f666fec2d5
- deraadt@cvs.openbsd.org 2002/05/22 23:18:25
...
[ssh.c sshd.c]
spelling; abishoff@arc.nasa.gov
2002-06-06 19:51:58 +00:00
38ed63d759
- deraadt@cvs.openbsd.org 2002/05/19 20:54:52
...
[log.h]
extra commas in enum not 100% portable
2002-06-06 19:51:06 +00:00
fac7769f64
- stevesk@cvs.openbsd.org 2002/05/16 22:09:59
...
[session.c ssh.c]
don't limit xauth pathlen on client side and longer print length on
server when debug; ok markus@
2002-06-06 19:49:54 +00:00
6a24641365
- markus@cvs.openbsd.org 2002/05/16 22:02:50
...
[cipher.c kex.h mac.c]
fix warnings (openssl 0.9.7 requires const)
2002-06-06 19:48:16 +00:00
fb62a69488
- markus@cvs.openbsd.org 2002/05/15 21:56:38
...
[servconf.c sshd.8 sshd_config]
re-enable privsep and disable setuid for post-3.2.2
2002-06-06 19:47:11 +00:00
df75dd21f5
- (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
...
setsockopt from debug to error for now).
2002-06-04 20:52:19 +00:00
28bbb0c458
[configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
...
build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
last monitor_fdpass.c changes that are no longer needed with new tests.
Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
2002-05-27 17:37:32 -07:00
8ce8296fd0
sync scard/
2002-05-22 14:24:01 +10:00
23dc10ddac
crank rpm spec versions
2002-05-22 14:14:54 +10:00
667fb25f47
Crank version
...
(also missed changelog message)
2002-05-22 14:14:00 +10:00
74cc5bb851
fix spelling mistakes spotted by Solar Designer <solar@openwall.com>
2002-05-22 11:02:15 +10:00
bc5bb55755
- (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
2002-05-21 17:59:13 +00:00
c5041acef3
- (stevesk) [sshd.c] bug 245; disable setsid() for now
2002-05-21 17:50:21 +00:00
9de793cc6c
[configure.ac] remove extra MD5_MSG="no" line.
2002-05-17 08:59:22 -07:00
4e67d38a7e
- (bal) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/05/15 21:05:29
[version.h]
enter OpenSSH_3.2.2
- (bal) Caldara, Suse, and Redhat openssh.specs updated.
2002-05-15 21:50:14 +00:00
c5c15dde32
- markus@cvs.openbsd.org 2002/05/15 21:02:53
...
[servconf.c sshd.8 sshd_config]
disable privsep and enable setuid for the 3.2.2 release
2002-05-15 21:37:34 +00:00
c57bbf158d
- millert@cvs.openbsd.org 2002/05/06 23:34:33
...
[ssh.1 sshd.8]
Kill/adjust r(login|exec)d? references now that those are no longer in
the tree.
2002-05-15 21:36:45 +00:00
bb2ce36d4d
- deraadt@cvs.openbsd.org 2002/05/04 02:39:35
...
[servconf.c sshd.8 sshd_config]
enable privsep by default; provos ok
(historical)
2002-05-15 21:35:43 +00:00
2b70e5603f
- (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy.
2002-05-15 16:39:51 +00:00
7339b2a278
- mouring@cvs.openbsd.org 2002/05/15 15:47:49
...
[kex.c monitor.c monitor_wrap.c sshd.c]
'monitor' variable clashes with at least one lame platform (NeXT). i
Renamed to 'pmonitor'. provos@
- (bal) Fixed up PAM case. I think.
2002-05-15 16:25:01 +00:00
bdde330d2f
- markus@cvs.openbsd.org 2002/05/13 21:26:49
...
[auth-rhosts.c]
handle debug messages during rhosts-rsa and hostbased authentication;
ok provos@
2002-05-15 16:19:37 +00:00
17401b6b77
- millert@cvs.openbsd.org 2002/05/13 15:53:19
...
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
2002-05-15 16:17:56 +00:00
a574cda45b
- markus@cvs.openbsd.org 2002/05/13 20:44:58
...
