58a77e2eac
- djm@cvs.openbsd.org 2011/05/06 01:09:53
...
[sftp.1]
mention that IPv6 addresses must be enclosed in square brackets;
bz#1845
2011-05-15 08:36:29 +10:00
fd53abd00b
- dtucker@cvs.openbsd.org 2011/05/06 01:03:35
...
[sshd_config]
clarify language about overriding defaults. bz#1892, from Petr Cerny
2011-05-15 08:36:02 +10:00
60432d8cf2
- djm@cvs.openbsd.org 2011/05/05 05:12:08
...
[mux.c]
gracefully fall back when ControlPath is too large for a
sockaddr_un. ok markus@ as part of a larger diff
2011-05-15 08:34:46 +10:00
d6548fe4cf
- (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882 : fix
...
--with-ssl-engine which was broken with the change from deprecated
SSLeay_add_all_algorithms(). ok djm
2011-05-10 11:13:36 +10:00
343f75fa19
- (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875 : add prototype
...
for closefrom() in test code. Report from Dan Wallis via Gentoo.
2011-05-06 10:43:50 +10:00
9abb697d4f
- (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
2011-05-04 23:06:59 -07:00
19d8181b86
- (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
...
so autoreconf 2.68 is happy.
2011-05-04 21:44:25 -07:00
2ce12ef1ac
- djm@cvs.openbsd.org 2011/05/04 21:15:29
...
[authfile.c authfile.h ssh-add.c]
allow "ssh-add - < key"; feedback and ok markus@
2011-05-05 14:17:18 +10:00
8cb1cda1e3
- djm@cvs.openbsd.org 2011/04/18 00:46:05
...
[ssh-keygen.c]
certificate options are supposed to be packed in lexical order of
option name (though we don't actually enforce this at present).
Move one up that was out of sequence
2011-05-05 14:16:56 +10:00
6c3eec7ab2
- djm@cvs.openbsd.org 2011/04/17 22:42:42
...
[PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
allow graceful shutdown of multiplexing: request that a mux server
removes its listener socket and refuse future multiplexing requests;
ok markus@
2011-05-05 14:16:22 +10:00
ad21032e65
- djm@cvs.openbsd.org 2011/04/13 04:09:37
...
[ssh-keygen.1]
mention valid -b sizes for ECDSA keys; bz#1862
2011-05-05 14:15:54 +10:00
085c90fa20
- djm@cvs.openbsd.org 2011/04/13 04:02:48
...
[ssh-keygen.1]
improve wording; bz#1861
2011-05-05 14:15:33 +10:00
26b57ce6c2
- djm@cvs.openbsd.org 2011/04/12 05:32:49
...
[sshd.c]
exit with 0 status on SIGTERM; bz#1879
2011-05-05 14:15:09 +10:00
884b63a061
- djm@cvs.openbsd.org 2011/04/12 04:23:50
...
[ssh-keygen.c]
fix -Wshadow
2011-05-05 14:14:52 +10:00
9147586599
- stevesk@cvs.openbsd.org 2011/03/29 18:54:17
...
[misc.c misc.h servconf.c]
print ipqos friendly string for sshd -T; ok markus
# sshd -Tf sshd_config|grep ipqos
ipqos lowdelay throughput
2011-05-05 14:14:34 +10:00
044f4a6cc3
- stevesk@cvs.openbsd.org 2011/03/24 22:14:54
...
[ssh-keygen.c]
use strcasecmp() for "clear" cert permission option also; ok djm
2011-05-05 14:14:08 +10:00
3ca1eb373f
- jmc@cvs.openbsd.org 2011/03/24 15:29:30
...
[ssh-keygen.1]
zap trailing whitespace;
2011-05-05 14:13:50 +10:00
111431963e
- stevesk@cvs.openbsd.org 2011/03/23 16:50:04
...
