ed623966e3
- dtucker@cvs.openbsd.org 2007/02/21 11:00:05
...
[sshd.c]
Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd. Analysis and
patch from andrew at gaul.org.
2007-02-25 20:37:21 +11:00
d04188e70e
- djm@cvs.openbsd.org 2007/02/20 10:25:14
...
[clientloop.c]
set maximum packet and window sizes the same for multiplexed clients
as normal connections; ok markus@
2007-02-25 20:36:49 +11:00
89ee69e3c6
- (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
...
an array for signatures when there are none since "calloc(0, n) returns
NULL on some platforms (eg Tru64), which is explicitly permitted by
POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
2007-02-19 22:56:55 +11:00
53ced25d61
- (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
...
platforms don't have it. Patch from dleonard at vintela.com.
2007-02-19 22:44:25 +11:00
1629c07c07
- dtucker@cvs.openbsd.org 2007/02/19 10:45:58
...
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
Teach Match how handle config directives that are used before
authentication. This allows configurations such as permitting password
authentication from the local net only while requiring pubkey from
offsite. ok djm@, man page bits ok jmc@
2007-02-19 22:25:37 +11:00
591322ae38
- stevesk@cvs.openbsd.org 2007/02/14 14:32:00
...
[bufbn.c]
typos in comments; ok jmc@
2007-02-19 22:17:28 +11:00
6ec2fbec8b
- djm@cvs.openbsd.org 2007/01/22 13:06:21
...
[scp.c]
fix detection of whether we should show progress meter or not: scp
tested isatty(stderr) but wrote the progress meter to stdout. This patch
makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
of dtucker@
2007-02-19 22:14:11 +11:00
0aa3dbb508
- djm@cvs.openbsd.org 2007/01/22 11:32:50
...
[sftp-client.c]
return error from do_upload() when a write fails. fixes bz#1252: zero
exit status from sftp when uploading to a full device. report from
jirkat AT atlas.cz; ok dtucker@
2007-02-19 22:13:39 +11:00
cb0e1753c7
- stevesk@cvs.openbsd.org 2007/01/21 01:45:35
...
[readconf.c]
spaces
2007-02-19 22:12:53 +11:00
c58b5b0742
ChangeLog entries for previous 2 commits
2007-02-19 22:12:23 +11:00
26dc3e656a
- jmc@cvs.openbsd.org 2007/01/12 20:20:41
...
[ssh-keygen.1 ssh-keygen.c]
more secsh -> rfc 4716 updates;
spotted by wiz@netbsd
ok markus
2007-02-19 22:09:06 +11:00
bf6b328f27
- jmc@cvs.openbsd.org 2007/01/10 13:23:22
...
[ssh_config.5]
do not use a list for SYNOPSIS;
this is actually part of a larger report sent by eric s. raymond
and forwarded by brad, but i only read half of it. spotted by brad.
2007-02-19 22:08:17 +11:00
e42bd24b22
- (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52 )
...
when closing a tty session when a background process still holds tty
fds open. Great detective work and patch by Marc Aurele La France,
slightly tweaked by me; ok dtucker@
2007-01-29 10:16:28 +11:00
07877ca680
- (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
...
library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
so it works properly and modify its callers so that they don't pre or
post decrement arguments that are conditionally evaluated. While there,
put SNPRINTF_CONST back as it prevents build failures in some
configurations. ok djm@ (for most of it)
2007-01-24 00:07:29 +11:00
9f74105289
- (djm) [ssh-rand-helper.8] manpage nits;
...
from dleonard AT vintela.com (bz#1529)
2007-01-22 12:44:53 +11:00
eae5fa1b58
- (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
...
and multiple including it causes problems on old IRIXes. (It snuck back
in during a sync.) Found (again) by Georg Schwarz.
2007-01-17 11:00:13 +11:00
742cc1c194
- (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
...
value of snprintf replacement, similar to bugs in various libc
implementations. This overflow is not exploitable in OpenSSH.
While I'm fiddling with it, make it a fair bit faster by inlining the
append-char routine; ok dtucker@
2007-01-14 21:20:30 +11:00
e67ac00b9b
typo
2007-01-14 10:26:25 +11:00
9ac56e945b
- (dtucker) [ssh-keygen.c] ac -> argv to match earlier sync.
