b7b17be4c0
- andreas@cvs.openbsd.org 2009/10/24 11:11:58
...
[roaming.h]
Declarations needed for upcoming changes.
ok markus@
2010-01-08 16:49:52 +11:00
880ab0d84e
- (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
...
Gzip all man pages. Patch from Corinna Vinschen.
2009-12-26 15:40:47 -08:00
1bf3503c9d
- (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
...
Bug #1583 : Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
2009-12-21 10:49:21 +11:00
c8802aac28
- (dtucker) Bug #1470 : Disable OOM-killing of the listening sshd on Linux,
...
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
2009-12-08 13:39:48 +11:00
d35e0ef616
- (dtucker) Bug #1677 : add conditionals around the source for ssh-askpass.
2009-12-07 11:32:36 +11:00
1533311f4c
- (dtucker) Bug #1160 : use pkg-config for opensc config if it's available.
...
Tested by Martin Paljak.
2009-12-07 11:15:43 +11:00
53e9974007
- (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.
...
Bug 1628. OK dtucker@
2009-11-20 19:32:15 -08:00
409661f0d9
- (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
...
line arguments as none are supported. Exit when passed unrecognised
commandline flags. bz#1568 from gson AT araneus.fi
2009-11-20 15:16:35 +11:00
2191e04549
- (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.
...
bz#1645, patch from jchadima AT redhat.com
2009-11-18 17:51:59 +11:00
04ee0f8f12
- (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
...
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
report and fix from jan.kratochvil AT redhat.com
2009-11-18 17:48:30 +11:00
df6578bb4d
- (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
...
keys when built with OpenSSL versions that don't do AES.
2009-11-07 16:03:14 +11:00
e89ed1cfca
- (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
...
older versions of OpenSSL.
2009-11-05 20:43:16 +11:00
4d6656b103
- (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637 : if selinux
...
is enabled set the security context to "sftpd_t" before running the
internal sftp server Based on a patch from jchadima at redhat.
2009-10-24 15:04:12 +11:00
6ac91a7c83
- (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro.
2009-10-24 11:52:42 +11:00
199ee6ff07
- dtucker@cvs.openbsd.org 2009/10/24 00:48:34
...
[ssh-keygen.1]
ssh-keygen now uses AES-128 for private keys
2009-10-24 11:50:17 +11:00
2f29a8caba
- djm@cvs.openbsd.org 2009/10/23 01:57:11
...
[sshconnect2.c]
disallow a hostile server from checking jpake auth by sending an
out-of-sequence success message. (doesn't affect code enabled by default)
2009-10-24 11:47:58 +11:00
dfb9b71650
- djm@cvs.openbsd.org 2009/10/22 22:26:13
...
[authfile.c]
switch from 3DES to AES-128 for encryption of passphrase-protected
SSH protocol 2 private keys; ok several
2009-10-24 11:46:43 +11:00
98c9aec30e
- sobrado@cvs.openbsd.org 2009/10/22 15:02:12
...
[ssh-agent.1 ssh-add.1 ssh.1]
write UNIX-domain in a more consistent way; while here, replace a
few remaining ".Tn UNIX" macros with ".Ux" ones.
pointed out by ratchov@, thanks!
ok jmc@
2009-10-24 11:42:44 +11:00
ae69e1d010
- sobrado@cvs.openbsd.org 2009/10/22 12:35:53
...
[ssh.1 ssh-agent.1 ssh-add.1]
use the UNIX-related macros (.At and .Ux) where appropriate.
ok jmc@
2009-10-24 11:41:34 +11:00
49b7e23545
- sobrado@cvs.openbsd.org 2009/10/17 12:10:39
...
[sftp-server.c]
sort flags.
2009-10-24 11:41:05 +11:00
1b118881b8
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2009/10/11 23:03:15
[hostfile.c]
mention the host name that we are looking for in check_host_in_hostfile()
2009-10-24 11:40:32 +11:00
e23a79cbed
- markus@cvs.openbsd.org 2009/10/08 18:04:27
...
