Darren Tucker
52358d6df3
- (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926 : Move
...
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
2008-03-11 22:58:25 +11:00
Darren Tucker
fe1cf97ee8
- (dtucker) [configure.ac] Run stack-protector tests with -Werror to catch
...
platforms where gcc understands the option but it's not supported (and
thus generates a warning).
2008-03-09 22:50:50 +11:00
Darren Tucker
7643e3397d
- (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347 : Use platform's
...
equivalent of LLONG_MAX for the compat regression tests, which makes them
run on AIX and HP-UX. Patch from David Leonard.
2008-03-09 17:10:09 +11:00
Darren Tucker
16ba6a8ea2
- (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
...
implementation. It's not needed to fix bug #1081 and breaks the build
on some AIX configurations.
2008-03-09 16:36:55 +11:00
Darren Tucker
b7918afddf
- (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn't
...
always work for all platforms and versions, so test what we can and
add a configure flag to turn it of if needed. ok djm@
2008-03-09 11:34:23 +11:00
Tim Rice
68d293859e
- (tim) [regress/sftp-glob.sh] Shell portability fix.
2008-03-07 19:00:33 -08:00
Damien Miller
a79bb8ec5e
- deraadt@cvs.openbsd.org 2008/03/04 21:15:42
...
[version.h]
crank version; from djm
2008-03-07 18:35:47 +11:00
Damien Miller
c0c53c3114
- deraadt@cvs.openbsd.org 2008/03/02 18:19:35
...
[monitor_fdpass.c]
use a union to ensure alignment of the cmsg (pay attention: various other
parts of the tree need this treatment too); ok djm
2008-03-07 18:35:26 +11:00
Damien Miller
7c29661471
- djm@cvs.openbsd.org 2008/02/27 20:21:15
...
[sftp-server.c]
add an extension method "posix-rename@openssh.com" to perform POSIX atomic
rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
ok dtucker@ markus@
2008-03-07 18:33:53 +11:00
Damien Miller
58226f6068
- dtucker@cvs.openbsd.org 2008/02/22 20:44:02
...
[clientloop.c packet.c packet.h serverloop.c]
Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
keepalive timer (bz #1307 ). ok markus@
2008-03-07 18:33:30 +11:00
Damien Miller
7cb2b56b1c
- djm@cvs.openbsd.org 2008/02/22 05:58:56
...
[session.c]
closefrom() call was too early, delay it until just before we execute
the user's rc files (if any).
2008-03-07 18:33:12 +11:00
Damien Miller
767087b8ec
- markus@cvs.openbsd.org 2008/02/20 15:25:26
...
[session.c]
correct boolean encoding for coredump; der Mouse via dugsong
2008-03-07 18:32:42 +11:00
Damien Miller
2ee0c43f98
- mbalmer@cvs.openbsd.org 2008/02/14 13:10:31
...
[sshd.c]
When started in configuration test mode (-t) do not check that sshd is
being started with an absolute path.
ok djm
2008-03-07 18:31:47 +11:00
Damien Miller
76e95daad1
- djm@cvs.openbsd.org 2008/02/13 22:38:17
...
[servconf.h session.c sshd.c]
rekey arc4random and OpenSSL RNG in postauth child
closefrom fds > 2 before shell/command execution
ok markus@
2008-03-07 18:31:24 +11:00
Damien Miller
757a38a43b
- jmc@cvs.openbsd.org 2008/02/11 07:58:28
...
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
2008-03-07 18:27:58 +11:00
Darren Tucker
54e859f63d
- (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
...
either, so use our own.
2008-03-02 21:52:27 +11:00
Damien Miller
baf7c3d33a
- (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. From
...
Debian patch via bernd AT openbsd.org
2008-02-29 22:53:40 +11:00
Darren Tucker
ccb13eedd7
- (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.
2008-02-29 15:07:01 +11:00
Darren Tucker
7ec8733247
- (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) in
...
configure (and there's not much point, as openssh won't work without it)
so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
built in. Remove HAVE_SELECT so we can build on platforms without poll.
2008-02-29 13:57:47 +11:00
Darren Tucker
1f1e17bd61
- (dtucker) [sshd.c] Bug #1042 : make log messages for tcpwrappers use the
...
same SyslogFacility as the rest of sshd. Patch from William Knox,
ok djm@.
2008-02-28 23:20:48 +11:00
Darren Tucker
0f26b1386a
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081 : Implement
...
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
2008-02-28 23:16:04 +11:00
Darren Tucker
3d295a6cf0
- (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL
...
compat glue into openssl-compat.h.
2008-02-28 19:22:04 +11:00
Darren Tucker
bfaaf960a0
- (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.c
...
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
header to after OpenSSL headers, since some versions of OpenSSL have
SSLeay_add_all_algorithms as a macro already.
2008-02-28 19:13:52 +11:00
Darren Tucker
e1c4c54211
- (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixes
...
linking problems on AIX with gcc 4.1.x.
2008-02-28 15:01:13 +11:00
Darren Tucker
935e20a3f0
- (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437 : reshuffle
...
headers so ./configure --with-ssl-engine actually works. Patch from
Ian Lister.
2008-02-25 21:13:47 +11:00
Darren Tucker
acada07b52
- (dtucker) [configure.ac audit-bsm.c] Bug #1420 : Add a local implementation
...
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
2008-02-25 21:05:04 +11:00
Darren Tucker
2c2ac033c1
- (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
...
since it now conflicts with the helper function in misc.c. From
vinschen AT redhat.com.
2008-02-25 20:21:20 +11:00
Darren Tucker
2e9b8db4ea
20080224
...
- (tim) [contrib/cygwin/ssh-host-config]
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
2008-02-25 20:18:31 +11:00
Damien Miller
54e3773ccb
- djm@cvs.openbsd.org 2008/02/10 10:54:29
...
[servconf.c session.c]
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
2008-02-10 22:48:55 +11:00
Damien Miller
cdb6e65175
- djm@cvs.openbsd.org 2008/02/10 09:55:37
...
