Commit Graph

6083 Commits

Author SHA1 Message Date
Darren Tucker
627337d95b - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
back so we disable the IPv6 tests if we don't have it.
2010-04-10 22:58:01 +10:00
Darren Tucker
261d93a5cf - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable
utmpx support on FreeBSD where possible.  Patch from Ed Schouten, ok djm@
2010-04-09 18:13:27 +10:00
Darren Tucker
c4ccb12ee4 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we
have it and the path is not provided to --with-libedit.  Based on a patch
   from Iain Morgan.
2010-04-09 14:04:35 +10:00
Darren Tucker
537d4dcfa0 - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong
ones.  Based on a patch from Roumen Petrov.
2010-04-09 13:35:23 +10:00
Darren Tucker
ce3754bbf3 - dtucker@cvs.openbsd.org 2010/03/26 01:06:13
[ssh_config.5]
     Reformat default value of PreferredAuthentications entry (current
     formatting implies ", " is acceptable as a separator, which it's not.
     ok djm@
2010-03-26 12:09:13 +11:00
Damien Miller
9c60f24f01 - djm@cvs.openbsd.org 2010/03/26 00:26:58
[ssh.1]
     mention that -S none disables connection sharing; from Colin Watson
2010-03-26 11:28:35 +11:00
Damien Miller
df08341060 - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys;
bz#1723 patch from Adeodato Simó via Colin Watson; ok dtucker@
2010-03-26 11:18:27 +11:00
Darren Tucker
ffd1eaadb0 - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using
pkg-config, patch from Colin Watson.  Needed for newer linkers (ie gold).
2010-03-26 11:16:39 +11:00
Damien Miller
6480c63b75 - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721
ok dtucker@
2010-03-26 11:09:44 +11:00
Damien Miller
8b90642fcf - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
set up SELinux execution context before chroot() call. From Russell
   Coker via Colin watson; bz#1726 ok dtucker@
2010-03-26 11:04:09 +11:00
Damien Miller
44451d0af8 - djm@cvs.openbsd.org 2010/03/25 23:38:28
[servconf.c]
     from portable: getcwd(NULL, 0) doesn't work on all platforms, so
     use a stack buffer; ok dtucker@
2010-03-26 10:40:04 +11:00
Darren Tucker
a83d90fbab - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally
by Ingo Weinhold via Scott McCreary, ok djm@
2010-03-26 10:27:33 +11:00
Damien Miller
7d09b8f8d9 - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection
for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
2010-03-26 08:52:02 +11:00
Darren Tucker
62131dc6e2 - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory
containing the services file explicitely case-insensitive.  This allows to
   tweak the Windows services file reliably.  Patch from vinschen at redhat.
2010-03-24 13:03:32 +11:00
Damien Miller
b086d4ac70 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Crank version numbers
2010-03-22 06:11:55 +11:00
Damien Miller
13a9f7247a - djm@cvs.openbsd.org 2010/03/16 16:36:49
[version.h]
     crank version to openssh-5.5 since we have a few fixes since 5.4;
     requested deraadt@ kettenis@
2010-03-22 05:59:22 +11:00
Damien Miller
33334b27bc - stevesk@cvs.openbsd.org 2010/03/16 15:46:52
[auth-options.c]
     spelling in error message. ok djm kettenis
2010-03-22 05:59:02 +11:00
Damien Miller
1cfbfaf4a0 - stevesk@cvs.openbsd.org 2010/03/15 19:40:02
[key.c key.h ssh-keygen.c]
     also print certificate type (user or host) for ssh-keygen -L
     ok djm kettenis
2010-03-22 05:58:24 +11:00
Damien Miller
5a5d94b12f - jmc@cvs.openbsd.org 2010/03/13 23:38:13
[ssh-keygen.1]
     fix a formatting error (args need quoted); noted by stevesk
2010-03-22 05:57:49 +11:00
Damien Miller
1b61a2825e - djm@cvs.openbsd.org 2010/03/13 21:45:46
[ssh-keygen.1]
     Certificates are named *-cert.pub, not *_cert.pub; committing a diff
     from stevesk@ ok me
2010-03-22 05:55:06 +11:00
Damien Miller
8ddc71c13d - djm@cvs.openbsd.org 2010/03/13 21:10:38
[clientloop.c]
     protocol conformance fix: send language tag when disconnecting normally;
     spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
2010-03-22 05:54:02 +11:00
Damien Miller
4a5f0d325b - markus@cvs.openbsd.org 2010/03/12 11:37:40
[servconf.c]
     do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths
     free() (not xfree()) the buffer returned by getcwd()
2010-03-22 05:53:04 +11:00
Damien Miller
c4cb47bc53 - djm@cvs.openbsd.org 2010/03/12 01:06:25
[servconf.c]
     unbreak AuthorizedKeys option with a $HOME-relative path; reported by
     vinschen AT redhat.com, ok dtucker@
2010-03-22 05:52:26 +11:00
Damien Miller
e513a91195 - djm@cvs.openbsd.org 2010/03/10 23:27:17
[auth2-pubkey.c]
     correct certificate logging and make it more consistent between
     authorized_keys and TrustedCAKeys; ok markus@
2010-03-22 05:51:21 +11:00
Damien Miller
77497e1318 - jmc@cvs.openbsd.org 2010/03/10 07:40:35
[ssh-keygen.1]
     typos; from Ross Richardson
     closes prs 6334 and 6335
2010-03-22 05:50:51 +11:00
Damien Miller
c59e2443d3 - jmc@cvs.openbsd.org 2010/03/08 09:41:27
[ssh-keygen.1]
     sort the list of constraints (to -O); ok djm
2010-03-22 05:50:31 +11:00
Damien Miller
1f574b2546 - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for
ssh-pkcs11-helper to repair static builds (we do the same for
   ssh-keyscan). Reported by felix-mindrot AT fefe.de
2010-03-14 08:41:34 +11:00
Damien Miller
47f9a4106a - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix
compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot
   AT fefe.de
2010-03-14 08:37:49 +11:00
Tim Rice
4e0cea82dd - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install
on a Cygwin installation. Patch from Corinna Vinschen.
