4942de5719
- djm@cvs.openbsd.org 2005/04/02 12:41:16
...
[scp.c]
since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
build
2005-04-03 10:16:39 +10:00
3dae15c611
- deraadt@cvs.openbsd.org 2005/03/31 18:39:21
...
[scp.c]
copy argv[] element instead of smashing the one that ps will see; ok otto
2005-04-03 10:16:11 +10:00
de0de39082
- (dtucker) [monitor.c] Remaining part of fix for bug #1006 .
2005-03-31 23:52:04 +10:00
73ba43798a
- (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
...
message on some platforms. Patch from pete at seebeyond.com via djm.
2005-03-31 21:51:54 +10:00
f3bb434177
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006 : fix bug in
...
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
83d5a9866d
- jmc@cvs.openbsd.org 2005/03/18 17:05:00
...
[sshd_config.5]
typo;
2005-03-31 21:33:50 +10:00
1f04ca240d
- markus@cvs.openbsd.org 2005/03/16 21:17:39
...
[version.h]
4.1
2005-03-31 21:31:54 +10:00
5ede2ad8a7
- jmc@cvs.openbsd.org 2005/03/16 11:10:38
...
[ssh_config.5]
get the syntax right for {Local,Remote}Forward;
based on a diff from markus;
problem report from ponraj;
ok dtucker@ markus@ deraadt@
2005-03-31 21:31:10 +10:00
6e1defdc5a
- (dtucker) [contrib/aix/buildbff.sh] Bug #1005 : Look up only the user we're
...
interested in which is much faster in large (eg LDAP or NIS) environments.
Patch from dleonard at vintela.com.
2005-03-29 23:24:12 +10:00
e66519d942
- (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
...
of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
2005-03-21 22:46:34 +11:00
1df61452ea
- (dtucker) [configure.ac] Make configure error out if the user specifies
...
--with-libedit but the required libs can't be found, rather than silently
ignoring and continuing. ok tim@
2005-03-21 09:58:07 +11:00
86a5f8dd0a
- (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
...
and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
with & ok tim@
2005-03-21 09:55:17 +11:00
eae17cc80e
- (tim) [configure.ac] remove trailing white space.
2005-03-17 16:52:20 -08:00
35cc69dcb4
- (tim) [configure.ac] make some configure options a little more error proof.
2005-03-17 16:44:25 -08:00
8bb561b500
- (tim) [configure.ac] portability changes on test statements. Some shells
...
have problems with -a operator.
2005-03-17 16:23:19 -08:00
12ee8e241e
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
...
Make --without-opensc work.
2005-03-17 13:37:04 -08:00
c3939e22fd
- (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
...
with a rpm -F
2005-03-14 17:24:51 -08:00
c53c3a423c
credit patch author
2005-03-14 23:24:43 +11:00
11327cc5d7
- markus@cvs.openbsd.org 2005/03/14 11:46:56
...
[buffer.c buffer.h channels.c]
limit input buffer size for channels; bugzilla #896 ; with and ok dtucker@
2005-03-14 23:22:25 +11:00
a8f553df53
- dtucker@cvs.openbsd.org 2005/03/14 11:44:42
...
[auth.c]
Populate host for log message for logins denied by AllowUsers and
DenyUsers (bz #999 ); ok markus@
2005-03-14 23:17:27 +11:00
da1adbc2cc
- dtucker@cvs.openbsd.org 2005/03/14 10:09:03
...
[ssh-keygen.1]
Correct description of -H (bz #997 ); ok markus@, punctuation jmc@
2005-03-14 23:15:58 +11:00
1adc2bd8d7
- jmc@cvs.openbsd.org 2005/03/12 11:55:03
...
[ssh_config.5]
escape `.' at eol to avoid double spacing issues;
2005-03-14 23:14:20 +11:00
9f438a9d63
- markus@cvs.openbsd.org 2005/03/11 14:59:06
...