[sshd_config.5]
mantion that "internal-sftp" is useful with ForceCommand too
2008-02-10 22:47:24 +11:00
Damien Miller
520e61552a
- mcbride@cvs.openbsd.org 2008/02/09 12:15:43
...
[ssh.1 sshd.8]
Document the correct permissions for the ~/.ssh/ directory.
ok jmc
2008-02-10 22:46:22 +11:00
Damien Miller
dfc24258a7
- markus@cvs.openbsd.org 2008/02/04 21:53:00
...
[session.c sftp-server.c sftp.h]
link sftp-server into sshd; feedback and ok djm@
2008-02-10 22:29:40 +11:00
Damien Miller
b508faa006
- jmc@cvs.openbsd.org 2008/01/31 20:06:50
...
[scp.1]
explain how to handle local file names containing colons;
requested by Tamas TEVESZ
ok dtucker
2008-02-10 22:28:45 +11:00
Damien Miller
5ed3d575f9
- dtucker@cvs.openbsd.org 2008/01/23 01:56:54
...
[clientloop.c packet.c serverloop.c]
Revert the change for bz #1307 as it causes connection aborts if an IGNORE
packet arrives while we're waiting in packet_read_expect (and possibly
elsewhere).
2008-02-10 22:27:47 +11:00
Damien Miller
acdf25b31f
- djm@cvs.openbsd.org 2008/01/21 19:20:17
...
[sftp-client.c]
when a remote write error occurs during an upload, ensure that ACKs for
all issued requests are properly drained. patch from t8m AT centrum.cz
2008-02-10 22:27:24 +11:00
Damien Miller
3397d0e0c5
- djm@cvs.openbsd.org 2008/01/21 17:24:30
...
[sftp-server.c]
Remove the fixed 100 handle limit in sftp-server and allocate as many
as we have available file descriptors. Patch from miklos AT szeredi.hu;
ok dtucker@ markus@
2008-02-10 22:26:51 +11:00
Damien Miller
aec5cf8a30
- djm@cvs.openbsd.org 2008/01/20 00:38:30
...
[sftp.c]
When uploading, correctly handle the case of an unquoted filename with
glob metacharacters that match a file exactly but not as a glob, e.g. a
file called "[abcd]". report and test cases from duncan2nd AT gmx.de
2008-02-10 22:26:24 +11:00
Damien Miller
3dff176ed9
- djm@cvs.openbsd.org 2008/01/19 23:09:49
...
[readconf.c readconf.h sshconnect2.c]
promote rekeylimit to a int64 so it can hold the maximum useful limit
of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
2008-02-10 22:25:52 +11:00
Damien Miller
3de49f8951
- djm@cvs.openbsd.org 2008/01/19 23:02:40
...
[channels.c]
When we added support for specified bind addresses for port forwards, we
added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
this for -L port forwards that causes the client to listen on both v4
and v6 addresses when connected to a server with this quirk, despite
having set 0.0.0.0 as a bind_address.
report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
2008-02-10 22:25:24 +11:00
Damien Miller
cb2fbb2407
- djm@cvs.openbsd.org 2008/01/19 22:37:19
...
[ssh-keygen.c]
unbreak line numbering (broken in revision 1.164), fix error message
2008-02-10 22:24:55 +11:00
Damien Miller
a8796f3fcc
- djm@cvs.openbsd.org 2008/01/19 22:22:58
...
[ssh-keygen.c]
when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
hash just the specified hostname and not the entire hostspec from the
keyfile. It may be of the form "hostname,ipaddr", which would lead to
a hash that never matches. report and fix from jp AT devnull.cz
2008-02-10 22:24:30 +11:00
Damien Miller
6b0c818568
- djm@cvs.openbsd.org 2008/01/19 22:04:57
...
[sftp-client.c]
fix remote handle leak in do_download() local file open error path;
report and fix from sworley AT chkno.net
2008-02-10 22:23:41 +11:00
Damien Miller
d39a3cffc9
- djm@cvs.openbsd.org 2008/01/19 20:51:26
...
[ssh.c]
ignore SIGPIPE in multiplex client mode - we can receive this if the
server runs out of fds on us midway. Report and patch from
gregory_shively AT fanniemae.com
2008-02-10 22:23:18 +11:00
Damien Miller
b82f5dd17d
- djm@cvs.openbsd.org 2008/01/19 20:48:53
...
[clientloop.c]
fd leak on session multiplexing error path. Report and patch from
gregory_shively AT fanniemae.com
2008-02-10 22:22:53 +11:00
Damien Miller
eb602474fc
- djm@cvs.openbsd.org 2008/01/19 19:13:28
...
[ssh.1]
satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
some commandline parsing warnings go unconditionally to stdout).
2008-02-10 22:21:28 +11:00
Damien Miller
cfe23d34e4
- chl@cvs.openbsd.org 2008/01/11 07:22:28
...
[sftp-client.c sftp-client.h]
disable unused functions
initially from tobias@, but disabled them by placing them in
"#ifdef notyet" which was asked by djm@
ok djm@ tobias@
2008-02-10 22:20:44 +11:00
Damien Miller
49d2a2826a
- (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
...
tsr2600 AT gmail.com
2008-01-20 08:56:00 +11:00
Damien Miller
e27220eb5b
- (djm) Silence noice from expr in ssh-copy-id; patch from
...
mikel AT mikelward.com
2008-01-20 05:52:04 +11:00
Darren Tucker
d4827ab50c
- (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
2008-01-02 18:08:45 +11:00
Darren Tucker
40da29a04c
- dtucker@cvs.openbsd.org 2008/01/01 08:51:20
...
[moduli]
Updated moduli file; ok djm@
2008-01-02 00:09:16 +11:00
Darren Tucker
15f94271be
- dtucker@cvs.openbsd.org 2008/01/01 09:27:33
...
[sshd_config.5 servconf.c]
Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
only from the local network. ok markus@, man page bit ok jmc@
2008-01-01 20:36:56 +11:00
Darren Tucker
4629f93b12
Add missing ChangeLog entries
2008-01-01 20:36:25 +11:00
Darren Tucker
5891116cb3
- dtucker@cvs.openbsd.org 2007/12/31 15:27:04
...