[regress/test-exec.sh]
re-enable protocol v1 for the tests.
2009-10-12 09:37:22 +11:00
438b47320c
- dtucker@cvs.openbsd.org 2009/10/11 10:41:26
...
[sftp-client.c]
d_type isn't portable so use lstat to get dirent modes. Suggested by and
"looks sane" deraadt@
2009-10-11 21:52:10 +11:00
7a4a76579e
- jmc@cvs.openbsd.org 2009/10/08 20:42:12
...
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
some tweaks now that protocol 1 is not offered by default; ok markus
2009-10-11 21:51:40 +11:00
bad5076bb5
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2009/10/08 14:03:41
[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt
2009-10-11 21:51:08 +11:00
c182d99376
- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
...
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
lstat.
2009-10-11 21:50:20 +11:00
538738d861
- (dtucker) d_type is not mandated by POSIX, so add fallback code using
...
stat(), needed on at least cygwin.
2009-10-07 18:56:10 +11:00
4adeac764e
- (dtucker) [configure.ac sftp-client.c] DOTTIF is in fs/ffs/dir.h on at
...
least dragonflybsd.
2009-10-07 15:49:48 +11:00
a25ab01845
- (dtucker) [regress/portnum.sh] Import new test.
2009-10-07 11:00:58 +11:00
b707a24382
- dtucker@cvs.openbsd.org 2009/10/06 23:51:49
...
[regress/ssh2putty.sh]
Add OpenBSD tag to make syncs easier
2009-10-07 10:54:31 +11:00
c863895e0a
- djm@cvs.openbsd.org 2009/08/20 18:43:07
...
[ssh-com-sftp.sh]
fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos
Silva for Google Summer of Code
2009-10-07 10:46:29 +11:00
ed6b0c5fc2
- djm@cvs.openbsd.org 2009/08/13 01:11:55
...
[sftp-batch.sh sftp-badcmds.sh sftp.sh sftp-cmds.sh sftp-glob.sh]
date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
add "-P port" to match scp(1). Fortunately, the -P option is only really
used by our regression scripts.
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
of Code work; ok deraadt markus
2009-10-07 10:43:57 +11:00
287b9329c5
- djm@cvs.openbsd.org 2009/08/13 00:57:17
...
[regress/Makefile]
regression test for port number parsing. written as part of the a2port
change that went into 5.2 but I forgot to commit it at the time...
2009-10-07 10:31:56 +11:00
7988553585
- dtucker@cvs.openbsd.org 2009/05/05 07:51:36
...
[regress/multiplex.sh]
Always specify ssh_config for multiplex tests: prevents breakage caused
by options in ~/.ssh/config. From Dan Peterson.
2009-10-07 10:30:57 +11:00
7023d161d8
- djm@cvs.openbsd.org 2008/12/07 22:17:48
...
[regress/addrmatch.sh]
match string "passwordauthentication" only at start of line, not anywhere
in sshd -T output
2009-10-07 10:30:06 +11:00
695ed397a5
- djm@cvs.openbsd.org 2009/10/06 04:46:40
...
[session.c]
bz#1596: fflush(NULL) before exec() to ensure that everying (motd
in particular) has made it out before the streams go away.
2009-10-07 09:02:18 +11:00
759cb2a49a
- grunk@cvs.openbsd.org 2009/10/01 11:37:33
...
[dh.c]
fix a cast
ok djm@ markus@
2009-10-07 09:01:50 +11:00
72473c6b09
- djm@cvs.openbsd.org 2009/09/01 14:43:17
...
[ssh-agent.c]
fix a race condition in ssh-agent that could result in a wedged or
spinning agent: don't read off the end of the allocated fd_sets, and
don't issue blocking read/write on agent sockets - just fall back to
select() on retriable read/write errors. bz#1633 reported and tested
by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
2009-10-07 09:01:03 +11:00
7bee06ab3b
- djm@cvs.openbsd.org 2009/08/31 21:01:29
...
