Darren Tucker
d7bdc0c8e8
- dtucker@cvs.openbsd.org 2008/07/01 07:24:22
...
[sshconnect.c sshd.c]
Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
in order to comply with RFC 4253. bz #1443 , ok djm@
2008-07-02 22:34:30 +10:00
Darren Tucker
068e01f53f
- dtucker@cvs.openbsd.org 2008/07/01 07:20:52
...
[sshconnect.c]
Check ExitOnForwardFailure if forwardings are disabled due to a failed
host key check. ok djm@
2008-07-02 22:33:55 +10:00
Darren Tucker
1f781b194f
- djm@cvs.openbsd.org 2008/06/30 12:18:34
...
[PROTOCOL]
clarify that eow@openssh.com is only sent on session channels
2008-07-02 22:33:16 +10:00
Darren Tucker
8748b96522
- djm@cvs.openbsd.org 2008/06/30 12:16:02
...
[nchan.c]
only send eow@openssh.com notifications for session channels; ok! markus@
2008-07-02 22:32:43 +10:00
Darren Tucker
8810dd41b9
- djm@cvs.openbsd.org 2008/06/30 12:15:39
...
[serverloop.c]
only pass channel requests on session channels through to the session
channel handler, avoiding spurious log messages; ok! markus@
2008-07-02 22:32:14 +10:00
Darren Tucker
00f00f0451
- djm@cvs.openbsd.org 2008/06/30 08:05:59
...
[PROTOCOL.agent]
typo: s/constraint_date/constraint_data/
2008-07-02 22:31:31 +10:00
Damien Miller
a766cea689
- (djm) [regress/Makefile] search for conch by path, like we do putty
2008-06-30 08:12:37 +10:00
Damien Miller
4268a136d4
- djm@cvs.openbsd.org 2008/06/28 13:57:25
...
[regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
very basic regress test against Twisted Conch in "make interop"
target (conch is available in ports/devel/py-twisted/conch);
ok markus@
2008-06-30 08:07:56 +10:00
Damien Miller
d9bfce83b7
- dtucker@cvs.openbsd.org 2008/06/11 23:11:40
...
[Makefile]
Don't run cipher-speed test by default; mistakenly enabled by me
2008-06-30 08:06:51 +10:00
Damien Miller
2e80cf2b63
- dtucker@cvs.openbsd.org 2008/06/10 23:13:43
...
[regress/Makefile regress/key-options.sh]
Add regress test for key options. ok djm@
2008-06-30 08:06:25 +10:00
Damien Miller
1e18beb1e7
- djm@cvs.openbsd.org 2008/06/28 14:08:30
...
[PROTOCOL PROTOCOL.agent]
document the protocol used by ssh-agent; "looks ok" markus@
2008-06-30 00:07:00 +10:00
Damien Miller
471db5c2eb
- djm@cvs.openbsd.org 2008/06/28 14:05:15
...
[ssh-agent.c]
reset global compat flag after processing a protocol 2 signature
request with the legacy DSA encoding flag set; ok markus
2008-06-30 00:05:48 +10:00
Damien Miller
1cfadabc0e
- djm@cvs.openbsd.org 2008/06/28 13:58:23
...
[ssh-agent.c]
refuse to add a key that has unknown constraints specified;
ok markus
2008-06-30 00:05:21 +10:00
Damien Miller
bd45afb5ad
- djm@cvs.openbsd.org 2008/06/28 07:25:07
...
[PROTOCOL]
spelling fixes
2008-06-30 00:04:57 +10:00
Damien Miller
8639920a9b
- jmc@cvs.openbsd.org 2008/06/26 21:11:46
...
[ssh.1]
add VisualHostKey to the list of options listed in -o;
2008-06-30 00:04:31 +10:00
Damien Miller
1028824e5c
- grunk@cvs.openbsd.org 2008/06/26 11:46:31
...
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
2008-06-30 00:04:03 +10:00
Damien Miller
2e9cf49069
- djm@cvs.openbsd.org 2008/06/26 09:19:40
...