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440 ,
based on a patch from bruno at wolff.to, ok markus@
2008-01-01 20:33:09 +11:00
Darren Tucker
1e44c5ded3
- (dtucker) OpenBSD CVS Sync
...
- dtucker@cvs.openbsd.org 2007/12/31 10:41:31
[readconf.c servconf.c]
Prevent strict-aliasing warnings on newer gcc versions. bz #1355 , patch
from Dmitry V. Levin, ok djm@
2008-01-01 20:32:26 +11:00
Darren Tucker
528d6fa10a
- (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407 : force use of
...
builtin glob implementation on Mac OS X. Based on a patch from
vgiffin at apple.
2007-12-31 21:29:26 +11:00
Darren Tucker
5baa170d77
- dtucker@cvs.openbsd.org 2007/12/28 22:34:47
...
[clientloop.c]
Use the correct packet maximum sizes for remote port and agent forwarding.
Prevents the server from killing the connection if too much data is queued
and an excessively large packet gets sent. bz #1360 , ok djm@.
2007-12-29 09:37:10 +11:00
Darren Tucker
d6725f04e2
- dtucker@cvs.openbsd.org 2007/12/28 15:32:24
...
[clientloop.c serverloop.c packet.c]
Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
ServerAlive and ClientAlive timers. Prevents dropping a connection
when these are enabled but the peer does not support our keepalives.
bz #1307 , ok djm@.
2007-12-29 02:45:07 +11:00
Darren Tucker
4abde771b7
- dtucker@cvs.openbsd.org 2007/12/27 14:22:08
...
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
sshd.c]
Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417 .
ok markus@ stevesk@
2007-12-29 02:43:51 +11:00
Darren Tucker
88b976f214
- djm@cvs.openbsd.org 2007/12/12 05:04:03
...
[sftp.c]
unbreak lls command and add a regress test that would have caught the
breakage; spotted by mouring@
2007-12-29 02:40:43 +11:00
Darren Tucker
06321f5d1d
- deraadt@cvs.openbsd.org 2007/11/03 02:03:49
...
[ssh.c]
avoid errno trashing in signal handler; ok dtucker
2007-12-02 23:22:52 +11:00
Darren Tucker
e143f062ba
- dtucker@cvs.openbsd.org 2007/11/03 02:00:32
...
[ssh.c]
Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
2007-12-02 23:21:16 +11:00
Darren Tucker
b4fbbc6850
- deraadt@cvs.openbsd.org 2007/11/03 01:24:06
...
[ssh.c]
bz #1377 : getpwuid results were being clobbered by another getpw* call
inside tilde_expand_filename(); save the data we need carefully
ok djm
2007-12-02 23:16:32 +11:00
Darren Tucker
23ae8ca948
- djm@cvs.openbsd.org 2007/11/03 00:36:14
...
[clientloop.c]
fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
ok dtucker@
2007-12-02 23:12:30 +11:00
Darren Tucker
63b31cb943
- jmc@cvs.openbsd.org 2007/10/29 07:48:19
...
[ssh_config.5]
clean up after previous macro removal;
2007-12-02 23:09:30 +11:00
Darren Tucker
b776c856aa
- dtucker@cvs.openbsd.org 2007/10/29 06:54:50
...
[ssh.c]
Make LocalCommand work for Protocol 1 too; ok djm@
2007-12-02 23:06:35 +11:00
Darren Tucker
a93cadd3d4
- dtucker@cvs.openbsd.org 2007/10/29 06:51:59
...
[ssh_config.5]
ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
2007-12-02 23:05:09 +11:00
Darren Tucker
2f8b3d9855
- dtucker@cvs.openbsd.org 2007/10/29 04:08:08
...
[monitor_wrap.c monitor.c]
Send config block back to slave for invalid users too so options
set by a Match block (eg Banner) behave the same for non-existent
users. Found by and ok djm@
2007-12-02 23:02:15 +11:00
Darren Tucker
32e42c74a5
- dtucker@cvs.openbsd.org 2007/10/29 01:55:04
...
[ssh.c]
Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
ok djm@
2007-12-02 23:01:03 +11:00
Darren Tucker
541dab2db4
- dtucker@cvs.openbsd.org 2007/10/29 00:52:45
...
[auth2-gss.c]
Allow build without -DGSSAPI; ok deraadt@
(Id sync only, Portable already has the ifdefs)
2007-12-02 22:59:45 +11:00
Darren Tucker
e566230cb0
- (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
...
leftover debug code.
2007-12-02 22:48:40 +11:00
Darren Tucker
319b3d9b00
- (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
...
gcc supports it. ok djm@
2007-12-02 21:02:22 +11:00
Damien Miller
e6d1527949
- djm@cvs.openbsd.org 2007/10/29 23:49:41
...
[openbsd-compat/sys-tree.h]
remove extra backslash at the end of RB_PROTOTYPE, report from
Jan.Pechanec AT Sun.COM; ok deraadt@
2007-10-30 10:52:44 +11:00
Damien Miller
0ff80a1b17
- millert@cvs.openbsd.org 2004/10/07 16:56:11
...
GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
block.
(NB. mostly an RCS ID sync, as portable strips out the conditionals)
2007-10-26 16:48:13 +10:00
Damien Miller
a95c0c224b
- otto@cvs.openbsd.org 2007/04/30 18:42:34
...
[openbsd-compat/sys-queue.h]
Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
Input and okays from krw@, millert@, otto@, deraadt@, miod@.
2007-10-26 16:46:31 +10:00
Damien Miller
03c618afa3
- otto@cvs.openbsd.org 2005/11/25 08:06:25
...
[openbsd-compat/sys-queue.h]
Introduce debugging aid for queue macros. Disabled by default; but
developers are encouraged to run with this enabled.
ok krw@ fgsch@ deraadt@
2007-10-26 16:45:32 +10:00
Damien Miller
300f95fccb
- otto@cvs.openbsd.org 2005/10/25 06:37:47
...
