Commit Graph

4653 Commits

Author SHA1 Message Date
Darren Tucker d757e69cda - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype. 2007-04-29 12:10:57 +10:00
Darren Tucker 781e7a28d0 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.h
for select(2) prototype.
2007-04-29 12:06:55 +10:00
Darren Tucker 2a3868589b - (dtucker) [INSTALL] prngd lives at sourceforge these days. 2007-04-06 12:25:08 +10:00
Darren Tucker 62995c1f1e - (dtucker) [INSTALL] Update the systems that have PAM as standard. Link
to OpenPAM too.
2007-04-06 12:21:47 +10:00
Tim Rice 99203ec48b 20070326
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
   openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
   to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-26 09:35:28 -07:00
Darren Tucker 20e9f976c1 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
   SSHDLIBS.  "I like" djm@
2007-03-25 18:26:01 +10:00
Darren Tucker 9869ab3557 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we have
HAVE_GETPEERUCRED too.  Also from Jan Pechanec.
2007-03-21 21:45:48 +11:00
Darren Tucker 164aa30e46 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: Use
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
   Patch by Jan.Pechanec at Sun.
2007-03-21 21:39:57 +11:00
Darren Tucker 04354b97dc - jmc@cvs.openbsd.org 2007/03/20 15:57:15
[sshd.8]
     - let synopsis and description agree for -f
     - sort FILES
     - +.Xr ssh-keyscan 1 ,
     from Igor Sobrado
2007-03-21 20:46:54 +11:00
Darren Tucker 03b1cdbb44 - tedu@cvs.openbsd.org 2007/03/20 03:56:12
[readconf.c clientloop.c]
     remove some bogus *p tests from charles longeau
     ok deraadt millert
2007-03-21 20:46:03 +11:00
Darren Tucker 2812dc9285 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42
[ssh-agent.c]
     Remove the signal handler that checks if the agent's parent process
     has gone away, instead check when the select loop returns.  Record when
     the next key will expire when scanning for expired keys.  Set the select
     timeout to whichever of these two things happens next.  With djm@, with &
     ok deraadt@ markus@
2007-03-21 20:45:06 +11:00
Darren Tucker 506ed88cef - djm@cvs.openbsd.org 2007/03/19 01:01:29
[sshd_config]
     Disable the legacy SSH protocol 1 for new installations via
     a configuration override. In the future, we will change the
     server's default itself so users who need the legacy protocol
     will need to turn it on explicitly
2007-03-21 20:42:24 +11:00
Darren Tucker 97b1bb568c - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
[servconf.c sshd.c]
     Move C/R -> kbdint special case to after the defaults have been
     loaded, which makes ChallengeResponse default to yes again.  This
     was broken by the Match changes and not fixed properly subsequently.
     Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
2007-03-21 20:38:53 +11:00
Darren Tucker 5548e8cf2e - (dtucker) [README.platform] Info about blibpath on AIX. 2007-03-13 21:00:45 +11:00
Darren Tucker da05f48739 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem in
bug #1291 also affects Protocol 1 3des.  While at it, use compat-openssl.h
   in cipher-bf1.c.  Patch from Juan Gallego.
2007-03-13 18:50:04 +11:00
Darren Tucker b9fe6a337a - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for the
selinux bits in -portable.
2007-03-13 07:37:49 +11:00
Darren Tucker a8d51ee307 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: include
string.h to prevent warnings, from vapier at gentoo.org.
2007-03-13 07:35:38 +11:00
Damien Miller c49dd34a3e - (djm) [README] correct link to release notes 2007-03-08 20:13:39 +11:00
Damien Miller f0ffec906c - (djm) Release 4.6p1 2007-03-06 21:24:00 +11:00
Damien Miller d91cfab088 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] crank spec files for release
2007-03-06 21:23:24 +11:00
Damien Miller 2dbab87386 - djm@cvs.openbsd.org 2007/03/06 10:13:14
[version.h]
     openssh-4.6; "please" deraadt@
2007-03-06 21:21:37 +11:00
Damien Miller 5737e363c5 - OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2007/03/01 16:19:33
     [sshd_config.5]
     sort the `match' keywords;
2007-03-06 21:21:18 +11:00
Darren Tucker fd30986c92 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
   ciphers from working correctly (disconnects with "Bad packet length"
   errors) as found by Ben Harris.  ok djm@
2007-03-05 18:25:20 +11:00
Damien Miller 9975e48349 - (djm) [configure.ac] add a --without-openssl-header-check option to
configure, as some platforms (OS X) ship OpenSSL headers whose version
   does not match that of the shipping library. ok dtucker@
2007-03-05 11:51:27 +11:00
Darren Tucker 90a58fdf22 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
general to cover newer gdb versions on HP-UX.
2007-03-03 09:42:23 +11:00
Darren Tucker aef5beef12 - (dtucker) [INSTALL] Update to autoconf-2.61. 2007-03-02 17:53:41 +11:00
Darren Tucker 573e3878b8 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
CRLF as well as LF lineendings) and write in binary mode.  Patch from
   vinschen at redhat.com.
2007-03-02 17:50:03 +11:00
Tim Rice c3af6d4d13 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
"Looks sane" dtucker@
2007-03-01 09:34:52 -08:00
Darren Tucker 1d75f22c5d - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
[auth2.c sshd_config.5 servconf.c]
     Remove ChallengeResponseAuthentication support inside a Match
     block as its interaction with KbdInteractive makes it difficult to
     support.  Also, relocate the CR/kbdint option special-case code into
     servconf.  "please commit" djm@, ok markus@ for the relocation.
