a93cadd3d4
- dtucker@cvs.openbsd.org 2007/10/29 06:51:59
...
[ssh_config.5]
ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
2007-12-02 23:05:09 +11:00
2f8b3d9855
- dtucker@cvs.openbsd.org 2007/10/29 04:08:08
...
[monitor_wrap.c monitor.c]
Send config block back to slave for invalid users too so options
set by a Match block (eg Banner) behave the same for non-existent
users. Found by and ok djm@
2007-12-02 23:02:15 +11:00
32e42c74a5
- dtucker@cvs.openbsd.org 2007/10/29 01:55:04
...
[ssh.c]
Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
ok djm@
2007-12-02 23:01:03 +11:00
541dab2db4
- dtucker@cvs.openbsd.org 2007/10/29 00:52:45
...
[auth2-gss.c]
Allow build without -DGSSAPI; ok deraadt@
(Id sync only, Portable already has the ifdefs)
2007-12-02 22:59:45 +11:00
e566230cb0
- (dtucker) [scp.c] Update $OpenBSD tag missing from rev 1.175 and remove
...
leftover debug code.
2007-12-02 22:48:40 +11:00
319b3d9b00
- (dtucker) [configure.ac] Enable -fstack-protector-all on systems where
...
gcc supports it. ok djm@
2007-12-02 21:02:22 +11:00
e6d1527949
- djm@cvs.openbsd.org 2007/10/29 23:49:41
...
[openbsd-compat/sys-tree.h]
remove extra backslash at the end of RB_PROTOTYPE, report from
Jan.Pechanec AT Sun.COM; ok deraadt@
2007-10-30 10:52:44 +11:00
0ff80a1b17
- millert@cvs.openbsd.org 2004/10/07 16:56:11
...
GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
block.
(NB. mostly an RCS ID sync, as portable strips out the conditionals)
2007-10-26 16:48:13 +10:00
a95c0c224b
- otto@cvs.openbsd.org 2007/04/30 18:42:34
...
[openbsd-compat/sys-queue.h]
Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
Input and okays from krw@, millert@, otto@, deraadt@, miod@.
2007-10-26 16:46:31 +10:00
03c618afa3
- otto@cvs.openbsd.org 2005/11/25 08:06:25
...
[openbsd-compat/sys-queue.h]
Introduce debugging aid for queue macros. Disabled by default; but
developers are encouraged to run with this enabled.
ok krw@ fgsch@ deraadt@
2007-10-26 16:45:32 +10:00
300f95fccb
- otto@cvs.openbsd.org 2005/10/25 06:37:47
...
[openbsd-compat/sys-queue.h]
Some uvm problem is being exposed with the more strict macros.
Revert until we've found out what's causing the panics.
2007-10-26 16:44:27 +10:00
0b6a21d468
- otto@cvs.openbsd.org 2005/10/24 20:25:14
...
[openbsd-compat/sys-queue.h]
Partly backout. NOLIST, used in LISTs is probably interfering.
requested by deraadt@
2007-10-26 16:43:22 +10:00
9aeef6b50d
- otto@cvs.openbsd.org 2005/10/17 20:19:42
...
[openbsd-compat/sys-queue.h]
Performing certain operations on queue.h data structurs produced
funny results. An example is calling LIST_REMOVE on the same
element twice. This will not fail, but result in a data structure
referencing who knows what. Prevent these accidents by NULLing some
fields on remove and replace. This way, either a panic or segfault
will be produced on the faulty operation.
2007-10-26 16:42:18 +10:00
d129ecb0f9
- deraadt@cvs.openbsd.org 2005/02/25 13:29:30
...
[openbsd-compat/sys-queue.h]
minor white spacing
2007-10-26 16:41:14 +10:00
b99f5f714b
- grange@cvs.openbsd.org 2004/05/04 16:59:32
...
[openbsd-compat/sys-queue.h]
Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
ok millert krw deraadt
2007-10-26 16:40:20 +10:00
0afeae426c
- tdeval@cvs.openbsd.org 2004/11/24 18:10:42
...
[openbsd-compat/sys-tree.h]
typo
2007-10-26 16:39:05 +10:00
88aa4e3d61
- frantzen@@cvs.openbsd.org 2004/04/24 18:11:46
...
