diff options
64 files changed, 592 insertions, 409 deletions
@@ -1,4 +1,120 @@ | |||
1 | 20100307 | 1 | 20100410 |
2 | - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo | ||
3 | back so we disable the IPv6 tests if we don't have it. | ||
4 | |||
5 | 20100409 | ||
6 | - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong | ||
7 | ones. Based on a patch from Roumen Petrov. | ||
8 | - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we | ||
9 | have it and the path is not provided to --with-libedit. Based on a patch | ||
10 | from Iain Morgan. | ||
11 | - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable | ||
12 | utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@ | ||
13 | |||
14 | 20100326 | ||
15 | - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection | ||
16 | for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson | ||
17 | - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally | ||
18 | by Ingo Weinhold via Scott McCreary, ok djm@ | ||
19 | - (djm) OpenBSD CVS Sync | ||
20 | - djm@cvs.openbsd.org 2010/03/25 23:38:28 | ||
21 | [servconf.c] | ||
22 | from portable: getcwd(NULL, 0) doesn't work on all platforms, so | ||
23 | use a stack buffer; ok dtucker@ | ||
24 | - djm@cvs.openbsd.org 2010/03/26 00:26:58 | ||
25 | [ssh.1] | ||
26 | mention that -S none disables connection sharing; from Colin Watson | ||
27 | - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - | ||
28 | set up SELinux execution context before chroot() call. From Russell | ||
29 | Coker via Colin watson; bz#1726 ok dtucker@ | ||
30 | - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721 | ||
31 | ok dtucker@ | ||
32 | - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using | ||
33 | pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold). | ||
34 | - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys; | ||
35 | bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@ | ||
36 | - (dtucker) OpenBSD CVS Sync | ||
37 | - dtucker@cvs.openbsd.org 2010/03/26 01:06:13 | ||
38 | [ssh_config.5] | ||
39 | Reformat default value of PreferredAuthentications entry (current | ||
40 | formatting implies ", " is acceptable as a separator, which it's not. | ||
41 | ok djm@ | ||
42 | |||
43 | 20100324 | ||
44 | - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory | ||
45 | containing the services file explicitely case-insensitive. This allows to | ||
46 | tweak the Windows services file reliably. Patch from vinschen at redhat. | ||
47 | |||
48 | 20100321 | ||
49 | - (djm) OpenBSD CVS Sync | ||
50 | - jmc@cvs.openbsd.org 2010/03/08 09:41:27 | ||
51 | [ssh-keygen.1] | ||
52 | sort the list of constraints (to -O); ok djm | ||
53 | - jmc@cvs.openbsd.org 2010/03/10 07:40:35 | ||
54 | [ssh-keygen.1] | ||
55 | typos; from Ross Richardson | ||
56 | closes prs 6334 and 6335 | ||
57 | - djm@cvs.openbsd.org 2010/03/10 23:27:17 | ||
58 | [auth2-pubkey.c] | ||
59 | correct certificate logging and make it more consistent between | ||
60 | authorized_keys and TrustedCAKeys; ok markus@ | ||
61 | - djm@cvs.openbsd.org 2010/03/12 01:06:25 | ||
62 | [servconf.c] | ||
63 | unbreak AuthorizedKeys option with a $HOME-relative path; reported by | ||
64 | vinschen AT redhat.com, ok dtucker@ | ||
65 | - markus@cvs.openbsd.org 2010/03/12 11:37:40 | ||
66 | [servconf.c] | ||
67 | do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths | ||
68 | free() (not xfree()) the buffer returned by getcwd() | ||
69 | - djm@cvs.openbsd.org 2010/03/13 21:10:38 | ||
70 | [clientloop.c] | ||
71 | protocol conformance fix: send language tag when disconnecting normally; | ||
72 | spotted by 1.41421 AT gmail.com, ok markus@ deraadt@ | ||
73 | - djm@cvs.openbsd.org 2010/03/13 21:45:46 | ||
74 | [ssh-keygen.1] | ||
75 | Certificates are named *-cert.pub, not *_cert.pub; committing a diff | ||
76 | from stevesk@ ok me | ||
77 | - jmc@cvs.openbsd.org 2010/03/13 23:38:13 | ||
78 | [ssh-keygen.1] | ||
79 | fix a formatting error (args need quoted); noted by stevesk | ||
80 | - stevesk@cvs.openbsd.org 2010/03/15 19:40:02 | ||
81 | [key.c key.h ssh-keygen.c] | ||
82 | also print certificate type (user or host) for ssh-keygen -L | ||
83 | ok djm kettenis | ||
84 | - stevesk@cvs.openbsd.org 2010/03/16 15:46:52 | ||
85 | [auth-options.c] | ||
