Commit Graph

4432 Commits

Author SHA1 Message Date
Damien Miller
c8ab8ceacb - (djm) Update RPM spec file versions 2005-09-01 19:10:48 +10:00
Tim Rice
66fd217e8e - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
   libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
   Feedback and OK dtucker@
2005-08-31 09:59:49 -07:00
Darren Tucker
d0a47cd243 - (dtucker) [README] Update release note URL to 4.2 2005-09-01 00:05:56 +10:00
Damien Miller
ae37959bfb - markus@cvs.openbsd.org 2005/08/31 09:28:42
[version.h]
     4.2
2005-08-31 19:47:07 +10:00
Damien Miller
da9984fc3a - (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2005/08/30 22:08:05
     [gss-serv.c sshconnect2.c]
     destroy credentials if krb5_kuserok() call fails. Stops credentials being
     delegated to users who are not authorised for GSSAPIAuthentication when
     GSSAPIDeletegateCredentials=yes and another authentication mechanism
     succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
     simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
2005-08-31 19:46:26 +10:00
Damien Miller
ca9ce95bdd correct bug number 2005-08-31 19:42:20 +10:00
Tim Rice
eb456545fd - (tim) [configure.ac] Back out last change. It needs to be done differently. 2005-08-30 07:12:02 -07:00
Tim Rice
2016865b95 - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
password support to 7.x for now.
2005-08-29 17:17:37 -07:00
Tim Rice
2291c00ab2 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
   openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
   openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
   on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
   by tim@. Feedback and OK dtucker@
2005-08-26 13:15:19 -07:00
Tim Rice
8cc2ad68cd - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@ 2005-08-23 17:18:21 -07:00
Tim Rice
3db1e3fc68 - (tim) [configure.ac ] Not all gcc's support -Wsign-compare 2005-08-23 17:11:26 -07:00
Darren Tucker
114572f7ee - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
   and "//foo" to be different.  Spotted by vinschen at redhat.com.
2005-08-23 23:32:05 +10:00
Darren Tucker
93e7e8f345 - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
LynxOS, patch from Olli Savia (ops at iki.fi).  ok djm@
2005-08-23 08:06:55 +10:00
Damien Miller
1d10976c16 - (djm) [ttymodes.c] bugzilla #1054: Fix encoding of _POSIX_VDISABLE,
from Jacob Nevins; ok dtucker@
2005-08-16 21:32:09 +10:00
Tim Rice
c1819c831f - (tim) [configure.ac] corrections to libedit tests. Report and patches
by skeleten AT shillest.net
2005-08-15 17:48:40 -07:00
Tim Rice
027e8b10f5 - (tim) wrap el_end() in #ifdef USE_LIBEDIT 2005-08-15 14:52:50 -07:00
Damien Miller
0e2c102858 - jaredy@cvs.openbsd.org 2005/08/08 13:22:48
[sftp.c]
     sftp prompt enhancements:
     - in non-interactive mode, do not print an empty prompt at the end
       before finishing
     - print newline after EOF in editline mode
     - call el_end() in editline mode
     ok dtucker djm
2005-08-12 22:16:22 +10:00
Damien Miller
8e489484a1 oops, that last commit was:
Report from Janusz Mucka; ok djm@
2005-08-12 22:11:58 +10:00
Damien Miller
203c70579e - dtucker@cvs.openbsd.org 2005/08/06 10:03:12
[servconf.c]
     Unbreak sshd ListenAddress for bare IPv6 addresses.
2005-08-12 22:11:37 +10:00
Damien Miller
43f6db64ff - djm@cvs.openbsd.org 2005/07/30 02:03:47
[readconf.c]
     listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
2005-08-12 22:11:18 +10:00
Damien Miller
be1045dc58 - djm@cvs.openbsd.org 2005/07/30 01:26:16
[ssh.c]
     fix -D listen_host initialisation, so it picks up gateway_ports setting
     correctly
2005-08-12 22:10:56 +10:00
Damien Miller
b5c012577e - markus@cvs.openbsd.org 2005/07/28 17:36:22
[packet.c]
     missing packet_init_compression(); from solar
2005-08-12 22:10:28 +10:00
Darren Tucker
73f671a090 - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
Sync current (thread-safe) version of realpath.c from OpenBSD (which is
   in turn based on FreeBSD's).  ok djm@
2005-08-10 21:52:36 +10:00
Darren Tucker
c7572b2661 - (dtucker) [configure.ac] Test libedit library and headers for compatibility.
Report from skeleten AT shillest.net, ok djm@
2005-08-10 20:34:15 +10:00
Tim Rice
8bc6b900ed - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
Report by skeleten AT shillest.net
2005-08-09 10:09:53 -07:00
Darren Tucker
9825697d3c - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
latter is specified in the standard.
