RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-28 21:22:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,058 Commits 69 Branches 157 Tags 27 MiB
099fc1634e
Commit Graph

5570 Commits

Author SHA1 Message Date
Damien Miller
099fc1634e - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 
[sftp.c]
     restore mput and mget which got lost in the tab-completion changes.
     found by Kenneth Whitaker, ok djm@
 2010-05-10 11:56:50 +10:00
Damien Miller
2725c2193b - djm@cvs.openbsd.org 2010/05/01 02:50:50 
[PROTOCOL.certkeys]
     typo; jmeltzer@
 2010-05-10 11:56:14 +10:00
Damien Miller
79442c07c4 - djm@cvs.openbsd.org 2010/04/26 22:28:24 
[sshconnect2.c]
     bz#1502: authctxt.success is declared as an int, but passed by
     reference to function that accepts sig_atomic_t*. Convert it to
     the latter; ok markus@ dtucker@
 2010-05-10 11:55:38 +10:00
Damien Miller
bebbb7e8a5 - djm@cvs.openbsd.org 2010/04/23 22:48:31 
[ssh-keygen.c]
     refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
     since we would refuse to use them anyway. bz#1516; ok dtucker@
 2010-05-10 11:54:38 +10:00
Damien Miller
22a29880bb - djm@cvs.openbsd.org 2010/04/23 22:42:05 
[session.c]
     set stderr to /dev/null for subsystems rather than just closing it.
     avoids hangs if a subsystem or shell initialisation writes to stderr.
     bz#1750; ok markus@
 2010-05-10 11:53:54 +10:00
Damien Miller
85c50d7858 - djm@cvs.openbsd.org 2010/04/23 22:27:38 
[mux.c]
     set "detach_close" flag when registering channel cleanup callbacks.
     This causes the channel to close normally when its fds close and
     hangs when terminating a mux slave using ~. bz#1758; ok markus@
 2010-05-10 11:53:02 +10:00
Damien Miller
50af79b118 - OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2010/04/23 01:47:41
     [ssh-keygen.c]
     bz#1740: display a more helpful error message when $HOME is
     inaccessible while trying to create .ssh directory. Based on patch
     from jchadima AT redhat.com; ok dtucker@
 2010-05-10 11:52:00 +10:00
Darren Tucker
9f8703b573 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 
in the openssl install directory (some newer openssl versions do this on at
   least some amd64 platforms).
 2010-04-23 11:12:06 +10:00
Darren Tucker
e25a9bd740 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default 
file.
 2010-04-18 13:35:00 +10:00
Damien Miller
53f4bb6599 - OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2010/04/16 01:58:45
     [regress/cert-hostkey.sh regress/cert-userkey.sh]
     regression tests for v01 certificate format
     includes interop tests for v00 certs
 2010-04-18 08:15:14 +10:00
Damien Miller
c617aa9ff5 - djm@cvs.openbsd.org 2010/04/16 21:14:27 
[sshconnect.c]
     oops, %r => remote username, not %u
 2010-04-18 08:08:20 +10:00
Damien Miller
1f181425e9 - jmc@cvs.openbsd.org 2010/04/16 06:47:04 
[ssh-keygen.1 ssh-keygen.c]
     tweak previous; ok djm
 2010-04-18 08:08:03 +10:00
Damien Miller
c4eddee1b7 - OpenBSD CVS Sync 
- jmc@cvs.openbsd.org 2010/04/16 06:45:01
     [ssh_config.5]
     tweak previous; ok djm
 2010-04-18 08:07:43 +10:00
Damien Miller
4e270b05dd - djm@cvs.openbsd.org 2010/04/16 01:47:26 
[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
     following changes:

     move the nonce field to the beginning of the certificate where it can
     better protect against chosen-prefix attacks on the signature hash

     Rename "constraints" field to "critical options"