86 | spelling in error message. ok djm kettenis | ||
87 | - djm@cvs.openbsd.org 2010/03/16 16:36:49 | ||
88 | [version.h] | ||
89 | crank version to openssh-5.5 since we have a few fixes since 5.4; | ||
90 | requested deraadt@ kettenis@ | ||
91 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
92 | [contrib/suse/openssh.spec] Crank version numbers | ||
93 | |||
94 | 20100314 | ||
95 | - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix | ||
96 | compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot | ||
97 | AT fefe.de | ||
98 | - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for | ||
99 | ssh-pkcs11-helper to repair static builds (we do the same for | ||
100 | ssh-keyscan). Reported by felix-mindrot AT fefe.de | ||
101 | |||
102 | 20100312 | ||
103 | - (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir) | ||
104 | - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets. | ||
105 | Patch from Corinna Vinschen. | ||
106 | - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install | ||
107 | on a Cygwin installation. Patch from Corinna Vinschen. | ||
108 | |||
109 | 20100311 | ||
110 | - (tim) [contrib/suse/openssh.spec] crank version number here too. | ||
111 | report by imorgan AT nas.nasa.gov | ||
112 | |||
113 | 20100309 | ||
114 | - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO | ||
115 | so setting it in CFLAGS correctly skips IPv6 tests. | ||
116 | |||
117 | 20100308 | ||
2 | - (djm) OpenBSD CVS Sync | 118 | - (djm) OpenBSD CVS Sync |
3 | - djm@cvs.openbsd.org 2010/03/07 22:16:01 | 119 | - djm@cvs.openbsd.org 2010/03/07 22:16:01 |
4 | [ssh-keygen.c] | 120 | [ssh-keygen.c] |
diff --git a/Makefile.in b/Makefile.in index f7e05b22e..debebe448 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.306 2010/02/24 07:18:51 djm Exp $ | 1 | # $Id: Makefile.in,v 1.309 2010/03/13 21:41:34 djm Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -162,7 +162,7 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o readco | |||
162 | $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 162 | $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
163 | 163 | ||
164 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o | 164 | ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o |
165 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 165 | $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
166 | 166 | ||
167 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o | 167 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o |
168 | $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) | 168 | $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
@@ -254,27 +254,26 @@ install-files: | |||
254 | $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) | 254 | $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) |
255 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) | 255 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) |
256 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) | 256 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) |
257 | $(srcdir)/mkinstalldirs $(DESTDIR)$(datadir) | ||
258 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 | 257 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 |
259 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 | 258 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 |
260 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 | 259 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 |
261 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) | 260 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) |
262 | (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) | 261 | (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) |
263 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh | 262 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) |
264 | $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp | 263 | $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) |
265 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add | 264 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) |
266 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent | 265 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
267 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen | 266 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
