b95bb7f9b1
- (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code
2003-06-05 10:04:12 +10:00
5fe46a45c8
- (djm) Implement paranoid priv dropping checks, based on:
...
"SetUID demystified" - Hao Chen, David Wagner and Drew Dean
Proceedings of USENIX Security Symposium 2002
2003-06-05 09:53:31 +10:00
10eac0cf8f
- (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent
...
canohost.c changes.
2003-06-05 09:48:32 +10:00
0cbb9dea05
- (djm) Always use mysignal() for SIGALRM
2003-06-04 22:56:15 +10:00
cc685c1cbe
- djm@cvs.openbsd.org 2003/06/04 12:41:22
...
[sftp.c]
kill ssh process on receipt of signal; ok markus@
2003-06-04 22:51:38 +10:00
b69aaa8db7
- djm@cvs.openbsd.org 2003/06/04 12:40:39
...
[scp.c]
kill ssh process upon receipt of signal, bz #241 .
based on patch from esb AT hawaii.edu; ok markus@
2003-06-04 22:51:24 +10:00
65d1f5765f
- djm@cvs.openbsd.org 2003/06/04 12:18:49
...
[scp.c]
ansify; ok markus@
2003-06-04 22:51:08 +10:00
9fc7c699af
- djm@cvs.openbsd.org 2003/06/04 12:03:59
...
[serverloop.c]
remove bitrotten commet; ok markus@
2003-06-04 22:50:54 +10:00
4c322482bb
- (djm) Update to fix of bug #584 : lock card before return.
...
From larsch@trustcenter.de
2003-06-04 22:12:17 +10:00
31b3a0a98f
- djm@cvs.openbsd.org 2003/06/04 10:23:48
...
[sshd.c]
remove duplicated group-dropping code; ok markus@
2003-06-04 20:32:12 +10:00
941ac459ce
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/06/04 08:25:18
[sshconnect.c]
disable challenge/response and keyboard-interactive auth methods
upon hostkey mismatch. based on patch from fcusack AT fcusack.com.
bz #580 ; ok markus@
2003-06-04 20:31:53 +10:00
2527f5755a
- (djm) Bug #584 : scard-opensc.c doesn't work without PIN. Patch from
...
larsch@trustcenter.de ; ok markus@
2003-06-04 19:22:06 +10:00
485397c48d
- (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt.
...
ok markus@
2003-06-04 19:15:10 +10:00
865173ee03
- (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from
...
simon@sxw.org.uk (Also matches a change in OpenBSD a while ago)
2003-06-04 19:06:59 +10:00
d311c4e54b
change "No more 4-term BSD licenses in our tree" to
...
"No more 4-term BSD licenses in linked code"
mdoc2man.pl is 4-term BSDL
2003-06-03 13:09:16 +10:00
dafb12ed28
a - millert@cvs.openbsd.org 2003/06/03 02:56:16
...
[scp.c]
Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.
2003-06-03 13:06:18 +10:00
eb28cbc399
- (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
2003-06-03 12:45:27 +10:00
048d88d5aa
trim prior to 3.6p1
2003-06-03 12:43:14 +10:00
329638e49c
- (djm) Sync openbsd-compat with OpenBSD CVS.
...
- No more 4-term BSD licenses in our tree
2003-06-03 12:12:50 +10:00
3a961dc0d3
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/06/02 09:17:34
[auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c]
[canohost.c monitor.c servconf.c servconf.h session.c sshd_config]
[sshd_config.5]
deprecate VerifyReverseMapping since it's dangerous if combined
with IP based access control as noted by Mike Harding; replace with
a UseDNS option, UseDNS is on by default and includes the
VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@
ok deraadt@, djm@
- (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-03 10:25:48 +10:00
35276253a6
- (djm) Replace setproctitle replacement with code derived from
...
UCB sendmail
2003-06-03 10:14:28 +10:00
eacbb4fcc1
- jakob@cvs.openbsd.org 2003/06/02 08:31:10
...
[ssh_config.5]
VerifyHostKeyDNS is v2 only. ok markus@
2003-06-02 19:10:41 +10:00
61d3680aca
- deraadt@cvs.openbsd.org 2003/05/29 16:58:45
...
[sshd.c uidswap.c]
seteuid and setegid; markus ok
2003-06-02 19:09:48 +10:00
ab2db41b61
- djm@cvs.openbsd.org 2003/05/26 12:54:40
...