[sftp-server.8]
document -e and -h; prodded by jmc@
2009-10-07 08:47:47 +11:00
30359e19ec
- djm@cvs.openbsd.org 2009/08/31 20:56:02
...
[sftp-server.c]
check correct variable for error message, spotted by martynas@
2009-10-07 08:47:24 +11:00
893d73549d
- djm@cvs.openbsd.org 2009/08/27 17:44:52
...
[authfd.c ssh-add.c authfd.h]
Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
when the agent refuses the constrained add request. This was a useful
migration measure back in 2002 when constraints were new, but just
adds risk now.
bz #1612 , report and patch from dkg AT fifthhorseman.net; ok markus@
2009-10-07 08:47:02 +11:00
6b286a4682
- djm@cvs.openbsd.org 2009/08/27 17:43:00
...
[sftp-server.8]
allow setting an explicit umask on the commandline to override whatever
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-10-07 08:46:21 +11:00
9bcd25b78b
- djm@cvs.openbsd.org 2009/08/27 17:33:49
...
[ssh-keygen.c]
force use of correct hash function for random-art signature display
as it was inheriting the wrong one when bubblebabble signatures were
activated; bz#1611 report and patch from fwojcik+openssh AT besh.com;
ok markus@
2009-10-07 08:45:48 +11:00
7dc4850ce8
- djm@cvs.openbsd.org 2009/08/27 17:28:52
...
[sftp-server.c]
allow setting an explicit umask on the commandline to override whatever
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
2009-10-07 08:44:42 +11:00
8ec4fd8e3c
- dtucker@cvs.openbsd.org 2009/08/20 23:54:28
...
[mux.c]
subsystem_flag is defined in ssh.c so it's extern; ok djm
2009-10-07 08:39:57 +11:00
b3b40a8b95
- jmc@cvs.openbsd.org 2009/08/19 04:56:03
...
[sftp.1]
ether -> either;
2009-10-07 08:39:09 +11:00
05016b2f99
- djm@cvs.openbsd.org 2009/08/18 21:15:59
...
[sftp.1]
fix "get" command usage, spotted by jmc@
2009-10-07 08:38:23 +11:00
1b0dd17537
- djm@cvs.openbsd.org 2009/08/18 18:36:21
...
[sftp-client.h sftp.1 sftp-client.c sftp.c]
recursive transfer support for get/put and on the commandline
work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code
with some tweaks by me; "go for it" deraadt@
2009-10-07 08:37:48 +11:00
1477ea162c
- dtucker@cvs.openbsd.org 2009/08/16 23:29:26
...
[sshd_config.5]
Add PubkeyAuthentication to the list allowed in a Match block (bz #1577 )
2009-10-07 08:36:05 +11:00
e54a036219
- fgsch@cvs.openbsd.org 2009/08/15 18:56:34
...
[auth.h]
remove unused define. markus@ ok.
(Id sync only, Portable still uses this.)
2009-10-07 08:35:32 +11:00
c22f090a2f
- djm@cvs.openbsd.org 2009/08/14 18:17:49
...
[sftp-client.c]
make the "get_handle: ..." error messages vaguely useful by allowing
callers to specify their own error message strings.
2009-10-07 08:24:19 +11:00
c07138e6f6
- jmc@cvs.openbsd.org 2009/08/13 13:39:54
...
[sftp.1 sftp.c]
sync synopsis and usage();
2009-10-07 08:23:44 +11:00
282b4026cb
- djm@cvs.openbsd.org 2009/08/13 01:11:19
...
[sftp.1 sftp.c]
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
add "-P port" to match scp(1). Fortunately, the -P option is only really
used by our regression scripts.
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
of Code work; ok deraadt markus
2009-10-07 08:23:06 +11:00
adba1ba514
- jmc@cvs.openbsd.org 2009/08/12 06:31:42
...
[sftp.1]
sort options;
2009-10-07 08:22:20 +11:00
46bbbe3326
- djm@cvs.openbsd.org 2009/08/12 00:13:00
...