[openbsd-compat/tree.h]
sync to Niels Provos' version. avoid unused variable warning in
RB_NEXT()
2007-10-26 16:37:43 +10:00
2f715eeb5c
- jakob@cvs.openbsd.org 2007/10/11 18:36:41
...
[openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
use RRSIG instead of SIG for DNSSEC. ok djm@
2007-10-26 16:26:46 +10:00
1651f6c40e
- otto@cvs.openbsd.org 2006/10/21 09:55:03
...
[openbsd-compat/base64.c]
remove calls to abort(3) that can't happen anyway; from
<bret dot lambert at gmail.com>; ok millert@ deraadt@
2007-10-26 16:17:24 +10:00
a97529fa2e
- (djm) [openbsd-compat/bindresvport.c]
...
Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
2007-10-26 16:16:09 +10:00
9ed5643491
- jakob@cvs.openbsd.org 2007/10/11 18:36:41
...
[openbsd-compat/getrrsetbyname.c]
use RRSIG instead of SIG for DNSSEC. ok djm@
2007-10-26 16:14:46 +10:00
9c51c8d81a
- deraadt@cvs.openbsd.org 2005/11/28 17:50:12
...
[openbsd-compat/glob.c]
unused arg in internal static API
2007-10-26 16:13:39 +10:00
89437edafd
- (djm) [regress/sftp-cmds.sh]
...
Use more restrictive glob to pick up test files from /bin - some platforms
ship broken symlinks there which could spoil the test.
2007-10-26 15:37:50 +10:00
da1e4bd3bf
- djm@cvs.openbsd.org 2007/10/26 05:30:01
...
[regress/sftp-glob.sh regress/test-exec.sh]
remove "echo -E" crap that I added in last commit and use printf(1) for
cases where we strictly require echo not to reprocess escape characters.
2007-10-26 15:35:54 +10:00
ce0e60ee57
- djm@cvs.openbsd.org 2007/10/24 03:32:35
...
[regress/sftp-cmds.sh regress/sftp-glob.sh regress/test-exec.sh]
comprehensive tests for sftp escaping its interaction with globbing;
ok dtucker@
2007-10-26 14:54:12 +10:00
47d7dc8530
- pvalchev@cvs.openbsd.org 2007/06/07 19:41:46
...
[regress/cipher-speed.sh regress/try-ciphers.sh]
test umac-64@openssh.com
ok djm@
2007-10-26 14:45:57 +10:00
80ba1300e2
- dtucker@cvs.openbsd.org 2006/12/13 08:36:36
...
[regress/cfgmatch.sh]
Additional test for multiple PermitOpen entries. ok djm@
2007-10-26 14:45:13 +10:00
99ad35352a
- markus@cvs.openbsd.org 2006/11/06 09:27:43
...
[regress/cfgmatch.sh]
fix quoting for non-(c)sh login shells.
2007-10-26 14:44:34 +10:00
fa66aa739f
- djm@cvs.openbsd.org 2006/08/29 09:44:00
...
[regress/sftp-cmds.sh]
clean up our mess
2007-10-26 14:43:50 +10:00
77d57b06a4
- djm@cvs.openbsd.org 2007/10/24 03:44:02
...
[scp.c]
factor out network read/write into an atomicio()-like function, and
use it to handle short reads, apply bandwidth limits and update
counters. make network IO non-blocking, so a small trickle of
reads/writes has a chance of updating the progress meter; bz #799
ok dtucker@
2007-10-26 14:28:01 +10:00
1cbc292bc0
- djm@cvs.openbsd.org 2007/10/24 03:30:02
...
[sftp.c]
rework argument splitting and parsing to cope correctly with common
shell escapes and make handling of escaped characters consistent
with sh(1) and between sftp commands (especially between ones that
glob their arguments and ones that don't).
parse command flags using getopt(3) rather than hand-rolled parsers.
ok dtucker@
2007-10-26 14:27:45 +10:00
5a4456c6a5
- markus@cvs.openbsd.org 2007/10/22 19:10:24
...
[readconf.c]
make sure that both the local and remote port are correct when
parsing -L; Jan Pechanec (bz #1378 )
2007-10-26 14:27:22 +10:00
3dddab3b95
- chl@cvs.openbsd.org 2007/10/02 17:49:58
...
[ssh-keygen.c]
handles zero-sized strings that fgets can return
properly removes trailing newline
removes an unused variable
correctly counts line number
"looks ok" ray@ markus@
2007-10-26 14:27:02 +10:00
0f4ed693d6
- chl@cvs.openbsd.org 2007/10/02 17:49:58
...