     Add a new non-critical "extensions" field

     Add a serial number

     The older format is still support for authentication and cert generation
     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)

     ok markus@
 2010-04-16 15:56:21 +10:00
Damien Miller
031c9100df - markus@cvs.openbsd.org 2010/04/15 20:32:55 
[ssh-pkcs11.c]
     retry lookup for private key if there's no matching key with CKA_SIGN
     attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
     ok djm@
 2010-04-16 15:54:44 +10:00
Damien Miller
b1b17047e3 - djm@cvs.openbsd.org 2010/04/14 22:27:42 
[ssh_config.5 sshconnect.c]
     expand %r => remote username in ssh_config:ProxyCommand;
     ok deraadt markus
 2010-04-16 15:54:19 +10:00
Damien Miller
601a23c02c - djm@cvs.openbsd.org 2010/04/10 05:48:16 
[mux.c]
     fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
 2010-04-16 15:54:01 +10:00
Damien Miller
88680654ad - djm@cvs.openbsd.org 2010/04/10 02:10:56 
[sshconnect2.c]
     show the key type that we are offering in debug(), helps distinguish
     between certs and plain keys as the path to the private key is usually
     the same.
 2010-04-16 15:53:43 +10:00
Damien Miller
22c97f1539 - djm@cvs.openbsd.org 2010/04/10 02:08:44 
[clientloop.c]
     bz#1698: kill channel when pty allocation requests fail. Fixed
     stuck client if the server refuses pty allocation.
     ok dtucker@ "think so" markus@
 2010-04-16 15:53:23 +10:00
Damien Miller
672839994e - djm@cvs.openbsd.org 2010/04/10 00:04:30 
[sshconnect.c]
     fix terminology: we didn't find a certificate in known_hosts, we found
     a CA key
 2010-04-16 15:53:02 +10:00
Damien Miller
deb5a1423a - djm@cvs.openbsd.org 2010/04/10 00:00:16 
[ssh.c]
     bz#1746 - suppress spurious tty warning when using -O and stdin
     is not a tty; ok dtucker@ markus@
 2010-04-16 15:52:43 +10:00
Damien Miller
544378da56 - jmc@cvs.openbsd.org 2010/03/27 14:26:55 
[ssh_config.5]
     tweak previous; ok dtucker
 2010-04-16 15:52:24 +10:00
Damien Miller
67f30d70d9 - jmc@cvs.openbsd.org 2010/03/26 06:54:36 
[ssh.1]
     tweak previous;
 2010-04-16 15:52:03 +10:00
Damien Miller
d6fc3065da - OpenBSD CVS Sync 
- djm@cvs.openbsd.org 2010/03/26 03:13:17
     [bufaux.c]
     allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
     argument to allow skipping past values in a buffer
 2010-04-16 15:51:45 +10:00
Damien Miller
a45f1c0345 openssh-5.5p1 marker 2010-04-16 15:51:34 +10:00
Darren Tucker
627337d95b - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo 
back so we disable the IPv6 tests if we don't have it.
 2010-04-10 22:58:01 +10:00
Darren Tucker
261d93a5cf - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable 
utmpx support on FreeBSD where possible.  Patch from Ed Schouten, ok djm@
 2010-04-09 18:13:27 +10:00
Darren Tucker
c4ccb12ee4 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we 
have it and the path is not provided to --with-libedit.  Based on a patch
   from Iain Morgan.
 2010-04-09 14:04:35 +10:00
Darren Tucker
537d4dcfa0 - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong 
ones.  Based on a patch from Roumen Petrov.
 2010-04-09 13:35:23 +10:00
Darren Tucker
ce3754bbf3 - dtucker@cvs.openbsd.org 2010/03/26 01:06:13 
[ssh_config.5]
     Reformat default value of PreferredAuthentications entry (current
     formatting implies ", " is acceptable as a separator, which it's not.
     ok djm@
 2010-03-26 12:09:13 +11:00
Damien Miller
9c60f24f01 - djm@cvs.openbsd.org 2010/03/26 00:26:58 
[ssh.1]
     mention that -S none disables connection sharing; from Colin Watson
 2010-03-26 11:28:35 +11:00
Damien Miller
df08341060 - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys; 