[openbsd-compat/sys-queue.h]
Some uvm problem is being exposed with the more strict macros.
Revert until we've found out what's causing the panics.
2007-10-26 16:44:27 +10:00
Damien Miller
0b6a21d468
- otto@cvs.openbsd.org 2005/10/24 20:25:14
...
[openbsd-compat/sys-queue.h]
Partly backout. NOLIST, used in LISTs is probably interfering.
requested by deraadt@
2007-10-26 16:43:22 +10:00
Damien Miller
9aeef6b50d
- otto@cvs.openbsd.org 2005/10/17 20:19:42
...
[openbsd-compat/sys-queue.h]
Performing certain operations on queue.h data structurs produced
funny results. An example is calling LIST_REMOVE on the same
element twice. This will not fail, but result in a data structure
referencing who knows what. Prevent these accidents by NULLing some
fields on remove and replace. This way, either a panic or segfault
will be produced on the faulty operation.
2007-10-26 16:42:18 +10:00
Damien Miller
d129ecb0f9
- deraadt@cvs.openbsd.org 2005/02/25 13:29:30
...
[openbsd-compat/sys-queue.h]
minor white spacing
2007-10-26 16:41:14 +10:00
Damien Miller
b99f5f714b
- grange@cvs.openbsd.org 2004/05/04 16:59:32
...
[openbsd-compat/sys-queue.h]
Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
ok millert krw deraadt
2007-10-26 16:40:20 +10:00
Damien Miller
0afeae426c
- tdeval@cvs.openbsd.org 2004/11/24 18:10:42
...
[openbsd-compat/sys-tree.h]
typo
2007-10-26 16:39:05 +10:00
Damien Miller
88aa4e3d61
- frantzen@@cvs.openbsd.org 2004/04/24 18:11:46
...
[openbsd-compat/tree.h]
sync to Niels Provos' version. avoid unused variable warning in
RB_NEXT()
2007-10-26 16:37:43 +10:00
Damien Miller
2f715eeb5c
- jakob@cvs.openbsd.org 2007/10/11 18:36:41
...
[openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
use RRSIG instead of SIG for DNSSEC. ok djm@
2007-10-26 16:26:46 +10:00
Damien Miller
1651f6c40e
- otto@cvs.openbsd.org 2006/10/21 09:55:03
...
[openbsd-compat/base64.c]
remove calls to abort(3) that can't happen anyway; from
<bret dot lambert at gmail.com>; ok millert@ deraadt@
2007-10-26 16:17:24 +10:00
Damien Miller
a97529fa2e
- (djm) [openbsd-compat/bindresvport.c]
...
Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
2007-10-26 16:16:09 +10:00
Damien Miller
9ed5643491
- jakob@cvs.openbsd.org 2007/10/11 18:36:41
...
[openbsd-compat/getrrsetbyname.c]
use RRSIG instead of SIG for DNSSEC. ok djm@
2007-10-26 16:14:46 +10:00
Damien Miller
9c51c8d81a
- deraadt@cvs.openbsd.org 2005/11/28 17:50:12
...
[openbsd-compat/glob.c]
unused arg in internal static API
2007-10-26 16:13:39 +10:00
Damien Miller
89437edafd
- (djm) [regress/sftp-cmds.sh]
...
Use more restrictive glob to pick up test files from /bin - some platforms
ship broken symlinks there which could spoil the test.
2007-10-26 15:37:50 +10:00
Damien Miller
da1e4bd3bf
- djm@cvs.openbsd.org 2007/10/26 05:30:01
...
[regress/sftp-glob.sh regress/test-exec.sh]
remove "echo -E" crap that I added in last commit and use printf(1) for
cases where we strictly require echo not to reprocess escape characters.
2007-10-26 15:35:54 +10:00
Damien Miller
ce0e60ee57
- djm@cvs.openbsd.org 2007/10/24 03:32:35
...
[regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
comprehensive tests for sftp escaping its interaction with globbing;
ok dtucker@
2007-10-26 14:54:12 +10:00
Damien Miller
47d7dc8530
- pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
...
[regress/cipher-speed.sh regress/try-ciphers.sh]
test umac-64@openssh.com
ok djm@
2007-10-26 14:45:57 +10:00
Damien Miller
80ba1300e2
- dtucker@cvs.openbsd.org 2006/12/13 08:36:36
...
[regress/cfgmatch.sh]
Additional test for multiple PermitOpen entries. ok djm@
2007-10-26 14:45:13 +10:00
Damien Miller
99ad35352a
- markus@cvs.openbsd.org 2006/11/06 09:27:43
...
[regress/cfgmatch.sh]
fix quoting for non-(c)sh login shells.
2007-10-26 14:44:34 +10:00
Damien Miller
fa66aa739f
- djm@cvs.openbsd.org 2006/08/29 09:44:00
...
[regress/sftp-cmds.sh]
clean up our mess
2007-10-26 14:43:50 +10:00
Damien Miller
77d57b06a4
- djm@cvs.openbsd.org 2007/10/24 03:44:02
...
[scp.c]
factor out network read/write into an atomicio()-like function, and
use it to handle short reads, apply bandwidth limits and update
counters. make network IO non-blocking, so a small trickle of
reads/writes has a chance of updating the progress meter; bz #799
ok dtucker@
2007-10-26 14:28:01 +10:00
Damien Miller
1cbc292bc0
- djm@cvs.openbsd.org 2007/10/24 03:30:02
...
[sftp.c]
rework argument splitting and parsing to cope correctly with common
shell escapes and make handling of escaped characters consistent
with sh(1) and between sftp commands (especially between ones that
glob their arguments and ones that don't).
parse command flags using getopt(3) rather than hand-rolled parsers.
ok dtucker@
2007-10-26 14:27:45 +10:00
Damien Miller
5a4456c6a5
- markus@cvs.openbsd.org 2007/10/22 19:10:24
...