[sshconnect.c]
fix format strings; ok markus@
2003-06-02 19:09:13 +10:00
f46844214d
- (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS
2003-06-02 18:59:08 +10:00
dcc8312a19
- (djm) Fix use of macro before #define in cipher-aes.c
2003-06-02 18:57:59 +10:00
dba5950820
- (djm) Remove "noip6" option from RedHat spec file. This may now be
...
set at runtime using AddressFamily option.
2003-06-02 17:43:19 +10:00
237ca4ab08
openbsd-compat/xmmap.[ch] License clarifications. Add missing CVS ID.
2003-06-01 19:25:27 -07:00
f2e3e9deba
- (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may
...
clobber
2003-06-02 12:15:54 +10:00
f3bff94957
- (djm) Fix segv from bad reordering in auth-pam.c
2003-06-02 12:13:40 +10:00
2972d6c045
- (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix.
...
I'm pretty sure these are required. I also want to add -D_XOPEN_SOURCE=1
-D_XOPEN_SOURCE_EXTENDED=1 to CPPFLAGS for MP-RAS but I haven't had confirmation
that it will not break anything else.
2003-05-30 17:43:42 +10:00
3cb84e5ec8
- (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
...
roumenpetrov.info
2003-05-30 16:58:22 +10:00
a6a7c19dcb
- (djm) Avoid auth2-chall.c warning when compiling without
...
PAM, BSD_AUTH and SKEY
2003-05-26 21:36:13 +10:00
04bd8b0bcc
- djm@cvs.openbsd.org 2003/05/24 09:30:40
...
[authfile.c monitor.c sftp-common.c sshpty.c]
cast some types for printing; ok markus@
2003-05-25 14:38:33 +10:00
c11fe255ab
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/05/24 09:02:22
[log.c]
pass logged data through strnvis; ok markus
2003-05-25 14:38:02 +10:00
6014578b90
- (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net
2003-05-24 11:41:16 +10:00
08293fa435
- djm@cvs.openbsd.org 2003/05/23 08:29:30
...
[sshconnect.c]
fix leak; ok markus@
2003-05-23 18:44:41 +10:00
fbf486b4a6
- jmc@cvs.openbsd.org 2003/05/20 12:09:31
...
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1]
new sentence, new line
2003-05-23 18:44:23 +10:00
5067792a72
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2003/05/20 12:03:35
[sftp.1]
- new sentence, new line
- added .Xr's
- typos
ok djm@
2003-05-23 18:44:04 +10:00
d419bdae77
- (djm) Use VIS_SAFE on logged strings rather than default strnvis
...
encoding (which encodes many more characters)
2003-05-23 18:43:40 +10:00
1340ec297b
- (djm) Configure logic to detect syslog_r and friends
2003-05-20 09:24:42 +10:00
74a3442d10
- deraadt@cvs.openbsd.org 2003/05/18 23:22:01
...
[log.c]
use syslog_r() in a signal handler called place; markus ok
2003-05-20 09:24:17 +10:00
eb0e969a4f
- (djm) Sync auth-pam.h with what we actually implement
2003-05-19 11:28:44 +10:00
5b5ca19ef0
- (djm) KNF on auth-sia.[ch]
2003-05-19 00:50:02 +10:00
e7fb103192
- (djm) KNF on md5crypt.c
2003-05-19 00:46:46 +10:00
317412502b
- (djm) Big KNF on openbsd-compat/
2003-05-19 00:13:38 +10:00
e323df6c48
- (djm) Sync openbsd-compat/ with OpenBSD CVS head
2003-05-18 22:24:09 +10:00
0b8e9006d8
- (djm) Tidy and trim TODO
2003-05-18 21:44:07 +10:00
f5399c24dc
- markus@cvs.openbsd.org 2003/05/17 04:27:52
...
[cipher.c cipher-ctr.c myproposal.h]
experimental support for aes-ctr modes from
http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt
ok djm@
2003-05-18 20:53:59 +10:00
a9825785e8
- itojun@cvs.openbsd.org 2003/05/17 03:25:58
...
[auth-rhosts.c]
just in case, put numbers to sscanf %s arg.
2003-05-18 20:53:10 +10:00
7e1bbc55af
- (djm) Remove IPv4 by default hack now that we can specify AF in config
2003-05-18 20:52:40 +10:00
20a8f97b03
- djm@cvs.openbsd.org 2003/05/16 03:27:12
...
[readconf.c ssh_config ssh_config.5 ssh-keysign.c]
add AddressFamily option to ssh_config (like -4, -6 on commandline).
Portable bug #534 ; ok markus@
2003-05-18 20:50:30 +10:00
25d9342f04
- (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in
...
recent merge
2003-05-18 20:45:47 +10:00
4c9e9ab165
- (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
2003-05-18 01:22:43 +00:00
e27c6cc3ad
- (djm) Guard free_pam_environment against NULL argument. Works around
...