[ssh-keygen.c]
handles zero-sized strings that fgets can return
2007-10-26 14:26:32 +10:00
b8c9807628
- dtucker@cvs.openbsd.org 2007/09/29 00:25:51
...
[auth2.c]
Remove unused prototype. ok djm@
2007-10-26 14:26:15 +10:00
603077ab4c
- ray@cvs.openbsd.org 2007/09/27 00:15:57
...
[dh.c]
Don't return -1 on error in dh_pub_is_valid(), since it evaluates
to true.
Also fix a typo.
Initial diff from Matthew Dempsky, input from djm.
OK djm, markus.
2007-10-26 14:25:55 +10:00
4c7728c651
- canacar@cvs.openbsd.org 2007/09/25 23:48:57
...
[ssh-agent.c]
When adding a key that already exists, update the properties
(time, confirm, comment) instead of discarding them. ok djm@ markus@
2007-10-26 14:25:31 +10:00
733124b5dd
- djm@cvs.openbsd.org 2007/09/21 08:15:29
...
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
[monitor.c monitor_wrap.c]
unifdef -DBSD_AUTH
unifdef -USKEY
These options have been in use for some years;
ok markus@ "no objection" millert@
(NB. RCD ID sync only for portable)
2007-10-26 14:25:12 +10:00
cfb606cd5f
- djm@cvs.openbsd.org 2007/09/21 03:05:23
...
[ssh_config.5]
document KbdInteractiveAuthentication in ssh_config.5;
patch from dkg AT fifthhorseman.net
2007-10-26 14:24:48 +10:00
32a9dba66d
- stevesk@cvs.openbsd.org 2007/09/11 23:49:09
...
[sshpty.c]
remove #if defined block not needed; ok markus@ dtucker@
(NB. RCD ID sync only for portable)
2007-10-26 14:24:30 +10:00
bc1bd9dbe3
- (dtucker) [configure.ac defines.h] Shadow expiry does not work on QNX6
...
so disable it for that platform. From bacon at cs nyu edu.
2007-09-27 07:03:20 +10:00
7c92a65a1d
- (dtucker) [configure.ac atomicio.c] Fall back to <sys/poll.h> if we don't
...
have <poll.h> (eq QNX). From bacon at cs nyu edu.
2007-09-27 07:00:09 +10:00
ed626b42cc
- (djm) [atomicio.c] Fix spin avoidance for platforms that define
...
EWOULDBLOCK; patch from ben AT psc.edu
2007-09-21 13:12:49 +10:00
6ebefac25a
- (tim) [defines.h] Fix regression in long password support on OpenServer 6.
...
Problem report and additional testing rac AT tenzing.org.
2007-09-17 08:32:32 -07:00
8b3fdfb6af
- djm@cvs.openbsd.org 2007/09/16 00:55:52
...
[sftp-client.c]
use off_t instead of u_int64_t for file offsets, matching what the
progressmeter code expects; bz #842
2007-09-17 16:12:03 +10:00
35e18dba89
- djm@cvs.openbsd.org 2007/09/13 04:39:04
...
[sftp-server.c]
fix incorrect test when setting syslog facility; from Jan Pechanec
2007-09-17 16:11:33 +10:00
83e04f2023
- stevesk@cvs.openbsd.org 2007/09/12 19:39:19
...
[umac.c]
use xmalloc() and xfree(); ok markus@ pvalchev@
2007-09-17 16:11:01 +10:00
1235cd387e
- stevesk@cvs.openbsd.org 2007/09/11 23:49:09
...
[sshpty.c]
remove #if defined block not needed; ok markus@ dtucker@
NB. RCS ID sync only
2007-09-17 16:10:21 +10:00
14b017d6f2
- gilles@cvs.openbsd.org 2007/09/11 15:47:17
...
[session.c ssh-keygen.c sshlogin.c]
use strcspn to properly overwrite '\n' in fgets returned buffer
ok pyr@, ray@, millert@, moritz@, chl@
2007-09-17 16:09:15 +10:00
9c89c837cc
- stevesk@cvs.openbsd.org 2007/09/11 04:36:29
...
[sshpty.c]
sort #include
NB. RCS ID sync only
2007-09-17 16:07:32 +10:00
5cbe7ca18d
- sobrado@cvs.openbsd.org 2007/09/09 11:38:01
...
[ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.c]
sort synopsis and options in ssh-agent(1); usage is lowercase
ok jmc@
2007-09-17 16:05:50 +10:00
67bd062b27
- djm@cvs.openbsd.org 2007/09/04 11:15:56
...
[ssh.c sshconnect.c sshconnect.h]
make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
SSH banner exchange (previously it just covered the TCP connection).
This allows callers of ssh(1) to better detect and deal with stuck servers
that accept a TCP connection but don't progress the protocol, and also
makes ConnectTimeout useful for connections via a ProxyCommand;
feedback and "looks ok" markus@
2007-09-17 12:06:57 +10:00
54fd7cf2db
- djm@cvs.openbsd.org 2007/09/04 03:21:03
...
[clientloop.c monitor.c monitor_fdpass.c monitor_fdpass.h]
[monitor_wrap.c ssh.c]
make file descriptor passing code return an error rather than call fatal()
when it encounters problems, and use this to make session multiplexing
masters survive slaves failing to pass all stdio FDs; ok markus@
2007-09-17 12:04:08 +10:00
1d824ab2e7
- djm@cvs.openbsd.org 2007/08/23 03:23:26
...
[sshconnect.c]
Execute ProxyCommands with $SHELL rather than /bin/sh unconditionally
2007-09-17 11:58:04 +10:00
4890e53977
- djm@cvs.openbsd.org 2007/08/23 03:22:16
...
[auth2-none.c sshd_config sshd_config.5]
Support "Banner=none" to disable displaying of the pre-login banner;
ok dtucker@ deraadt@
2007-09-17 11:57:38 +10:00
6f40204c44
- djm@cvs.openbsd.org 2007/08/23 03:06:10
...
[auth.h]
login_cap.h doesn't belong here
NB. RCS ID sync only for portable
2007-09-17 11:55:25 +10:00
6ef50134c2
- djm@cvs.openbsd.org 2007/08/23 02:55:51
...
[auth-passwd.c auth.c session.c]
missed include bits from last commit
NB. RCS ID sync only for portable
2007-09-17 11:54:24 +10:00
6572db28fd
- djm@cvs.openbsd.org 2007/08/23 02:49:43
...
[auth-passwd.c auth.c session.c]
unifdef HAVE_LOGIN_CAP; ok deraadt@ millert@
NB. RCS ID sync only for portable
2007-09-17 11:52:59 +10:00
84287b831e
- (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
...
Patch from Jan.Pechanec at sun com.
2007-09-14 10:04:15 +10:00
0eeaf127b5
- (tim) [configure.ac] Autoconf didn't define HAVE_LIBIAF because we
...
did a AC_CHECK_FUNCS within the AC_CHECK_LIB test.
2007-09-10 16:24:17 -07:00
e296d58dcf
- (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1358 : Always
...
return 0 on successful test. From David.Leonard at quest com.
2007-09-10 13:20:14 +10:00
ac4ee1eb0f
don't say it twice
2007-09-04 16:49:39 +10:00
6c3d7035a1
credit Jan Pechanec
2007-09-04 14:26:32 +10:00
ef15482d87
Mention Jan Pechanec
2007-09-04 14:05:24 +10:00
fb206ded16
- (dtucker) [INSTALL] Link to tcpwrappers.
2007-08-17 22:52:05 +10:00
8ea84561c4
- (dtucker) [INSTALL] Give PAM its own heading.
2007-08-17 22:12:14 +10:00
ea43c49650
- (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.
2007-08-17 22:10:10 +10:00
1a32953e48
- (dtucker) [INSTALL] Group the parts describing random options and PAM
...
implementations together which is hopefully more coherent.
2007-08-17 22:03:09 +10:00
1a9176bf22
- (dtucker) [sshd.8] Many Linux variants use a single "!" to denote locked
...
accounts and that's what the code looks for, so make man page and code
agree. Pointed out by Roumen Petrov.
2007-08-17 09:42:32 +10:00
9142e1c66d
- (dtucker) [session.c] Call PAM cleanup functions for unauthenticated
...
connections too. Based on a patch from Sandro Wefel, with & ok djm@
2007-08-16 23:28:04 +10:00
fc5d188b34
- stevesk@cvs.openbsd.org 2007/08/15 12:13:41
...