[readconf.c]
make sure that both the local and remote port are correct when
parsing -L; Jan Pechanec (bz #1378 )
2007-10-26 14:27:22 +10:00
Damien Miller
3dddab3b95
- chl@cvs.openbsd.org 2007/10/02 17:49:58
...
[ssh-keygen.c]
handles zero-sized strings that fgets can return
properly removes trailing newline
removes an unused variable
correctly counts line number
"looks ok" ray@ markus@
2007-10-26 14:27:02 +10:00
Damien Miller
0f4ed693d6
- chl@cvs.openbsd.org 2007/10/02 17:49:58
...
[ssh-keygen.c]
handles zero-sized strings that fgets can return
2007-10-26 14:26:32 +10:00
Damien Miller
b8c9807628
- dtucker@cvs.openbsd.org 2007/09/29 00:25:51
...
[auth2.c]
Remove unused prototype. ok djm@
2007-10-26 14:26:15 +10:00
Damien Miller
603077ab4c
- ray@cvs.openbsd.org 2007/09/27 00:15:57
...
[dh.c]
Don't return -1 on error in dh_pub_is_valid(), since it evaluates
to true.
Also fix a typo.
Initial diff from Matthew Dempsky, input from djm.
OK djm, markus.
2007-10-26 14:25:55 +10:00
Damien Miller
4c7728c651
- canacar@cvs.openbsd.org 2007/09/25 23:48:57
...
[ssh-agent.c]
When adding a key that already exists, update the properties
(time, confirm, comment) instead of discarding them. ok djm@ markus@
2007-10-26 14:25:31 +10:00
Damien Miller
733124b5dd
- djm@cvs.openbsd.org 2007/09/21 08:15:29
...
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
[monitor.c monitor_wrap.c]
unifdef -DBSD_AUTH
unifdef -USKEY
These options have been in use for some years;
ok markus@ "no objection" millert@
(NB. RCD ID sync only for portable)
2007-10-26 14:25:12 +10:00
Damien Miller
cfb606cd5f
- djm@cvs.openbsd.org 2007/09/21 03:05:23
...
[ssh_config.5]
document KbdInteractiveAuthentication in ssh_config.5;
patch from dkg AT fifthhorseman.net
2007-10-26 14:24:48 +10:00
Damien Miller
32a9dba66d
- stevesk@cvs.openbsd.org 2007/09/11 23:49:09
...
[sshpty.c]
remove #if defined block not needed; ok markus@ dtucker@
(NB. RCD ID sync only for portable)
2007-10-26 14:24:30 +10:00
Darren Tucker
bc1bd9dbe3
- (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
...
so disable it for that platform. From bacon at cs nyu edu.
2007-09-27 07:03:20 +10:00
Darren Tucker
7c92a65a1d
- (dtucker) [configure.ac atomicio.c] Fall back to <sys/poll.h> if we don't
...
have <poll.h> (eq QNX). From bacon at cs nyu edu.
2007-09-27 07:00:09 +10:00
Damien Miller
ed626b42cc
- (djm) [atomicio.c] Fix spin avoidance for platforms that define
...
EWOULDBLOCK; patch from ben AT psc.edu
2007-09-21 13:12:49 +10:00
Tim Rice
6ebefac25a
- (tim) [defines.h] Fix regression in long password support on OpenServer 6.
...
Problem report and additional testing rac AT tenzing.org.
2007-09-17 08:32:32 -07:00
Damien Miller
8b3fdfb6af
- djm@cvs.openbsd.org 2007/09/16 00:55:52
...
[sftp-client.c]
use off_t instead of u_int64_t for file offsets, matching what the
progressmeter code expects; bz #842
2007-09-17 16:12:03 +10:00
Damien Miller
35e18dba89
- djm@cvs.openbsd.org 2007/09/13 04:39:04
...
[sftp-server.c]
fix incorrect test when setting syslog facility; from Jan Pechanec
2007-09-17 16:11:33 +10:00
Damien Miller
83e04f2023
- stevesk@cvs.openbsd.org 2007/09/12 19:39:19
...
[umac.c]
use xmalloc() and xfree(); ok markus@ pvalchev@
2007-09-17 16:11:01 +10:00
Damien Miller
1235cd387e
- stevesk@cvs.openbsd.org 2007/09/11 23:49:09
...
[sshpty.c]
remove #if defined block not needed; ok markus@ dtucker@
NB. RCS ID sync only
2007-09-17 16:10:21 +10:00
Damien Miller
14b017d6f2
- gilles@cvs.openbsd.org 2007/09/11 15:47:17
...
[session.c ssh-keygen.c sshlogin.c]
use strcspn to properly overwrite '\n' in fgets returned buffer
ok pyr@, ray@, millert@, moritz@, chl@
2007-09-17 16:09:15 +10:00
Damien Miller
9c89c837cc
- stevesk@cvs.openbsd.org 2007/09/11 04:36:29
...
[sshpty.c]
sort #include
NB. RCS ID sync only
2007-09-17 16:07:32 +10:00
Damien Miller
5cbe7ca18d
- sobrado@cvs.openbsd.org 2007/09/09 11:38:01
...
[ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
sort synopsis and options in ssh-agent(1); usage is lowercase
ok jmc@
2007-09-17 16:05:50 +10:00
Damien Miller
67bd062b27
- djm@cvs.openbsd.org 2007/09/04 11:15:56
...
[ssh.c sshconnect.c sshconnect.h]
make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
SSH banner exchange (previously it just covered the TCP connection).
This allows callers of ssh(1) to better detect and deal with stuck servers
that accept a TCP connection but don't progress the protocol, and also
makes ConnectTimeout useful for connections via a ProxyCommand;
feedback and "looks ok" markus@
2007-09-17 12:06:57 +10:00
Damien Miller
54fd7cf2db
- djm@cvs.openbsd.org 2007/09/04 03:21:03
...
[clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
[monitor_wrap.c ssh.c]
make file descriptor passing code return an error rather than call fatal()
when it encounters problems, and use this to make session multiplexing
masters survive slaves failing to pass all stdio FDs; ok markus@
2007-09-17 12:04:08 +10:00
Damien Miller
1d824ab2e7
- djm@cvs.openbsd.org 2007/08/23 03:23:26
...