HP/UX PAM problems debugged by dtucker
2003-05-16 18:21:01 +10:00
c46b6bc4f7
- (djm) A few type mismatch fixes from Bug #565
2003-05-16 15:51:44 +10:00
6ac2c48a19
- (djm) Add warning for UsePAM when built without PAM support
2003-05-16 11:42:35 +10:00
b78d5eb6c5
- djm@cvs.openbsd.org 2003/05/15 14:55:25
...
[readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c]
add a ConnectTimeout option to ssh, based on patch from
Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@
2003-05-16 11:39:04 +10:00
99b4b88aba
- markus@cvs.openbsd.org 2003/05/15 14:09:21
...
[auth2-krb5.c]
fix 64bit issue; report itojun@
2003-05-16 11:38:46 +10:00
f9b3feb847
- jakob@cvs.openbsd.org 2003/05/15 14:02:47
...
[readconf.c servconf.c]
warn for unsupported config option. ok markus@
2003-05-16 11:38:32 +10:00
6e80c36e2a
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/05/15 13:52:10
[ssh.c]
Make "ssh -V" print the OpenSSL version in a human readable form. Patch
from Craig Leres (mindrot at ee.lbl.gov); ok markus@
2003-05-16 11:38:00 +10:00
5d0ccf3b24
- (dtucker) HP-UX needs to include <sys/strtio.h> for TIOCSBRK
2003-05-15 21:42:59 +10:00
eff041d19e
- (djm) Bug #444 : Wrong paths after reconfigure
2003-05-15 21:33:46 +10:00
04cb536054
- (djm) Bug #529 : sshd doesn't work correctly after SIGHUP (copy argv
...
correctly)
2003-05-15 21:29:10 +10:00
b10f1cd878
- (djm) Only build getrrsetbyname replacement when using --with-dns
2003-05-15 20:55:27 +10:00
46a7b40d1e
- markus@cvs.openbsd.org 2003/05/15 04:08:41
...
[ssh.1]
~B is ssh2 only
2003-05-15 14:17:28 +10:00
156cbe8c67
- (djm) Enable UsePAM when built --with-pam
2003-05-15 14:16:41 +10:00
d248b5bd1b
- jakob@cvs.openbsd.org 2003/05/15 04:08:44
...
[readconf.c servconf.c]
disable kerberos when not supported. ok markus@
2003-05-15 14:15:23 +10:00
ffda4cb218
- (djm) Avoid uuencode.c warnings
2003-05-15 13:57:51 +10:00
34bb56743a
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
...
[sftp-int.c sftp.c]
Teach ls how to display multiple column display and allow users
to return to single column format via 'ls -1'. OK @djm
2003-05-15 13:49:58 +10:00
19c8f2b310
- mouring@cvs.openbsd.org 2003/05/15 03:43:59
...
[sftp-int.c]
Teach ls how to display multiple column display and allow users
to return to single column format via 'ls -1'. OK @djm
2003-05-15 13:49:21 +10:00
4962ed6ab4
- mouring@cvs.openbsd.org 2003/05/15 03:39:07
...
[sftp-int.c]
Make put/get (globed and nonglobed) code more consistant. OK djm@
2003-05-15 13:48:59 +10:00
ed12a26f0d
- djm@cvs.openbsd.org 2003/05/15 03:10:52
...
[ssh-keygen.c]
avoid warning; ok jakob@
2003-05-15 13:37:43 +10:00
3a3261ff99
- markus@cvs.openbsd.org 2003/05/15 03:08:29
...
[cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c]
split out custom EVP ciphers
2003-05-15 13:37:19 +10:00
b0622653ba
- jakob@cvs.openbsd.org 2003/05/15 02:27:15
...
[dns.c]
add missing freerrset
2003-05-15 13:27:28 +10:00
5975cf12c3
- (djm) Adapt README.dns for portable
2003-05-15 13:23:36 +10:00
a47f526dd7
- (djm) Tidy Makefile clean targets
2003-05-15 13:23:07 +10:00
d9ec370ac3
- (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support)
2003-05-15 12:27:08 +10:00
2aa0ab463f
- jakob@cvs.openbsd.org 2003/05/15 01:48:10
...
[readconf.c readconf.h servconf.c servconf.h]
always parse kerberos options. ok djm@ markus@
- (djm) Always parse UsePAM
2003-05-15 12:05:28 +10:00
f842fcb296
- markus@cvs.openbsd.org 2003/05/15 00:28:28
...