bz#1723 patch from Adeodato Simó via Colin Watson; ok dtucker@
 2010-03-26 11:18:27 +11:00
Darren Tucker
ffd1eaadb0 - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using 
pkg-config, patch from Colin Watson.  Needed for newer linkers (ie gold).
 2010-03-26 11:16:39 +11:00
Damien Miller
6480c63b75 - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721 
ok dtucker@
 2010-03-26 11:09:44 +11:00
Damien Miller
8b90642fcf - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - 
set up SELinux execution context before chroot() call. From Russell
   Coker via Colin watson; bz#1726 ok dtucker@
 2010-03-26 11:04:09 +11:00
Damien Miller
44451d0af8 - djm@cvs.openbsd.org 2010/03/25 23:38:28 
[servconf.c]
     from portable: getcwd(NULL, 0) doesn't work on all platforms, so
     use a stack buffer; ok dtucker@
 2010-03-26 10:40:04 +11:00
Darren Tucker
a83d90fbab - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally 
by Ingo Weinhold via Scott McCreary, ok djm@
 2010-03-26 10:27:33 +11:00
Damien Miller
7d09b8f8d9 - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection 
for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
 2010-03-26 08:52:02 +11:00
Darren Tucker
62131dc6e2 - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory 
containing the services file explicitely case-insensitive.  This allows to
   tweak the Windows services file reliably.  Patch from vinschen at redhat.
 2010-03-24 13:03:32 +11:00
Damien Miller
b086d4ac70 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 
[contrib/suse/openssh.spec] Crank version numbers
 2010-03-22 06:11:55 +11:00
Damien Miller
13a9f7247a - djm@cvs.openbsd.org 2010/03/16 16:36:49 
[version.h]
     crank version to openssh-5.5 since we have a few fixes since 5.4;
     requested deraadt@ kettenis@
 2010-03-22 05:59:22 +11:00
Damien Miller
33334b27bc - stevesk@cvs.openbsd.org 2010/03/16 15:46:52 
[auth-options.c]
     spelling in error message. ok djm kettenis
 2010-03-22 05:59:02 +11:00
Damien Miller
1cfbfaf4a0 - stevesk@cvs.openbsd.org 2010/03/15 19:40:02 
[key.c key.h ssh-keygen.c]
     also print certificate type (user or host) for ssh-keygen -L
     ok djm kettenis
 2010-03-22 05:58:24 +11:00
Damien Miller
5a5d94b12f - jmc@cvs.openbsd.org 2010/03/13 23:38:13 
[ssh-keygen.1]
     fix a formatting error (args need quoted); noted by stevesk
 2010-03-22 05:57:49 +11:00
Damien Miller
1b61a2825e - djm@cvs.openbsd.org 2010/03/13 21:45:46 
[ssh-keygen.1]
     Certificates are named *-cert.pub, not *_cert.pub; committing a diff
     from stevesk@ ok me
 2010-03-22 05:55:06 +11:00
Damien Miller
8ddc71c13d - djm@cvs.openbsd.org 2010/03/13 21:10:38 
[clientloop.c]
     protocol conformance fix: send language tag when disconnecting normally;
     spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
 2010-03-22 05:54:02 +11:00
Damien Miller
4a5f0d325b - markus@cvs.openbsd.org 2010/03/12 11:37:40 
[servconf.c]
     do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths
     free() (not xfree()) the buffer returned by getcwd()
 2010-03-22 05:53:04 +11:00
Damien Miller
c4cb47bc53 - djm@cvs.openbsd.org 2010/03/12 01:06:25 
[servconf.c]
     unbreak AuthorizedKeys option with a $HOME-relative path; reported by
     vinschen AT redhat.com, ok dtucker@
 2010-03-22 05:52:26 +11:00
Damien Miller
e513a91195 - djm@cvs.openbsd.org 2010/03/10 23:27:17 
[auth2-pubkey.c]
     correct certificate logging and make it more consistent between
     authorized_keys and TrustedCAKeys; ok markus@
 2010-03-22 05:51:21 +11:00
Damien Miller
77497e1318 - jmc@cvs.openbsd.org 2010/03/10 07:40:35 
[ssh-keygen.1]
     typos; from Ross Richardson
     closes prs 6334 and 6335
 2010-03-22 05:50:51 +11:00