2007-01-14 10:19:59 +11:00
e2334d600b
- stevesk@cvs.openbsd.org 2007/01/03 07:22:36
...
[sftp-server.c]
spaces
2007-01-05 16:31:02 +11:00
b6c85fcf37
- stevesk@cvs.openbsd.org 2007/01/03 04:09:15
...
[sftp.c]
ARGSUSED for lint
2007-01-05 16:30:41 +11:00
80163907ed
- stevesk@cvs.openbsd.org 2007/01/03 03:01:40
...
[auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
spaces
2007-01-05 16:30:16 +11:00
6c7439f963
- stevesk@cvs.openbsd.org 2007/01/03 00:53:38
...
[ssh-keygen.c]
remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
2007-01-05 16:29:55 +11:00
d94fc72bcd
- jmc@cvs.openbsd.org 2007/01/02 09:57:25
...
[sshd_config.5]
do not use lists for SYNOPSIS;
from eric s. raymond via brad
2007-01-05 16:29:30 +11:00
9fc6a56204
- dtucker@cvs.openbsd.org 2006/12/14 10:01:14
...
[servconf.c]
Make "PermitOpen all" first-match within a block to match the way other
options work. ok markus@ djm@
2007-01-05 16:29:02 +11:00
a29b95ec3a
- dtucker@cvs.openbsd.org 2006/12/13 08:34:39
...
[servconf.c]
Make PermitOpen work with multiple values like the man pages says.
bz #1267 with details from peter at dmtz.com, with & ok djm@
2007-01-05 16:28:36 +11:00
1ec462658e
- djm@cvs.openbsd.org 2006/12/12 03:58:42
...
[channels.c compat.c compat.h]
bz #1019 : some ssh.com versions apparently can't cope with the
remote port forwarding bind_address being a hostname, so send
them an address for cases where they are not explicitly
specified (wildcard or localhost bind). reported by daveroth AT
acm.org; ok dtucker@ deraadt@
2007-01-05 16:26:45 +11:00
c0367fb0d2
- markus@cvs.openbsd.org 2006/12/11 21:25:46
...
[ssh-keygen.1 ssh.1]
add rfc 4716 (public key format); ok jmc
2007-01-05 16:25:46 +11:00
3ca8b77179
- ray@cvs.openbsd.org 2006/11/23 01:35:11
...
[misc.c sftp.c]
Don't access buf[strlen(buf) - 1] for zero-length strings.
``ok by me'' djm@.
2007-01-05 16:24:47 +11:00
df8b7db16e
- (djm) OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2006/11/14 19:41:04
[ssh-keygen.c]
use argc and argv not some made up short form
2007-01-05 16:22:57 +11:00
be6db83462
- (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
2006-12-05 22:58:09 +11:00
143c2ef1ce
- (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
...
occur if the server did not have the privsep user and an invalid user
tried to login and both privsep and krb5 auth are disabled.
2006-12-05 09:08:54 +11:00
b0781f79db
- markus@cvs.openbsd.org 2006/11/07 13:02:07
...
[dh.c]
BN_hex2bn returns int; from dtucker@
2006-11-08 10:01:36 +11:00
14ea86391b
- (dtucker) Release 4.5p1.
2006-11-07 23:27:34 +11:00
c2820c5822
- (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
...
versions.
2006-11-07 23:25:45 +11:00
fbba735aa3
- markus@cvs.openbsd.org 2006/11/07 10:31:31
...
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
2006-11-07 23:16:08 +11:00
0bc85579a9
- markus@cvs.openbsd.org 2006/11/06 21:25:28
...
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
add missing checks for openssl return codes; with & ok djm@
2006-11-07 23:14:41 +11:00
df0e438a2e
- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
...
if we absolutely need it. Pointed out by Corinna, ok djm@
2006-11-07 11:28:40 +11:00
570c2ab1b6
- markus@cvs.openbsd.org 2006/10/31 16:33:12
...
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
check DH_compute_key() for -1 even if it should not happen because of
earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
2006-11-05 05:32:02 +11:00
3975ee2c3c
- (djm) OpenBSD CVS Sync
...