[sshconnect2.c]
cleanup unregister of per-method packet handlers; ok djm@
2003-05-15 12:01:28 +10:00
7abe09bf86
- (djm) Configure glue for DNS support (code doesn't work in portable yet)
2003-05-15 10:53:49 +10:00
54c459866e
- markus@cvs.openbsd.org 2003/05/14 22:24:42
...
[clientloop.c session.c ssh.1]
allow to send a BREAK to the remote system; ok various
2003-05-15 10:20:13 +10:00
37876e913a
- jakob@cvs.openbsd.org 2003/05/14 18:16:20
...
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
[dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
add experimental support for verifying hos keys using DNS as described
in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
ok markus@ and henning@
2003-05-15 10:19:46 +10:00
abbae980e7
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2003/05/14 13:11:56
[ssh-agent.1]
setup -> set up;
from wiz@netbsd
2003-05-15 10:16:21 +10:00
1ea7166019
- (djm) Bug #258 : sscanf("[0-9]") -> sscanf("[0123456789]") for portability
2003-05-14 22:33:58 +10:00
abef5628e8
- (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@
2003-05-14 21:48:51 +10:00
be64d43d01
- markus@cvs.openbsd.org 2003/05/14 08:57:49
...
[monitor.c]
http://bugzilla.mindrot.org/show_bug.cgi?id=560
Privsep child continues to run after monitor killed.
Pass monitor signals through to child; Darren Tucker
2003-05-14 19:31:12 +10:00
d6ead282db
- jmc@cvs.openbsd.org 2003/05/14 08:25:39
...
[sftp.1]
- better formatting in SYNOPSIS
- whitespace at EOL
ok djm@
2003-05-14 19:30:38 +10:00
4d99519535
- (djm) Avoid KrbV leak for MIT Kerberos
2003-05-14 19:23:56 +10:00
9d507dac1f
- (djm) Die screaming if start_pam() is called when UsePAM=no
2003-05-14 15:31:12 +10:00
4e448a31ae
- (djm) Add new UsePAM configuration directive to allow runtime control
...
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
2003-05-14 15:11:48 +10:00
9c617693c2
- (djm) Make portable build with MIT krb5 (some issues remain)
2003-05-14 14:31:11 +10:00
3ab496b3dd
- markus@cvs.openbsd.org 2003/05/14 02:15:47
...
[auth2.c monitor.c sshconnect2.c auth2-krb5.c]
implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@
server interops with commercial client; ok jakob@ djm@
2003-05-14 13:47:37 +10:00
fb7508edc8
- djm@cvs.openbsd.org 2003/05/14 01:00:44
...
[sftp.1]
emphasise the batchmode functionality and make reference to pubkey auth,
both of which are FAQs; ok markus@
2003-05-14 13:47:07 +10:00
935063553a
- markus@cvs.openbsd.org 2003/05/12 18:35:18
...
[ssh-keyscan.1]
typo: DSA keys are of type ssh-dss; Brian Poole
2003-05-14 13:46:33 +10:00
280ecfb6e4
- markus@cvs.openbsd.org 2003/05/12 16:55:37
...
[sshconnect2.c]
for pubkey authentication try the user keys in the following order:
1. agent keys that are found in the config file
2. other agent keys
3. keys that are only listed in the config file
this helps when an agent has many keys, where the server might
close the connection before the correct key is used. report & ok pb@
2003-05-14 13:46:00 +10:00
b1ca8bb159
- markus@cvs.openbsd.org 2003/05/11 20:30:25
...
[channels.c clientloop.c serverloop.c session.c ssh.c]
make channel_new() strdup the 'remote_name' (not the caller); ok theo
2003-05-14 13:45:42 +10:00
db2747259c
- markus@cvs.openbsd.org 2003/05/11 16:56:48
...
[authfile.c ssh-keygen.c]
change key_load_public to try to read a public from:
rsa1 private or rsa1 public and ssh2 keys.
this makes ssh-keygen -e fail for ssh1 keys more gracefully
for example; report from itojun (netbsd pr 20550).
2003-05-14 13:45:22 +10:00
3155432cd9
- david@cvs.openbsd.org 2003/04/30 20:41:07
...
[sshd.8]
fix invalid .Pf macro usage introduced in previous commit
ok jmc@ mouring@
2003-05-14 13:44:58 +10:00
049245d260
- mouring@cvs.openbsd.org 2003/04/30 01:16:20
...
[sshd.8 sshd_config.5]
Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable
Bug #550 and * escaping suggested by jmc@.