2005-08-03 15:36:21 +10:00
Darren Tucker
212cfc4b48 - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
individually and use a value less likely to collide with real values from
   netdb.h.  Fixes compile warnings on FreeBSD 5.3.  ok djm@
2005-08-03 10:57:15 +10:00
Darren Tucker
7da23cb5d3 - (dtucker) [configure.ac] Add a --with-Werror option to configure for
adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
2005-08-03 00:20:15 +10:00
Darren Tucker
dd352b675b - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
with gcc.  ok djm@
2005-08-02 17:21:29 +10:00
Darren Tucker
4085853915 - dtucker@cvs.openbsd.org 2005/07/27 10:39:03
[scp.c hostfile.c sftp-client.c]
     Silence bogus -Wuninitialized warnings; ok djm@
2005-08-02 17:07:07 +10:00
Damien Miller
9786e6e2a0 - markus@cvs.openbsd.org 2005/07/25 11:59:40
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
     [sshconnect2.c sshd.c sshd_config sshd_config.5]
     add a new compression method that delays compression until the user
     has been authenticated successfully and set compression to 'delayed'
     for sshd.
     this breaks older openssh clients (< 3.5) if they insist on
     compression, so you have to re-enable compression in sshd_config.
     ok djm@
2005-07-26 21:54:56 +10:00
Damien Miller
47655ee03a - (djm) OpenBSD CVS Sync
- otto@cvs.openbsd.org 2005/07/19 15:32:26
     [auth-passwd.c]
     auth_usercheck(3) can return NULL, so check for that. Report from
     mpech@. ok markus@
2005-07-26 21:54:11 +10:00
Darren Tucker
ac1910f1a5 - (dtucker) [configure.ac] Update zlib warning message too, pointed out by
tim@.
2005-07-26 12:00:42 +10:00
Darren Tucker
41097edcf6 - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096. 2005-07-25 15:24:21 +10:00
Damien Miller
04b65335a8 - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls 2005-07-17 17:53:31 +10:00
Damien Miller
b6f72f5294 -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
2005-07-17 17:26:43 +10:00
Damien Miller
0dc1bef12d - djm@cvs.openbsd.org 2005/07/17 07:17:55
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
     [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
     [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
     [sshconnect.c sshconnect2.c]
     knf says that a 2nd level indent is four (not three or five) spaces
2005-07-17 17:22:45 +10:00
Damien Miller
2b9b045d93 - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
- djm@cvs.openbsd.org 2005/07/17 06:49:04
     [channels.c channels.h session.c session.h]
     Fix a number of X11 forwarding channel leaks:
     1. Refuse multiple X11 forwarding requests on the same session
     2. Clean up all listeners after a single_connection X11 forward, not just
        the one that made the single connection
     3. Destroy X11 listeners when the session owning them goes away
     testing and ok dtucker@
2005-07-17 17:19:24 +10:00
Damien Miller
37294fb630 - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line 2005-07-17 17:18:49 +10:00
Damien Miller
94cf4c8448 - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
   in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
2005-07-17 17:04:47 +10:00
Damien Miller
46d38de48b - djm@cvs.openbsd.org 2005/07/16 01:35:24
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
     [sshconnect.c]
     spacing
2005-07-17 17:02:09 +10:00
Darren Tucker
4f1adad4f6 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
socketpair stays open on in both the monitor and PAM process.  Patch from
   Joerg Sonnenberger.
2005-07-16 11:33:06 +10:00
Darren Tucker
4a42257b06 - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
compiler doesn't understand it to prevent warnings.  If any mainstream
   compiler versions acquire it we can test for those versions.  Based on
   discussion with djm@.
2005-07-14 17:22:11 +10:00
Darren Tucker
8e2eb308d0 - dtucker@cvs.openbsd.org 2005/07/14 04:00:43
[misc.h]
     use __sentinel__ attribute; ok deraadt@ djm@ markus@
2005-07-14 17:07:21 +10:00
Darren Tucker
6c71d20d76 - jmc@cvs.openbsd.org 2005/07/08 12:53:10
[ssh_config.5]
     new sentence, new line;
2005-07-14 17:06:50 +10:00
Darren Tucker
89f4d47e66 - dtucker@cvs.openbsd.org 2005/07/08 10:20:41
[ssh_config.5]
     change BindAddress to match recent ssh -b change; prompted by markus@
2005-07-14 17:06:21 +10:00
Darren Tucker
ce377c3ff1 - markus@cvs.openbsd.org 2005/07/08 09:41:33
[channels.h]
     race when efd gets closed while there is still buffered data:
     change CHANNEL_EFD_OUTPUT_ACTIVE()
        1) c->efd must always be valid AND
        2a) no EOF has been seen OR
        2b) there is buffered data
     report, initial fix and testing Chuck Cranor
2005-07-14 17:05:51 +10:00
Darren Tucker
bee73d5ce0 - dtucker@cvs.openbsd.org 2005/07/08 09:26:18
[misc.c]
     Make comment match code; ok djm@
2005-07-14 17:05:02 +10:00
Darren Tucker
a5cf85584c - dtucker@cvs.openbsd.org 2005/07/06 09:33:05
[ssh.1]
     clarify meaning of ssh -b ; with & ok jmc@
2005-07-14 17:04:18 +10:00
Darren Tucker
893c602ef0 - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
calls to krb5_init_ets, which has not been required since krb-1.1.x and
   most Kerberos versions no longer export in their public API.  From sxw
   at inf.ed.ac.uk, ok djm@
2005-07-07 20:33:36 +10:00