[dh.c dh.h moduli.c]
when loading moduli from /etc/moduli in sshd(8), check that they
are of the expected "safe prime" structure and have had
appropriate primality tests performed;
feedback and ok dtucker@
2008-06-29 22:47:04 +10:00
Damien Miller
9e720284fe
- djm@cvs.openbsd.org 2008/06/26 06:10:09
...
[sftp-client.c sftp-server.c]
allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
bits. Note that this only affects explicit setting of modes (e.g. via
sftp(1)'s chmod command) and not file transfers. (bz#1310)
ok deraadt@ at c2k8
2008-06-29 22:46:35 +10:00
Damien Miller
007132a7c9
- otto@cvs.openbsd.org 2008/06/25 11:13:43
...
[key.c]
add key length to visual fingerprint; zap magical constants;
ok grunk@ djm@
2008-06-29 22:45:37 +10:00
Damien Miller
f184bcf89e
- (djm) OpenBSD CVS Sync
...
- martynas@cvs.openbsd.org 2008/06/21 07:46:46
[sftp.c]
use optopt to get invalid flag, instead of return value of getopt,
which is always '?'; ok djm@
2008-06-29 22:45:13 +10:00
Damien Miller
493f032440
- (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
...
RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
2008-06-28 16:01:35 +10:00
Damien Miller
f299ff8c1f
- (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
2008-06-26 16:01:56 +10:00
Damien Miller
60dcc62535
- (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD.
...
(bz#1372)
2008-06-26 15:59:32 +10:00
Darren Tucker
1a48aecfbc
- (dtucker) [channels.c] isatty -> is_tty here too.
2008-06-16 23:35:56 +10:00
Darren Tucker
ed3cdc0a7c
- dtucker@cvs.openbsd.org 2008/06/16 13:22:53
...
[session.c channels.c]
Rename the isatty argument to is_tty so we don't shadow
isatty(3). ok markus@
2008-06-16 23:29:18 +10:00
Damien Miller
d310d51bad
- djm@cvs.openbsd.org 2008/06/15 20:06:26
...
[channels.c channels.h session.c]
don't call isatty() on a pty master, instead pass a flag down to
channel_set_fds() indicating that te fds refer to a tty. Fixes a
hang on exit on Solaris (bz#1463) in portable but is actually
a generic bug; ok dtucker deraadt markus
2008-06-16 07:59:23 +10:00
Damien Miller
307c1d10a7
- dtucker@cvs.openbsd.org 2008/06/15 16:58:40
...
[servconf.c sshd_config.5]
Allow MaxAuthTries within a Match block. ok djm@
2008-06-16 07:56:20 +10:00
Damien Miller
c62a5af29a
- dtucker@cvs.openbsd.org 2008/06/15 16:55:38
...
[sshd_config.5]
MaxSessions is allowed in a Match block too
2008-06-16 07:55:46 +10:00
Damien Miller
c7ce0da3b0
- dtucker@cvs.openbsd.org 2008/06/14 19:42:10
...
[scp.1]
Mention that scp follows symlinks during -r. bz #1466 ,
from nectar at apple
2008-06-16 07:55:06 +10:00
Damien Miller
6051c94a0a
- djm@cvs.openbsd.org 2008/06/14 18:33:43
...
[session.c]
suppress the warning message from chdir(homedir) failures
when chrooted (bz#1461); ok dtucker
2008-06-16 07:53:16 +10:00
Damien Miller
6ca16c63c2
- dtucker@cvs.openbsd.org 2008/06/14 17:07:11
...
[sshd.c]
ensure default umask disallows at least group and world write; ok djm@
2008-06-16 07:50:58 +10:00
Damien Miller
2a6284782d
- OpenBSD CVS Sync
...
- dtucker@cvs.openbsd.org 2008/06/14 15:49:48
[sshd.c]
wrap long line at 80 chars
2008-06-16 07:50:24 +10:00
Darren Tucker
330c93f68a
- (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc.
2008-06-16 02:27:48 +10:00
Damien Miller
8b7ab960df
- (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction
...
replacement code; patch from ighighi AT gmail.com in bz#1240;
ok dtucker
2008-06-15 10:55:34 +10:00
Darren Tucker
30fd49e606
- (dtucker) [configure.ac] Bug #1276 : avoid linking against libgssapi, which
...
despite its name doesn't seem to implement all of GSSAPI. Patch from
Jan Engelhardt, sanity checked by Simon Wilkinson.