2003-05-14 13:44:42 +10:00
ea5ade28fb
- deraadt@cvs.openbsd.org 2003/04/26 04:29:49
...
[ssh-keyscan.c]
-t in usage(); rogier@quaak.org
2003-05-14 13:43:53 +10:00
8ce778a9f0
- markus@cvs.openbsd.org 2003/04/16 14:35:27
...
[auth.h]
document struct Authctxt; with solar
2003-05-14 13:43:25 +10:00
2372ace572
- markus@cvs.openbsd.org 2003/04/14 14:17:50
...
[channels.c sshconnect.c sshd.c ssh-keyscan.c]
avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP
2003-05-14 13:42:23 +10:00
44e72a764f
- naddy@cvs.openbsd.org 2003/04/12 11:40:15
...
[ssh.1]
document -V switch, fix wording; ok markus@
2003-05-14 13:42:08 +10:00
ef095ce00a
- markus@cvs.openbsd.org 2003/04/12 10:15:36
...
[misc.c]
debug->debug2
2003-05-14 13:41:39 +10:00
a201bb3f8a
- markus@cvs.openbsd.org 2003/04/12 10:13:57
...
[cipher.c]
hide cipher details; ok djm@
2003-05-14 13:41:23 +10:00
c652cac5f7
- (djm) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2003/04/09 12:00:37
[readconf.c]
strip trailing whitespace from config lines before parsing.
Fixes bz 528; ok markus@
2003-05-14 13:40:54 +10:00
d558092522
- (djm) RCSID sync w/ OpenBSD
2003-05-14 13:40:06 +10:00
1a27a1ee8c
- (djm) Bug #117 : Don't lie to PAM about username
2003-05-14 10:27:09 +10:00
75d3b05c57
- (djm) Redhat spec: Don't install profile.d scripts when not
...
building with GNOME/GTK askpass (patch from bet@rahul.net )
2003-05-12 18:15:49 +10:00
0d8b792931
- (djm) 2-clause license on loginrec.c, with permission from
...
andre@ae-35.com
2003-05-10 23:42:12 +10:00
4f9f42a9bb
- (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
...
proper challenge-response module
2003-05-10 19:28:02 +10:00
c437cda328
- (dtucker) Bug #536 : Test for and work around openpty/controlling tty
...
problem on Linux (fixes "could not set controlling tty" errors).
Also renames STREAMS_PUSH_ACQUIRES_CTTY to the more generic SSHD_ACQUIRES_CTTY
and moves the Solaris-specific comments to configure.ac.
2003-05-10 17:05:46 +10:00
e8831091c3
- (dtucker) Bug #318 : Create ssh_prng_cmds.out during "make" rather than
...
"make install". Patch by roth@feep.net .
2003-05-10 16:48:23 +10:00
ac279284f6
Add bug# to ChangeLog.
2003-05-04 11:36:25 +10:00
70a08cd29d
- (dtucker) Move #include of bsd-cygwin_util.h to openbsd-compat.h. Patch from
...
vinschen@redhat.com .
2003-05-04 10:41:20 +10:00
04cc5385b1
- (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
...
by wendyp@cray.com .
2003-05-03 07:32:56 +10:00
bd570d7a22
Added ok for record_failed_login() change
2003-05-02 23:50:09 +10:00
97363a8b24
- (dtucker) Move handling of bad password authentications into a platform
...
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
3c01654deb
- (dtucker) Bug #544 : ignore invalid cmsg_type on Linux 2.0 kernels,
...
privsep should now work.
2003-05-02 20:48:21 +10:00
eab4bae038
- (djm) Add back radix.o (used by AFS support), after it went missing from
...
Makefile many moons ago
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
- (djm) Fix blibpath specification for AIX/gcc
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-29 23:22:40 +10:00
0e7f4363f3
- (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
...
hacked code.
2003-04-28 23:30:43 +00:00
f50ad1fd04
- (bal) auth2.c same changed as above.
2003-04-27 18:44:31 +00:00
683036ee2c
- (bal) auth1.c minor resync while looking at the code.
2003-04-27 18:41:30 +00:00
796b9a5495
- (bal) Since we don't support platforms lacking u_int_64. We may
...
as well clean out some of those evil #ifdefs
2003-04-27 18:01:37 +00:00
93b6b776ad
- (bal) Bug #541 : return; was dropped by mistake. Reported by
...
furrier@iglou.com
2003-04-27 17:55:33 +00:00
2a3f20e397
- (djm) Fix missed log => logit occurance (reference by function pointer)
2003-04-09 21:12:00 +10:00
bf2a0174e3
- hin@cvs.openbsd.org 2003/04/09 08:23:52
...