268 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan | 267 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
269 | $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd | 268 | $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
270 | if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ | 269 | if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \ |
271 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \ | 270 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-rand-helper$(EXEEXT) ; \ |
272 | fi | 271 | fi |
273 | $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) | 272 | $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) |
274 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper $(DESTDIR)$(SSH_PKCS11_HELPER) | 273 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
275 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp | 274 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
276 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) | 275 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
277 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey $(DESTDIR)$(bindir)/ssh-vulnkey | 276 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT) |
278 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 277 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
279 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 278 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
280 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 279 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
@@ -1,4 +1,4 @@ | |||
1 | See http://www.openssh.com/txt/release-5.4 for the release notes. | 1 | See http://www.openssh.com/txt/release-5.5 for the release notes. |
2 | 2 | ||
3 | - A Japanese translation of this document and of the OpenSSH FAQ is | 3 | - A Japanese translation of this document and of the OpenSSH FAQ is |
4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html | 4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html |
@@ -62,4 +62,4 @@ References - | |||
62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 | 62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 |
63 | [7] http://www.openssh.com/faq.html | 63 | [7] http://www.openssh.com/faq.html |
64 | 64 | ||
65 | $Id: README,v 1.72 2010/03/07 22:41:02 djm Exp $ | 65 | $Id: README,v 1.73 2010/03/21 19:11:55 djm Exp $ |
diff --git a/auth-options.c b/auth-options.c index 129301765..69b314fbd 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.48 2010/03/07 11:57:13 dtucker Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.49 2010/03/16 15:46:52 stevesk Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -434,7 +434,7 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw) | |||
434 | goto out; | 434 | goto out; |
435 | } | 435 | } |
436 | if (strlen(command) != clen) { | 436 | if (strlen(command) != clen) { |
437 | error("force-command constrain contains \\0"); | 437 | error("force-command constraint contains \\0"); |
438 | goto out; | 438 | goto out; |
439 | } | 439 | } |
440 | if (cert_forced_command != NULL) { | 440 | if (cert_forced_command != NULL) { |
@@ -454,7 +454,7 @@ auth_cert_constraints(Buffer *c_orig, struct passwd *pw) | |||
454 | goto out; | 454 | goto out; |
455 | } | 455 | } |
456 | if (strlen(allowed) != clen) { | 456 | if (strlen(allowed) != clen) { |
457 | error("source-address constrain contains \\0"); | 457 | error("source-address constraint contains \\0"); |
458 | goto out; | 458 | goto out; |
459 | } | 459 | } |
460 | if (cert_source_address_done++) { | 460 | if (cert_source_address_done++) { |
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index b6ed62857..49bb062af 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.21 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.22 2010/03/10 23:27:17 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -240,22 +240,26 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
240 | continue; | 240 | continue; |
241 | if (!key_equal(found, key->cert->signature_key)) | 241 | if (!key_equal(found, key->cert->signature_key)) |
242 | continue; | 242 | continue; |
243 | debug("matching CA found: file %s, line %lu", | ||
244 | file, linenum); | ||
245 | fp = key_fingerprint(found, SSH_FP_MD5, | 243 | fp = key_fingerprint(found, SSH_FP_MD5, |
