src - OpenBSD base system

Age	Commit message (Collapse)	Author
2007-06-08	oops, here too: put the MAC list into a display, like we do for	Jason McIntyre
	ciphers, since groff has trouble with wide lines;
2007-06-08	put the MAC list into a display, like we do for ciphers,	Jason McIntyre
	since groff has trouble handling wide lines;
2007-06-08	Add a "MACs" line after "Ciphers" with the default MAC algorithms,	Peter Valchev
	to ease people who want to tweak both (eg. for performance reasons). ok deraadt@ djm@ dtucker@
2007-06-07	Add a new MAC algorithm for data integrity, UMAC-64 (not default yet, must	Peter Valchev
	specify umac-64@openssh.com). Provides about 20% end-to-end speedup compared to hmac-md5. Represents a different approach to message authentication to that of HMAC that may be beneficial if HMAC based on one of its underlying hash algorithms is found to be vulnerable to a new attack. http://www.ietf.org/rfc/rfc4418.txt in conjunction with and OK djm@
2007-06-05	Preserve MAC ctx between packets, saving 2xhash calls per-packet.	Damien Miller
	Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5 patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm committing at his request)
2007-06-02	memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca	Damien Miller

2007-05-31	gc unreachable code; spotted by Tavis Ormandy	Damien Miller

2007-05-31	convert to new .Dd format;	Jason McIntyre

2007-05-30	tidy: KNF, ARGSUSED and u_int	Damien Miller

2007-05-22	zap double include; from p_nowaczyk AT o2.pl	Damien Miller

2007-05-17	djm owes me a vb and a tism cd for breaking ssh compilation	Jolan Luff

2007-05-17	pass received SIGINT from monitor to postauth child so it can clean	Damien Miller
	up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com; ok markus@
2007-05-17	fall back to gethostname() when the outgoing connection is not	Damien Miller
	on a socket, such as is the case when ProxyCommand is used. Gives hostbased auth an opportunity to work; bz#616, report and feedback stuart AT kaloram.com; ok markus@
2007-05-17	bz#1286 stop reading and processing commands when input or output buffer	Damien Miller
	is nearly full, otherwise sftp-server would happily try to grow the input/output buffers past the maximum supported by the buffer API and promptly fatal() based on patch from Thue Janus Kristensen; feedback & ok dtucker@
2007-05-17	save and restore errno when logging; ok deraadt@	Damien Miller

2007-04-23	Remove debug() left over from development. ok deraadt@	Darren Tucker

2007-04-18	cast "%llu" format spec to (unsigned long long); do not assume a	Kevin Steves
	u_int64_t arg is the same as 'unsigned long long'. from Dmitry V. Levin <ldv@altlinux.org> ok markus@ 'Yes, that looks correct' millert@
2007-04-14	remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>	Kevin Steves

2007-03-20	- let synopsis and description agree for -f	Jason McIntyre
	- sort FILES - +.Xr ssh-keyscan 1 , from Igor Sobrado
2007-03-20	remove some bogus *p tests from charles longeau	Ted Unangst
	ok deraadt millert
2007-03-19	Remove the signal handler that checks if the agent's parent process	Darren Tucker
	has gone away, instead check when the select loop returns. Record when the next key will expire when scanning for expired keys. Set the select timeout to whichever of these two things happens next. With djm@, with & ok deraadt@ markus@
2007-03-19	Disable the legacy SSH protocol 1 for new installations via	Damien Miller
	a configuration override. In the future, we will change the server's default itself so users who need the legacy protocol will need to turn it on explicitly
2007-03-09	Move C/R -> kbdint special case to after the defaults have been	Darren Tucker
	loaded, which makes ChallengeResponse default to yes again. This was broken by the Match changes and not fixed properly subsequently. Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
2007-03-06	openssh-4.6; "please" deraadt@	Damien Miller

2007-03-01	sort the `match' keywords;	Jason McIntyre

2007-03-01	Remove ChallengeResponseAuthentication support inside a Match	Darren Tucker
	block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation.
2007-02-28	Remove expired keys periodically so they don't remain in memory when	Darren Tucker
	the agent is entirely idle, as noted by David R. Piegdon. This is the simple fix, a more efficient one will be done later. With markus, deraadt, with & ok djm.
2007-02-24	- strlen returns size_t, not int.	Ray Lai
	- Pass full buffer size to fgets. OK djm@, millert@, and moritz@.
2007-02-22	Check activep so Match and GatewayPorts work together; ok markus@	Darren Tucker

2007-02-21	Clear alarm() before restarting sshd on SIGHUP. Without this, if there's	Darren Tucker
	a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the newly exec'ed sshd will get the SIGALRM and not have a handler for it, and the default action will terminate the listening sshd. Analysis and patch from andrew at gaul.org.
2007-02-20	set maximum packet and window sizes the same for multiplexed clients	Damien Miller
	as normal connections; ok markus@
2007-02-19	Teach Match how handle config directives that are used before authentication.	Darren Tucker
	This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@
2007-02-14	typos in comments; ok jmc@	Kevin Steves

2007-01-22	fix detection of whether we should show progress meter or not: scp	Damien Miller
	tested isatty(stderr) but wrote the progress meter to stdout. This patch makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com; of dtucker@
2007-01-22	return error from do_upload() when a write fails. fixes bz#1252: zero	Damien Miller
	exit status from sftp when uploading to a full device. report from jirkat AT atlas.cz; ok dtucker@
2007-01-21	spaces	Kevin Steves

2007-01-21	spaces	Kevin Steves

2007-01-17	Honour activep for times (eg ServerAliveInterval) while parsing	Darren Tucker
	ssh_config and ~/.ssh/config so they work properly with Host directives. From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
2007-01-12	more secsh -> rfc 4716 updates;	Jason McIntyre
	spotted by wiz@netbsd ok markus
2007-01-10	do not use a list for SYNOPSIS;	Jason McIntyre
	this is actually part of a larger report sent by eric s. raymond and forwarded by brad, but i only read half of it. spotted by brad.
2007-01-03	spaces	Kevin Steves

2007-01-03	ARGSUSED for lint	Kevin Steves

2007-01-03	spaces	Kevin Steves

2007-01-03	remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan	Kevin Steves

2007-01-02	do not use lists for SYNOPSIS;	Jason McIntyre
	from eric s. raymond via brad
2006-12-14	Make "PermitOpen all" first-match within a block to match the way other	Darren Tucker
	options work. ok markus@ djm@
2006-12-13	Make PermitOpen work with multiple values like the man pages says. bz #1267	Darren Tucker
	with details from peter at dmtz.com, with & ok djm@
2006-12-12	bz #1019: some ssh.com versions apparently can't cope with the remote port	Damien Miller
	forwarding bind_address being a hostname, so send them an address for cases where they are not explicitly specified (wildcard or localhost bind). reported by daveroth AT acm.org; ok dtucker@ deraadt@
2006-12-11	add rfc 4716 (public key format); ok jmc	Markus Friedl

2006-11-23	Don't access buf[strlen(buf) - 1] for zero-length strings.	Ray Lai
	``ok by me'' djm@.