[ssh_config.5]
tun device forwarding now honours ExitOnForwardFailure; ok markus@
2007-08-15 22:20:22 +10:00
9d81fdc664
- (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec
...
contrib/suse/openssh.spec] Crank version.
2007-08-15 19:22:20 +10:00
794f97026e
- (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.
...
ok djm@
2007-08-15 19:17:43 +10:00
69fe0e1398
- markus@cvs.openbsd.org 2007/08/15 08:16:49
...
[version.h]
openssh 4.7
2007-08-15 19:14:52 +10:00
513d13accd
- markus@cvs.openbsd.org 2007/08/15 08:14:46
...
[clientloop.c]
do NOT fall back to the trused x11 cookie if generation of an untrusted
cookie fails; from security-alert at sun.com; ok dtucker
2007-08-15 19:13:41 +10:00
2d9636471b
- (dtucker) [session.c] Bug #1339 : ensure that pam_setcred() is always
...
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
with pam_dhkeys. Patch from David Leonard, ok djm@
2007-08-13 23:11:56 +10:00
8acb3b665b
- (dtucker) [configure.ac] Bug #1343 : Set DISABLE_FD_PASSING for QNX6. From.
...
Matt Kraai, ok djm@.
2007-08-10 14:36:12 +10:00
57d4ca9681
- (dtucker) [auth-pam.c] Use sigdie here too. ok djm@
2007-08-10 14:32:34 +10:00
7015e9667a
Credit Bernhard Simon who also reported this.
2007-08-09 15:03:23 +10:00
a5b6f72a52
- (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't
...
used anywhere and are a potential source of warnings.
2007-08-09 14:37:52 +10:00
6f6b27d515
- (dtucker) [README.platform] Document the interaction between PermitRootLogin
...
and the AIX native login restrictions.
2007-08-09 14:31:53 +10:00
863cfa0e6f
- (dtucker) [openbsd-compat/port-aix.c] Comment typo.
2007-08-09 14:29:47 +10:00
b3ce9fec30
- djm@cvs.openbsd.org 2007/08/07 07:32:53
...
[clientloop.c clientloop.h ssh.c]
bz#1232: ensure that any specified LocalCommand is executed after the
tunnel device is opened. Also, make failures to open a tunnel device
fatal when ExitOnForwardFailure is active.
Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
2007-08-08 14:32:41 +10:00
647d97b1ab
- sobrado@cvs.openbsd.org 2007/08/06 19:16:06
...
[scp.1 scp.c]
the ellipsis is not an optional argument; while here, sync the usage
and synopsis of commands
lots of good ideas by jmc@
ok jmc@
2007-08-08 14:29:58 +10:00
932040285f
- ray@cvs.openbsd.org 2007/07/12 05:48:05
...
[key.c]
Delint: remove some unreachable statements, from Bret Lambert.
OK markus@ and dtucker@.
2007-08-08 14:28:26 +10:00
cd22d30f32
- (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}|
2007-07-24 21:40:59 -07:00
ffe3a8ec7e
- (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5)
...
files are installed.
2007-07-24 21:16:07 -07:00
bf0212d1b7
- (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call.
...
Report/patch by David.Leonard AT quest.com
2007-07-24 20:54:09 -07:00
947fd59f7a
- (tim) [openssh.xml.in] make FMRI match what package scripts use.
2007-07-24 13:13:42 -07:00
0d7b93473c
- (djm) bz#1325: Fix SELinux in permissive mode where it would
...
incorrectly fatal() on errors. patch from cjwatson AT debian.org;
ok dtucker
2007-06-28 08:48:02 +10:00
febf0f5668
- (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
Add an implementation of poll() built on top of select(2). Code from
OpenNTPD with changes suggested by djm. ok djm@
2007-06-25 22:15:12 +10:00
dc4a779fbb
- dtucker@cvs.openbsd.org 2007/06/25 12:02:27
...
[atomicio.c]
Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
2007-06-25 22:08:10 +10:00
9e223240ac
- (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match
...
atomicio.
2007-06-25 19:06:53 +10:00
ae09cb8a71
- dtucker@cvs.openbsd.org 2007/06/25 08:20:03
...
[channels.c]
Correct test for window updates every three packets; prevents sending
window updates for every single packet. ok markus@
2007-06-25 19:04:46 +10:00
ab17f7d67b
- djm@cvs.openbsd.org 2007/06/19 02:04:43
...