[servconf.c]
Don't include <krb.h> when compiling with Kerberos 5 support
2003-04-09 21:07:14 +10:00
a0898b8505
- itojun@cvs.openbsd.org 2003/04/08 20:21:29
...
[*.c *.h]
rename log() into logit() to avoid name conflict. markus ok, from
netbsd
- (djm) XXX - Performed locally using:
"perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
- (djm) Fix up missing include for packet.c
2003-04-09 21:05:52 +10:00
b1ecd9cd97
- markus@cvs.openbsd.org 2003/04/07 08:29:57
...
[monitor_wrap.c]
typo: get correct counters; introduced during rekeying change.
2003-04-09 20:51:24 +10:00
3bed191ca2
- itojun@cvs.openbsd.org 2003/04/03 07:25:27
...
[progressmeter.c]
$OpenBSD$
- itojun@cvs.openbsd.org 2003/04/03 10:17:35
[progressmeter.c]
remove $OpenBSD$, as other *.c does not have it.
2003-04-09 20:50:59 +10:00
703ced55bb
- markus@cvs.openbsd.org 2003/04/02 14:36:26
...
[ssh-keysign.c]
potential segfault if KEY_UNSPEC; cjwatson@debian.org ; bug #526
2003-04-09 20:50:26 +10:00
a5539d2698
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/04/02 09:48:07
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
reapply rekeying chage, tested by henning@, ok djm@
2003-04-09 20:50:06 +10:00
a92a589e97
- (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
2003-04-09 19:41:25 +10:00
d186d74410
- (djm) Bug #539 : Specify creation mode with O_CREAT for lastlog. Report
...
from matth@eecs.berkeley.edu
2003-04-09 19:40:33 +10:00
c8a49d743a
- (bal) if IP_TOS is not found or broken don't try to compile in
...
packet_set_tos() function call. bug #527
2003-04-02 15:18:22 +00:00
a0ab669c13
- (djm) Release 3.6.1p1
2003-04-01 21:47:16 +10:00
b80e52ab6f
- (djm) Crank spec file versions
2003-04-01 21:46:53 +10:00
13c1c7a75e
- markus@cvs.openbsd.org 2003/04/01 10:56:46
...
[version.h]
3.6.1
2003-04-01 21:45:26 +10:00
d32090426b
- markus@cvs.openbsd.org 2003/04/01 10:31:26
...
[compat.c compat.h kex.c]
bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
tested by ho@ and myself
2003-04-01 21:44:37 +10:00
2dc074ef4b
- markus@cvs.openbsd.org 2003/04/01 10:10:23
...
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
2003-04-01 21:43:39 +10:00
495dca3518
- (djm) OpenBSD CVS Sync
...
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
[scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
[ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
- killed whitespace
- new sentence new line
- .Bk for arguments
ok markus@
2003-04-01 21:42:14 +10:00
b3207e8061
- (djm) OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2003/03/26 04:02:51
[sftp-server.c]
one last fix to the tree: race fix broke stuff; pr 3169;
srp@srparish.net , help from djm
2003-03-26 16:01:11 +11:00
68d893dfed
- (djm) Fix getpeerid support for 64 bit BE systems. From
...
Arnd Bergmann <arndb@de.ibm.com>
2003-03-25 09:07:52 +11:00
62b6b17080
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
...
Report from murple@murple.net , diagnosis from dtucker@zip.com.au
2003-03-24 13:35:58 +11:00
b062c293e0
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/23 19:02:00
[monitor.c]
unbreak rekeying for privsep; ok millert@
2003-03-24 09:12:09 +11:00
009b23f6ab
[contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files section
2003-03-20 20:50:41 -08:00
c8c548d248
- (bal) Disable Privsep for Tru64 after pre-authentication due to issues
...
with SIA. Also, clean up of tru64 support patch by Chris Adams
<cmadams@hiwaay.net>
2003-03-21 01:18:09 +00:00
a5a2648b81
- (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
...
guessing rules)
2003-03-21 01:05:37 +00:00
d54d9382a4
- (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw'
2003-03-21 00:55:32 +00:00
5bd6eb71da
- (bal) The days of lack of int64_t support are over. Sorry kids.
2003-03-21 00:34:34 +00:00
4874c32531
- markus@cvs.openbsd.org 2003/03/17 11:43:47
...
[version.h]
enter 3.6
2003-03-20 10:11:34 +11:00
05f5578e1f
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/17 10:38:38
[progressmeter.c]
don't print \n if backgrounded; from ho@
2003-03-20 10:08:05 +11:00
4e4dc561ae
[configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
...
add nanosleep(). testing/corrections by Darren Tucker <dtucker@zip.com.au>
2003-03-18 10:21:40 -08:00
cafbcc7334
- (djm) Fix return value checks for RAND_bytes. Report from
...