[auth-options.c auth.c auth.h]
move the packet_send_debug handling from auth-options.c to auth.c;
ok provos@
2002-05-15 16:16:14 +00:00
58d4dafeb1
- itojun@cvs.openbsd.org 2002/05/13 02:37:39
...
[auth-skey.c auth2.c]
less warnings. skey_{respond,query} are public (in auth.h)
2002-05-15 16:14:36 +00:00
966bfdae6b
- stevesk@cvs.openbsd.org 2002/05/11 20:24:48
...
[ssh.h]
typo in comment
2002-05-15 16:09:57 +00:00
973be0083b
- deraadt@cvs.openbsd.org 2002/05/08 21:06:34
...
[ssh.h]
move to sshd.sshd instead
2002-05-15 16:08:48 +00:00
1650ba3f57
- deraadt@cvs.openbsd.org 2002/05/07 19:54:36
...
[ssh.h]
use ssh uid
2002-05-15 16:07:11 +00:00
beecf74e2b
- (bal) CVS ID fix up on auth-passwd.c
2002-05-15 15:59:17 +00:00
860e929fa2
wrap
2002-05-15 10:12:29 +10:00
ee5e3b2d8a
wrap
2002-05-15 10:08:17 +10:00
8dd6febf73
update version.
2002-05-14 09:03:46 -07:00
fd6fd24a71
remove reference to UnixWare 7 and OpenUNIX 8
...
from PAM-enabled pragraph. UnixWare has no PAM.
2002-05-13 20:50:38 -07:00
1e28c9e6ba
20020514
...
[sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
[README.privsep] UnixWare 7 and OpenUNIX 8 work.
2002-05-13 17:07:18 -07:00
f8defa2327
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
2002-05-13 23:31:09 +00:00
05720356d6
- (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ OpenSSL < 0.9.6
2002-05-13 15:22:21 +10:00
f71d2a5d44
- (djm) Bug #234 : missing readpassphrase declaration and defines
2002-05-13 15:14:08 +10:00
0228155f06
- (stevesk) add initial README.privsep
2002-05-13 03:57:04 +00:00
c81e12976e
- (stevesk) [configure.ac] nicer message: --with-privsep-user=user
2002-05-13 03:51:40 +00:00
b7cb96934e
- (djm) Update RPM spec file: different superuser path, use
...
/var/empty/sshd for privsep
2002-05-13 13:26:57 +10:00
f58c672f0e
- (djm) Add --with-privsep-path configure option
2002-05-13 13:15:42 +10:00
5ad9fd9820
- (djm) Bug #231 : UsePrivilegeSeparation turns off Banner.
2002-05-13 11:07:41 +10:00
a18bbd398e
- (djm) Add --with-superuser-path=xxx configure option to specify what $PATH
...
the superuser receives.
2002-05-13 10:48:57 +10:00
802b956868
fix for systems that have both HAVE_ACCRIGHTS_IN_MSGHDR and
...
HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h has #define msg_accrights msg_control
2002-05-11 15:30:04 -07:00
aef7371fe4
applied a rework of djm's OpenSSL search cleanup patch.
...
Now only searches system and /usr/local/ssl (OpenSSL's default install path)
Others must use --with-ssl-dir=....
2002-05-11 13:17:42 -07:00
f98fb721a0
- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
...
check for root forced expire. Still don't check for inactive.
2002-05-10 15:48:52 +00:00
0b47814b43
- (bal) Back all the way out of auth-passwd.c changes. Breaks too many
...
things that don't set pw->pw_passwd.
2002-05-10 02:40:15 +00:00
87aea25f1a
- (djm) Try to drop supplemental groups at daemon startup. Patch from
...
RedHat
2002-05-10 12:20:24 +10:00
cfe4a89eef
- (djm) Rework RedHat RPM files. Based on spec from Nalin
...
