Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.17 / (download) - annotate - [select for diffs], Sat Apr 3 06:18:40 2021 UTC (3 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
HEAD
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
highly polished whitespace, mostly fixing spaces-for-tab and bad indentation on continuation lines. Prompted by GHPR#185
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jan 9 11:58:50 2021 UTC (3 years, 4 months ago) by dtucker
Branch: MAIN
Changes since 1.15: +2 -327 lines
Diff to previous 1.15 (colored)
Move address handling functions out into their own file in order to reuse them for per-source maxstartups limiting. Supplement with some additional functions from djm's flowtools that we'll also need. ok djm@ (as part of a larger diff).
Revision 1.15 / (download) - annotate - [select for diffs], Sun Oct 18 11:32:01 2020 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.14: +9 -11 lines
Diff to previous 1.14 (colored)
use the new variant log macros instead of prepending __func__ and appending ssh_err(r) manually; ok markus@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Jul 31 03:07:24 2018 UTC (5 years, 9 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.13: +12 -13 lines
Diff to previous 1.13 (colored)
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 feedback and ok dtucker@
Revision 1.13 / (download) - annotate - [select for diffs], Wed Sep 21 16:55:42 2016 UTC (7 years, 7 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.12: +2 -3 lines
Diff to previous 1.12 (colored)
Revert two recent changes to negated address matching. The new behaviour offers unintuitive surprises. We'll find a better way to deal with single negated matches. match.c 1.31: > fix matching for pattern lists that contain a single negated match, > e.g. "Host !example" > > report and patch from Robin Becker. bz#1918 ok dtucker@ addrmatch.c 1.11: > fix negated address matching where the address list consists of a > single negated match, e.g. "Match addr !192.20.0.1" > > Report and patch from Jakub Jelen. bz#2397 ok dtucker@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Aug 23 08:17:42 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
downgrade an error() to a debug2() to match similar cases in addr_match_list()
Revision 1.11 / (download) - annotate - [select for diffs], Tue Aug 23 03:24:10 2016 UTC (7 years, 8 months ago) by djm
Branch: MAIN
Changes since 1.10: +3 -2 lines
Diff to previous 1.10 (colored)
fix negated address matching where the address list consists of a single negated match, e.g. "Match addr !192.20.0.1" Report and patch from Jakub Jelen. bz#2397 ok dtucker@
Revision 1.10 / (download) - annotate - [select for diffs], Wed Jul 8 19:04:21 2015 UTC (8 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)
xmalloc.h is unused
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jan 19 11:21:51 2014 UTC (10 years, 3 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
Cast the sizeof to socklen_t so it'll work even if the supplied len is negative. Suggested by and ok djm, ok deraadt.
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jan 19 04:17:29 2014 UTC (10 years, 3 months ago) by dtucker
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
Cast socklen_t when comparing to size_t and use socklen_t to iterate over the ip options, both to prevent signed/unsigned comparison warnings. Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
Revision 1.7 / (download) - annotate - [select for diffs], Fri May 17 00:13:13 2013 UTC (11 years ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
bye, bye xfree(); ok markus@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jun 21 00:16:07 2012 UTC (11 years, 10 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
fix strlcpy truncation check. from carsten at debian org, ok markus
Revision 1.5 / (download) - annotate - [select for diffs], Fri Feb 26 20:29:54 2010 UTC (14 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.4: +77 -1 lines
Diff to previous 1.4 (colored)
Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
Revision 1.4 / (download) - annotate - [select for diffs], Wed Dec 10 03:55:20 2008 UTC (15 years, 5 months ago) by stevesk
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.3: +3 -2 lines
Diff to previous 1.3 (colored)
o cannot be NULL here but use xfree() to be consistent; ok djm@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jun 10 23:06:19 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.2: +6 -5 lines
Diff to previous 1.2 (colored)
support CIDR address matching in .ssh/authorized_keys from="..." stanzas ok and extensive testing dtucker@
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jun 10 05:22:45 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
Changes since 1.1: +5 -3 lines
Diff to previous 1.1 (colored)
fix fatal() when performing address matching and connection is not on socket; spotted by & ok dtucker@
Revision 1.1 / (download) - annotate - [select for diffs], Tue Jun 10 03:57:27 2008 UTC (15 years, 11 months ago) by djm
Branch: MAIN
support CIDR address matching in sshd_config "Match address" blocks, with full support for negation and fall-back to classic wildcard matching. For example: Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* PasswordAuthentication yes addrmatch.c code mostly lifted from flowd's addr.c feedback and ok dtucker@