
2009-10-01	fix a cast	Alexander von Gernler
	ok djm@ markus@
2009-09-01	fix a race condition in ssh-agent that could result in a wedged or	Damien Miller
	spinning agent: don't read off the end of the allocated fd_sets, and don't issue blocking read/write on agent sockets - just fall back to select() on retriable read/write errors. bz#1633 reported and tested by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
2009-08-31	document -e and -h; prodded by jmc@	Damien Miller

2009-08-31	check correct variable for error message, spotted by martynas@	Damien Miller

2009-08-27	Do not fall back to adding keys without contraints (ssh-add -c / -t ...)	Damien Miller
	when the agent refuses the constrained add request. This was a useful migration measure back in 2002 when constraints were new, but just adds risk now. bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
2009-08-27	allow setting an explicit umask on the commandline to override whatever	Damien Miller
	default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-08-27	force use of correct hash function for random-art signature display	Damien Miller
	as it was inheriting the wrong one when bubblebabble signatures were activated; bz#1611 report and patch from fwojcik+openssh AT besh.com; ok markus@
2009-08-27	allow setting an explicit umask on the commandline to override whatever	Damien Miller
	default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-08-20	subsystem_flag is defined in ssh.c so it's extern; ok djm	Darren Tucker

2009-08-19	ether -> either;	Jason McIntyre

2009-08-18	fix "get" command usage, spotted by jmc@	Damien Miller

2009-08-18	recursive transfer support for get/put and on the commandline	Damien Miller
	work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code with some tweaks by me; "go for it" deraadt@