246 | SSH_FP_HEX); | 244 | SSH_FP_HEX); |
247 | verbose("Found matching %s CA: %s", | 245 | debug("matching CA found: file %s, line %lu, %s %s", |
248 | key_type(found), fp); | 246 | file, linenum, key_type(found), fp); |
249 | xfree(fp); | ||
250 | if (key_cert_check_authority(key, 0, 0, pw->pw_name, | 247 | if (key_cert_check_authority(key, 0, 0, pw->pw_name, |
251 | &reason) != 0) { | 248 | &reason) != 0) { |
249 | xfree(fp); | ||
252 | error("%s", reason); | 250 | error("%s", reason); |
253 | auth_debug_add("%s", reason); | 251 | auth_debug_add("%s", reason); |
254 | continue; | 252 | continue; |
255 | } | 253 | } |
256 | if (auth_cert_constraints(&key->cert->constraints, | 254 | if (auth_cert_constraints(&key->cert->constraints, |
257 | pw) != 0) | 255 | pw) != 0) { |
256 | xfree(fp); | ||
258 | continue; | 257 | continue; |
258 | } | ||
259 | verbose("Accepted certificate ID \"%s\" " | ||
260 | "signed by %s CA %s via %s", key->cert->key_id, | ||
261 | key_type(found), fp, file); | ||
262 | xfree(fp); | ||
259 | found_key = 1; | 263 | found_key = 1; |
260 | break; | 264 | break; |
261 | } else if (!key_is_cert_authority && key_equal(found, key)) { | 265 | } else if (!key_is_cert_authority && key_equal(found, key)) { |
@@ -281,15 +285,15 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) | |||
281 | static int | 285 | static int |
282 | user_cert_trusted_ca(struct passwd *pw, Key *key) | 286 | user_cert_trusted_ca(struct passwd *pw, Key *key) |
283 | { | 287 | { |
284 | char *key_fp, *ca_fp; | 288 | char *ca_fp; |
285 | const char *reason; | 289 | const char *reason; |
286 | int ret = 0; | 290 | int ret = 0; |
287 | 291 | ||
288 | if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) | 292 | if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) |
289 | return 0; | 293 | return 0; |
290 | 294 | ||
291 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 295 | ca_fp = key_fingerprint(key->cert->signature_key, |
292 | ca_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 296 | SSH_FP_MD5, SSH_FP_HEX); |
293 | 297 | ||
294 | if (key_in_file(key->cert->signature_key, | 298 | if (key_in_file(key->cert->signature_key, |
295 | options.trusted_user_ca_keys, 1) != 1) { | 299 | options.trusted_user_ca_keys, 1) != 1) { |
@@ -306,13 +310,12 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
306 | if (auth_cert_constraints(&key->cert->constraints, pw) != 0) | 310 | if (auth_cert_constraints(&key->cert->constraints, pw) != 0) |
307 | goto out; | 311 | goto out; |
308 | 312 | ||
309 | verbose("%s certificate %s allowed by trusted %s key %s", | 313 | verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s", |
310 | key_type(key), key_fp, key_type(key->cert->signature_key), ca_fp); | 314 | key->cert->key_id, key_type(key->cert->signature_key), ca_fp, |
315 | options.trusted_user_ca_keys); | ||
311 | ret = 1; | 316 | ret = 1; |
312 | 317 | ||
313 | out: | 318 | out: |
314 | if (key_fp != NULL) | ||
315 | xfree(key_fp); | ||
316 | if (ca_fp != NULL) | 319 | if (ca_fp != NULL) |
317 | xfree(ca_fp); | 320 | xfree(ca_fp); |
318 | return ret; | 321 | return ret; |
diff --git a/clientloop.c b/clientloop.c index 56f8dd2f8..05e7de067 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.218 2010/01/28 00:21:18 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.219 2010/03/13 21:10:38 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1502,6 +1502,7 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1502 | packet_start(SSH2_MSG_DISCONNECT); | 1502 | packet_start(SSH2_MSG_DISCONNECT); |
1503 | packet_put_int(SSH2_DISCONNECT_BY_APPLICATION); | 1503 | packet_put_int(SSH2_DISCONNECT_BY_APPLICATION); |
1504 | packet_put_cstring("disconnected by user"); | 1504 | packet_put_cstring("disconnected by user"); |
1505 | packet_put_cstring(""); /* language tag */ | ||
1505 | packet_send(); | 1506 | packet_send(); |
1506 | packet_write_wait(); | 1507 | packet_write_wait(); |
1507 | } | 1508 | } |
diff --git a/config.h.in b/config.h.in index a61f0a6b5..a609d72ba 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -80,9 +80,6 @@ | |||
80 | /* Define if you want to specify the path to your lastlog file */ | 80 | /* Define if you want to specify the path to your lastlog file */ |