2010-03-11 22:35:19 -08:00
Tim Rice
ded8fa0bc9 - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.
Patch from Corinna Vinschen.
2010-03-11 22:32:02 -08:00
Tim Rice
2bde3eec69 - (tim) [openssh/Makefile.in] Now that scard is gone, no need to
make $(datadir)
2010-03-11 22:18:13 -08:00
Tim Rice
fa233ba73b - (tim) [contrib/suse/openssh.spec] crank version number here too.
report by imorgan AT nas.nasa.gov
2010-03-10 16:12:02 -08:00
Darren Tucker
c9fe39b1a4 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
so setting it in CFLAGS correctly skips IPv6 tests.
2010-03-09 20:42:30 +11:00
Damien Miller
081c976e1c - djm@cvs.openbsd.org 2010/03/08 00:28:55
[ssh-keygen.1]
     document permit-agent-forwarding certificate constraint; patch from
     stevesk@
2010-03-08 11:30:00 +11:00
Damien Miller
958678726c - (djm) Release OpenSSH-5.4p1 2010-03-08 09:50:17 +11:00
Damien Miller
6bf31786cf - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
crank version numbers
2010-03-08 09:41:02 +11:00
Damien Miller
3e1ee491f3 - djm@cvs.openbsd.org 2010/03/07 22:16:01
[ssh-keygen.c]
     make internal strptime string match strftime format;
     suggested by vinschen AT redhat.com and markus@
2010-03-08 09:24:11 +11:00
Damien Miller
b3bc331e09 - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/03/07 22:01:32
     [version.h]
     openssh-5.4
2010-03-08 09:03:33 +11:00
Darren Tucker
cd70e1b813 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13
[auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
     Hold authentication debug messages until after successful authentication.
     Fixes an info leak of environment variables specified in authorized_keys,
     reported by Jacob Appelbaum.  ok djm@
2010-03-07 23:05:17 +11:00
Darren Tucker
ac0c4c9c1d - (dtucker) [session.c] Also initialize creds to NULL for handing to
setpcred.
2010-03-07 13:32:16 +11:00
Darren Tucker
c738e6c646 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
do not set real uid, since that's needed for the chroot, and will be set
   by permanently_set_uid.
2010-03-07 13:21:12 +11:00
Darren Tucker
b3d20a3ff0 - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
it gets the passwd struct from the LAM that knows about the user which is
   not necessarily the default.  Patch from Alexandre Letourneau.
2010-03-07 11:56:59 +11:00
Damien Miller
5059d8d7e6 - djm@cvs.openbsd.org 2010/03/05 10:28:21
[ssh-add.1 ssh.1 ssh_config.5]
     mention loading of certificate files from [private]-cert.pub when
     they are present; feedback and ok jmc@
2010-03-05 21:31:11 +11:00
Damien Miller
922b541329 - jmc@cvs.openbsd.org 2010/03/05 08:31:20
[ssh.1]
     document certificate authentication; help/ok djm
2010-03-05 21:30:54 +11:00
Damien Miller
98339054f9 - jmc@cvs.openbsd.org 2010/03/05 06:50:35
[ssh.1 sshd.8]
     tweak previous;
2010-03-05 21:30:35 +11:00
Damien Miller
9527f228ae - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@ 2010-03-05 15:04:35 +11:00
Damien Miller
b068d0ad6d - djm@cvs.openbsd.org 2010/03/05 02:58:11
[auth.c]
     make the warning for a revoked key louder and more noticable
2010-03-05 14:03:03 +11:00
Damien Miller
48b6021721 - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure
on some platforms
2010-03-05 11:40:19 +11:00
Damien Miller
689b872842 - djm@cvs.openbsd.org 2010/03/04 23:27:25
[auth-options.c ssh-keygen.c]
     "force-command" is not spelled "forced-command"; spotted by
     imorgan AT nas.nasa.gov
2010-03-05 10:42:24 +11:00
Damien Miller
a7dab8bfe5 - djm@cvs.openbsd.org 2010/03/04 23:19:29
[ssh.1 sshd.8]
     move section on CA and revoked keys from ssh.1 to sshd.8's known hosts
     format section and rework it a bit; requested by jmc@
2010-03-05 10:42:05 +11:00