- otto@cvs.openbsd.org 2006/10/28 18:08:10
[ssh.1]
correct/expand example of usage of -w; ok jmc@ stevesk@
2006-11-05 05:31:33 +11:00
4d13ecea54
- (dtucker) [openbsd-compat/port-solaris.c] Bug #1255 : Make only hwerr
...
events fatal in Solaris process contract support and tell it to signal
only processes in the same process group when something happens.
Based on information from andrew.benham at thus.net and similar to
a patch from Chad Mynhier. ok djm@
2006-11-01 10:28:49 +11:00
796c6c693d
- (djm) [auth.c] gc some dead code
2006-10-28 01:10:15 +10:00
bcf8be356f
- (tim) [Makefile.in scard/Makefile.in] Add datarootdir= lines to keep
...
autoconf 2.60 from complaining.
2006-10-23 14:44:47 -07:00
50455890f3
- djm@cvs.openbsd.org 2006/10/22 02:25:50
...
[sftp-client.c]
cancel progress meter when upload write fails; ok deraadt@
2006-10-24 03:03:02 +10:00
985a4485f5
- markus@cvs.openbsd.org 2006/10/11 12:38:03
...
[clientloop.c serverloop.c]
exit instead of doing a blocking tcp send if we detect a client/server
timeout, since the tcp sendqueue might be already full (of alive
requests); ok dtucker, report mpf
2006-10-24 03:02:41 +10:00
f4bcd10c4c
- markus@cvs.openbsd.org 2006/10/10 10:12:45
...
[sshconnect.c]
sleep before retrying (not after) since sleep changes errno; fixes
pr 5250; rad@twig.com ; ok dtucker djm
2006-10-24 03:02:23 +10:00
990b1a80b5
- djm@cvs.openbsd.org 2006/10/09 23:36:11
...
[session.c]
xmalloc -> xcalloc that was missed previously, from portable
(NB. Id sync only for portable, obviously)
2006-10-24 03:01:56 +10:00
952dce6593
- djm@cvs.openbsd.org 2006/10/06 02:29:19
...
[ssh-agent.c ssh-keyscan.c ssh.c]
sys/resource.h needs sys/time.h; prompted by brad@
(NB. Id sync only for portable)
2006-10-24 03:01:16 +10:00
e7658a50f0
- (djm) OpenBSD CVS Sync
...
- ray@cvs.openbsd.org 2006/09/30 17:48:22
[sftp.c]
Clear errno before calling the strtol functions.
From Paul Stoeber <x0001 at x dot de1 dot cc>.
OK deraadt@.
2006-10-24 03:00:12 +10:00
78802f0af3
- (dtucker) [sshd.c] Reshuffle storing of pw struct; prevents warnings
...
on older versions of OS X. ok djm@
2006-10-18 22:51:31 +10:00
ffe88e15af
- ray@cvs.openbsd.org 2006/09/25 04:55:38
...
[ssh-keyscan.1 ssh.1]
Change "a SSH" to "an SSH". Hurray, I'm not the only one who
pronounces "SSH" as "ess-ess-aich".
OK jmc@ and stevesk@.
2006-10-18 07:53:06 +10:00
a43c005825
- (dtucker) [monitor_fdpass.c] Include sys/in.h, required for cmsg macros
...
on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
2006-10-16 19:49:12 +10:00
77674b1efa
- (tim) [buildpkg.sh.in] Some systems have really limited nawk (OpenServer).
...
Allow setting alternate awk in openssh-config.local.
2006-10-06 18:49:36 -07:00
adc947d5a5
- (dtucker) [configure.ac] Set put -lselinux into $LIBS while testing for
...
SELinux functions so they're detected correctly. Patch from pebenito at
gentoo.org.
2006-10-07 09:07:20 +10:00
09f1093a29
20061006
...
- (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
Differentiate between OpenServer 5 and OpenServer 6
2006-10-06 14:58:38 -07:00
1cfab23b7f
- (tim) [configure.ac] Move CHECK_HEADERS test before platform specific
...
section so additional platform specific CHECK_HEADER tests will work
correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
Feedback and "seems like a good idea" dtucker@
2006-10-03 09:34:35 -07:00
47bda1ff83
- (dtucker) [audit-bsm.c] Include errno.h. Pointed out by des at des.no.