[ssh-keygen.c]
typo, missing \n; mpech
2005-03-14 23:09:18 +11:00
90b9e02230
- deraadt@cvs.openbsd.org 2005/03/10 22:40:38
...
[auth-options.c]
spacing
2005-03-14 23:08:50 +11:00
47eede77ed
- deraadt@cvs.openbsd.org 2005/03/10 22:01:05
...
[misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
readconf.c bufaux.c sftp.c]
spacing
2005-03-14 23:08:12 +11:00
f899e6a526
20050312
...
- (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
output ends up in the client's output, causing regress failures. Found
by Corinna Vinschen.
(got 4.0 branch and HEAD slightly askew, this is to resync)
2005-03-14 23:02:46 +11:00
1d55ca748d
- dtucker@cvs.openbsd.org 2005/03/10 10:15:02
...
[readconf.c]
Check listen addresses for null, prevents xfree from dying during
ClearAllForwardings (bz #996 ). From Craig Leres, ok markus@
2005-03-14 22:58:40 +11:00
a21380b70e
- (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
...
localized name of the local administrators group more reliable. From
vinschen at redhat.com.
2005-03-13 21:20:18 +11:00
835903da7b
- (djm) [log.c] Fix dumb syntax error; ok dtucker@
...
(pulled from 4.0 branch).
2005-03-09 20:12:47 +11:00
aa1dba62b0
- (djm) Release OpenSSH 4.0p1
2005-03-09 11:03:08 +11:00
6f632bf2aa
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update spec file versions
2005-03-09 11:02:41 +11:00
aca8626cf7
- djm@cvs.openbsd.org 2005/03/08 23:49:48
...
[version.h]
OpenSSH 4.0
2005-03-09 11:00:42 +11:00
b096ac4674
- jmc@cvs.openbsd.org 2005/03/07 23:41:54
...
[ssh.1 ssh_config.5]
more macro simplification;
2005-03-09 11:00:05 +11:00
50c7db92d6
- (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
...
so that regress tests behave. From Chris Adams.
2005-03-09 10:02:55 +11:00
c390c8dc68
- (tim) [configure.ac] SCO 3.2v4.2 no longer supported. This platform is
...
too old and too broken.
2005-03-07 01:21:37 -08:00
4b9ac3319e
- (dtucker) [regress/test-exec.sh] Put SUDO in the right place.
2005-03-07 19:15:06 +11:00
5d909f0773
- djm@cvs.openbsd.org 2005/03/04 08:48:46
...
[Makefile envpass.sh]
regress test for SendEnv config parsing bug; ok dtucker@
2005-03-07 18:35:34 +11:00
894823ec69
- djm@cvs.openbsd.org 2005/02/27 23:13:36
...
[login-timeout.sh]
avoid nameservice lookups in regress test; ok dtucker@
2005-03-07 18:34:04 +11:00
a0f3ba71a0
- dtucker@cvs.openbsd.org 2005/02/27 11:33:30
...
[multiplex.sh test-exec.sh sshd-log-wrapper.sh]
Add optional capability to log output from regress commands; ok markus@
Use with: make TEST_SSH_LOGFILE=/tmp/regress.log
2005-03-07 18:33:02 +11:00
b712fccc18
- david@cvs.openbsd.org 2005/01/14 04:21:18
...
[Makefile test-exec.sh]
pass the SUDO make variable to the individual sh tests; ok dtucker@ markus@
2005-03-07 18:27:28 +11:00
68f7213a2c
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
...
[Makefile sftp-glob.sh]
some globbing regress; prompted and ok djm@
2005-03-07 18:25:53 +11:00
1c56ef6ac3
- (dtucker) OpenBSD CVS Sync (regress/)
...
- fgsch@cvs.openbsd.org 2004/12/10 01:31:30
[Makefile]
some globbing regress; prompted and ok djm@
2005-03-07 17:36:18 +11:00
0d0966934e
- (dtucker) [configure.ac] Disable gettext search when configuring with
...