Dahyabhai <nalin@redhat.com> and patches from
Pekka Savola <pekkas@netcore.fi>
2002-05-10 12:19:23 +10:00
a7a5d6d1b5
Unbreak make -f Makefile.in distprep
2002-05-09 07:05:59 -07:00
ffc868ff83
- (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
2002-05-09 15:59:13 +10:00
0502a471e0
set SHELL in Makefile in case someone makes from a non bourne compatable shell
2002-05-08 16:04:14 -07:00
63cf84199d
fix logic on when seed_rng() is called.
...
Report by Chris Maxwell <maxwell@cs.dal.ca>
2002-05-08 15:57:18 -07:00
4bd2a19890
Add truncate() emulation to address Bug 208
2002-05-07 19:51:31 -07:00
f762a4bea5
- (djm) Don't reinitialise PAM credentials before we have started PAM.
...
Report from Pekka Savola <pekkas@netcore.fi>
2002-05-08 12:27:55 +10:00
a33501bb5f
- (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
...
<pekkas@netcore.fi>
2002-05-08 12:24:42 +10:00
52910ddc66
- (djm) Unbreak auth-passwd.c for PAM and SIA
2002-05-08 12:18:26 +10:00
532bbdb99b
- (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
2002-05-06 23:06:08 +00:00
804357ace9
- (djm) Fix readpassphase compilation for systems which have it
2002-05-01 22:00:22 +10:00
38cd435892
- (djm) Import OpenBSD regression tests. Requires BSD make to run
2002-05-01 13:17:33 +10:00
2f09289e74
[contrib/caldera/openssh.spec] update fixUP to reflect changes in sshd_config.
...
[contrib/cygwin/README] remove reference to regex.
patch from Corinna Vinschen <vinschen@redhat.com>
2002-04-29 20:53:12 -07:00
aa100c546c
- (djm) Bug #180 : Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
...
patch from openssh@misc.tecq.org
2002-04-26 16:54:34 +10:00
ae9d5af0de
- (djm) Disable PAM password expiry until a complete fix for bug #188 exists
2002-04-26 11:27:24 +10:00
13ce922cc6
- (djm) Bug #137 , #209 : fix make problems for scard/Ssh.bin, do uudecode
...
during distprep only
2002-04-26 11:25:40 +10:00
0ea1d9d1f2
- (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
...
support. bug #184 . most from dcole@keysoftsys.com .
2002-04-25 18:17:04 +00:00
30e494fbca
- (stevesk) [defines.h] remove USE_TIMEVAL; unused
2002-04-25 17:56:07 +00:00
0150c65830
- djm@cvs.openbsd.org 2002/04/23 22:16:29
...
[sshd.c]
Improve error message; ok markus@ stevesk@
2002-04-24 09:49:09 +10:00
11ec28176e
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2002/04/23 12:54:10
[version.h]
3.2.1
2002-04-24 09:48:14 +10:00
5feaaefaf2
- (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
2002-04-23 20:45:55 +00:00
03df6cd83c
- (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
2002-04-23 20:11:13 +00:00
78cf8c377f
- markus@cvs.openbsd.org 2002/04/23 12:58:26
...
[radix.c]
send complete ticket; semerad@ss1000.ms.mff.cuni.cz
2002-04-23 16:41:12 +02:00
f75fcc61f4
wrap an out of control line
2002-04-23 23:32:38 +10:00
fa2bb69d16
- (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
...
sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
<Matthew_Clarke@mindlink.bc.ca>
2002-04-23 23:22:25 +10:00
f1b9d11a3e
- (djm) Bug #214 : Fix utmp for Irix (don't strip "tty"). Patch from
...
Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
<phgrau@zedat.fu-berlin.de>
2002-04-23 23:09:19 +10:00
d77facda1a
- (djm) Bug #213 : Simplify CMSG_ALIGN macros to avoid symbol clashes.
...
Reported by Doug Manton <dmanton@emea.att.com>
2002-04-23 22:59:51 +10:00
f5fea44ae3
- (djm) Define BROKEN_REALPATH for AIX, patch from
...