81 | #undef CONF_LASTLOG_FILE | 81 | #undef CONF_LASTLOG_FILE |
82 | 82 | ||
83 | /* Define if you want to specify the path to your utmpx file */ | ||
84 | #undef CONF_UTMPX_FILE | ||
85 | |||
86 | /* Define if you want to specify the path to your utmp file */ | 83 | /* Define if you want to specify the path to your utmp file */ |
87 | #undef CONF_UTMP_FILE | 84 | #undef CONF_UTMP_FILE |
88 | 85 | ||
@@ -455,6 +452,9 @@ | |||
455 | /* Define to 1 if you have the `getutxline' function. */ | 452 | /* Define to 1 if you have the `getutxline' function. */ |
456 | #undef HAVE_GETUTXLINE | 453 | #undef HAVE_GETUTXLINE |
457 | 454 | ||
455 | /* Define to 1 if you have the `getutxuser' function. */ | ||
456 | #undef HAVE_GETUTXUSER | ||
457 | |||
458 | /* Define to 1 if you have the `get_default_context_with_level' function. */ | 458 | /* Define to 1 if you have the `get_default_context_with_level' function. */ |
459 | #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL | 459 | #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL |
460 | 460 | ||
@@ -551,6 +551,9 @@ | |||
551 | /* Define if system has libiaf that supports set_id */ | 551 | /* Define if system has libiaf that supports set_id */ |
552 | #undef HAVE_LIBIAF | 552 | #undef HAVE_LIBIAF |
553 | 553 | ||
554 | /* Define to 1 if you have the `network' library (-lnetwork). */ | ||
555 | #undef HAVE_LIBNETWORK | ||
556 | |||
554 | /* Define to 1 if you have the `nsl' library (-lnsl). */ | 557 | /* Define to 1 if you have the `nsl' library (-lnsl). */ |
555 | #undef HAVE_LIBNSL | 558 | #undef HAVE_LIBNSL |
556 | 559 | ||
@@ -804,6 +807,9 @@ | |||
804 | /* Define to 1 if you have the `setutent' function. */ | 807 | /* Define to 1 if you have the `setutent' function. */ |
805 | #undef HAVE_SETUTENT | 808 | #undef HAVE_SETUTENT |
806 | 809 | ||
810 | /* Define to 1 if you have the `setutxdb' function. */ | ||
811 | #undef HAVE_SETUTXDB | ||
812 | |||
807 | /* Define to 1 if you have the `setutxent' function. */ | 813 | /* Define to 1 if you have the `setutxent' function. */ |
808 | #undef HAVE_SETUTXENT | 814 | #undef HAVE_SETUTXENT |
809 | 815 | ||
@@ -1,5 +1,5 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # From configure.ac Revision: 1.444 . | 2 | # From configure.ac Revision: 1.449 . |
3 | # Guess values for system-dependent variables and create Makefiles. | 3 | # Guess values for system-dependent variables and create Makefiles. |
4 | # Generated by GNU Autoconf 2.61 for OpenSSH Portable. | 4 | # Generated by GNU Autoconf 2.61 for OpenSSH Portable. |
5 | # | 5 | # |
@@ -693,6 +693,7 @@ LOGIN_PROGRAM_FALLBACK | |||
693 | PATH_PASSWD_PROG | 693 | PATH_PASSWD_PROG |
694 | LD | 694 | LD |
695 | SSHDLIBS | 695 | SSHDLIBS |
696 | PKGCONFIG | ||
696 | LIBEDIT | 697 | LIBEDIT |
697 | INSTALL_SSH_RAND_HELPER | 698 | INSTALL_SSH_RAND_HELPER |
698 | SSH_PRIVSEP_USER | 699 | SSH_PRIVSEP_USER |
@@ -7435,6 +7436,85 @@ fi | |||
7435 | *-*-dragonfly*) | 7436 | *-*-dragonfly*) |
7436 | SSHDLIBS="$SSHDLIBS -lcrypt" | 7437 | SSHDLIBS="$SSHDLIBS -lcrypt" |
7437 | ;; | 7438 | ;; |
7439 | *-*-haiku*) | ||
7440 | LIBS="$LIBS -lbsd " | ||
7441 | |||
7442 | { echo "$as_me:$LINENO: checking for socket in -lnetwork" >&5 | ||
7443 | echo $ECHO_N "checking for socket in -lnetwork... $ECHO_C" >&6; } | ||
7444 | if test "${ac_cv_lib_network_socket+set}" = set; then | ||
7445 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
7446 | else | ||
7447 | ac_check_lib_save_LIBS=$LIBS | ||
7448 | LIBS="-lnetwork $LIBS" | ||
7449 | cat >conftest.$ac_ext <<_ACEOF | ||
7450 | /* confdefs.h. */ | ||
7451 | _ACEOF | ||
7452 | cat confdefs.h >>conftest.$ac_ext | ||
7453 | cat >>conftest.$ac_ext <<_ACEOF | ||
7454 | /* end confdefs.h. */ | ||
7455 | |||
7456 | /* Override any GCC internal prototype to avoid an error. | ||
7457 | Use char because int might match the return type of a GCC | ||
7458 | builtin and then its argument prototype would still apply. */ | ||
7459 | #ifdef __cplusplus | ||
7460 | extern "C" | ||
7461 | #endif | ||
7462 | char socket (); | ||
7463 | int | ||
7464 | main () | ||
7465 | { | ||
7466 | return socket (); | ||
7467 | ; | ||
7468 | return 0; | ||
7469 | } | ||
7470 | _ACEOF | ||
7471 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
7472 | if { (ac_try="$ac_link" | ||
7473 | case "(($ac_try" in | ||