BSM audit support for the time being. ok djm@
2005-03-07 17:34:45 +11:00
2b59a6dad6
- (dtucker) [session.c sshd.c] Bug #125 comment #49 : Send disconnect audit
...
events earlier, prevents mm_request_send errors reported by Matt Goebel.
2005-03-06 22:38:51 +11:00
3745e2bb62
- (dtucker) [monitor.c] Bug #125 comment #47 : fix errors returned by monitor
...
when attempting to audit disconnect events. Reported by Phil Dibowitz.
2005-03-06 22:31:35 +11:00
f8e7accd01
- djm@cvs.openbsd.org 2005/03/04 08:48:06
...
[readconf.c]
fix SendEnv config parsing bug found by Roumen Petrov; ok dtucker@
2005-03-05 11:22:50 +11:00
b022b23584
- jmc@cvs.openbsd.org 2005/03/02 11:45:01
...
[ssh.1]
missing word;
2005-03-05 11:22:36 +11:00
7ffa367a93
- (djm) [contrib/cygwin/README] Improve Cygwin build documentation. Patch
...
from vinschen at redhat.com
2005-03-05 11:20:40 +11:00
f8f3016f9e
- (tim) [regress/agent-ptrace.sh] add another possible gdb error.
2005-03-02 21:49:56 -08:00
947219e6e6
- djm@cvs.openbsd.org 2005/03/02 02:21:07
...
[ssh.1]
bz#987: mention ForwardX11Trusted in ssh.1,
reported by andrew.benham AT thus.net; ok deraadt@
2005-03-02 13:22:30 +11:00
89eac8010a
- djm@cvs.openbsd.org 2005/03/02 01:27:41
...
[ssh-keygen.c]
ignore hostnames with metachars when hashing; ok deraadt@
2005-03-02 12:33:04 +11:00
1227d4c93c
- djm@cvs.openbsd.org 2005/03/02 01:00:06
...
[sshconnect.c]
fix addition of new hashed hostnames when CheckHostIP=yes;
found and ok dtucker@
2005-03-02 12:06:51 +11:00
265d309ebc
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
...
[ssh-keygen.1]
sort options (no attempt made at synopsis clean up though);
spelling (occurance -> occurrence);
use prompt before examples;
grammar;
2005-03-02 12:05:06 +11:00
792c01749a
- jmc@cvs.openbsd.org 2005/03/01 17:32:19
...
[ssh-add.1]
sort options;
2005-03-02 12:04:50 +11:00
02faeceb56
- jmc@cvs.openbsd.org 2005/03/01 17:22:06
...
[ssh.c]
sync usage() w/ man SYNOPSIS;
ok markus@
2005-03-02 12:04:32 +11:00
27e9c5125e
- jmc@cvs.openbsd.org 2005/03/01 17:19:35
...
[scp.1 sftp.1]
add HashKnownHosts to -o list;
ok markus@
2005-03-02 12:04:16 +11:00
9a2fdbd0d6
- jmc@cvs.openbsd.org 2005/03/01 15:47:14
...
[ssh-keyscan.1 ssh-keyscan.c]
sort options and sync usage();
2005-03-02 12:04:01 +11:00
4c9c6fdcfe
- jmc@cvs.openbsd.org 2005/03/01 15:05:00
...
[ssh-keygen.1]
whitespace;
2005-03-02 12:03:43 +11:00
718fd4b9b8
- jmc@cvs.openbsd.org 2005/03/01 14:59:49
...
[sshd.8]
new sentence, new line;
whitespace;
2005-03-02 12:03:23 +11:00
f8c5546290
- jmc@cvs.openbsd.org 2005/03/01 14:55:23
...
[ssh_config.5]
do not mark up punctuation;
whitespace;
2005-03-02 12:03:05 +11:00
36bf7dd184
- jmc@cvs.openbsd.org 2005/03/01 14:47:58
...