2006-10-01 08:09:50 +10:00
5e8381ee86
- (dtucker) [configure.ac] Bug #1239 : Fix configure test for OpenSSH engine
...
support. Patch from andrew.benham at thus net.
2006-09-29 20:16:51 +10:00
23dd658e57
- (dtucker) [entropy.c] Bug #1238 : include signal.h to fix compilation error
...
on Solaris 8 w/out /dev/random or prngd. Patch from rl at
math.technion.ac.il.
2006-09-28 19:40:20 +10:00
b4b2f9a6c9
Marker for 4.4p1 release
2006-09-28 19:08:32 +10:00
25bd3c0612
- (dtucker) [sftp-server.8] Resync; spotted by djm@
2006-09-26 20:14:28 +10:00
822d3a6fc1
- (dtucker) [bufaux.h] nuke bufaux.h; it's already gone from OpenBSD and not
...
referenced any more. ok djm@
2006-09-26 18:59:34 +10:00
f2ae7bf4a8
Trim ChangeLog Prior to 4.2p1
2006-09-26 18:57:28 +10:00
983b35b281
20060924
...
- (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
to rev 1.308) to work around broken gcc 2.x header file.
2006-09-24 12:08:59 -07:00
0ee3cbfc51
- (dtucker) [configure.ac] Bug #1234 : Put opensc libs into $LIBS rather than
...
$LDFLAGS. Patch from vapier at gentoo org.
2006-09-23 16:25:19 +10:00
dace233d70
- (dtucker) [packet.c canohost.c] Include arpa/inet.h for htonl macros on
...
some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
2006-09-22 19:22:17 +10:00
0dc5484ca6
- (dtucker) [defines.h] Include unistd.h before defining getpgrp; fixes
...
build error on Ultrix. From Bernhard Simon.
2006-09-21 23:13:30 +10:00
4aa665b71c
- markus@cvs.openbsd.org 2006/09/19 21:14:08
...
[packet.c]
client NULL deref on protocol error; Tavis Ormandy, Google Security Team
2006-09-21 13:00:25 +10:00
1e80e4023b
- otto@cvs.openbsd.org 2006/09/19 05:52:23
...
[sftp.c]
Use S_IS* macros insted of masking with S_IF* flags. The latter may
have multiple bits set, which lead to surprising results. Spotted by
Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
2006-09-21 12:59:33 +10:00
c70ce7b09d
- (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
...
Prevents macro redefinition warnings of "RDONLY".
2006-09-18 23:54:32 +10:00
9216c37d60
- (dtucker) [configure.ac] On AIX, check to see if the compiler will allow
...
macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
Allows build out of the box with older VAC and XLC compilers. Found by
David Bronder and Bernhard Simon.
2006-09-18 23:17:40 +10:00
83bbb03e52
- (dtucker) [INSTALL] Add info about audit support.
2006-09-17 22:55:52 +10:00
1f062ca339
- (djm) [sshd.c] Fix warning/API abuse; ok dtucker@
2006-09-17 14:04:46 +10:00
5965ae13e0
- (dtucker) [monitor.c] Correctly handle auditing of single commands when
...
using Protocol 1. From jhb at freebsd.
2006-09-17 12:00:13 +10:00
54e1b2291c
- (dtucker) [auth-pam.c] Propogate TZ environment variable to PAM auth
...
process so that any logging it does is with the right timezone. From
Scott Strickler, ok djm@.
2006-09-17 11:57:46 +10:00
dd1f9b307e
- (djm) Add openssh.xml to .cvsignore and sort it
2006-09-17 08:05:03 +10:00
3c9c1fbd21
- djm@cvs.openbsd.org 2006/09/16 19:53:37
...
[deattack.c deattack.h packet.c]
limit maximum work performed by the CRC compensation attack detector,
problem reported by Tavis Ormandy, Google Security Team;
ok markus@ deraadt@
2006-09-17 06:08:53 +10:00
223897a01a
- (djm) [Makefile.in buildpkg.sh.in configure.ac openssh.xml.in]
...