[atomicio.c]
if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
avoid a spin if it is not yet ready for reading/writing; ok dtucker@
2007-06-25 19:04:12 +10:00
132367f76f
- djm@cvs.openbsd.org 2007/06/14 22:48:05
...
[ssh.c]
when waiting for the multiplex exit status, read until the master end
writes an entire int of data *and* closes the client_fd; fixes mux
regression spotted by dtucker, ok dtucker@
2007-06-25 18:59:17 +10:00
d989adadd3
- djm@cvs.openbsd.org 2007/06/14 21:43:25
...
[ssh.c]
handle EINTR when waiting for mux exit status properly
2007-06-25 18:34:43 +10:00
067263e848
- djm@cvs.openbsd.org 2007/06/13 00:21:27
...
[scp.c]
don't ftruncate() non-regular files; bz#1236 reported by wood AT
xmission.com; ok dtucker@
2007-06-25 18:32:33 +10:00
7dae3d296e
- (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition
...
of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
subsequent <0.9.7 test.
2007-06-14 23:47:31 +10:00
a2ed75582f
- (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL
...
sections. Fixes builds with early OpenSSL 0.9.6 versions.
2007-06-14 23:38:39 +10:00
cb52017ad9
- (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the
...
USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
shared with umac.c. Allows building with OpenSSL 0.9.5 again including
umac support. With tim@ djm@, ok djm.
2007-06-14 23:21:32 +10:00
bed63112f5
- dtucker@cvs.openbsd.org 2007/06/12 13:54:28
...
[scp.c]
Encode filename with strnvis if the name contains a newline (which can't
be represented in the scp protocol), from bz #891 . ok markus@
2007-06-13 00:02:07 +10:00
0409e15078
- jmc@cvs.openbsd.org 2007/06/12 13:43:55
...
[ssh.1]
add -K to SYNOPSIS;
2007-06-13 00:00:58 +10:00
930cb0b718
- jmc@cvs.openbsd.org 2007/06/12 13:41:03
...
[ssh-add.1]
identies -> identities;
2007-06-13 00:00:27 +10:00
b1e128f75a
- dtucker@cvs.openbsd.org 2007/06/12 11:56:15
...
[gss-genr.c]
Pass GSS OID to gss_display_status to provide better information in
error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
2007-06-12 23:44:36 +10:00
2604749651
- djm@cvs.openbsd.org 2007/06/12 11:45:27
...
[ssh.c]
improved exit message from multiplex slave sessions; bz #1262
reported by alexandre.nunes AT gmail.com; ok dtucker@
2007-06-12 23:44:10 +10:00
415bddc1bd
- djm@cvs.openbsd.org 2007/06/12 11:15:17
...
[ssh.c ssh.1]
Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
and is useful for hosts with /home on Kerberised NFS; bz #1312
patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
2007-06-12 23:43:16 +10:00
2cbec749d7
- djm@cvs.openbsd.org 2007/06/12 11:11:08
...
[ssh.c]
fix slave exit value when a control master goes away without passing the
full exit status by ensuring that the slave reads a full int. bz#1261
reported by frekko AT gmail.com; ok markus@ dtucker@
2007-06-12 23:41:33 +10:00
43ce902449
- djm@cvs.openbsd.org 2007/06/12 08:24:20
...
[scp.c]
make scp try to skip FIFOs rather than blocking when nothing is listening.
depends on the platform supporting sane O_NONBLOCK semantics for open
on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
bz #856 ; report by cjwatson AT debian.org; ok markus@
2007-06-12 23:41:06 +10:00
8f6d0ed60e
- djm@cvs.openbsd.org 2007/06/12 08:20:00
...
[ssh-gss.h gss-serv.c gss-genr.c]
relocate server-only GSSAPI code from libssh to server; bz #1225
patch from simon AT sxw.org.uk; ok markus@ dtucker@
2007-06-12 23:40:39 +10:00
29a5707acc
- djm@cvs.openbsd.org 2007/06/12 07:41:00
...
[ssh-add.1]
better document ssh-add's -d option (delete identies from agent), bz#1224
new text based on some provided by andrewmc-debian AT celt.dias.ie;
ok dtucker@
2007-06-12 23:39:52 +10:00
395ecc2bde
- markus@cvs.openbsd.org 2007/06/11 09:14:00
...