[ssh.1]
remove some unneccesary macros;
do not mark up punctuation;
2005-03-02 12:02:47 +11:00
4b42d7f195
- djm@cvs.openbsd.org 2005/03/01 10:42:49
...
[ssh-keygen.1 ssh-keygen.c ssh_config.5]
add tools for managing known_hosts files with hashed hostnames, including
hashing existing files and deleting hosts by name; ok markus@ deraadt@
2005-03-01 21:48:35 +11:00
db7b8171ee
- djm@cvs.openbsd.org 2005/03/01 10:41:28
...
[ssh-keyscan.1 ssh-keyscan.c]
option to hash hostnames output by ssh-keyscan; ok markus@ deraadt@
2005-03-01 21:48:03 +11:00
e1776155d1
- djm@cvs.openbsd.org 2005/03/01 10:40:27
...
[hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
[sshconnect.c sshd.8]
add support for hashing host names and addresses added to known_hosts
files, to improve privacy of which hosts user have been visiting; ok
markus@ deraadt@
2005-03-01 21:47:37 +11:00
f91ee4c3de
- djm@cvs.openbsd.org 2005/03/01 10:09:52
...
[auth-options.c channels.c channels.h clientloop.c compat.c compat.h]
[misc.c misc.h readconf.c readconf.h servconf.c ssh.1 ssh.c ssh_config.5]
[sshd_config.5]
bz#413: allow optional specification of bind address for port forwardings.
Patch originally by Dan Astorian, but worked on by several people
Adds GatewayPorts=clientspecified option on server to allow remote
forwards to bind to client-specified ports.
2005-03-01 21:24:33 +11:00
1717fd422f
- djm@cvs.openbsd.org 2005/02/28 00:54:10
...
[ssh_config.5]
bz#849: document timeout on untrusted x11 forwarding sessions. Reported by
orion AT cora.nwra.com; ok markus@
2005-03-01 21:17:31 +11:00
70a908ec89
- jmc@cvs.openbsd.org 2005/02/25 10:55:13
...
[sshd.8]
add /etc/motd and $HOME/.hushlogin to FILES;
from michael knudsen;
2005-03-01 21:17:09 +11:00
64e8d44fbd
- djm@cvs.openbsd.org 2005/02/20 22:59:06
...
[sftp.c]
turn on ssh batch mode when in sftp batch mode, patch from
jdmossh AT nand.net;
ok markus@
2005-03-01 21:16:47 +11:00
9b8073e1e0
- djm@cvs.openbsd.org 2005/02/18 03:05:53
...
[canohost.c]
better error messages for getnameinfo failures; ok dtucker@
2005-03-01 21:16:18 +11:00
3eb48b6245
- otto@cvs.openbsd.org 2005/02/16 09:56:44
...
[ssh.c]
Better diagnostic if an identity file is not accesible. ok markus@ djm@
2005-03-01 21:15:46 +11:00
dc8fc62103
- (dtucker) [Makefile.in] Add a install-nosysconf target for installing the
...
binaries without the config files. Primarily useful for packaging.
Patch from phil at usc.edu. ok djm@
2005-02-26 10:12:38 +11:00
3804903a09
- (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}]
...
Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any
more. Patch from vinschen at redhat.com.
2005-02-26 10:07:37 +11:00
34233830a1
- (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c]
...
Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com.
2005-02-26 10:04:28 +11:00
848b993639
- (djm) [configure.ac] in_addr_t test needs sys/types.h too
2005-02-24 12:12:34 +11:00
2ea9b18918
- (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from
...
vinschen at redhat.com.
2005-02-22 17:57:13 +11:00
04cfbe04aa
- (dtucker) [configure.ac] Missing comma in AIX section, somehow causes
...
unrelated platforms to be configured incorrectly.
2005-02-20 23:27:11 +11:00
d9f88915a2
- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
...
defines.h] Bug #125 : Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
2005-02-20 21:01:48 +11:00
3c774c52f3
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
...
compiler warnings on AIX.