Antti Tapaninen <aet@cc.hut.fi>
2002-04-23 22:52:45 +10:00
654a4ef969
- (djm) Redhat spec enables KrbV by default
2002-04-23 21:17:17 +10:00
0b3894d5b5
- (djm) Update RPM spec file versions
2002-04-23 21:15:31 +10:00
ef7c11de6e
- (djm) Trim ChangeLog to include only post-3.1 changes
2002-04-23 21:13:32 +10:00
2797f7f03a
- markus@cvs.openbsd.org 2002/04/22 21:04:52
...
[channels.c clientloop.c clientloop.h ssh.c]
request reply (success/failure) for -R style fwd in protocol v2,
depends on ordered replies.
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215 ; ok provos@
2002-04-23 21:09:44 +10:00
d7de14b6ad
- markus@cvs.openbsd.org 2002/04/22 16:16:53
...
[servconf.c sshd.8 sshd_config]
do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
2002-04-23 21:04:51 +10:00
635fe98a7f
- markus@cvs.openbsd.org 2002/04/22 06:15:47
...
[radix.c]
fix check for overflow
2002-04-23 21:00:33 +10:00
f61c01506f
- stevesk@cvs.openbsd.org 2002/04/21 16:25:06
...
[sshconnect1.c]
spelling in error message; ok markus@
2002-04-23 20:56:02 +10:00
7a8558d3ea
- stevesk@cvs.openbsd.org 2002/04/21 16:19:27
...
[sshd.8 sshd_config]
document default AFSTokenPassing no; ok deraadt@
2002-04-23 20:51:15 +10:00
bad0e0162f
- markus@cvs.openbsd.org 2002/04/20 09:17:19
...
[radix.c]
rewrite using the buffer_* API, fixes overflow; ok deraadt@
2002-04-23 20:46:56 +10:00
3b23566a5b
- markus@cvs.openbsd.org 2002/04/20 09:14:58
...
[bufaux.c bufaux.h]
add buffer_{get,put}_short
2002-04-23 20:42:36 +10:00
7941855f09
- (djm) Make privsep work with PAM (still experimental)
2002-04-23 20:28:48 +10:00
594a71b9b9
- (djm) Bug #222 : Fix tests for getaddrinfo on OSF/1. Spotted by
...
Robert Urban <urban@spielwiese.de>
2002-04-23 20:22:59 +10:00
f02dccc0dc
[entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
...
entropy.c needs seteuid(getuid()) for the setuid(original_uid) to succeed.
Patch by gert@greenie.muc.de . This fixes one part of Bug 208
2002-04-21 11:26:10 -07:00
a370f4dcc6
- (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
...
Sturle Sunde <sturle.sunde@usit.uio.no>
2002-04-18 22:53:22 +10:00
43a1c13e0f
[configure.ac] Issue warning on --with-default-path=/some_path
...
if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com>
2002-04-17 21:19:14 -07:00
5efd71038d
- (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca
2002-04-17 12:30:45 +10:00
bd63874d4b
- (djm) Tell users to configure /dev/random support into OpenSSL in INSTALL
2002-04-17 12:22:58 +10:00
66480f188e
[configure.ac] add tests for recvmsg and sendmsg.
...
[monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
2002-04-15 21:10:09 -07:00
eb3630205a
- (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
2002-04-15 22:00:51 +00:00
8be24f3846
- (djm) Unbreak "make install". Fix from Darren Tucker <dtucker@zip.com.au>
2002-04-15 13:23:59 +10:00
49411ff8a7
- (djm) Random number collection doc fixes from Ben
2002-04-14 23:16:04 +10:00
32e4818015
- (djm) ssh-rand-helper improvements
...
- Add commandline debugging options
- Don't write binary data if stdout is a tty (use hex instead)
- Give it a manpage
2002-04-14 19:27:12 +10:00
fd4c9eee25
- (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
2002-04-13 11:04:40 +10:00
927dfd2d7e
- (bal) disable privsep if no MAP_ANON. We can re-enable it
...
after the release when we can do more testing.
2002-04-12 18:51:22 +00:00
c42f7cfd16
- (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
...
Corinna Vinschen <vinschen@redhat.com>
2002-04-12 17:44:13 +00:00
Ben Lindstrom
Kevin Steves
Tim Rice
Damien Miller
Markus Friedl