Steve G <linux_4ever@yahoo.com>
2003-03-17 16:13:53 +11:00
c51d0735a4
- markus@cvs.openbsd.org 2003/03/13 11:44:50
...
[ssh-agent.c]
ssh-agent is similar to ssh-keysign (allows other processes to use
private rsa keys). however, it gets key over socket and not from
a file, so we have to do blinding here as well.
2003-03-15 11:37:09 +11:00
ed33d3b4d2
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/13 11:42:19
[authfile.c ssh-keysign.c]
move RSA_blinding_on to generic key load method
2003-03-15 11:36:18 +11:00
c1365e19b0
Fix bug #
2003-03-13 09:42:51 +11:00
c9c1d3757f
- (djm) AIX package builder update from dtucker@zip.com.au
2003-03-10 12:10:45 +11:00
933cc8fb9c
- (djm) Bug #245 : TTY problems on Solaris. Fix by stevesk@ and
...
dtucker@zip.com.au
2003-03-10 11:38:10 +11:00
f211efc690
- (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/
...
CLOUSEAU
2003-03-10 11:23:06 +11:00
0011138d47
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/03/05 22:33:43
[channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
[sftp-server.c ssh-add.c sshconnect2.c]
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
2003-03-10 11:21:17 +11:00
ca49a97788
- (djm) Fix some compile errors spotted by dtucker and his fabulous
...
tinderbox
2003-02-25 10:22:35 +11:00
fe1f14375a
- (djm) Bug #456 : Support for NEC SX6 with Unicos; from wendyp@cray.com
2003-02-24 15:45:42 +11:00
1a3ccb07c5
- (djm) Bug #494 : Allow multiple accounts on Windows 9x/Me;
...
From vinschen@redhat.com
2003-02-24 13:04:01 +11:00
8d8168a255
- (djm) Rest of Bug #499 : Import a basename() function from OpenBSD libc
2003-02-24 12:55:55 +11:00
b16f874d89
- (djm) Most of Bug #499 : Cygwin compile fixes for new progressmeter
2003-02-24 12:47:15 +11:00
30947c7287
- (djm) Bug #501 : gai_strerror should return char*;
...
fix from dtucker@zip.com.au
2003-02-24 12:35:08 +11:00
d194048f57
- (djm) Add new object files to Makefile and reorder
2003-02-24 12:18:46 +11:00
543402108e
- mpech@cvs.openbsd.org 2003/02/21 10:34:48
...
[auth-krb4.c]
...sizeof(&adat.session) is not good here.
henning@, deraadt@, millert@
2003-02-24 12:05:18 +11:00
9f82c8fa4f
- markus@cvs.openbsd.org 2003/02/21 09:05:53
...
[servconf.c]
print sshd_config filename in debug2 mode.
2003-02-24 12:04:33 +11:00
06ebedf365
- markus@cvs.openbsd.org 2003/02/16 17:30:33
...
[monitor.c monitor_wrap.c]
fix permitrootlogin forced-commands-only for privsep; bux #387 ; ok provos@
2003-02-24 12:03:38 +11:00
8e7fb33523
- markus@cvs.openbsd.org 2003/02/16 17:09:57
...
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
2003-02-24 12:03:03 +11:00
1587fb8a17
- markus@cvs.openbsd.org 2003/02/12 21:39:50
...
[crc32.c crc32.h]
replace crc32.c with a BSD licensed version; noted by David Turner
2003-02-24 12:02:12 +11:00
e8a240f966
- markus@cvs.openbsd.org 2003/02/12 09:33:04
...
[key.c key.h ssh-dss.c ssh-rsa.c]
merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
2003-02-24 12:01:40 +11:00
7b406276c4
- markus@cvs.openbsd.org 2003/02/10 11:51:47
...
[ssh-add.1]
xref sshd_config.5 (not sshd.8); mark@summersault.com ; bug #490
2003-02-24 12:00:16 +11:00
556f9315a5
- markus@cvs.openbsd.org 2003/02/06 21:22:43
...
[auth1.c auth2.c]
undo broken fix for #387 , fixes #486
2003-02-24 11:59:26 +11:00
9e51a73122
- markus@cvs.openbsd.org 2003/02/06 09:29:18
...
[sftp-server.c]
fix races in rename/symlink; from Tony Finch; ok djm@
2003-02-24 11:58:44 +11:00
9f1e33a6b2
- markus@cvs.openbsd.org 2003/02/06 09:27:29
...