2005-02-16 22:49:31 +11:00
c97b01af62
- (dtucker) [session.c] Bug #918 : store credentials from gssapi-with-mic
...
authentication early enough to be available to PAM session modules when
privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam
Hartman and similar to Debian's ssh-krb5 package.
2005-02-16 16:47:37 +11:00
ca6e7a7e8b
- (dtucker) [configure.ac] Bug #893 : check for libresolv early on Reliant
...
Unix; prevents problems relating to the location of -lresolv in the
link order.
2005-02-16 16:19:17 +11:00
a91f5ee618
- (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined
...
by the system headers.
2005-02-16 14:20:06 +11:00
7b48d25527
- (dtucker) [ssh-rand-helper.c] Provide seed_rng since it may be called
...
via mkstemp in some configurations. ok djm@
2005-02-16 13:20:07 +11:00
ed462d9a45
write seed to temporary file and atomically rename into place; ok dtucker@
2005-02-16 13:02:45 +11:00
a39f83eeee
- (dtucker) [loginrec.c] Add missing #include.
2005-02-15 22:19:28 +11:00
691d5235ca
- (dtucker) [README.platform auth.c configure.ac loginrec.c
...
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835 : enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
2005-02-15 21:45:57 +11:00
f04c361675
- (dtucker) [config.sh.in] Collect oslevel -r too.
2005-02-15 21:26:32 +11:00
15af68f767
- (dtucker) [openbsd-compat/fake-rfc2553.h] We now need EAI_SYSTEM too.
2005-02-11 18:32:13 +11:00
1b6f2291e4
- (dtucker) [configure.ac] Tidy up configure --help output.
2005-02-11 16:11:49 +11:00
2f9573df71
- (dtucker) [configure.ac] Bug #919 : Provide visible feedback for the
...
--disable-etc-default-login configure option.
2005-02-10 22:28:54 +11:00
33370e0287
- (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require
...
the username to be passed to the passwd command when changing expired
passwords. ok djm@
2005-02-09 22:17:28 +11:00
c7e38d59e9
- (dtucker) [configure.ac] Bug #854 : prepend pwd to relative --with-ssl-dir
...
paths. ok djm@
2005-02-09 22:12:30 +11:00
92170a8626
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
...
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
2005-02-09 17:08:23 +11:00
96d4710e38
- dtucker@cvs.openbsd.org 2005/02/08 22:24:57
...
[sshd.c]
Provide reason in error message if getnameinfo fails; ok markus@
2005-02-09 09:53:48 +11:00
5b53026f71
- dtucker@cvs.openbsd.org 2005/01/30 11:18:08
...
[monitor.c]
Make code match intent; ok djm@
2005-02-09 09:52:17 +11:00
43d8e28763
- jmc@cvs.openbsd.org 2005/01/28 18:14:09
...
[ssh_config.5]
wording;
ok markus@
2005-02-09 09:51:08 +11:00
79a7acfebd
- jmc@cvs.openbsd.org 2005/01/28 15:05:43
...
[ssh_config.5]
grammar;
2005-02-09 09:48:57 +11:00
3f166dfcb5
- dtucker@cvs.openbsd.org 2005/01/28 09:45:53
...
[ssh_config]
Make it clear that the example entries in ssh_config are only some of the
commonly-used options and refer the user to ssh_config(5) for more
details; ok djm@
2005-02-09 09:46:47 +11:00
2e0cf0dca2
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
...
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
2005-02-08 21:52:47 +11:00
b4d3012d2e
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
2005-02-08 21:06:55 +11:00
feb6f7f244
- (dtucker) [regress/test-exec.sh] Bug #912 : Set _POSIX2_VERSION for the
...
regress tests so newer versions of GNU head(1) behave themselves. Patch
by djm, so ok me.
2005-02-08 20:17:17 +11:00
40d9a63788
- (dtucker) [auth.c] Fix parens in audit log check.
