Damien Miller
4922315d1d
- djm@cvs.openbsd.org 2012/04/20 03:24:23
...
[sftp.c]
setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
2012-04-22 11:25:47 +10:00
Damien Miller
8fef9ebbab
- djm@cvs.openbsd.org 2012/04/12 02:43:55
...
[sshd_config sshd_config.5]
mention AuthorizedPrincipalsFile=none default
2012-04-22 11:25:10 +10:00
Damien Miller
23528816dc
- djm@cvs.openbsd.org 2012/04/12 02:42:32
...
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@
2012-04-22 11:24:43 +10:00
Damien Miller
839f743464
- djm@cvs.openbsd.org 2012/04/11 13:34:17
...
[ssh-keyscan.1 ssh-keyscan.c]
now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
look for them by default; bz#1971
2012-04-22 11:24:21 +10:00
Damien Miller
a116d13c4d
- djm@cvs.openbsd.org 2012/04/11 13:26:40
...
[sshd.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
2012-04-22 11:23:46 +10:00
Damien Miller
9fed161e67
- djm@cvs.openbsd.org 2012/04/11 13:17:54
...
[auth.c]
Support "none" as an argument for AuthorizedPrincipalsFile to indicate
no file should be read.
2012-04-22 11:21:43 +10:00
Damien Miller
a6508753db
- djm@cvs.openbsd.org 2012/04/11 13:16:19
...
[channels.c channels.h clientloop.c serverloop.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
2012-04-22 11:21:10 +10:00
Damien Miller
c6081482b2
- dtucker@cvs.openbsd.org 2012/03/29 23:54:36
...
[channels.c channels.h servconf.c]
Add PermitOpen none option based on patch from Loganaden Velvindron
(bz #1949 ). ok djm@
2012-04-22 11:18:53 +10:00
Damien Miller
48348fc3b4
- djm@cvs.openbsd.org 2012/03/28 07:23:22
...
[PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert.
2012-04-22 11:08:30 +10:00
Damien Miller
29cd188887
- guenther@cvs.openbsd.org 2012/03/15 03:10:27
...
[session.c]
root should always be excluded from the test for /etc/nologin instead
of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@
2012-04-22 11:08:10 +10:00
Damien Miller
a563cced06
- djm@cvs.openbsd.org 2012/02/29 11:21:26
...
[ssh-keygen.c]
allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
2012-04-22 11:07:28 +10:00
Damien Miller
d5dacb43fa
- (djm) Release openssh-6.0
2012-04-20 15:01:01 +10:00
Damien Miller
bf2304167b
- (djm) [README] Update URL to release notes.
2012-04-20 14:11:04 +10:00
Damien Miller
8beb320390
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
...
[contrib/suse/openssh.spec] Update for release 6.0
2012-04-20 10:58:34 +10:00
Damien Miller
398c0ffe0e
- (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
...
contains openpty() but not login()
2012-04-19 21:46:35 +10:00
Damien Miller
e0956e3834
- (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
...
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
2012-04-04 11:27:54 +10:00
Damien Miller
ce1ec9d4e2
- (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
...
assumptions when building on Cygwin; patch from Corinna Vinschen
2012-03-30 14:07:05 +11:00
Damien Miller
4d55734c16
- (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
...
openssh binaries on a newer fix release than they were compiled on.
with and ok dtucker@
2012-03-30 11:34:27 +11:00
Darren Tucker
67ccc86506
- (dtucker) [contrib/redhat/openssh.spec] Bug #1992 : remove now-gone WARNING
...
file from spec file. From crighter at nuclioss com.
2012-03-30 10:19:56 +11:00
Damien Miller
54c38d24c6
- (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
...
addressed connections. ok dtucker@
2012-03-09 10:28:07 +11:00
Damien Miller
7bf7b889b3
- (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
...
systems where sshd is run in te wrong context. Patch from Sven
Vermeulen; ok dtucker@
2012-03-09 10:25:16 +11:00
Darren Tucker
93a2d41505
- (dtucker) [audit-bsm.c configure.ac] bug #1968 : enable workarounds for BSM
...
audit breakage in Solaris 11. Patch from Magnus Johansson.
2012-02-24 10:40:41 +11:00
Tim Rice
a3f297de91
- (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
...
to work. Spotted by Angel Gonzalez
2012-02-14 23:01:42 -08:00
Tim Rice
f79b5d38a1
- (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
...
it actually works.
2012-02-14 20:13:05 -08:00
Tim Rice
e3609c935c
- (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
...
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
ok dtucker@
2012-02-14 10:03:30 -08:00
Damien Miller
7b7901c330
- (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
...
preserved Cygwin environment variables; from Corinna Vinschen
2012-02-14 06:38:36 +11:00
Damien Miller
db854559be
- markus@cvs.openbsd.org 2012/02/09 20:00:18
...