[ssh-keygen.c]
remove -d, documentation removed >10 years ago; ok markus
2011-05-05 14:13:25 +10:00
4a4d161545
- stevesk@cvs.openbsd.org 2011/03/23 16:24:56
...
[ssh-keygen.1]
-q not used in /etc/rc now so remove statement.
2011-05-05 14:06:39 +10:00
58f1bafb3d
- stevesk@cvs.openbsd.org 2011/03/23 15:16:22
...
[ssh-keygen.1 ssh-keygen.c]
Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
for which host keys do not exist, generate the host keys with the
default key file path, an empty passphrase, default bits for the key
type, and default comment. This will be used by /etc/rc to generate
new host keys. Idea from deraadt.
ok deraadt
2011-05-05 14:06:15 +10:00
c5219e701e
- okan@cvs.openbsd.org 2011/03/15 10:36:02
...
[ssh-keyscan.c]
use timerclear macro
ok djm@
2011-05-05 14:05:12 +10:00
b2da7d185e
- djm@cvs.openbsd.org 2011/03/10 11:34:25
...
[auth.h]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 14:04:50 +10:00
3fcdfd55a3
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2011/03/10 02:52:57
[auth2-gss.c auth2.c]
allow GSSAPI authentication to detect when a server-side failure causes
authentication failure and don't count such failures against MaxAuthTries;
bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2011-05-05 14:04:11 +10:00
f22019bdbf
- (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
...
[entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
[ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
[ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
[regress/README.regress] Remove ssh-rand-helper and all its
tentacles. PRNGd seeding has been rolled into entropy.c directly.
Thanks to tim@ for testing on affected platforms.
2011-05-05 13:48:37 +10:00
68790fedef
- (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
...
definitions.
2011-05-05 11:19:13 +10:00
db59a3fb22
(whitespace change to test sync to hg)
2011-03-28 15:07:06 +11:00
e541aaaf0f
- (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
...
Cygwin-specific service installer script ssh-host-config. The actual
functionality is the same, the revisited version is just more
exact when it comes to check for problems which disallow to run
certain aspects of the script. So, part of this script and the also
rearranged service helper script library "csih" is to check if all
the tools required to run the script are available on the system.
The new script also is more thorough to inform the user why the
script failed. Patch from vinschen at redhat com.
2011-02-21 21:41:29 +11:00
0588beba39
- djm@cvs.openbsd.org 2011/02/16 00:31:14
...
[ssh-keysign.c]
make hostbased auth with ECDSA keys work correctly. Based on patch
by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
2011-02-18 09:18:45 +11:00
ea676a6422
- (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
...
generation and simplify. Patch from Corinna Vinschen.
2011-02-06 13:31:23 +11:00
3b9617ecbd
- (dtucker) [openbsd-compat/port-linux.c] Bug #1851 : fix syntax error in
...
selinux code. Patch from Leonardo Chiquitto.
2011-02-06 13:24:35 +11:00
0d30b092ce
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] update versions in docs and spec files.
- Release OpenSSH 5.8p1
2011-02-04 12:43:36 +11:00
a69812707d
- djm@cvs.openbsd.org 2011/02/04 00:44:43
...
[version.h]
openssh-5.8
2011-02-04 11:47:20 +11:00
0a5f0129a3
- djm@cvs.openbsd.org 2011/02/04 00:44:21
...
[key.c]
fix uninitialised nonce variable; reported by Mateusz Kocielski
2011-02-04 11:47:01 +11:00
b407dd8d05
- djm@cvs.openbsd.org 2011/01/31 21:42:15
...
[PROTOCOL.mux]
cut'n'pasto; from bert.wesarg AT googlemail.com
2011-02-04 11:46:39 +11:00
d4a5504cb1
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
...
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
2011-01-28 10:30:18 +11:00
648f876566
20110127
...
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
2011-01-26 12:38:57 -08:00
d069c48207
20110127
...
- (tim) [config.guess config.sub] Sync with upstream.