2005-02-04 15:19:44 +11:00
598ba7b5e2
- (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
2005-02-04 15:05:08 +11:00
6dce99142b
typo
2005-02-03 15:07:37 +11:00
269a1ea1c8
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
...
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125 :
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
2005-02-03 00:20:53 +11:00
2fba993080
- (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c]
...
Bug #974 : Teach sshd to write failed login records to btmp for failed auth
attempts (currently only for password, kbdint and C/R, only on Linux and
HP-UX), based on code from login.c from util-linux. With ashok_kovai at
hotmail.com, ok djm@
2005-02-02 23:30:24 +11:00
9dc6c7dbec
- (dtucker) [session.c sshd.c] Bug #445 : Propogate KRB5CCNAME if set to child
...
the process. Since we also unset KRB5CCNAME at startup, if it's set after
authentication it must have been set by the platform's native auth system.
This was already done for AIX; this enables it for the general case.
2005-02-02 18:30:33 +11:00
42d9dc75ed
- (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
...
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
2005-02-02 17:10:11 +11:00
ad7646a59a
- (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath
...
rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@
2005-02-02 10:43:59 +11:00
9dca099aec
- (dtucker) [sshd_config.5] Bug #701 : remove warning about
...
keyboard-interactive since this is no longer the case.
2005-02-01 19:16:45 +11:00
9b5495d23e
- (dtucker) [log.c] Bug #973 : force log_init() to open syslog, since on some
...
platforms syslog will revert to its default values. This may result in
messages from external libraries (eg libwrap) being sent to a different
facility.
2005-02-01 17:35:09 +11:00
218f178cb2
- dtucker@cvs.openbsd.org 2005/01/24 11:47:13
...
[auth-passwd.c]
#if -> #ifdef so builds without HAVE_LOGIN_CAP work too; ok djm@ otto@
2005-01-24 22:50:47 +11:00
1b7223c005
- dtucker@cvs.openbsd.org 2005/01/24 10:29:06
...
[moduli]
Import new moduli; requested by deraadt@ a week ago
2005-01-24 22:00:40 +11:00
ba66df81a3
- dtucker@cvs.openbsd.org 2005/01/24 10:22:06
...
[scp.c sftp.c]
Have scp and sftp wait for the spawned ssh to exit before they exit
themselves. This prevents ssh from being unable to restore terminal
modes (not normally a problem on OpenBSD but common with -Portable
on POSIX platforms). From peak at argo.troja.mff.cuni.cz (bz#950);
ok djm@ markus@
2005-01-24 21:57:40 +11:00
660db78af2
- djm@cvs.openbsd.org 2005/01/23 10:18:12
...
[cipher.c]
config option "Ciphers" should be case-sensitive; ok dtucker@
2005-01-24 21:57:11 +11:00
094cd0ba02
- dtucker@cvs.openbsd.org 2005/01/22 08:17:59
...
[auth.c]
Log source of connections denied by AllowUsers, DenyUsers, AllowGroups and
DenyGroups. bz #909 , ok djm@
2005-01-24 21:56:48 +11:00
5c14c73429
- otto@cvs.openbsd.org 2005/01/21 08:32:02
...
[auth-passwd.c sshd.c]
Warn in advance for password and account expiry; initialize loginmsg
buffer earlier and clear it after privsep fork. ok and help dtucker@
markus@
2005-01-24 21:55:49 +11:00
3c66080aa2
- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936 : Remove pam from
...
the list of available kbdint devices if UsePAM=no. ok djm@
2005-01-20 22:20:50 +11:00
33bc334a8b
- (dtucker) [loginrec.h] Bug #952 : Increase size of username field to 128
...
bytes to prevent errors from login_init_entry() when the username is
exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@
2005-01-20 22:07:29 +11:00
d231186fd0
- djm@cvs.openbsd.org 2004/12/22 02:13:19
...