[sshconnect.c]
Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
2007-09-17 11:58:04 +10:00
Damien Miller
4890e53977
- djm@cvs.openbsd.org 2007/08/23 03:22:16
...
[auth2-none.c sshd_config sshd_config.5]
Support "Banner=none" to disable displaying of the pre-login banner;
ok dtucker@ deraadt@
2007-09-17 11:57:38 +10:00
Damien Miller
6f40204c44
- djm@cvs.openbsd.org 2007/08/23 03:06:10
...
[auth.h]
login_cap.h doesn't belong here
NB. RCS ID sync only for portable
2007-09-17 11:55:25 +10:00
Damien Miller
6ef50134c2
- djm@cvs.openbsd.org 2007/08/23 02:55:51
...
[auth-passwd.c auth.c session.c]
missed include bits from last commit
NB. RCS ID sync only for portable
2007-09-17 11:54:24 +10:00
Damien Miller
6572db28fd
- djm@cvs.openbsd.org 2007/08/23 02:49:43
...
[auth-passwd.c auth.c session.c]
unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
NB. RCS ID sync only for portable
2007-09-17 11:52:59 +10:00
Darren Tucker
84287b831e
- (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
...
Patch from Jan.Pechanec at sun com.
2007-09-14 10:04:15 +10:00
Tim Rice
0eeaf127b5
- (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
...
did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
2007-09-10 16:24:17 -07:00
Darren Tucker
e296d58dcf
- (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358 : Always
...
return 0 on successful test. From David.Leonard at quest com.
2007-09-10 13:20:14 +10:00
Damien Miller
ac4ee1eb0f
don't say it twice
2007-09-04 16:49:39 +10:00
Damien Miller
6c3d7035a1
credit Jan Pechanec
2007-09-04 14:26:32 +10:00
Darren Tucker
ef15482d87
Mention Jan Pechanec
2007-09-04 14:05:24 +10:00
Darren Tucker
fb206ded16
- (dtucker) [INSTALL] Link to tcpwrappers.
2007-08-17 22:52:05 +10:00
Darren Tucker
8ea84561c4
- (dtucker) [INSTALL] Give PAM its own heading.
2007-08-17 22:12:14 +10:00
Darren Tucker
ea43c49650
- (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
2007-08-17 22:10:10 +10:00
Darren Tucker
1a32953e48
- (dtucker) [INSTALL] Group the parts describing random options and PAM
...
implementations together which is hopefully more coherent.
2007-08-17 22:03:09 +10:00
Darren Tucker
1a9176bf22
- (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
...
accounts and that's what the code looks for, so make man page and code
agree. Pointed out by Roumen Petrov.
2007-08-17 09:42:32 +10:00
Darren Tucker
9142e1c66d
- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
...
connections too. Based on a patch from Sandro Wefel, with & ok djm@
2007-08-16 23:28:04 +10:00
Darren Tucker
fc5d188b34
- stevesk@cvs.openbsd.org 2007/08/15 12:13:41
...
[ssh_config.5]
tun device forwarding now honours ExitOnForwardFailure; ok markus@
2007-08-15 22:20:22 +10:00
Darren Tucker
9d81fdc664
- (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
...
contrib/suse/openssh.spec] Crank version.
2007-08-15 19:22:20 +10:00
Darren Tucker
794f97026e
- (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
...
ok djm@
2007-08-15 19:17:43 +10:00
Darren Tucker
69fe0e1398
- markus@cvs.openbsd.org 2007/08/15 08:16:49
...
[version.h]
openssh 4.7
2007-08-15 19:14:52 +10:00
Darren Tucker
513d13accd
- markus@cvs.openbsd.org 2007/08/15 08:14:46
...
[clientloop.c]
do NOT fall back to the trused x11 cookie if generation of an untrusted
cookie fails; from security-alert at sun.com; ok dtucker
2007-08-15 19:13:41 +10:00
Darren Tucker
2d9636471b
- (dtucker) [session.c] Bug #1339 : ensure that pam_setcred() is always
...
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
with pam_dhkeys. Patch from David Leonard, ok djm@
2007-08-13 23:11:56 +10:00
Darren Tucker
8acb3b665b
- (dtucker) [configure.ac] Bug #1343 : Set DISABLE_FD_PASSING for QNX6. From.
...
Matt Kraai, ok djm@.
2007-08-10 14:36:12 +10:00
Darren Tucker
57d4ca9681
- (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
2007-08-10 14:32:34 +10:00
Darren Tucker
7015e9667a
Credit Bernhard Simon who also reported this.
2007-08-09 15:03:23 +10:00
Darren Tucker
a5b6f72a52
- (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
...
used anywhere and are a potential source of warnings.
2007-08-09 14:37:52 +10:00
Darren Tucker
6f6b27d515
- (dtucker) [README.platform] Document the interaction between PermitRootLogin
...
and the AIX native login restrictions.
2007-08-09 14:31:53 +10:00
Darren Tucker
863cfa0e6f
- (dtucker) [openbsd-compat/port-aix.c] Comment typo.
2007-08-09 14:29:47 +10:00
Damien Miller
b3ce9fec30
- djm@cvs.openbsd.org 2007/08/07 07:32:53
...
[clientloop.c clientloop.h ssh.c]
bz#1232: ensure that any specified LocalCommand is executed after the
tunnel device is opened. Also, make failures to open a tunnel device
fatal when ExitOnForwardFailure is active.
Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
2007-08-08 14:32:41 +10:00
Damien Miller
647d97b1ab
- sobrado@cvs.openbsd.org 2007/08/06 19:16:06
...
[scp.1 scp.c]
the ellipsis is not an optional argument; while here, sync the usage
and synopsis of commands
lots of good ideas by jmc@
ok jmc@
2007-08-08 14:29:58 +10:00
Damien Miller
932040285f
- ray@cvs.openbsd.org 2007/07/12 05:48:05
...