[version.h]
move from 6.0-beta to 6.0
2012-02-11 08:19:44 +11:00
Damien Miller
72de982def
- markus@cvs.openbsd.org 2012/01/25 19:40:09
...
[packet.c packet.h]
packet_read_poll() is not used anymore.
2012-02-11 08:19:21 +11:00
Damien Miller
5d0077008f
- markus@cvs.openbsd.org 2012/01/25 19:36:31
...
[authfile.c]
memleak in key_load_file(); from Jan Klemkow
2012-02-11 08:19:02 +11:00
Damien Miller
1de2cfe9a9
- markus@cvs.openbsd.org 2012/01/25 19:26:43
...
[packet.c]
do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
ok dtucker@, djm@
2012-02-11 08:18:43 +11:00
Damien Miller
8d60be5487
- dtucker@cvs.openbsd.org 2012/01/18 21:46:43
...
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
2012-02-11 08:18:17 +11:00
Damien Miller
fb12c6d8bb
- miod@cvs.openbsd.org 2012/01/16 20:34:09
...
[ssh-pkcs11-client.c]
Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
While there, be sure to buffer_clear() between send_msg() and recv_msg().
ok markus@
2012-02-11 08:17:52 +11:00
Damien Miller
83ba8e6056
- miod@cvs.openbsd.org 2012/01/08 13:17:11
...
[ssh-ecdsa.c]
Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
ok markus@
2012-02-11 08:17:27 +11:00
Damien Miller
2ec0342ed4
- djm@cvs.openbsd.org 2012/01/07 21:11:36
...
[mux.c]
fix double-free in new session handler
2012-02-11 08:16:28 +11:00
Damien Miller
a2876db5e6
- djm@cvs.openbsd.org 2012/01/05 00:16:56
...
[monitor.c]
memleak on error path
2012-02-11 08:16:06 +11:00
Damien Miller
b56e4930ae
- (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
...
that don't support ECC. Patch from Phil Oleson
2012-02-06 07:41:27 +11:00
Darren Tucker
e9b3ad73ba
- (dtucker) [configure.ac mac.c openbsd-compat/openssl-compat.h] Add
...
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
2012-01-17 14:03:34 +11:00
Damien Miller
8ed4de8f1d
- djm@cvs.openbsd.org 2011/12/07 05:44:38
...
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
fix some harmless and/or unreachable int overflows;
reported Xi Wang, ok markus@
2011-12-19 10:52:50 +11:00
Damien Miller
913ddff40d
- djm@cvs.openbsd.org 2011/12/04 23:16:12
...
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
2011-12-19 10:52:21 +11:00
Damien Miller
d0e582c6da
- djm@cvs.openbsd.org 2011/12/02 00:43:57
...
[mac.c]
fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
HMAC_init (this change in policy seems insane to me)
ok dtucker@
2011-12-19 10:51:39 +11:00
Damien Miller
5360dff2a0
- djm@cvs.openbsd.org 2011/12/02 00:41:56
...
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
2011-12-19 10:51:11 +11:00
Damien Miller
47d8115e53
- oga@cvs.openbsd.org 2011/11/16 12:24:28
...
[sftp.c]
Don't leak list in complete_cmd_parse if there are no commands found.
Discovered when I was ``borrowing'' this code for something else.
ok djm@
2011-11-25 13:53:48 +11:00
Darren Tucker
4a725ef6a5
- (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
2011-11-21 16:38:48 +11:00
Darren Tucker
aa3cbd1b5b
- (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
...
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
2011-11-04 11:25:24 +11:00
Darren Tucker
be4032ba1e
- dtucker@cvs.openbsd.org 011/11/04 00:09:39
...
[moduli]
regenerated moduli file; ok deraadt
2011-11-04 11:16:06 +11:00
Darren Tucker
9c5d553d58
- djm@cvs.openbsd.org 2011/10/24 02:13:13
...
[session.c]
bz#1859: send tty break to pty master instead of (probably already
closed) slave side; "looks good" markus@
2011-11-04 10:55:24 +11:00
Darren Tucker
2d6665d944
- djm@cvs.openbsd.org 2011/10/24 02:10:46
...
[ssh.c]
bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
was incorrectly requesting the forward in both the control master and
slave. skip requesting it in the master to fix. ok markus@
2011-11-04 10:54:22 +11:00
Darren Tucker
8a057953d2
- djm@cvs.openbsd.org 2011/10/19 10:39:48
...
[umac.c]
typo in comment; patch from Michael W. Bombardieri
2011-11-04 10:53:31 +11:00
Darren Tucker
9ee09cfce6
- djm@cvs.openbsd.org 2011/10/19 00:06:10
...
[moduli.c]
s/tmpfile/tmp/ to make this -Wshadow clean
2011-11-04 10:52:43 +11:00
Darren Tucker
e68cf84ac8
- djm@cvs.openbsd.org 2011/10/18 23:37:42
...
[ssh-add.c]
add -k to usage(); reminded by jmc@
2011-11-04 10:51:51 +11:00