[cipher-ctr.c cipher.c]
remove fallback AES support for old OpenSSL, as OpenBSD has had it for
many years now; ok deraadt@
(Id sync only: Portable will continue to support older OpenSSLs)
2005-01-20 13:27:56 +11:00
36a3d60347
- (dtucker) [auth-pam.c] Bug #971 : Prevent leaking information about user
...
existence via keyboard-interactive/pam, in conjunction with previous
auth2-chall.c change; with Colin Watson and djm.
2005-01-20 12:43:38 +11:00
611649ebf0
- dtucker@cvs.openbsd.org 2005/01/19 13:11:47
...
[auth-bsdauth.c auth2-chall.c]
Have keyboard-interactive code call the drivers even for responses for
invalid logins. This allows the drivers themselves to decide how to
handle them and prevent leaking information where possible. Existing
behaviour for bsdauth is maintained by checking authctxt->valid in the
bsdauth driver. Note that any third-party kbdint drivers will now need
to be able to handle responses for invalid logins. ok markus@
2005-01-20 11:05:34 +11:00
ea7c8127ce
- dtucker@cvs.openbsd.org 2005/01/17 22:48:39
...
[sshd.c]
Make debugging output continue after reexec; ok djm@
2005-01-20 11:03:08 +11:00
f0e792ec1c
- dtucker@cvs.openbsd.org 2005/01/17 03:25:46
...
[moduli.c]
Correct spelling: SCHNOOR->SCHNORR; ok djm@
2005-01-20 11:02:26 +11:00
b3509014ce
- jmc@cvs.openbsd.org 2005/01/08 00:41:19
...
[sshd_config.5]
`login'(n) -> `log in'(v);
2005-01-20 11:01:46 +11:00
b2161e37f5
- markus@cvs.openbsd.org 2005/01/05 08:51:32
...
[sshconnect.c]
remove dead code, log connect() failures with level error, ok djm@
2005-01-20 11:00:46 +11:00
0f38323222
- djm@cvs.openbsd.org 2004/12/23 23:11:00
...
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
bz #898 : support AddressFamily in sshd_config. from
peak@argo.troja.mff.cuni.cz ; ok deraadt@
2005-01-20 10:57:56 +11:00
7cfeecf670
- markus@cvs.openbsd.org 2004/12/23 17:38:07
...
[ssh-keygen.c]
leak; from mpech
2005-01-20 10:56:31 +11:00
172a5e8cb8
- markus@cvs.openbsd.org 2004/12/23 17:35:48
...
[session.c]
check for NULL; from mpech
2005-01-20 10:55:46 +11:00
24c710e498
- (dtucker) [survey.sh.in] Remove any blank lines from the output of
...
ccver-v and ccver-V.
2005-01-18 12:45:42 +11:00
72c025d9f0
- (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
...
"make survey" and "make send-survey". This will provide data on the
configure parameters, platform and platform features to the development
team, which will allow (among other things) better targetting of testing.
It's entirely voluntary and is off be default. ok djm@
2005-01-18 12:05:18 +11:00
5caa78b1b7
- (dtucker) [regress/rekey.sh] Touch datafile before filling with dd, since
...
on some wacky platforms (eg old AIXes), dd will refuse to create an output
file if it doesn't exist.
2004-12-20 12:35:42 +11:00
8686ed7508
- (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading
...
from prngd is enabled at compile time but fails at run time, eg because
prngd is not running. Note that if you have prngd running when OpenSSH is
built, OpenSSL will consider itself internally seeded and rand-helper won't
be built at all unless explicitly enabled via --with-rand-helper. ok djm@
2004-12-20 12:05:08 +11:00
442a383418
- (dtucker) [contrib/findssh.sh] Clean up on interrupt; from
...
amarendra.godbole at ge com.
2004-12-13 18:08:32 +11:00
f0f90989fa
- dtucker@cvs.openbsd.org 2004/12/11 01:48:56
...