[channels.h]
increase default channel windows; ok djm
2007-06-12 23:38:53 +10:00
3191a8e8ba
- markus@cvs.openbsd.org 2007/06/11 08:04:44
...
[channels.c]
send 'window adjust' messages every tree packets and do not wait
until 50% of the window is consumed. ok djm dtucker
2007-06-11 18:33:15 +10:00
725286e223
- (dtucker) [includes.h] Bug #1243 : HAVE_PATHS -> HAVE_PATHS_H. Should
...
prevent warnings about redefinitions of various things in paths.h.
Spotted by cartmanltd at hotmail.com.
2007-06-11 14:44:02 +10:00
1534fa41e0
- (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder"
...
argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
but check anyway in case this changes or the code gets used elsewhere.
2007-06-11 14:34:53 +10:00
34a176995f
- (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then
...
fallback to provided bit-swizzing functions
2007-06-11 14:15:42 +10:00
22b7b49331
- jmc@cvs.openbsd.org 2007/06/08 07:48:09
...
[sshd_config.5]
oops, here too: put the MAC list into a display, like we do for
ciphers, since groff has trouble with wide lines;
2007-06-11 14:07:12 +10:00
5e7c30bdf1
- jmc@cvs.openbsd.org 2007/06/08 07:43:46
...
[ssh_config.5]
put the MAC list into a display, like we do for ciphers,
since groff has trouble handling wide lines;
2007-06-11 14:06:32 +10:00
4de545a6fb
- pvalchev@cvs.openbsd.org 2007/06/08 04:40:40
...
[ssh_config]
Add a "MACs" line after "Ciphers" with the default MAC algorithms,
to ease people who want to tweak both (eg. for performance reasons).
ok deraadt@ djm@ dtucker@
2007-06-11 14:04:42 +10:00
e45796f7b4
- pvalchev@cvs.openbsd.org 2007/06/07 19:37:34
...
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
must specify umac-64@openssh.com ). Provides about 20% end-to-end speedup
compared to hmac-md5. Represents a different approach to message
authentication to that of HMAC that may be beneficial if HMAC based on
one of its underlying hash algorithms is found to be vulnerable to a
new attack. http://www.ietf.org/rfc/rfc4418.txt
in conjunction with and OK djm@
2007-06-11 14:01:42 +10:00
835284b74c
- (djm) Bugzilla #1306 : silence spurious error messages from hang-on-exit
...
fix; tested by dtucker@ and jochen.kirn AT gmail.com
2007-06-11 13:03:16 +10:00
0c0dc49bd1
- (dtucker) [mdoc2man.awk] Add support for %R references, used for RFCs.
2007-06-05 20:01:16 +10:00
88bca0641d
- (dtucker) [mdoc2man.awk] Remove trailing "$" from Mdocdate regex so
...
mindrot's cvs doesn't expand it on us.
2007-06-05 19:30:47 +10:00
51e5ab06d3
- (dtucker) [mdoc2man.awk] Teach it to deal with $Mdocdate tags that
...
OpenBSD's cvs now adds.
2007-06-05 19:16:59 +10:00
5f3d5be52f
- djm@cvs.openbsd.org 2007/06/05 06:52:37
...
[kex.c monitor_wrap.c packet.c mac.h kex.h mac.c]
Preserve MAC ctx between packets, saving 2xhash calls per-packet.
Yields around a 12-16% end-to-end speedup for arcfour256/hmac-md5
patch from markus@ tested dtucker@ and myself, ok markus@ and me (I'm
committing at his request)
2007-06-05 18:30:18 +10:00
7b21cb5bdc
- djm@cvs.openbsd.org 2007/06/02 09:04:58
...
[bufbn.c]
memory leak on error path; from arnaud.lacombe.1 AT ulaval.ca
2007-06-05 18:29:35 +10:00
a394f9913c
- djm@cvs.openbsd.org 2007/05/31 23:34:29
...
[packet.c]
gc unreachable code; spotted by Tavis Ormandy
2007-06-05 18:28:20 +10:00
aa4d5eda10
- jmc@cvs.openbsd.org 2007/05/31 19:20:16
...
[scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1
ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8]
convert to new .Dd format;
(We will need to teach mdoc2man.awk to understand this too.)
2007-06-05 18:27:13 +10:00
0d0d195969
- djm@cvs.openbsd.org 2007/05/30 05:58:13
...