2008-06-14 09:14:46 +10:00
Darren Tucker
f6bffb1391
- grunk@cvs.openbsd.org 2008/06/13 20:13:26
...
[ssh.1]
Explain the use of SSH fpr visualization using random art, and cite the
original scientific paper inspiring that technique.
Much help with English and nroff by jmc@, thanks.
2008-06-14 09:04:26 +10:00
Darren Tucker
03ccc9b142
- dtucker@cvs.openbsd.org 2008/06/13 18:55:22
...
[scp.c]
Prevent -Wsign-compare warnings on LP64 systems. bz #1192 , ok deraadt@
2008-06-14 09:02:25 +10:00
Darren Tucker
47e713be94
- dtucker@cvs.openbsd.org 2008/06/13 17:21:20
...
[mux.c]
Friendlier error messages for mux fallback. ok djm@
2008-06-14 09:01:54 +10:00
Darren Tucker
d9526a5e96
- dtucker@cvs.openbsd.org 2008/06/13 14:18:51
...
[auth2-pubkey.c auth-rhosts.c]
Include unistd.h for close(), prevents warnings in -portable
2008-06-14 09:01:24 +10:00
Darren Tucker
f2c16d30b4
- dtucker@cvs.openbsd.org 2008/06/13 13:56:59
...
[monitor.c]
Clear key options in the monitor on failed authentication, prevents
applying additional restrictions to non-pubkey authentications in
the case where pubkey fails but another method subsequently succeeds.
bz #1472 , found by Colin Watson, ok markus@ djm
2008-06-14 08:59:49 +10:00
Darren Tucker
99bb7619d4
- deraadt@cvs.openbsd.org 2008/06/13 09:44:36
...
[packet.c]
compile on older gcc; no decl after code
2008-06-13 22:02:50 +10:00
Darren Tucker
f387e59d52
- (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent
...
compiler warnings on some platforms. Based on a discussion with otto@
2008-06-13 15:03:14 +10:00
Darren Tucker
06db584e9d
- djm@cvs.openbsd.org 2008/06/13 04:40:22
...
[auth2-pubkey.c auth-rhosts.c]
refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
regular files; report from Solar Designer via Colin Watson in bz#1471
ok dtucker@ deraadt@
2008-06-13 14:51:28 +10:00
Darren Tucker
7517b5bd31
- dtucker@cvs.openbsd.org 2008/06/13 01:38:23
...
[misc.c]
upcast uid to long with matching %ld, prevents warnings in portable
2008-06-13 14:48:59 +10:00
Darren Tucker
2c91b28a6d
- (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used
...
on big endian machines, so ifdef them for little endian only to prevent
unused function warnings.
2008-06-13 12:40:55 +10:00
Darren Tucker
2c1eb82695
- (dtucker) [auth-sia.c] Bug #1241 : support password expiry on Tru64 SIA
...
systems. Patch from R. Scott Bailey.
2008-06-13 11:13:13 +10:00
Darren Tucker
c7e030fd78
- dtucker@cvs.openbsd.org 2008/06/13 00:51:47
...
[mac.c]
upcast another size_t to u_long to match format
2008-06-13 10:58:50 +10:00
Darren Tucker
1adfd368c4
- dtucker@cvs.openbsd.org 2008/06/13 00:47:53
...
[mux.c]
upcast size_t to u_long to match format arg; ok djm@
2008-06-13 10:58:10 +10:00
Darren Tucker
61b0695273
- (dtucker) [defines.h] Bug #1112 : __dead is, well dead. Based on a patch
...
from Todd Vierling.
2008-06-13 10:28:57 +10:00
Darren Tucker
ca19bfe254
- djm@cvs.openbsd.org 2008/06/13 00:16:49
...
[mux.c]
fall back to creating a new TCP connection on most multiplexing errors
(socket connect fail, invalid version, refused permittion, corrupted
messages, etc.); bz #1329 ok dtucker@
2008-06-13 10:24:03 +10:00