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h]
Fix debug call in error path of authorized_keys processing and fix related
warnings; ok djm@
2004-12-11 13:39:50 +11:00
596dcfa21f
- fgsch@cvs.openbsd.org 2004/12/10 03:10:42
...
[sftp.c]
- fix globbed ls for paths the same lenght as the globbed path when
we have a unique matching.
- fix globbed ls in case of a directory when we have a unique matching.
- as a side effect, if the path does not exist error (used to silently
ignore).
- don't do extra do_lstat() if we only have one matching file.
djm@ ok
2004-12-11 13:37:22 +11:00
56c9598e5e
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2004/12/06 16:00:43
[bufaux.c]
use 0x00 not \0 since buf[] is a bignum
2004-12-11 13:34:56 +11:00
0f83d2907c
[configure.ac] Comment some non obvious platforms in the target-specific
...
case statement. Suggested and OK by dtucker@
2004-12-08 18:29:58 -08:00
641b34c72b
- (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test.
2004-12-07 11:26:15 +11:00
d028fea13a
- dtucker@cvs.openbsd.org 2004/12/06 10:49:56
...
[test-exec.sh]
Check if TEST_SSH_SSHD is a full path to sshd before searching; ok markus@
2004-12-06 23:16:29 +11:00
cc0603d4b6
- dtucker@cvs.openbsd.org 2004/11/25 09:39:27
...
[test-exec.sh]
Remove obsolete RhostsAuthentication from test config; ok markus@
2004-12-06 23:13:50 +11:00
79ec66e980
- djm@cvs.openbsd.org 2004/11/07 00:32:41
...
[multiplex.sh]
regression tests for new multiplex commands
2004-12-06 23:12:15 +11:00
124f58ecba
- djm@cvs.openbsd.org 2004/10/29 23:59:22
...
[Makefile added brokenkeys.sh]
regression test for handling of corrupt keys in authorized_keys file
2004-12-06 23:07:37 +11:00
71b5643598
- djm@cvs.openbsd.org 2004/10/08 02:01:50
...
[reexec.sh]
shrink and tidy; ok dtucker@
2004-12-06 23:05:52 +11:00
3206e57e93
- david@cvs.openbsd.org 2004/07/09 19:45:43
...
[Makefile]
add a missing CLEANFILES used in the re-exec test
2004-12-06 23:04:57 +11:00
ccf0779185
- dtucker@cvs.openbsd.org 2004/07/08 12:59:35
...
[scp.sh]
Regress test for bz #863 (scp double-error), requires $SUDO. ok markus@
2004-12-06 23:03:27 +11:00
a372960fa9
- djm@cvs.openbsd.org 2004/06/26 06:16:07
...
[reexec.sh]
don't change the name of the copied sshd for the reexec fallback test,
makes life simpler for portable
2004-12-06 23:00:27 +11:00
22cc741096
- dtucker@cvs.openbsd.org 2004/12/06 11:41:03
...
[auth-rsa.c auth2-pubkey.c authfile.c misc.c misc.h ssh.h sshd.8]
Discard over-length authorized_keys entries rather than complaining when
they don't decode. bz #884 , with & ok djm@
2004-12-06 22:47:41 +11:00
16e254d179
- jaredy@cvs.openbsd.org 2004/12/05 23:55:07
...
[sftp.1]
- explain that patterns can be used as arguments in get/put/ls/etc
commands (prodded by Michael Knudsen)
- describe ls flags as a list
- other minor improvements
ok jmc, djm
2004-12-06 22:46:45 +11:00
e2f189a841
- djm@cvs.openbsd.org 2004/11/29 07:41:24
...
[sftp-client.h sftp.c]
Some small fixes from moritz@jodeit.org . ok deraadt@
2004-12-06 22:45:53 +11:00
0133a727ac
- jmc@cvs.openbsd.org 2004/11/29 00:05:17
...
[sftp.1]
missing full stop;
2004-12-06 22:44:32 +11:00
Damien Miller
Darren Tucker
Tim Rice