2007-03-01 21:31:28 +11:00
Darren Tucker cf0d2db2fa - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
[ssh-agent.c]
     Remove expired keys periodically so they don't remain in memory when
     the agent is entirely idle, as noted by David R. Piegdon.  This is the
     simple fix, a more efficient one will be done later.  With markus,
     deraadt, with & ok djm.
2007-02-28 21:19:58 +11:00
Darren Tucker 90aaed4397 - ray@cvs.openbsd.org 2007/02/24 03:30:11
[moduli.c]
     - strlen returns size_t, not int.
     - Pass full buffer size to fgets.
     OK djm@, millert@, and moritz@.
2007-02-25 20:38:55 +11:00
Darren Tucker 82347a8fd6 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
[servconf.c]
     Check activep so Match and GatewayPorts work together; ok markus@
2007-02-25 20:37:52 +11:00
Darren Tucker ed623966e3 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
[sshd.c]
     Clear alarm() before restarting sshd on SIGHUP.  Without this, if there's
     a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
     newly exec'ed sshd will get the SIGALRM and not have a handler for it,
     and the default action will terminate the listening sshd.  Analysis and
     patch from andrew at gaul.org.
2007-02-25 20:37:21 +11:00
Darren Tucker d04188e70e - djm@cvs.openbsd.org 2007/02/20 10:25:14
[clientloop.c]
     set maximum packet and window sizes the same for multiplexed clients
     as normal connections; ok markus@
2007-02-25 20:36:49 +11:00
Darren Tucker 89ee69e3c6 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
an array for signatures when there are none since "calloc(0, n) returns
   NULL on some platforms (eg Tru64), which is explicitly permitted by
   POSIX.  Diagnosis and patch by svallet genoscope.cns.fr.
2007-02-19 22:56:55 +11:00
Darren Tucker 53ced25d61 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
platforms don't have it.  Patch from dleonard at vintela.com.
2007-02-19 22:44:25 +11:00
Darren Tucker 1629c07c07 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
     Teach Match how handle config directives that are used before
     authentication.  This allows configurations such as permitting password
     authentication from the local net only while requiring pubkey from
     offsite.  ok djm@, man page bits ok jmc@
2007-02-19 22:25:37 +11:00
Darren Tucker 591322ae38 - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
[bufbn.c]
     typos in comments; ok jmc@
2007-02-19 22:17:28 +11:00
Darren Tucker 6ec2fbec8b - djm@cvs.openbsd.org 2007/01/22 13:06:21
[scp.c]
     fix detection of whether we should show progress meter or not: scp
     tested isatty(stderr) but wrote the progress meter to stdout. This patch
     makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
     of dtucker@
2007-02-19 22:14:11 +11:00
Darren Tucker 0aa3dbb508 - djm@cvs.openbsd.org 2007/01/22 11:32:50
[sftp-client.c]
     return error from do_upload() when a write fails. fixes bz#1252: zero
     exit status from sftp when uploading to a full device. report from
     jirkat AT atlas.cz; ok dtucker@
2007-02-19 22:13:39 +11:00
Darren Tucker cb0e1753c7 - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
[readconf.c]
     spaces
2007-02-19 22:12:53 +11:00
Darren Tucker c58b5b0742 ChangeLog entries for previous 2 commits 2007-02-19 22:12:23 +11:00
Darren Tucker 26dc3e656a - jmc@cvs.openbsd.org 2007/01/12 20:20:41
[ssh-keygen.1 ssh-keygen.c]
     more secsh -> rfc 4716 updates;
     spotted by wiz@netbsd
     ok markus
2007-02-19 22:09:06 +11:00
Darren Tucker bf6b328f27 - jmc@cvs.openbsd.org 2007/01/10 13:23:22
[ssh_config.5]
     do not use a list for SYNOPSIS;
     this is actually part of a larger report sent by eric s. raymond
     and forwarded by brad, but i only read half of it. spotted by brad.
2007-02-19 22:08:17 +11:00
Damien Miller e42bd24b22 - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
when closing a tty session when a background process still holds tty
   fds open. Great detective work and patch by Marc Aurele La France,
   slightly tweaked by me; ok dtucker@
2007-01-29 10:16:28 +11:00
Darren Tucker 07877ca680 - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
   so it works properly and modify its callers so that they don't pre or
   post decrement arguments that are conditionally evaluated. While there,
   put SNPRINTF_CONST back as it prevents build failures in some
   configurations.  ok djm@ (for most of it)
2007-01-24 00:07:29 +11:00
Damien Miller 9f74105289 - (djm) [ssh-rand-helper.8] manpage nits;
from dleonard AT vintela.com (bz#1529)
2007-01-22 12:44:53 +11:00
Darren Tucker eae5fa1b58 - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
and multiple including it causes problems on old IRIXes.  (It snuck back
   in during a sync.)  Found (again) by Georg Schwarz.
2007-01-17 11:00:13 +11:00
Damien Miller 742cc1c194 - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
value of snprintf replacement, similar to bugs in various libc
   implementations. This overflow is not exploitable in OpenSSH.
   While I'm fiddling with it, make it a fair bit faster by inlining the
   append-char routine; ok dtucker@
2007-01-14 21:20:30 +11:00
Darren Tucker e67ac00b9b typo 2007-01-14 10:26:25 +11:00