[key.c]
Delint: remove some unreachable statements, from Bret Lambert.
OK markus@ and dtucker@.
2007-08-08 14:28:26 +10:00
Tim Rice
cd22d30f32
- (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
2007-07-24 21:40:59 -07:00
Tim Rice
ffe3a8ec7e
- (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
...
files are installed.
2007-07-24 21:16:07 -07:00
Tim Rice
bf0212d1b7
- (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
...
Report/patch by David.Leonard AT quest.com
2007-07-24 20:54:09 -07:00
Tim Rice
947fd59f7a
- (tim) [openssh.xml.in] make FMRI match what package scripts use.
2007-07-24 13:13:42 -07:00
Damien Miller
0d7b93473c
- (djm) bz#1325: Fix SELinux in permissive mode where it would
...
incorrectly fatal() on errors. patch from cjwatson AT debian.org;
ok dtucker
2007-06-28 08:48:02 +10:00
Darren Tucker
febf0f5668
- (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
Add an implementation of poll() built on top of select(2). Code from
OpenNTPD with changes suggested by djm. ok djm@
2007-06-25 22:15:12 +10:00
Darren Tucker
dc4a779fbb
- dtucker@cvs.openbsd.org 2007/06/25 12:02:27
...
[atomicio.c]
Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
2007-06-25 22:08:10 +10:00
Darren Tucker
9e223240ac
- (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
...
atomicio.
2007-06-25 19:06:53 +10:00
Darren Tucker
ae09cb8a71
- dtucker@cvs.openbsd.org 2007/06/25 08:20:03
...
[channels.c]
Correct test for window updates every three packets; prevents sending
window updates for every single packet. ok markus@
2007-06-25 19:04:46 +10:00
Darren Tucker
ab17f7d67b
- djm@cvs.openbsd.org 2007/06/19 02:04:43
...
[atomicio.c]
if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
avoid a spin if it is not yet ready for reading/writing; ok dtucker@
2007-06-25 19:04:12 +10:00
Darren Tucker
132367f76f
- djm@cvs.openbsd.org 2007/06/14 22:48:05
...
[ssh.c]
when waiting for the multiplex exit status, read until the master end
writes an entire int of data *and* closes the client_fd; fixes mux
regression spotted by dtucker, ok dtucker@
2007-06-25 18:59:17 +10:00
Darren Tucker
d989adadd3
- djm@cvs.openbsd.org 2007/06/14 21:43:25
...
[ssh.c]
handle EINTR when waiting for mux exit status properly
2007-06-25 18:34:43 +10:00
Darren Tucker
067263e848
- djm@cvs.openbsd.org 2007/06/13 00:21:27
...
[scp.c]
don't ftruncate() non-regular files; bz#1236 reported by wood AT
xmission.com; ok dtucker@
2007-06-25 18:32:33 +10:00
Darren Tucker
7dae3d296e
- (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
...
of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
subsequent <0.9.7 test.
2007-06-14 23:47:31 +10:00
Darren Tucker
a2ed75582f
- (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
...
sections. Fixes builds with early OpenSSL 0.9.6 versions.
2007-06-14 23:38:39 +10:00
Darren Tucker
cb52017ad9
- (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
...
USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
shared with umac.c. Allows building with OpenSSL 0.9.5 again including
umac support. With tim@ djm@, ok djm.
2007-06-14 23:21:32 +10:00
Darren Tucker
bed63112f5
- dtucker@cvs.openbsd.org 2007/06/12 13:54:28
...
[scp.c]
Encode filename with strnvis if the name contains a newline (which can't
be represented in the scp protocol), from bz #891 . ok markus@
2007-06-13 00:02:07 +10:00
Darren Tucker
0409e15078
- jmc@cvs.openbsd.org 2007/06/12 13:43:55
...
[ssh.1]
add -K to SYNOPSIS;
2007-06-13 00:00:58 +10:00
Darren Tucker
930cb0b718
- jmc@cvs.openbsd.org 2007/06/12 13:41:03
...
[ssh-add.1]
identies -> identities;
2007-06-13 00:00:27 +10:00
Darren Tucker
b1e128f75a
- dtucker@cvs.openbsd.org 2007/06/12 11:56:15
...
[gss-genr.c]
Pass GSS OID to gss_display_status to provide better information in
error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
2007-06-12 23:44:36 +10:00
Darren Tucker
2604749651
- djm@cvs.openbsd.org 2007/06/12 11:45:27
...
[ssh.c]
improved exit message from multiplex slave sessions; bz #1262
reported by alexandre.nunes AT gmail.com; ok dtucker@
2007-06-12 23:44:10 +10:00
Darren Tucker
415bddc1bd
- djm@cvs.openbsd.org 2007/06/12 11:15:17
...
[ssh.c ssh.1]
Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
and is useful for hosts with /home on Kerberised NFS; bz #1312
patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
2007-06-12 23:43:16 +10:00
Darren Tucker
2cbec749d7
- djm@cvs.openbsd.org 2007/06/12 11:11:08
...
[ssh.c]
fix slave exit value when a control master goes away without passing the
full exit status by ensuring that the slave reads a full int. bz#1261
reported by frekko AT gmail.com; ok markus@ dtucker@
2007-06-12 23:41:33 +10:00
Darren Tucker
43ce902449
- djm@cvs.openbsd.org 2007/06/12 08:24:20
...
[scp.c]
make scp try to skip FIFOs rather than blocking when nothing is listening.
depends on the platform supporting sane O_NONBLOCK semantics for open
on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
bz #856 ; report by cjwatson AT debian.org; ok markus@
2007-06-12 23:41:06 +10:00
Darren Tucker
8f6d0ed60e
- djm@cvs.openbsd.org 2007/06/12 08:20:00
...
[ssh-gss.h gss-serv.c gss-genr.c]
relocate server-only GSSAPI code from libssh to server; bz #1225
patch from simon AT sxw.org.uk; ok markus@ dtucker@
2007-06-12 23:40:39 +10:00
Darren Tucker
29a5707acc
- djm@cvs.openbsd.org 2007/06/12 07:41:00
...
