configure (and there's not much point, as openssh won't work without it)
so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
built in. Remove HAVE_SELECT so we can build on platforms without poll.
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
header to after OpenSSL headers, since some versions of OpenSSL have
SSLeay_add_all_algorithms as a macro already.
- (tim) [contrib/cygwin/ssh-host-config]
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
[servconf.c session.c]
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
[clientloop.c packet.c serverloop.c]
Revert the change for bz #1307 as it causes connection aborts if an IGNORE
packet arrives while we're waiting in packet_read_expect (and possibly
elsewhere).
[sftp-client.c]
when a remote write error occurs during an upload, ensure that ACKs for
all issued requests are properly drained. patch from t8m AT centrum.cz
[sftp-server.c]
Remove the fixed 100 handle limit in sftp-server and allocate as many
as we have available file descriptors. Patch from miklos AT szeredi.hu;
ok dtucker@ markus@
[sftp.c]
When uploading, correctly handle the case of an unquoted filename with
glob metacharacters that match a file exactly but not as a glob, e.g. a
file called "[abcd]". report and test cases from duncan2nd AT gmx.de
[readconf.c readconf.h sshconnect2.c]
promote rekeylimit to a int64 so it can hold the maximum useful limit
of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
[channels.c]
When we added support for specified bind addresses for port forwards, we
added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
this for -L port forwards that causes the client to listen on both v4
and v6 addresses when connected to a server with this quirk, despite
having set 0.0.0.0 as a bind_address.
report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
[ssh-keygen.c]
when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
hash just the specified hostname and not the entire hostspec from the
keyfile. It may be of the form "hostname,ipaddr", which would lead to
a hash that never matches. report and fix from jp AT devnull.cz
[ssh.c]
ignore SIGPIPE in multiplex client mode - we can receive this if the
server runs out of fds on us midway. Report and patch from
gregory_shively AT fanniemae.com
[sftp-client.c sftp-client.h]
disable unused functions
initially from tobias@, but disabled them by placing them in
"#ifdef notyet" which was asked by djm@
ok djm@ tobias@
[sshd_config.5 servconf.c]
Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
only from the local network. ok markus@, man page bit ok jmc@
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440,
based on a patch from bruno at wolff.to, ok markus@
[clientloop.c]
Use the correct packet maximum sizes for remote port and agent forwarding.
Prevents the server from killing the connection if too much data is queued
and an excessively large packet gets sent. bz #1360, ok djm@.
[clientloop.c serverloop.c packet.c]
Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
ServerAlive and ClientAlive timers. Prevents dropping a connection
when these are enabled but the peer does not support our keepalives.
bz #1307, ok djm@.
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
sshd.c]
Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
ok markus@ stevesk@
[monitor_wrap.c monitor.c]
Send config block back to slave for invalid users too so options
set by a Match block (eg Banner) behave the same for non-existent
users. Found by and ok djm@
[openbsd-compat/sys-queue.h]
Introduce debugging aid for queue macros. Disabled by default; but
developers are encouraged to run with this enabled.
ok krw@ fgsch@ deraadt@
[openbsd-compat/sys-queue.h]
Performing certain operations on queue.h data structurs produced
funny results. An example is calling LIST_REMOVE on the same
element twice. This will not fail, but result in a data structure
referencing who knows what. Prevent these accidents by NULLing some
fields on remove and replace. This way, either a panic or segfault
will be produced on the faulty operation.
[openbsd-compat/sys-queue.h]
Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
ok millert krw deraadt
[regress/sftp-glob.sh regress/test-exec.sh]
remove "echo -E" crap that I added in last commit and use printf(1) for
cases where we strictly require echo not to reprocess escape characters.
[scp.c]
factor out network read/write into an atomicio()-like function, and
use it to handle short reads, apply bandwidth limits and update
counters. make network IO non-blocking, so a small trickle of
reads/writes has a chance of updating the progress meter; bz #799
ok dtucker@
[sftp.c]
rework argument splitting and parsing to cope correctly with common
shell escapes and make handling of escaped characters consistent
with sh(1) and between sftp commands (especially between ones that
glob their arguments and ones that don't).
parse command flags using getopt(3) rather than hand-rolled parsers.
ok dtucker@
[ssh-keygen.c]
handles zero-sized strings that fgets can return
properly removes trailing newline
removes an unused variable
correctly counts line number
"looks ok" ray@ markus@
[dh.c]
Don't return -1 on error in dh_pub_is_valid(), since it evaluates
to true.
Also fix a typo.
Initial diff from Matthew Dempsky, input from djm.
OK djm, markus.
[auth-bsdauth.c auth-passwd.c auth.c auth.h auth1.c auth2-chall.c]
[monitor.c monitor_wrap.c]
unifdef -DBSD_AUTH
unifdef -USKEY
These options have been in use for some years;
ok markus@ "no objection" millert@
(NB. RCD ID sync only for portable)
Damien Miller
Darren Tucker
Tim Rice