2011-01-26 12:32:12 -08:00
71adf127e8
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
...
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
2011-01-25 12:16:15 +11:00
6f8f04b860
- (djm) Release 5.7p1
2011-01-22 20:25:11 +11:00
4a5eb41cee
trim entries older than 5.5p1
2011-01-22 20:24:34 +11:00
966accc533
- (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] update versions in docs and spec files.
2011-01-22 20:23:10 +11:00
ad4b1adf95
- OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2011/01/22 09:18:53
[version.h]
crank to OpenSSH-5.7
2011-01-22 20:21:33 +11:00
79241377df
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
...
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
2011-01-22 09:37:01 +11:00
e323ebc250
- (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
...
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
release testing (random crashes and failure to load ECC keys).
ok dtucker@
2011-01-19 23:12:27 +11:00
15e1b4dea7
- (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
...
of RPM so build completes. Signatures were changed to .asc since 4.1p1.
2011-01-18 20:47:04 -08:00
ea52a82969
- (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
...
configure.ac defines.h loginrec.c] Bug #1402 : add linux audit subsystem
support, based on patches from Tomas Mraz and jchadima at redhat.
2011-01-17 21:15:27 +11:00
263d43d2a5
- (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
...
the tinderbox.
2011-01-17 18:50:22 +11:00
6dfcd34042
- (tim) [regress/agent-getpeereid.sh] shell portability fix.
2011-01-16 22:53:56 -08:00
58497780ab
- (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
...
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
disabled on platforms that do not support them; add a "config_defined()"
shell function that greps for defines in config.h and use them to decide
on feature tests.
Convert a couple of existing grep's over config.h to use the new function
Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
backslash characters in filenames, enable it for Cygwin and use it to turn
of tests for quotes backslashes in sftp-glob.sh.
based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2011-01-17 16:17:09 +11:00
0c93adc7c1
- (dtucker) [openbsd-compat/port-linux.c] Bug #1838 : Add support for the new
...
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
2011-01-17 11:55:59 +11:00
1ccbfa88b1
- (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
...
ssh-add to avoid $SUDO failures on Linux
2011-01-17 11:52:40 +11:00
fd3669eb26
- (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
...
its unique snowflake of a gdb error to the ones we look for.
2011-01-17 11:20:18 +11:00
369c0e8eef
- (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
...
$PATH, fix cleanup of droppings; reported by openssh AT
roumenpetrov.info; ok dtucker@
2011-01-17 10:51:40 +11:00
cfd6e4f57f
- djm@cvs.openbsd.org 2011/01/16 12:05:59
...
[clientloop.c]
a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
now that we use atomicio(), convert them from while loops to if statements
add test and cast to compile cleanly with -Wsigned
2011-01-16 23:18:33 +11:00
6fb6fd5662
- djm@cvs.openbsd.org 2011/01/16 11:50:36
...
[sshconnect.c]
reset the SIGPIPE handler when forking to execute child processes;
ok dtucker@
2011-01-16 23:17:45 +11:00
4791f9dcec
- djm@cvs.openbsd.org 2011/01/16 11:50:05
...
[clientloop.c]
Use atomicio when flushing protocol 1 std{out,err} buffers at
session close. This was a latent bug exposed by setting a SIGCHLD
handler and spotted by kevin.brott AT gmail.com; ok dtucker@
2011-01-16 23:16:53 +11:00
50c61f88ab
- (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
...
on configurations that don't have it.
2011-01-16 18:28:09 +11:00
08f83883f5
not February yet...
2011-01-16 18:24:04 +11:00
c5c346b101
- (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
...
ecdsa bits.
2011-01-13 22:36:14 -08:00
02d99da976
- (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
2011-01-13 22:20:27 -08:00
e9b40487fa
- (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
...
host-key-force target rather than a substitution that is replaced with a
comment so that the Makefile.in is still a syntactically valid Makefile
(useful to run the distprep target)
2011-01-14 14:47:37 +11:00
42747df8b7
- djm@cvs.openbsd.org 2011/01/13 21:55:25
...