[ssh-add.1]
better document ssh-add's -d option (delete identies from agent), bz#1224
new text based on some provided by andrewmc-debian AT celt.dias.ie;
ok dtucker@
2007-06-12 23:39:52 +10:00
Darren Tucker
395ecc2bde
- markus@cvs.openbsd.org 2007/06/11 09:14:00
...
[channels.h]
increase default channel windows; ok djm
2007-06-12 23:38:53 +10:00
Damien Miller
3191a8e8ba
- markus@cvs.openbsd.org 2007/06/11 08:04:44
...
[channels.c]
send 'window adjust' messages every tree packets and do not wait
until 50% of the window is consumed. ok djm dtucker
2007-06-11 18:33:15 +10:00
Darren Tucker
725286e223
- (dtucker) [includes.h] Bug #1243 : HAVE_PATHS -> HAVE_PATHS_H. Should
...
prevent warnings about redefinitions of various things in paths.h.
Spotted by cartmanltd at hotmail.com.
2007-06-11 14:44:02 +10:00
Darren Tucker
1534fa41e0
- (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
...
argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
but check anyway in case this changes or the code gets used elsewhere.
2007-06-11 14:34:53 +10:00
Damien Miller
34a176995f
- (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
...
fallback to provided bit-swizzing functions
2007-06-11 14:15:42 +10:00
Damien Miller
22b7b49331
- jmc@cvs.openbsd.org 2007/06/08 07:48:09
...
[sshd_config.5]
oops, here too: put the MAC list into a display, like we do for
ciphers, since groff has trouble with wide lines;
2007-06-11 14:07:12 +10:00
Damien Miller
5e7c30bdf1
- jmc@cvs.openbsd.org 2007/06/08 07:43:46
...
[ssh_config.5]
put the MAC list into a display, like we do for ciphers,
since groff has trouble handling wide lines;
2007-06-11 14:06:32 +10:00
Damien Miller
4de545a6fb
- pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
...
[ssh_config]
Add a "MACs" line after "Ciphers" with the default MAC algorithms,
to ease people who want to tweak both (eg. for performance reasons).
ok deraadt@ djm@ dtucker@
2007-06-11 14:04:42 +10:00
Damien Miller
e45796f7b4
- pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
...
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
must specify umac-64@openssh.com ). Provides about 20% end-to-end speedup
compared to hmac-md5. Represents a different approach to message
authentication to that of HMAC that may be beneficial if HMAC based on
one of its underlying hash algorithms is found to be vulnerable to a
new attack. http://www.ietf.org/rfc/rfc4418.txt
in conjunction with and OK djm@
2007-06-11 14:01:42 +10:00
Damien Miller
835284b74c
- (djm) Bugzilla #1306 : silence spurious error messages from hang-on-exit
...
fix; tested by dtucker@ and jochen.kirn AT gmail.com
2007-06-11 13:03:16 +10:00
Darren Tucker
0c0dc49bd1
- (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
2007-06-05 20:01:16 +10:00
Darren Tucker
88bca0641d
- (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
...
mindrot's cvs doesn't expand it on us.
2007-06-05 19:30:47 +10:00
Darren Tucker
51e5ab06d3
- (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that
...
OpenBSD's cvs now adds.
2007-06-05 19:16:59 +10:00
Darren Tucker
5f3d5be52f
- djm@cvs.openbsd.org 2007/06/05 06:52:37
...
[kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
Preserve MAC ctx between packets, saving 2xhash calls per-packet.
Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
committing at his request)
2007-06-05 18:30:18 +10:00
Darren Tucker
7b21cb5bdc
- djm@cvs.openbsd.org 2007/06/02 09:04:58
...
[bufbn.c]
memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
2007-06-05 18:29:35 +10:00
Darren Tucker
a394f9913c
- djm@cvs.openbsd.org 2007/05/31 23:34:29
...
[packet.c]
gc unreachable code; spotted by Tavis Ormandy
2007-06-05 18:28:20 +10:00
Darren Tucker
aa4d5eda10
- jmc@cvs.openbsd.org 2007/05/31 19:20:16
...
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
convert to new .Dd format;
(We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 18:27:13 +10:00
Darren Tucker
0d0d195969
- djm@cvs.openbsd.org 2007/05/30 05:58:13
...
[kex.c]
tidy: KNF, ARGSUSED and u_int
2007-06-05 18:23:28 +10:00
Darren Tucker
4a40ae28c3
- djm@cvs.openbsd.org 2007/05/22 10:18:52
...
[sshd.c]
zap double include; from p_nowaczyk AT o2.pl
(not required in -portable, Id sync only)
2007-06-05 18:22:32 +10:00
Darren Tucker
2216471510
- (dtucker) [auth-pam.c] Return empty string if fgets fails in
...
sshpam_tty_conv. Patch from ldv at altlinux.org.
2007-05-20 15:26:07 +10:00
Darren Tucker
29171e9f5c
- (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
...
ldv at altlinux.org.
2007-05-20 15:20:08 +10:00
Darren Tucker
f520ea1567
- jolan@cvs.openbsd.org 2007/05/17 23:53:41
...
[sshconnect2.c]
djm owes me a vb and a tism cd for breaking ssh compilation
2007-05-20 15:11:33 +10:00
Darren Tucker
7fa339bb7c
- djm@cvs.openbsd.org 2007/05/17 20:52:13
...
[monitor.c]
pass received SIGINT from monitor to postauth child so it can clean
up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
ok markus@
2007-05-20 15:10:16 +10:00
Darren Tucker
26c6662834
- djm@cvs.openbsd.org 2007/05/17 20:48:13
...
[sshconnect2.c]
fall back to gethostname() when the outgoing connection is not
on a socket, such as is the case when ProxyCommand is used.
Gives hostbased auth an opportunity to work; bz#616, report
and feedback stuart AT kaloram.com; ok markus@
2007-05-20 15:09:42 +10:00