[ssh.c ssh_config.5]
support 'ProxyCommand none'; bugzilla #433 ; binder@arago.de ; ok djm@
2003-02-24 11:57:32 +11:00
97f39ae810
- markus@cvs.openbsd.org 2003/02/06 09:26:23
...
[session.c]
missing call to setproctitle() after authentication; ok provos@
2003-02-24 11:57:01 +11:00
61f08ac35a
- markus@cvs.openbsd.org 2003/02/05 09:02:28
...
[readconf.c]
simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
2003-02-24 11:56:27 +11:00
b7df3af154
- markus@cvs.openbsd.org 2003/02/04 09:33:22
...
[monitor.c monitor_wrap.c]
skey/bsdauth: use 0 to indicate failure instead of -1, because
the buffer API only supports unsigned ints.
2003-02-24 11:55:46 +11:00
386f1f3e6c
- markus@cvs.openbsd.org 2003/02/04 09:32:08
...
[key.c]
better debug3 message
2003-02-24 11:54:57 +11:00
e8cea9e755
- markus@cvs.openbsd.org 2003/02/03 08:56:16
...
[sshpty.c]
don't call error() for readonly /dev; from soekris list; ok mcbride,
henning, deraadt.
2003-02-24 11:54:10 +11:00
babb47a059
- markus@cvs.openbsd.org 2003/02/02 10:56:08
...
[kex.c]
add support for key exchange guesses; based on work by
avraham.fraenkel@commatch.com ; fixes bug #148 ; ok deraadt@
2003-02-24 11:53:32 +11:00
eeeeb3517e
- markus@cvs.openbsd.org 2003/02/02 10:51:13
...
[scp.c]
call okname() only when using system(3) for remote-remote copy;
fixes bugs #483 , #472 ; ok deraadt@, mouring@
2003-02-24 11:52:58 +11:00
ffadc583f6
- jmc@cvs.openbsd.org 2003/01/31 21:54:40
...
[sshd.8]
typos; sshd(8): help and ok markus@
help and ok millert@
2003-02-24 11:52:26 +11:00
2eb26e89c5
- stevesk@cvs.openbsd.org 2003/01/28 17:24:51
...
[scp.1]
remove example not pertinent with -1 addition; ok markus@
2003-02-24 11:51:32 +11:00
8ee66a21cd
- markus@cvs.openbsd.org 2003/01/28 16:11:52
...
[scp.1]
document -l; pekkas@netcore.fi
2003-02-24 11:50:50 +11:00
180fc5b236
- (djm) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2003/01/27 17:06:31
[sshd.c]
more specific error message when /var/empty has wrong permissions;
bug #46 , map@appgate.com ; ok henning@, provos@, stevesk@
2003-02-24 11:50:18 +11:00
0775976dc6
- (djm) Tweak gnome-ssh-askpass2:
...
- Retry kb and mouse grab a couple of times, so passphrase dialog doesn't
immediately fail if you are doing something else when it appears (e.g.
dragging a window)
- Perform server grab after we have the keyboard and/or pointer to avoid
races.
2003-02-24 11:48:22 +11:00
c8936acfe1
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
2003-02-11 10:04:03 +11:00
850b942037
- (djm) Teach fake-getaddrinfo to use getservbyname() when provided a
...
string service name. Suggested by markus@, review by itojun@
2003-02-06 10:50:42 +11:00
4b0f1ad4db
- (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by
...
dtucker@zip.com.au
2003-02-01 04:43:34 +00:00
4d9dc1aa82
- (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au
2003-01-30 10:20:56 +11:00
cd6853c31c
- (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au
...
and openssh-unix-dev@thewrittenword.com
2003-01-28 11:33:42 +11:00
6dc562a7aa
- (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for
...
cray. Also removed test for tcgetpgrp in configure.ac since it
is no longer used.
2003-01-27 21:15:10 +00:00
3bc0c062ab
- (djm) Add TIMEVAL_TO_TIMESPEC macros
2003-01-24 11:50:32 +11:00
8e12147df5
- markus@cvs.openbsd.org 2003/01/23 14:06:15
...
[scp.1 scp.c]
scp -12; Sam Smith and others; ok provos@, deraadt@
2003-01-24 11:37:38 +11:00
ff74d748e9
- markus@cvs.openbsd.org 2003/01/23 14:01:53
...
[scp.c]
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
2003-01-24 11:36:58 +11:00
Damien Miller
Darren Tucker
Tim Rice
Ben Lindstrom