[kex.c]
tidy: KNF, ARGSUSED and u_int
2007-06-05 18:23:28 +10:00
4a40ae28c3
- djm@cvs.openbsd.org 2007/05/22 10:18:52
...
[sshd.c]
zap double include; from p_nowaczyk AT o2.pl
(not required in -portable, Id sync only)
2007-06-05 18:22:32 +10:00
2216471510
- (dtucker) [auth-pam.c] Return empty string if fgets fails in
...
sshpam_tty_conv. Patch from ldv at altlinux.org.
2007-05-20 15:26:07 +10:00
29171e9f5c
- (dtucker) [auth-pam.c] malloc+memset -> calloc. Patch from
...
ldv at altlinux.org.
2007-05-20 15:20:08 +10:00
f520ea1567
- jolan@cvs.openbsd.org 2007/05/17 23:53:41
...
[sshconnect2.c]
djm owes me a vb and a tism cd for breaking ssh compilation
2007-05-20 15:11:33 +10:00
7fa339bb7c
- djm@cvs.openbsd.org 2007/05/17 20:52:13
...
[monitor.c]
pass received SIGINT from monitor to postauth child so it can clean
up properly. bz#1196, patch from senthilkumar_sen AT hotpop.com;
ok markus@
2007-05-20 15:10:16 +10:00
26c6662834
- djm@cvs.openbsd.org 2007/05/17 20:48:13
...
[sshconnect2.c]
fall back to gethostname() when the outgoing connection is not
on a socket, such as is the case when ProxyCommand is used.
Gives hostbased auth an opportunity to work; bz#616, report
and feedback stuart AT kaloram.com; ok markus@
2007-05-20 15:09:42 +10:00
e9405983dc
- djm@cvs.openbsd.org 2007/05/17 07:55:29
...
[sftp-server.c]
bz#1286 stop reading and processing commands when input or output buffer
is nearly full, otherwise sftp-server would happily try to grow the
input/output buffers past the maximum supported by the buffer API and
promptly fatal()
based on patch from Thue Janus Kristensen; feedback & ok dtucker@
2007-05-20 15:09:04 +10:00
36b78000a7
- djm@cvs.openbsd.org 2007/05/17 07:50:31
...
[log.c]
save and restore errno when logging; ok deraadt@
2007-05-20 15:08:15 +10:00
f78bb41772
- dtucker@cvs.openbsd.org 2007/04/23 10:15:39
...
[servconf.c]
Remove debug() left over from development. ok deraadt@
2007-05-20 15:03:15 +10:00
86473c57a8
- stevesk@cvs.openbsd.org 2007/04/18 01:12:43
...
[sftp-server.c]
cast "%llu" format spec to (unsigned long long); do not assume a
u_int64_t arg is the same as 'unsigned long long'.
from Dmitry V. Levin <ldv@altlinux.org>
ok markus@ 'Yes, that looks correct' millert@
2007-05-20 14:59:32 +10:00
208ac57c30
- stevesk@cvs.openbsd.org 2007/04/14 22:01:58
...
[auth2.c]
remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
2007-05-20 14:58:41 +10:00
aa8954f1d9
20070509
...
- (tim) [configure.ac] Bug #1287 : Add missing test for ucred.h.
2007-05-09 15:57:43 -07:00
d0adab5a12
trim pasto
2007-04-29 17:14:48 +10:00
dca0edff2f
- (dtucker) [configure.ac defines.h] Have configure check for offsetof
...
to prevent redefinition warnings.
2007-04-29 15:06:44 +10:00
391de5c023
- (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__
...
__nonnull__ for versions of GCC that don't support it.
2007-04-29 14:49:21 +10:00
6d862a50db
- (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKS
...
so we don't get redefinition warnings.
2007-04-29 14:39:02 +10:00
2ac529b505
- (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.
2007-04-29 14:02:43 +10:00
cc40d5ecdf
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299 : Use the
...
platform's _res if it has one. Should fix problem of DNSSEC record lookups
on NetBSD as reported by Curt Sampson.
2007-04-29 13:58:06 +10:00
d757e69cda
- (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.
2007-04-29 12:10:57 +10:00
781e7a28d0
- (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
...
for select(2) prototype.
2007-04-29 12:06:55 +10:00
2a3868589b
- (dtucker) [INSTALL] prngd lives at sourceforge these days.
2007-04-06 12:25:08 +10:00
Darren Tucker
Damien Miller
Tim Rice