[PROTOCOL.mux]
correct protocol names and add a couple of missing protocol number
defines; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:50 +11:00
445c9a507d
- djm@cvs.openbsd.org 2011/01/13 21:54:53
...
[mux.c]
correct error messages; patch from bert.wesarg AT googlemail.com
2011-01-14 12:01:29 +11:00
5278806e39
- (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
...
should not depend on ECC support
2011-01-13 22:05:14 +11:00
9b16086e74
- (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
...
#define that was causing diffie-hellman-group-exchange-sha256 to be
incorrectly disabled
2011-01-13 22:00:20 +11:00
cbaf8e6ec1
- (djm) [regress/Makefile] add a few more generated files to the clean
...
target
2011-01-13 21:08:27 +11:00
ff22df538e
- (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
...
gcc warning on platforms where it defaults to int
2011-01-13 21:05:27 +11:00
9b87a5ce3c
- (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
...
ecdsa keys. ok djm.
2011-01-12 22:35:43 -08:00
cce927c25f
- (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
2011-01-12 19:06:31 -08:00
1708cb7d0d
- (djm) [misc.c] include time.h for nanosleep() prototype
2011-01-13 12:21:34 +11:00
134d02a494
- (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
...
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
2011-01-12 16:00:37 +11:00
945aa0c744
- (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
...
silly warnings on write() calls we don't care succeed or not.
2011-01-12 13:34:02 +11:00
4927aaf446
- djm@cvs.openbsd.org 2011/01/12 01:53:14
...
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
2011-01-12 13:32:03 +11:00
b66e917831
- nicm@cvs.openbsd.org 2010/10/08 21:48:42
...
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
2011-01-12 13:30:18 +11:00
821de0ad2e
- djm@cvs.openbsd.org 2011/01/11 06:13:10
...
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
2011-01-11 17:20:29 +11:00
a256c8d680
- djm@cvs.openbsd.org 2011/01/11 06:06:09
...
[sshlogin.c]
fd leak on error paths; from zinovik@
NB. Id sync only; we use loginrec.c that was also audited and fixed
recently
2011-01-11 17:20:05 +11:00
b73b6fd916
- djm@cvs.openbsd.org 2011/01/08 10:51:51
...
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
2011-01-11 17:18:56 +11:00
81ad4b1fc0
- (djm) [platform.c] Some missing includes that show up under -Werror
2011-01-11 17:02:23 +11:00
076a3b9ced
- (tim) [regress/host-expand.sh] Fix for building outside of read only
...
source tree.
2011-01-10 12:56:26 -08:00
e63b7f2821
- (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
...
openssh AT roumenpetrov.info
2011-01-09 09:19:50 +11:00
996384d500
- (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
...
test on OSX and others. Reported by imorgan AT nas.nasa.gov
2011-01-08 21:58:20 +11:00
ed3a8eb65f
- djm@cvs.openbsd.org 2011/01/06 23:01:35
...
[sshconnect.c]
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
ok markus@
2011-01-07 10:02:52 +11:00
7d06b00032
- djm@cvs.openbsd.org 2011/01/06 22:46:21
...
[regress/Makefile regress/host-expand.sh]
regress test for LocalCommand %n expansion from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:54:20 +11:00
64abf31425
- djm@cvs.openbsd.org 2011/01/06 22:23:02
...
[clientloop.c]
when exiting due to ServerAliveTimeout, mention the hostname that caused
it (useful with backgrounded controlmaster)
2011-01-07 09:51:52 +11:00
83f8a4014d
- djm@cvs.openbsd.org 2011/01/06 22:23:53
...
[ssh.c]
unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
googlemail.com; ok markus@
2011-01-07 09:51:17 +11:00
322125b960
- (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
...
for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
2011-01-07 09:50:08 +11:00
8ad960b4ba
- otto@cvs.openbsd.org 2011/01/04 20:44:13
...
[ssh-keyscan.c]
handle ecdsa-sha2 with various key lengths; hint and ok djm@
2011-01-06 22:44:44 +11:00
de53fd04b1
- djm@cvs.openbsd.org 2010/12/24 21:41:48
...
[auth-options.c]
don't send the actual forced command in a debug message; ok markus deraadt
2011-01-06 22:44:18 +11:00
106079c06d
- djm@cvs.openbsd.org 2010/12/15 00:49:27
...
[readpass.c]
fix ControlMaster=ask regression
reset SIGCHLD handler before fork (and restore it after) so we don't miss
the the askpass child's exit status. Correct test for exit status/signal to
account for waitpid() failure; with claudio@ ok claudio@ markus@
2011-01-06 22:43:44 +11:00
05c8997b33
- markus@cvs.openbsd.org 2010/12/14 11:59:06
...
[sshconnect.c]
don't mention key type in key-changed-warning, since we also print
this warning if a new key type appears. ok djm@
2011-01-06 22:42:04 +11:00
907998df72
- jmc@cvs.openbsd.org 2010/12/09 14:13:33
...
[scp.1 scp.c]
scp.1: grammer fix
scp.c: add -3 to usage()
2011-01-06 22:41:21 +11:00
f12114366b
- markus@cvs.openbsd.org 2010/12/08 22:46:03
...
[scp.1 scp.c]
add a new -3 option to scp: Copies between two remote hosts are
transferred through the local host. Without this option the data
is copied directly between the two remote hosts. ok djm@ (bugzilla #1837 )
2011-01-06 22:40:30 +11:00
30a69e7bba
- (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
...
formatter if it is present, followed by nroff and groff respectively.
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
in favour of mandoc). feedback and ok tim
2011-01-04 08:16:27 +11:00
d197fd64a1
- (djm) [Makefile.in] revert local hack I didn't intend to commit
2011-01-03 14:48:14 +11:00
41bccf75af
- (djm) [configure.ac] Check whether libdes is needed when building
...
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
2011-01-02 21:53:07 +11:00
4a06f9271f
- (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2011-01-02 21:43:59 +11:00
928362dc03
- djm@cvs.openbsd.org 2010/12/08 04:02:47
...
[ssh_config.5 sshd_config.5]
explain that IPQoS arguments are separated by whitespace; iirc requested
by jmc@ a while back
2010-12-26 14:26:45 +11:00
4288c53d04
- djm@cvs.openbsd.org 2010/12/04 00:21:19
...
[regress/sftp-cmds.sh]
adjust for hard-link support
2010-12-05 09:45:50 +11:00
7e1a5a4e1b
- (dtucker) [regress/Makefile] Id sync.
2010-12-05 09:29:31 +11:00
094f1e9934
- djm@cvs.openbsd.org 2010/12/04 13:31:37
...
[hostfile.c]
fix fd leak; spotted and ok dtucker
2010-12-05 09:03:31 +11:00
af1f909254
- djm@cvs.openbsd.org 2010/12/04 00:18:01
...
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
2010-12-05 09:02:47 +11:00
adab6f1299
- djm@cvs.openbsd.org 2010/12/03 23:55:27
...
[auth-rsa.c]
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
bz#1829; patch from ldv AT altlinux.org; ok markus@
2010-12-05 09:01:47 +11:00
7336b904ff
- (dtucker) OpenBSD CVS Sync
...
- djm@cvs.openbsd.org 2010/12/03 23:49:26
[schnorr.c]
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
(this code is still disabled, but apprently people are treating it as
a reference implementation)
2010-12-05 09:00:30 +11:00
37bb7568ab
- (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
...
debugging. Spotted by djm.
2010-12-05 08:46:05 +11:00
ebdef76b5d
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
...
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
2010-12-04 23:20:50 +11:00
d89745b9e7
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
...
instead of (arc4random() % range)
2010-12-03 10:50:26 +11:00
d925dcd8a5
- djm@cvs.openbsd.org 2010/11/29 23:45:51
...
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
[sshconnect.h sshconnect2.c]
automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@
2010-12-01 12:21:51 +11:00
03c0e533de
- markus@cvs.openbsd.org 2010/11/29 18:57:04
...
[authfile.c]
correctly load comment for encrypted rsa1 keys;
report/fix Joachim Schipper; ok djm@
2010-12-01 12:03:39 +11:00
87dc0a4188
- djm@cvs.openbsd.org 2010/11/26 05:52:49
...
[scp.c]
Pass through ssh command-line flags and options when doing remote-remote
transfers, e.g. to enable agent forwarding which is particularly useful
in this case; bz#1837 ok dtucker@
2010-12-01 12:03:19 +11:00
f80c3deaaf
- djm@cvs.openbsd.org 2010/11/25 04:10:09
...
[session.c]
replace close() loop for fds 3->64 with closefrom();
ok markus deraadt dtucker
2010-12-01 12:02:59 +11:00
b7f827ae45
- djm@cvs.openbsd.org 2010/11/24 01:24:14
...
[channels.c]
remove a debug() that pollutes stderr on client connecting to a server
in debug mode (channel_close_fds is called transitively from the session
code post-fork); bz#1719, ok dtucker
2010-12-01 12:02:35 +11:00
d0fdd6818c
- djm@cvs.openbsd.org 2010/11/23 23:57:24
...
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2010-12-01 12:02:14 +11:00
6a740e7b92
- djm@cvs.openbsd.org 2010/11/23 02:35:50
...
[auth.c]
use strict_modes already passed as function argument over referencing
global options.strict_modes
2010-12-01 12:01:51 +11:00
a232792783
- djm@cvs.openbsd.org 2010/11/21 10:57:07
...
[authfile.c]
Refactor internals of private key loading and saving to work on memory
buffers rather than directly on files. This will make a few things
easier to do in the future; ok markus@
2010-12-01 12:01:21 +11:00
2cd629349d
- djm@cvs.openbsd.org 2010/11/21 01:01:13
...
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
2010-12-01 11:50:35 +11:00
188ea814b1
- OpenBSD CVS Sync
...
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
[auth2-pubkey.c]
clean up cases of ;;
2010-12-01 11:50:14 +11:00
73de86ac5a
- (djm) [defines.h] Add IP DSCP defines
2010-11-24 10:50:04 +11:00
4b6cbf7aab
- (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2010-11-24 10:46:37 +11:00
88e341e1ca
- (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
...
group read/write. ok dtucker@
2010-11-24 10:36:15 +11:00
d995712383
- (dtucker) [platform.c session.c] Move the getluid call out of session.c and
...
into the platform-specific code Only affects SCO, tested by and ok tim@.
2010-11-24 10:09:13 +11:00
9e0ff7afc8
- (dtucker) Bug #1840 : fix warning when configuring --with-ssl-engine, patch
...
from vapier at gentoo org.
2010-11-22 17:59:00 +11:00
0a1847347d
- jmc@cvs.openbsd.org 2010/11/18 15:01:00
...
[scp.1 sftp.1 ssh.1 sshd_config.5]
add IPQoS to the various -o lists, and zap some trailing whitespace;
2010-11-20 15:21:03 +11:00
8e1ea4e5a3
- jmc@cvs.openbsd.org 2010/11/15 07:40:14
...
[ssh_config.5]
libary -> library;
2010-11-20 15:20:10 +11:00
0dac6fb6b2
- djm@cvs.openbsd.org 2010/11/13 23:27:51
...
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2010-11-20 15:19:38 +11:00
4499f4cc20
- djm@cvs.openbsd.org 2010/11/10 01:33:07
...
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
these have been around for years by this time. ok markus
2010-11-20 15:15:49 +11:00
7a221a1591
- djm@cvs.openbsd.org 2010/11/05 02:46:47
...
[packet.c]
whitespace KNF
2010-11-20 15:14:29 +11:00
dd190ddfd7
- (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
...
platforms that don't support ECC. Fixes some spurious warnings reported
by tim@
2010-11-11 14:17:02 +11:00
c7a8af03a0
- (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
...
support for platforms missing isblank(). ok djm@
2010-11-08 14:26:23 -08:00
e426f5e932
- (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
...
Feedback from dtucker@
2010-11-08 09:15:14 -08:00
c10aeaa8f2
- (tim) [regress/kextype.sh] Shell portability fix.
2010-11-07 13:03:11 -08:00
522262f8b3
- (tim) [regress/Makefile] Fixes to allow building/testing outside source
...
tree.
2010-11-07 13:00:27 -08:00
d1ece6e4a2
- (dtucker) [platform.c] includes.h instead of defines.h so that we get
...
the correct typedefs.
2010-11-07 18:05:54 +11:00
9283d8cbc5
- (dtucker) [platform.c] Need servconf.h and extern options.
2010-11-05 18:56:08 +11:00
f619d1cad9
- (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
...
strictly correct since while ECC requires sha256 the reverse is not true
however it does prevent spurious test failures.
2010-11-05 18:41:50 +11:00
345178d951
- (dtucker) [regress/kextype.sh] Add missing "test".
2010-11-05 18:35:52 +11:00
eab5f0df90
- (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
...
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
from configure through to regress/Makefile and use it in the tests.
2010-11-05 18:23:38 +11:00
b69e033e67
- (dtucker) [regress/keytype.sh] Import new test.
2010-11-05 18:19:15 +11:00
b12fe272a0
- (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
...
check into platform.c
2010-11-05 14:47:01 +11:00
cc12418e18
- (dtucker) [platform.c session.c] Move PAM credential establishment for the
...
non-LOGIN_CAP case into platform.c.
2010-11-05 13:32:52 +11:00
0b2ee6452c
- (dtucker) [platform.c session.c] Move irix setusercontext fragment into
...
platform.c.
2010-11-05 13:29:25 +11:00
676b912e78
- (dtucker) platform.c session.c] Move aix_usrinfo frament into platform.c.
2010-11-05 13:11:04 +11:00
7a8afe3186
- (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
...
platform.c
2010-11-05 13:07:24 +11:00
728d8371a1
- (dtucker) [platform.c session.c] Move the PAM credential establishment for
...
the LOGIN_CAP case into platform.c.
2010-11-05 13:00:05 +11:00
fd4d8aa2cb
- (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
...
retain previous behavior.
2010-11-05 12:50:41 +11:00
44a97be0cc
- (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
2010-11-05 12:45:18 +11:00
4db380701d
- (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
...
platform.c
2010-11-05 12:41:13 +11:00
920612e45a
- (dtucker) [platform.c platform.h session.c] Add a platform hook to run
...
after the user's groups are established and move the selinux calls into it.
2010-11-05 12:36:15 +11:00
97528353c2
- (dtucker) [configure.ac platform.{c,h} session.c
...
openbsd-compat/port-solaris.{c,h}] Bug #1824 : Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
2010-11-05 12:03:05 +11:00
34ee4204c6
- (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
...
int. Should fix bz#1817 cleanly; ok dtucker@
2010-11-05 10:52:37 +11:00
0733121194
- djm@cvs.openbsd.org 2010/11/04 02:45:34
...
[sftp-server.c]
umask should be parsed as octal. reported by candland AT xmission.com;
ok markus@
2010-11-05 10:20:31 +11:00
Damien Miller
Darren Tucker
Tim Rice