[sftp.c sftp.1]
support most of scp(1)'s commandline arguments in sftp(1), as a first
step towards making sftp(1) a drop-in replacement for scp(1).
One conflicting option (-P) has not been changed, pending further
discussion.
Patch from carlosvsilvapt@gmail.com as part of his work in the
Google Summer of Code
2009-10-07 08:21:48 +11:00
350666d300
- (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps.
...
spotted by des AT des.no
2009-10-02 11:50:55 +10:00
ea43742e77
pull in 5.3 release changes from branch:
...
20090926
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update for release
- (djm) [README] update relnotes URL
- (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere
- (djm) Release 5.3p1
2009-10-02 11:49:03 +10:00
e02b49a806
- (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X
...
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch
from jbasney at ncsa uiuc edu.
2009-09-11 14:56:08 +10:00
e5d5a17fe1
- (djm) [serverloop.c] Fix test for server-assigned remote forwarding port
...
(-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@
2009-09-09 11:07:28 +10:00
dad48e7a96
- (dtucker) [configure.ac] Bug #1639 : use AC_PATH_PROG to search the path for
...
krb5-config if it's not in the location specified by --with-kerberos5.
Patch from jchadima at redhat.
2009-09-01 18:26:00 +10:00
427adf1538
- (dtucker) [README.platform] Add text about development packages, based on
...
text from Chris Pepper in bug #1631 .
2009-08-29 09:14:48 +10:00
ac9f1b9b89
- (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry.
2009-08-28 15:01:20 +10:00
86e30a0166
- (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer
...
size a compile-time option and set it to 64k on Cygwin, since Corinna
reports that it makes a significant difference to performance. ok djm@
2009-08-28 11:21:06 +10:00
3980b63631
- (dtucker) [channels.c configure.ac] Bug #1528 : skip the tcgetattr call on
...
the pty master on Solaris, since it never succeeds and can hang if large
amounts of data is sent to the slave (eg a copy-paste). Based on a patch
originally from Doke Scott, ok djm@
2009-08-28 11:02:37 +10:00
7d4a2685f7
- (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables
...
in argv, so pass them in the environment; ok dtucker@
2009-08-28 10:47:38 +10:00
0e26551f7f
- (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when
...
attempting atomic rename(); ok dtucker@
2009-08-28 10:43:13 +10:00
8aac993af6
- (djm) [sshd_config.5] downgrade mention of login.conf to be an example
...
and mention PAM as another provider for ChallengeResponseAuthentication;
bz#1408; ok dtucker@
2009-08-28 10:40:30 +10:00
28b973ea26
- dtucker [auth-sia.c] Roll back the change for bug #1241 as it apparently
...
causes problems in some Tru64 configurations.
2009-08-28 10:16:44 +10:00
82edf23fff
- (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567 : move
...
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
2009-08-20 16:20:50 +10:00
2a5588daeb
- (dtucker) [includes.h] Bug #1634 : do not include system glob.h if we're not
...
using it since the type conflicts can cause problems on FreeBSD. Patch
from Jonathan Chen.
2009-08-20 16:16:01 +10:00
b5d5ee1ab0
- (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595 : make
...
PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
2009-08-17 09:40:00 +10:00
83d8f28336
- (dtucker) [configure.ac] Check for headers before libraries for openssl an
...
zlib, which should make the errors slightly more meaningful on platforms
where there's separate "-devel" packages for those.
2009-08-17 09:35:22 +10:00
caeb164984
- (tim) [contrib/cygwin/ssh-user-config] Change script to call correct error
...
function. Patch from Corinna Vinschen.
2009-07-29 07:21:13 -07:00
440089afe0
- (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it
...
fits into 16 bits to work around a bug in glibc's resolver where it masks
off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
2009-07-13 11:38:23 +10:00
916fdda401
add credit for bug #1534 patch
2009-07-12 22:12:28 +10:00
622d5c561b
- (dtucker) [auth-pam.c] Bug #1534 : move the deletion of PAM credentials on
...
logout to after the session close. Patch from Anicka Bernathova, ok djm.
