| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-12-02 | fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before | Damien Miller | |
| HMAC_init (this change in policy seems insane to me) ok dtucker@ | |||
| 2011-12-02 | fix bz#1948: ssh -f doesn't fork for multiplexed connection. | Damien Miller | |
| ok dtucker@ | |||
| 2011-11-16 | Don't leak list in complete_cmd_parse if there are no commands found. | Owain Ainsworth | |
| Discovered when I was ``borrowing'' this code for something else. ok djm@ | |||
| 2011-10-24 | bz#1859: send tty break to pty master instead of (probably already | Damien Miller | |
| closed) slave side; "looks good" markus@ | |||
| 2011-10-24 | bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh | Damien Miller | |
| was incorrectly requesting the forward in both the control master and slave. skip requesting it in the master to fix. ok markus@ | |||
| 2011-10-19 | typo in comment; patch from Michael W. Bombardieri | Damien Miller | |
| 2011-10-19 | s/tmpfile/tmp/ to make this -Wshadow clean | Damien Miller | |
| 2011-10-18 | add -k to usage(); reminded by jmc@ | Damien Miller | |
| 2011-10-18 | ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ | Damien Miller | |
| 2011-10-18 | new "ssh-add -k" option to load plain keys (skipping certificates); | Damien Miller | |
| "looks ok" markus@ | |||
| 2011-10-18 | remove explict search for \0 in packet strings, this job is now done | Damien Miller | |
| implicitly by buffer_get_cstring; ok markus | |||
| 2011-10-16 | add missing includes to unbreak tree; fix from rpointel | Stefan Sperling | |
| 2011-10-16 | put -K in the right place (usage()); | Jason McIntyre | |
| 2011-10-16 | Add optional checkpoints for moduli screening. feedback & ok deraadt | Darren Tucker | |
| 2011-10-04 | silence error spam for "ls */foo" in directory with files; bz#1683 | Damien Miller | |
| 2011-09-30 | fix inverted test that caused logspam; spotted by henning@ | Damien Miller | |
| 2011-09-30 | don't attempt privsep cleanup when not using privsep; ok markus@ | Darren Tucker | |
| 2011-09-25 | improve the AuthorizedPrincipalsFile debug log message to include | Damien Miller | |
| file and line number | |||
| 2011-09-23 | unbreak remote portforwarding with dynamic allocated listen ports: | Markus Friedl | |
| 1) send the actual listen port in the open message (instead of 0). this allows multiple forwardings with a dynamic listen port 2) update the matching permit-open entry, so we can identify where to connect to report: den at skbkontur.ru and P. Szczygielski feedback and ok djm@ | |||
| 2011-09-23 | Add wildcard support to PermitOpen, allowing things like "PermitOpen | Darren Tucker | |
| localhost:*". bz #1857, ok djm markus. | |||
| 2011-09-22 | don't let remote_glob() implicitly sort its results in do_globbed_ls() - | Damien Miller | |
| in all likelihood, they will be resorted anyway | |||
| 2011-09-12 | fix leak in do_lsreaddir(); ok djm | Markus Friedl | |
| 2011-09-11 | fix leaks in do_hardlink() and do_readlink(); bz#1921 | Markus Friedl | |
| from Loganaden Velvindron | |||
| 2011-09-11 | document new -O cancel command; ok djm@ | Okan Demirmen | |
| 2011-09-10 | support cancellation of local/dynamic forwardings from ~C commandline; | Markus Friedl | |
| ok & feedback djm@ | |||
| 2011-09-09 | support for cancelling local and remote port forwards via the multiplex | Damien Miller | |
| socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@ | |||
| 2011-09-09 | kill the preauth privsep child on fatal errors in the monitor; | Damien Miller | |
| ok markus@ | |||
| 2011-09-09 | suppress adding '--' to remote commandlines when the first argument | Damien Miller | |
| does not start with '-'. saves breakage on some difficult-to-upgrade embedded/router platforms; feedback & ok dtucker ok markus | |||
| 2011-09-09 | MUX_C_CLOSE_FWD includes forward type in message (though it isn't | Damien Miller | |
| implemented anyway) | |||
| 2011-09-09 | fix typo in IPQoS parsing: there is no "AF14" class, but there is | Damien Miller | |
| an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk | |||
| 2011-09-07 | typo (they vs the) found by Lawrence Teo | Theo de Raadt | |
| 2011-09-05 | knock out a useless Ns; | Jason McIntyre | |
| 2011-09-05 | fix typo in IPQoS parsing: there is no "AF14" class, but there is | Damien Miller | |
| an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk | |||
| 2011-09-05 | mention ControlPersist and KbdInteractiveAuthentication in the -o | Damien Miller | |
| verbiage in these pages too (prompted by jmc@) | |||
| 2011-08-26 | Add some missing ssh_config(5) options that can be used in ssh(1)'s | Damien Miller | |
| -o argument. Patch from duclare AT guu.fi | |||
| 2011-08-07 | typo, fix from Laurent Gautrot | Darren Tucker | |
| 2011-08-02 | typo in comment | Damien Miller | |
| 2011-08-02 | crank now, release later | Damien Miller | |
| 2011-08-02 | Add new SHA256 and SHA512 based HMAC modes from | Damien Miller | |
| http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt feedback and ok markus@ | |||
| 2011-08-01 | prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); | Markus Friedl | |
| report Adam Zabrock; ok djm@, deraadt@ | |||
| 2011-07-29 | fail open(2) with EPERM rather than SIGKILLing the whole process. libc | Damien Miller | |
| will call open() to do strerror() when NLS is enabled; feedback and ok markus@ | |||
| 2011-07-06 | bzero the agent address. the kernel was for a while very cranky about | Ted Unangst | |
| these things. evne though that's fixed, always good to initialize memory. ok deraadt djm | |||
| 2011-06-23 | ignore EINTR errors from poll() | Damien Miller | |
| 2011-06-23 | rename sandbox.h => ssh-sandbox.h to make things easier for portable | Damien Miller | |
| 2011-06-22 | $OpenBSD$ makers | Damien Miller | |
| 2011-06-22 | hook up a channel confirm callback to warn the user then requested X11 | Damien Miller | |
| forwarding was refused by the server; ok markus@ | |||
| 2011-06-22 | introduce sandboxing of the pre-auth privsep child using systrace(4). | Damien Miller | |
| This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@ | |||
| 2011-06-22 | reuse the multistate option arrays to pretty-print options for "sshd -T" | Damien Miller | |
| 2011-06-17 | setproctitle for a mux master that has been gracefully stopped; | Damien Miller | |
| bz#1911 from Bert.Wesarg AT googlemail.com | |||
| 2011-06-17 | factor out multi-choice option parsing into a parse_multistate label | Damien Miller | |
| and some support structures; ok dtucker@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |