tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,194 Commits 6 Branches 20 Tags 97 MiB
Commit Graph

4730 Commits

Author SHA1 Message Date
Darren Tucker fc5d188b34 - stevesk@cvs.openbsd.org 2007/08/15 12:13:41 
[ssh_config.5]
     tun device forwarding now honours ExitOnForwardFailure; ok markus@
 2007-08-15 22:20:22 +10:00
Darren Tucker 9d81fdc664 - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec 
contrib/suse/openssh.spec] Crank version.
 2007-08-15 19:22:20 +10:00
Darren Tucker 794f97026e - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler. 
ok djm@
 2007-08-15 19:17:43 +10:00
Darren Tucker 69fe0e1398 - markus@cvs.openbsd.org 2007/08/15 08:16:49 
[version.h]
     openssh 4.7
 2007-08-15 19:14:52 +10:00
Darren Tucker 513d13accd - markus@cvs.openbsd.org 2007/08/15 08:14:46 
[clientloop.c]
     do NOT fall back to the trused x11 cookie if generation of an untrusted
     cookie fails; from security-alert at sun.com; ok dtucker
 2007-08-15 19:13:41 +10:00
Darren Tucker 2d9636471b - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always 
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
   with pam_dhkeys.  Patch from David Leonard, ok djm@
 2007-08-13 23:11:56 +10:00
Darren Tucker 8acb3b665b - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From. 
Matt Kraai, ok djm@.
 2007-08-10 14:36:12 +10:00
Darren Tucker 57d4ca9681 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@ 2007-08-10 14:32:34 +10:00
Darren Tucker 7015e9667a Credit Bernhard Simon who also reported this. 2007-08-09 15:03:23 +10:00
Darren Tucker a5b6f72a52 - (dtucker) [defines.h] Remove _PATH_{CSHELL,SHELLS} which aren't 
used anywhere and are a potential source of warnings.
 2007-08-09 14:37:52 +10:00
Darren Tucker 6f6b27d515 - (dtucker) [README.platform] Document the interaction between PermitRootLogin 
and the AIX native login restrictions.
 2007-08-09 14:31:53 +10:00
Darren Tucker 863cfa0e6f - (dtucker) [openbsd-compat/port-aix.c] Comment typo. 2007-08-09 14:29:47 +10:00
Damien Miller b3ce9fec30 - djm@cvs.openbsd.org 2007/08/07 07:32:53 
[clientloop.c clientloop.h ssh.c]
     bz#1232: ensure that any specified LocalCommand is executed after the
     tunnel device is opened. Also, make failures to open a tunnel device
     fatal when ExitOnForwardFailure is active.
     Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
 2007-08-08 14:32:41 +10:00
Damien Miller 647d97b1ab - sobrado@cvs.openbsd.org 2007/08/06 19:16:06 
[scp.1 scp.c]
     the ellipsis is not an optional argument; while here, sync the usage
     and synopsis of commands
     lots of good ideas by jmc@
     ok jmc@
 2007-08-08 14:29:58 +10:00
Damien Miller 932040285f - ray@cvs.openbsd.org 2007/07/12 05:48:05 
[key.c]
     Delint: remove some unreachable statements, from Bret Lambert.
     OK markus@ and dtucker@.
 2007-08-08 14:28:26 +10:00
Tim Rice cd22d30f32 - (tim) [buildpkg.sh.in] s|$FAKE_ROOT/${sysconfdir}|$FAKE_ROOT${sysconfdir}| 2007-07-24 21:40:59 -07:00
Tim Rice ffe3a8ec7e - (tim) [buildpkg.sh.in openssh.xml.in] Allow more flexibility where smf(5) 
files are installed.
 2007-07-24 21:16:07 -07:00
Tim Rice bf0212d1b7 - (tim) [openbsd-compat/regress/closefromtest.c] Bug 1345: fix open() call. 
Report/patch by David.Leonard AT quest.com
 2007-07-24 20:54:09 -07:00
Tim Rice 947fd59f7a - (tim) [openssh.xml.in] make FMRI match what package scripts use. 2007-07-24 13:13:42 -07:00
Damien Miller 0d7b93473c - (djm) bz#1325: Fix SELinux in permissive mode where it would 
incorrectly fatal() on errors. patch from cjwatson AT debian.org;
   ok dtucker
 2007-06-28 08:48:02 +10:00
Darren Tucker febf0f5668 - (dtucker) [atomicio.c configure.ac openbsd-compat/Makefile.in 
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
   Add an implementation of poll() built on top of select(2).  Code from
   OpenNTPD with changes suggested by djm.  ok djm@
 2007-06-25 22:15:12 +10:00
Darren Tucker dc4a779fbb - dtucker@cvs.openbsd.org 2007/06/25 12:02:27 
[atomicio.c]
     Include <poll.h> like the man page says rather than <sys/poll.h>.  ok djm@
 2007-06-25 22:08:10 +10:00
Darren Tucker 9e223240ac - (dtucker) [atomicio.c] Test for EWOULDBLOCK in atomiciov to match 
atomicio.
 2007-06-25 19:06:53 +10:00
Darren Tucker ae09cb8a71 - dtucker@cvs.openbsd.org 2007/06/25 08:20:03 
[channels.c]
     Correct test for window updates every three packets; prevents sending
     window updates for every single packet.  ok markus@
 2007-06-25 19:04:46 +10:00
Darren Tucker ab17f7d67b - djm@cvs.openbsd.org 2007/06/19 02:04:43 
[atomicio.c]
     if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
     avoid a spin if it is not yet ready for reading/writing; ok dtucker@
 2007-06-25 19:04:12 +10:00
Darren Tucker 132367f76f - djm@cvs.openbsd.org 2007/06/14 22:48:05 
[ssh.c]
     when waiting for the multiplex exit status, read until the master end
     writes an entire int of data *and* closes the client_fd; fixes mux
     regression spotted by dtucker, ok dtucker@
 2007-06-25 18:59:17 +10:00
Darren Tucker d989adadd3 - djm@cvs.openbsd.org 2007/06/14 21:43:25 
[ssh.c]
     handle EINTR when waiting for mux exit status properly
 2007-06-25 18:34:43 +10:00
Darren Tucker 067263e848 - djm@cvs.openbsd.org 2007/06/13 00:21:27 
[scp.c]
     don't ftruncate() non-regular files; bz#1236 reported by wood AT
     xmission.com; ok dtucker@
 2007-06-25 18:32:33 +10:00
Darren Tucker 7dae3d296e - (dtucker) [openbsd-compat/openssl-compat.h] Remove redundant definition 
of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
   subsequent <0.9.7 test.
 2007-06-14 23:47:31 +10:00
Darren Tucker a2ed75582f - (dtucker) [openbsd-compat/openssl-compat.h] Merge USE_BUILTIN_RIJNDAEL 
sections.  Fixes builds with early OpenSSL 0.9.6 versions.
 2007-06-14 23:38:39 +10:00
Darren Tucker cb52017ad9 - (dtucker) [cipher-ctr.c umac.c openbsd-compat/openssl-compat.h] Move the 
USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
   shared with umac.c.  Allows building with OpenSSL 0.9.5 again including
   umac support.  With tim@ djm@, ok djm.
 2007-06-14 23:21:32 +10:00
Darren Tucker bed63112f5 - dtucker@cvs.openbsd.org 2007/06/12 13:54:28 
[scp.c]
     Encode filename with strnvis if the name contains a newline (which can't
     be represented in the scp protocol), from bz #891.  ok markus@
 2007-06-13 00:02:07 +10:00
Darren Tucker 0409e15078 - jmc@cvs.openbsd.org 2007/06/12 13:43:55 
[ssh.1]
     add -K to SYNOPSIS;
 2007-06-13 00:00:58 +10:00
Darren Tucker 930cb0b718 - jmc@cvs.openbsd.org 2007/06/12 13:41:03 
[ssh-add.1]
     identies -> identities;
 2007-06-13 00:00:27 +10:00
Darren Tucker b1e128f75a - dtucker@cvs.openbsd.org 2007/06/12 11:56:15 
[gss-genr.c]
     Pass GSS OID to gss_display_status to provide better information in
     error messages.  Patch from Simon Wilkinson via bz 1220.  ok djm@
 2007-06-12 23:44:36 +10:00
Darren Tucker 2604749651 - djm@cvs.openbsd.org 2007/06/12 11:45:27 
[ssh.c]
     improved exit message from multiplex slave sessions; bz #1262
     reported by alexandre.nunes AT gmail.com; ok dtucker@
 2007-06-12 23:44:10 +10:00
Darren Tucker 415bddc1bd - djm@cvs.openbsd.org 2007/06/12 11:15:17 
[ssh.c ssh.1]
     Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
     GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
     and is useful for hosts with /home on Kerberised NFS; bz #1312
     patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
 2007-06-12 23:43:16 +10:00
Darren Tucker 2cbec749d7 - djm@cvs.openbsd.org 2007/06/12 11:11:08 
[ssh.c]
     fix slave exit value when a control master goes away without passing the
     full exit status by ensuring that the slave reads a full int. bz#1261
     reported by frekko AT gmail.com; ok markus@ dtucker@
 2007-06-12 23:41:33 +10:00
Darren Tucker 43ce902449 - djm@cvs.openbsd.org 2007/06/12 08:24:20 
[scp.c]
     make scp try to skip FIFOs rather than blocking when nothing is listening.