2009-07-12 22:07:21 +10:00
8fdcba5caf
- (dtucker [contrib/cygwin/ssh-{host,user}-config] Add license text. Patch
...
from Corinna Vinschen.
2009-07-12 21:58:42 +10:00
c4b22ca1c8
- (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test,
...
prevents configure complaining on older BSDs.
2009-07-12 21:56:29 +10:00
4d4fdc0f7d
- (dtucker) [contrib/cygwin/ssh-host-config] better support for automated
...
scripts and fix usage of eval. Patch from Corinna Vinschen.
2009-07-07 21:19:11 +10:00
de0c025e3c
- stevesk@cvs.openbsd.org 2009/07/05 19:28:33
...
[clientloop.c]
only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@
ok deraadt@ markus@
2009-07-06 07:17:35 +10:00
199b1340a8
- dtucker@cvs.openbsd.org 2009/07/02 02:11:47
...
[ssh.c]
allow for long home dir paths (bz #1615 ). ok deraadt
(based in part on a patch from jchadima at redhat)
2009-07-06 07:16:56 +10:00
cd6b1a27cb
- markus@cvs.openbsd.org 2009/06/30 14:54:40
...
[version.h]
crank version; ok deraadt
2009-07-06 07:13:04 +10:00
71e4d54dc7
- andreas@cvs.openbsd.org 2009/06/27 09:35:06
...
[readconf.h readconf.c]
Add client option UseRoaming. It doesn't do anything yet but will
control whether the client tries to use roaming if enabled on the
server. From Martin Forssen.
ok markus@
2009-07-06 07:12:27 +10:00
466df21961
- andreas@cvs.openbsd.org 2009/06/27 09:32:43
...
[roaming_common.c roaming.h]
It may be necessary to retransmit some data when resuming, so add it
to a buffer when roaming is enabled.
Most of this code was written by Martin Forssen, maf at appgate dot com.
ok markus@
2009-07-06 07:11:52 +10:00
e841eb0654
- andreas@cvs.openbsd.org 2009/06/27 09:29:06
...
[packet.h packet.c]
packet_bacup_state() and packet_restore_state() will be used to
temporarily save the current state ren resuming a suspended connection.
ok markus@
2009-07-06 07:11:13 +10:00
821d3dbe36
- dtucker@cvs.openbsd.org 2009/06/22 05:39:28
...
[monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
alphabetize includes; reduces diff vs portable and style(9).
ok stevesk djm
(Id sync only; these were already in order in -portable)
2009-06-22 16:11:06 +10:00
828c96d48f
- (dtucker) [roaming_common.c roaming_dummy.c] Wrap #include <inttypes.h> in
...
ifdef.
2009-06-21 22:22:08 +10:00
64cee36713
- (dtucker) [servconf.c sshd.c] More whitespace sync.
2009-06-21 20:26:17 +10:00
43e7a358ff
- (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and
...
header-order changes to reduce diff vs OpenBSD.
2009-06-21 19:50:08 +10:00
e6b590e8d4
- dtucker@cvs.openbsd.org 2009/06/21 09:04:03
...
[roaming.h roaming_common.c roaming_dummy.c]
Add tags for the benefit of the sync scripts
Also: pull in the changes for 1.1->1.2 missed in the previous sync.
2009-06-21 19:08:48 +10:00
6ae35ac576
- dtucker@cvs.openbsd.org 2009/06/21 07:37:15
...
[kexdhs.c kexgexs.c]
abort if key_sign fails, preventing possible null deref. Based on report
from Paolo Ganci, ok markus@ djm@
2009-06-21 19:00:20 +10:00
7b935c79f4
- andreas@cvs.openbsd.org 2009/06/12 20:58:32
...
[packet.c]
Move some more statics into session_state
ok markus@ djm@
2009-06-21 18:59:36 +10:00
b422afa41f
- andreas@cvs.openbsd.org 2009/06/12 20:43:22
...
[monitor.c packet.c]
Fix warnings found by chl@ and djm@ and change roaming_atomicio's
return type to match atomicio's
Diff from djm@, ok markus@
2009-06-21 18:58:46 +10:00
c5564e1c4c
- andreas@cvs.openbsd.org 2009/05/28 16:50:16
...
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
Also, applied appropriate changes to Makefile.in
2009-06-21 18:53:53 +10:00
1cc55d7a60
- andreas@cvs.openbsd.org 2009/05/28 16:50:16
...
[sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
monitor.c]
Keep track of number of bytes read and written. Needed for upcoming
changes. Most code from Martin Forssen, maf at appgate dot com.
ok markus@
2009-06-21 18:17:19 +10:00
761c38918a
- andreas@cvs.openbsd.org 2009/05/27 06:38:16
...
[sshconnect.h sshconnect.c]
Un-static ssh_exchange_identification(), part of a larger change from
Martin Forssen and needed for upcoming changes.
ok markus@
2009-06-21 18:16:26 +10:00
5b48cdd882
- andreas@cvs.openbsd.org 2009/05/27 06:36:07
...
[packet.h packet.c]
Add packet_put_int64() and packet_get_int64(), part of a larger change
from Martin Forssen.
2009-06-21 18:15:25 +10:00
12b4a6504b
- andreas@cvs.openbsd.org 2009/05/27 06:34:36
...
[kex.c kex.h]
Move the KEX_COOKIE_LEN define to kex.h
ok markus@
2009-06-21 18:14:48 +10:00
39c7632c1b
- andreas@cvs.openbsd.org 2009/05/27 06:33:39
...
[clientloop.c]
Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger
change from Martin Forssen, maf at appgate dot com.
ok markus@
2009-06-21 18:13:57 +10:00
f7288d77e4
- andreas@cvs.openbsd.org 2009/05/27 06:31:25
...
[canohost.h canohost.c]
Add clear_cached_addr(), needed for upcoming changes allowing the peer
address to change.
ok markus@
2009-06-21 18:12:20 +10:00
51dbe503bf
- stevesk@cvs.openbsd.org 2009/04/21 15:13:17
...
[sshd_config.5]
clarify we cd to user's home after chroot; ok markus@ on
earlier version; tweaks and ok jmc@
2009-06-21 17:56:51 +10:00
f92077f05c
- jmc@cvs.openbsd.org 2009/04/18 18:39:10
...
[sshd_config.5]
tweak previous; ok stevesk
2009-06-21 17:56:25 +10:00
00fcd719a5
- stevesk@cvs.openbsd.org 2009/04/17 19:40:17
...
[sshd_config.5]
clarify that even internal-sftp needs /dev/log for logging to work; ok
markus@
2009-06-21 17:56:00 +10:00
ac46a915e8
- stevesk@cvs.openbsd.org 2009/04/17 19:23:06
...
[session.c]
use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
ok djm@ markus@
2009-06-21 17:55:23 +10:00
3b59dfa161
- jj@cvs.openbsd.org 2009/04/14 21:10:54
...
[servconf.c]
Fixed a few the-the misspellings in comments. Skipped a bunch in
binutils,gcc and so on. ok jmc@
2009-06-21 17:54:47 +10:00
b62f1a856d
- stevesk@cvs.openbsd.org 2009/04/14 16:33:42
...
[sftp-server.c]
remove unused option character from getopt() optstring; ok markus@
2009-06-21 17:53:48 +10:00
af501cfce4
- stevesk@cvs.openbsd.org 2009/04/13 19:07:44
...
[sshd_config.5]
fix possessive; ok djm@
2009-06-21 17:53:04 +10:00
5837b51aec
- sobrado@cvs.openbsd.org 2009/03/26 08:38:39
...
[sftp-server.8 sshd.8 ssh-agent.1]
fix a few typographical errors found by spell(1).
ok dtucker@, jmc@
2009-06-21 17:52:27 +10:00
9013323644
- tobias@cvs.openbsd.org 2009/03/23 19:38:04
...
[ssh-agent.c]
My previous commit didn't fix the problem at all, so stick at my first
version of the fix presented to dtucker.
Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
ok dtucker
2009-06-21 17:50:15 +10:00
a0964504e1
- tobias@cvs.openbsd.org 2009/03/23 08:31:19
...
[ssh-agent.c]
Fixed a possible out-of-bounds memory access if the environment variable
SHELL is shorter than 3 characters.
with input by and ok dtucker
2009-06-21 17:49:36 +10:00
3a6a51f387
- jmc@cvs.openbsd.org 2009/03/19 15:15:09
...
[ssh.1]
for "Ciphers", just point the reader to the keyword in ssh_config(5), just
as we do for "MACs": this stops us getting out of sync when the lists
change;
fixes documentation/6102, submitted by Peter J. Philipp
alternative fix proposed by djm
ok markus
2009-06-21 17:48:52 +10:00
72efd74d2f
- (dtucker) OpenBSD CVS Sync
...
- markus@cvs.openbsd.org 2009/03/17 21:37:00
[ssh.c]
pass correct argv[0] to openlog(); ok djm@
2009-06-21 17:48:00 +10:00
3278062bf3
- (dtucker) [configure.ac defines.h] Bug #1607 : handle the case where fsid_t
...
is a struct with a __val member. Fixes build on, eg, Redhat 6.2.
2009-06-16 16:11:02 +10:00
a422d9756e
- (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include
...
variable declarations. Should prevent unused warnings anywhere it's set
(only Crays as far as I can tell) and be a no-op everywhere else.
2009-05-04 12:52:47 +10:00
a74000eb9e
- (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem
...
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
Based on patch from vinschen at redhat com.
2009-03-18 11:25:02 -07:00
9d86e5d570
- (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
...
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
2009-03-08 11:40:27 +11:00
3e7e15f1bd
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
...
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
in openssl 0.9.6) so add an explicit test for it.
2009-03-07 22:22:35 +11:00
30ed668de0
- (dtucker) [configure.ac] Missing comma in type list.
2009-03-07 18:06:22 +11:00
ccfee05882
- (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed.
2009-03-07 12:32:22 +11:00
8aae6ff0d9
- (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add
...
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
to use them. Allows building with older OpenSSL versions.
2009-03-07 12:01:47 +11:00
558d6ca949
- (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it
...
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
has a /dev/random).
2009-03-07 10:22:10 +11:00
447e387872
- djm@cvs.openbsd.org 2009/03/05 11:30:50
...
[uuencode.c]
document what these functions do so I don't ever have to recuse into
b64_pton/ntop to remember their return values
2009-03-06 00:58:39 +11:00
cee8523314
- djm@cvs.openbsd.org 2009/03/05 07:18:19
...
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
2009-03-06 00:58:22 +11:00
faec50b554
- (djm) Release openssh-5.2p1
2009-02-23 11:12:29 +11:00
5d0d530c8c
- (djm) [README] update for 5.2
2009-02-23 11:11:57 +11:00
09d19045b8
trim
2009-02-23 11:11:12 +11:00
582ca6b171
- djm@cvs.openbsd.org 2009/02/23 00:06:15
...
[version.h]
openssh-5.2
2009-02-23 11:09:25 +11:00
0296ae85ec
- djm@cvs.openbsd.org 2009/02/22 23:59:25
...
[sshd_config.5]
missing period
2009-02-23 11:00:24 +11:00
1991384764
- djm@cvs.openbsd.org 2009/02/22 23:50:57
...
[ssh_config.5 sshd_config.5]
don't advertise experimental options
2009-02-23 10:53:58 +11:00
9eab9564d5
- (djm) OpenBSD CVS Sync
...
- tobias@cvs.openbsd.org 2009/02/21 19:32:04
[misc.c sftp-server-main.c ssh-keygen.c]
Added missing newlines in error messages.
ok dtucker
2009-02-22 08:47:02 +11:00
7691e5fa44
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Prepare for 5.2p1
2009-02-21 18:03:04 +11:00
25918381ad
- djm@cvs.openbsd.org 2009/02/18 04:31:21
...