Support SMF in Solaris Packages if enabled by configure. Patch from
Chad Mynhier, tested by dtucker@
2006-09-12 21:54:10 +10:00
5d8a9acef0
- (dtucker) [cipher-aes.c] Include string.h for memcpy and friends. Noted
...
by Pekka Savola.
2006-09-11 20:46:13 +10:00
57b2920ad8
- (dtucker) [configure.ac] Add -lcrypt to let DragonFly build OOTB.
2006-09-10 20:25:51 +10:00
f376669328
- (dtucker) [contrib/aix/buildbff.sh] Ensure that perl is available.
2006-09-10 13:24:18 +10:00
733a292c11
- (dtucker) [buildpkg.sh.in] Always create privsep user. ok djm@
2006-09-09 20:41:25 +10:00
19a66dbf4f
- (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
2006-09-09 20:34:15 +10:00
08432d54fa
- (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
2006-09-09 15:59:43 +10:00
6d0d6fbfdf
- (dtucker) [configure.ac] The BSM header test needs time.h in some cases.
2006-09-09 01:05:21 +10:00
17da530d60
- (dtucker) [auth-sia.c] Add includes required for build on Tru64. Patch
...
from Chris Adams.
2006-09-08 09:54:41 +10:00
89f59cea1c
- (dtucker) [regress/cfgmatch.sh] stop_client is racy, so give us a better
...
chance of winning.
2006-09-08 00:03:05 +10:00
f19bbc3883
- (dtucker) [loginrec.c] Wrap paths.h in HAVE_PATHS_H.
2006-09-07 22:57:53 +10:00
b8f00193d8
- (tim) [configure.ac] s/BROKEN_UPDWTMP/BROKEN_UPDWTMPX/ on SCO OSR6
2006-09-06 18:11:29 -07:00
6433df036e
- (djm) [sshd.c auth.c] Set up fakepw() with privsep uid/gid, so it can
...
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
2006-09-07 10:36:43 +10:00
6e1033318c
- (dtucker) [loginrec.c] Include paths.h for _PATH_BTMP.
2006-09-05 19:25:19 +10:00
e1fe09968d
- (dtucker) [configure.ac] s/AC_DEFINES/AC_DEFINE/ spotted by Roumen Petrov.
2006-09-05 07:53:38 +10:00
3e0891093a
- (dtucker) [configure.ac] Define BROKEN_UPDWTMP on SCO OSR6 as the native
...
updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
ok djm@
2006-09-04 22:37:41 +10:00
ed0b59218e
- (dtucker) [configure.ac openbsd-compat/openbsd-compat.h] Check for
...
declaration of writev(2) and declare it ourselves if necessary. Makes
the atomiciov() calls build on really old systems. ok djm@
2006-09-03 22:44:49 +10:00
46aa3e0ce1
- (dtucker) [ssh-keyscan.c ssh-rand-helper.c ssh.c sshconnect.c
...
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
for hton* and ntoh* macros. Required on (at least) HP-UX since we define
_XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
2006-09-02 15:32:40 +10:00
25fa0ee693
- (dtucker) [openbsd-compat/port-irix.c] Add errno.h, found by Iain Morgan.
2006-09-02 12:38:56 +10:00
9fdeb66f67
- (dtucker) [README contrib/{caldera,redhat,suse}/openssh.spec] Crank
...
versions.
2006-09-01 21:32:53 +10:00
096faecdea
- (dtucker) [configure.ac includes.h openbsd-compat/glob.{c,h}] Explicitly
...
test for GLOB_NOMATCH and use our glob functions if it's not found.
Stops sftp from segfaulting when attempting to get a nonexistent file on
Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
from and tested by Corinna Vinschen.
2006-09-01 20:29:10 +10:00
0646ca6be8
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Fix implict declaration
...
warnings for binary_open and binary_close. Patch from Corinna Vinschen.
2006-09-01 19:29:01 +10:00
607aede26c
- (djm) [includes.h monitor.c openbsd-compat/bindresvport.c]
...
[openbsd-compat/rresvport.c] Some more headers: netinet/in.h
sys/socket.h and unistd.h in various places
2006-09-01 15:48:19 +10:00
Darren Tucker
Damien Miller
Tim Rice