     depends on the platform supporting sane O_NONBLOCK semantics for open
     on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
     bz #856; report by cjwatson AT debian.org; ok markus@
 2007-06-12 23:41:06 +10:00
Darren Tucker 8f6d0ed60e - djm@cvs.openbsd.org 2007/06/12 08:20:00 
[ssh-gss.h gss-serv.c gss-genr.c]
     relocate server-only GSSAPI code from libssh to server; bz #1225
     patch from simon AT sxw.org.uk; ok markus@ dtucker@
 2007-06-12 23:40:39 +10:00
Darren Tucker 29a5707acc - djm@cvs.openbsd.org 2007/06/12 07:41:00 
[ssh-add.1]
     better document ssh-add's -d option (delete identies from agent), bz#1224
     new text based on some provided by andrewmc-debian AT celt.dias.ie;
     ok dtucker@
 2007-06-12 23:39:52 +10:00
Darren Tucker 395ecc2bde - markus@cvs.openbsd.org 2007/06/11 09:14:00 
[channels.h]
     increase default channel windows; ok djm
 2007-06-12 23:38:53 +10:00
Damien Miller 3191a8e8ba - markus@cvs.openbsd.org 2007/06/11 08:04:44 
[channels.c]
     send 'window adjust' messages every tree packets and do not wait
     until 50% of the window is consumed.  ok djm dtucker
 2007-06-11 18:33:15 +10:00
Darren Tucker 725286e223 - (dtucker) [includes.h] Bug #1243: HAVE_PATHS -> HAVE_PATHS_H. Should 
prevent warnings about redefinitions of various things in paths.h.
   Spotted by cartmanltd at hotmail.com.
 2007-06-11 14:44:02 +10:00
Darren Tucker 1534fa41e0 - (dtucker) [openbsd-compat/bsd-misc.c] According to the spec the "remainder" 
argument to nanosleep may be NULL.  Currently this never happens in OpenSSH,
   but check anyway in case this changes or the code gets used elsewhere.
 2007-06-11 14:34:53 +10:00
Damien Miller 34a176995f - (djm) [configure.ac umac.c] If platform doesn't provide swap32(3), then 
fallback to provided bit-swizzing functions
 2007-06-11 14:15:42 +10:00
Damien Miller 22b7b49331 - jmc@cvs.openbsd.org 2007/06/08 07:48:09 
[sshd_config.5]
     oops, here too: put the MAC list into a display, like we do for
     ciphers, since groff has trouble with wide lines;
 2007-06-11 14:07:12 +10:00
Damien Miller 5e7c30bdf1 - jmc@cvs.openbsd.org 2007/06/08 07:43:46 
[ssh_config.5]
     put the MAC list into a display, like we do for ciphers,
     since groff has trouble handling wide lines;
 2007-06-11 14:06:32 +10:00
Damien Miller 4de545a6fb - pvalchev@cvs.openbsd.org 2007/06/08 04:40:40 
[ssh_config]
     Add a "MACs" line after "Ciphers" with the default MAC algorithms,
     to ease people who want to tweak both (eg. for performance reasons).
     ok deraadt@ djm@ dtucker@
 2007-06-11 14:04:42 +10:00
Damien Miller e45796f7b4 - pvalchev@cvs.openbsd.org 2007/06/07 19:37:34 
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
     must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
     compared to hmac-md5. Represents a different approach to message
     authentication to that of HMAC that may be beneficial if HMAC based on
     one of its underlying hash algorithms is found to be vulnerable to a
     new attack.  http://www.ietf.org/rfc/rfc4418.txt
     in conjunction with and OK djm@
 2007-06-11 14:01:42 +10:00