[schnorr.c]
signature should hash over the entire group, not just the generator
(this is still disabled code)
2009-02-21 12:45:18 +11:00
e8001d4820
- djm@cvs.openbsd.org 2009/02/17 01:28:32
...
[ssh_config]
sync with revised default ciphers; pointed out by dkrause@
2009-02-21 12:45:02 +11:00
9055172d03
- (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris
...
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
2009-02-16 15:37:03 +11:00
3f94aaf38c
- (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh]
...
[regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled
interop tests from FATAL error to a warning. Allows some interop
tests to proceed if others are missing necessary prerequisites.
2009-02-16 15:21:39 +11:00
6385e758df
- djm@cvs.openbsd.org 2009/02/14 06:35:49
...
[PROTOCOL]
mention that eow and no-more-sessions extensions are sent only to
OpenSSH peers
2009-02-14 18:00:52 +11:00
61433bec80
- markus@cvs.openbsd.org 2009/02/13 11:50:21
...
[packet.c]
check for enc !=NULL in packet_start_discard
2009-02-14 16:35:01 +11:00
e379e10837
- jmc@cvs.openbsd.org 2009/02/12 07:34:20
...
[ssh_config.5]
kill trailing whitespace;
2009-02-14 16:34:39 +11:00
85c6d8a991
- djm@cvs.openbsd.org 2009/02/12 03:46:17
...
[ssh_config.5]
document RemoteForward usage with 0 listen port
2009-02-14 16:34:21 +11:00
65fa4cab4c
- djm@cvs.openbsd.org 2009/02/12 03:44:25
...
[ssh.1]
consistency: Dq => Ql
2009-02-14 16:34:05 +11:00
e2f4cc5016
- djm@cvs.openbsd.org 2009/02/12 03:42:09
...
[ssh.1]
document -R0:... usage
2009-02-14 16:33:49 +11:00
923e8bb7dc
- djm@cvs.openbsd.org 2009/02/12 03:26:22
...
[monitor.c]
some paranoia: check that the serialised key is really KEY_RSA before
diddling its internals
2009-02-14 16:33:31 +11:00
330d58587f
- djm@cvs.openbsd.org 2009/02/12 03:16:01
...
[serverloop.c]
tighten check for -R0:... forwarding: only allow dynamic allocation
if want_reply is set in the packet
2009-02-14 16:33:09 +11:00
4bf648f776
- djm@cvs.openbsd.org 2009/02/12 03:00:56
...
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
[readconf.h serverloop.c ssh.c]
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
2009-02-14 16:28:21 +11:00
fdd66fc750
- dtucker@cvs.openbsd.org 2009/02/02 11:15:14
...
[sftp.c]
Initialize a few variables to prevent spurious "may be used
uninitialized" warnings from newer gcc's. ok djm@
2009-02-14 16:26:19 +11:00
20e231f9f8
- (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.
...
OSX provides a getlastlogxbyname function that automates the reading of
a lastlog file. Also, the pututxline function will update lastlog so
there is no need for loginrec.c to do it explicitly. Collapse some
overly verbose code while I'm in there.
2009-02-12 13:12:21 +11:00
2de762456e
- (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically
...
set ownership and modes, so avoid explicitly setting them
2009-02-12 12:19:20 +11:00
642ebe5b51
- (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in
...
channels.c too, so move the definition for non-IP6 platforms to defines.h
where it can be shared.
2009-02-01 22:19:54 +11:00
0d8f2f3afa
- (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes.
2009-01-29 12:40:30 -08:00
6a32534968
- (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
...
If the CYGWIN environment variable is empty, the installer script
should not install the service with an empty CYGWIN variable, but
rather without setting CYGWNI entirely.
2009-01-29 12:30:01 -08:00
Darren Tucker
Tim Rice
Damien Miller