+20081111
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2008/11/05 11:22:54
+ [servconf.c]
+ passord -> password;
+ fixes user/5975 from Rene Maroufi
+ - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
+ [ssh-keygen.c]
+ spelling/typo in comment
+ - stevesk@cvs.openbsd.org 2008/11/07 18:50:18
+ [nchan.c]
+ add space to some log/debug messages for readability; ok djm@ markus@
+
+20081105
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2008/11/03 08:59:41
+ [servconf.c]
+ include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
+ - djm@cvs.openbsd.org 2008/11/04 07:58:09
+ [auth.c]
+ need unistd.h for close() prototype
+ (ID sync only)
+ - djm@cvs.openbsd.org 2008/11/04 08:22:13
+ [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
+ [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
+ [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
+ [Makefile.in]
+ Add support for an experimental zero-knowledge password authentication
+ method using the J-PAKE protocol described in F. Hao, P. Ryan,
+ "Password Authenticated Key Exchange by Juggling", 16th Workshop on
+ Security Protocols, Cambridge, April 2008.
+
+ This method allows password-based authentication without exposing
+ the password to the server. Instead, the client and server exchange
+ cryptographic proofs to demonstrate of knowledge of the password while
+ revealing nothing useful to an attacker or compromised endpoint.
+
+ This is experimental, work-in-progress code and is presently
+ compiled-time disabled (turn on -DJPAKE in Makefile.inc).
+
+ "just commit it. It isn't too intrusive." deraadt@
+ - stevesk@cvs.openbsd.org 2008/11/04 19:18:00
+ [readconf.c]
+ because parse_forward() is now used to parse all forward types (DLR),
+ and it malloc's space for host variables, we don't need to malloc
+ here. fixes small memory leaks.
+
+ previously dynamic forwards were not parsed in parse_forward() and
+ space was not malloc'd in that case.
+
+ ok djm@
+ - stevesk@cvs.openbsd.org 2008/11/05 03:23:09
+ [clientloop.c ssh.1]
+ add dynamic forward escape command line; ok djm@
+
20081103
- OpenBSD CVS Sync
- sthen@cvs.openbsd.org 2008/07/24 23:55:30
- grunk@cvs.openbsd.org 2008/07/25 06:56:35
[ssh_config]
Add VisualHostKey to example file, ok djm@
+ - grunk@cvs.openbsd.org 2008/07/25 07:05:16
+ [key.c]
+ In random art visualization, make sure to use the end marker only at the
+ end. Initial diff by Dirk Loss, tweaks and ok djm@
+ - markus@cvs.openbsd.org 2008/07/31 14:48:28
+ [sshconnect2.c]
+ don't allocate space for empty banners; report t8m at centrum.cz;
+ ok deraadt
+ - krw@cvs.openbsd.org 2008/08/02 04:29:51
+ [ssh_config.5]
+ whitepsace -> whitespace. From Matthew Clarke via bugs@.
+ - djm@cvs.openbsd.org 2008/08/21 04:09:57
+ [session.c]
+ allow ForceCommand internal-sftp with arguments. based on patch from
+ michael.barabanov AT gmail.com; ok markus@
+ - djm@cvs.openbsd.org 2008/09/06 12:24:13
+ [kex.c]
+ OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our
+ replacement anymore
+ (ID sync only for portable - we still need this)
+ - markus@cvs.openbsd.org 2008/09/11 14:22:37
+ [compat.c compat.h nchan.c ssh.c]
+ only send eow and no-more-sessions requests to openssh 5 and newer;
+ fixes interop problems with broken ssh v2 implementations; ok djm@
+ - millert@cvs.openbsd.org 2008/10/02 14:39:35
+ [session.c]
+ Convert an unchecked strdup to xstrdup. OK deraadt@
+ - jmc@cvs.openbsd.org 2008/10/03 13:08:12
+ [sshd.8]
+ do not give an example of how to chmod files: we can presume the user
+ knows that. removes an ambiguity in the permission of authorized_keys;
+ ok deraadt
+ - deraadt@cvs.openbsd.org 2008/10/03 23:56:28
+ [sshconnect2.c]
+ Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the
+ function.
+ spotted by des@freebsd, who commited an incorrect fix to the freebsd tree
+ and (as is fairly typical) did not report the problem to us. But this fix
+ is correct.
+ ok djm
+ - djm@cvs.openbsd.org 2008/10/08 23:34:03
+ [ssh.1 ssh.c]
+ Add -y option to force logging via syslog rather than stderr.
+ Useful for daemonised ssh connection (ssh -f). Patch originally from
+ and ok'd by markus@
+ - djm@cvs.openbsd.org 2008/10/09 03:50:54
+ [servconf.c sshd_config.5]
+ support setting PermitEmptyPasswords in a Match block
+ requested in PR3891; ok dtucker@
+ - jmc@cvs.openbsd.org 2008/10/09 06:54:22
+ [ssh.c]
+ add -y to usage();
+ - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
+ [scp.c]
+ spelling in comment; ok djm@
+ - stevesk@cvs.openbsd.org 2008/10/10 05:00:12
+ [key.c]
+ typo in error message; ok djm@
+ - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
+ [ssh_config.5]
+ use 'Privileged ports can be forwarded only when logging in as root on
+ the remote machine.' for RemoteForward just like ssh.1 -R.
+ ok djm@ jmc@
+ - stevesk@cvs.openbsd.org 2008/10/14 18:11:33
+ [sshconnect.c]
+ use #define ROQUIET here; no binary change. ok dtucker@
+ - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
+ [ssh_config.5]
+ correct and clarify VisualHostKey; ok jmc@
+ - stevesk@cvs.openbsd.org 2008/10/30 19:31:16
+ [clientloop.c sshd.c]
+ don't need to #include "monitor_fdpass.h"
+ - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
+ [dispatch.c]
+ remove unused #define DISPATCH_MIN; ok markus@
+ - djm@cvs.openbsd.org 2008/11/01 04:50:08
+ [sshconnect2.c]
+ sprinkle ARGSUSED on dispatch handlers
+ nuke stale unusued prototype
+ - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
+ [channels.c]
+ fix some typos in log messages; ok djm@
+ - sobrado@cvs.openbsd.org 2008/11/01 11:14:36
+ [ssh-keyscan.1 ssh-keyscan.c]
+ the ellipsis is not an optional argument; while here, improve spacing.
+ - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
+ [clientloop.c readconf.c readconf.h ssh.c]
+ merge dynamic forward parsing into parse_forward();
+ 'i think this is OK' djm@
+ - stevesk@cvs.openbsd.org 2008/11/02 00:16:16
+ [ttymodes.c]
+ protocol 2 tty modes support is now 7.5 years old so remove these
+ debug3()s; ok deraadt@
+ - stevesk@cvs.openbsd.org 2008/11/03 01:07:02
+ [readconf.c]
+ remove valueless comment
+ - stevesk@cvs.openbsd.org 2008/11/03 02:44:41
+ [readconf.c]
+ fix comment
+ - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
+ Make example scripts generate keys with default sizes rather than fixed,
+ non-default 1024 bits; patch from imorgan AT nas.nasa.gov
+ - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
+ [contrib/redhat/sshd.pam] Move pam_nologin to account group from
+ incorrect auth group in example files;
+ patch from imorgan AT nas.nasa.gov
20080906
- (dtucker) [config.guess config.sub] Update to latest versions from
andersk / openssh.git / blobdiff