7474 | *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; | ||
7475 | *) ac_try_echo=$ac_try;; | ||
7476 | esac | ||
7477 | eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | ||
7478 | (eval "$ac_link") 2>conftest.er1 | ||
7479 | ac_status=$? | ||
7480 | grep -v '^ *+' conftest.er1 >conftest.err | ||
7481 | rm -f conftest.er1 | ||
7482 | cat conftest.err >&5 | ||
7483 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
7484 | (exit $ac_status); } && { | ||
7485 | test -z "$ac_c_werror_flag" || | ||
7486 | test ! -s conftest.err | ||
7487 | } && test -s conftest$ac_exeext && | ||
7488 | $as_test_x conftest$ac_exeext; then | ||
7489 | ac_cv_lib_network_socket=yes | ||
7490 | else | ||
7491 | echo "$as_me: failed program was:" >&5 | ||
7492 | sed 's/^/| /' conftest.$ac_ext >&5 | ||
7493 | |||
7494 | ac_cv_lib_network_socket=no | ||
7495 | fi | ||
7496 | |||
7497 | rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ | ||
7498 | conftest$ac_exeext conftest.$ac_ext | ||
7499 | LIBS=$ac_check_lib_save_LIBS | ||
7500 | fi | ||
7501 | { echo "$as_me:$LINENO: result: $ac_cv_lib_network_socket" >&5 | ||
7502 | echo "${ECHO_T}$ac_cv_lib_network_socket" >&6; } | ||
7503 | if test $ac_cv_lib_network_socket = yes; then | ||
7504 | cat >>confdefs.h <<_ACEOF | ||
7505 | #define HAVE_LIBNETWORK 1 | ||
7506 | _ACEOF | ||
7507 | |||
7508 | LIBS="-lnetwork $LIBS" | ||
7509 | |||
7510 | fi | ||
7511 | |||
7512 | cat >>confdefs.h <<\_ACEOF | ||
7513 | #define HAVE_U_INT64_T 1 | ||
7514 | _ACEOF | ||
7515 | |||
7516 | MANTYPE=man | ||
7517 | ;; | ||
7438 | *-*-hpux*) | 7518 | *-*-hpux*) |
7439 | # first we define all of the options common to all HP-UX releases | 7519 | # first we define all of the options common to all HP-UX releases |
7440 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | 7520 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" |
@@ -12326,7 +12406,61 @@ LIBEDIT_MSG="no" | |||
12326 | # Check whether --with-libedit was given. | 12406 | # Check whether --with-libedit was given. |
12327 | if test "${with_libedit+set}" = set; then | 12407 | if test "${with_libedit+set}" = set; then |
12328 | withval=$with_libedit; if test "x$withval" != "xno" ; then | 12408 | withval=$with_libedit; if test "x$withval" != "xno" ; then |
12329 | if test "x$withval" != "xyes"; then | 12409 | if test "x$withval" = "xyes" ; then |
12410 | # Extract the first word of "pkg-config", so it can be a program name with args. | ||
12411 | set dummy pkg-config; ac_word=$2 | ||
12412 | { echo "$as_me:$LINENO: checking for $ac_word" >&5 | ||
12413 | echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } | ||
12414 | if test "${ac_cv_path_PKGCONFIG+set}" = set; then | ||
12415 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
12416 | else | ||
12417 | case $PKGCONFIG in | ||
12418 | [\\/]* | ?:[\\/]*) | ||
12419 | ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. | ||
12420 | ;; | ||
12421 | *) | ||
12422 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
12423 | for as_dir in $PATH | ||
12424 | do | ||
12425 | IFS=$as_save_IFS | ||
12426 | test -z "$as_dir" && as_dir=. | ||
12427 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
12428 | if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then | ||
12429 | ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" | ||
12430 | echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
12431 | break 2 | ||
12432 | fi | ||
12433 | done | ||
12434 | done | ||
12435 | IFS=$as_save_IFS | ||
12436 | |||
12437 | test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="no" | ||
12438 | ;; | ||
12439 | esac | ||
12440 | fi | ||
12441 | PKGCONFIG=$ac_cv_path_PKGCONFIG | ||
12442 | if test -n "$PKGCONFIG"; then | ||
12443 | { echo "$as_me:$LINENO: result: $PKGCONFIG" >&5 | ||
12444 | echo "${ECHO_T}$PKGCONFIG" >&6; } | ||
12445 | else | ||
12446 | { echo "$as_me:$LINENO: result: no" >&5 | ||
12447 | echo "${ECHO_T}no" >&6; } | ||
12448 | fi | ||
12449 | |||
12450 | |||
12451 | if test "x$PKGCONFIG" != "xno"; then | ||
12452 | { echo "$as_me:$LINENO: checking if $PKGCONFIG knows about libedit" >&5 | ||
12453 | echo $ECHO_N "checking if $PKGCONFIG knows about libedit... $ECHO_C" >&6; } | ||
12454 | if "$PKGCONFIG" libedit; then | ||
12455 | { echo "$as_me:$LINENO: result: yes" >&5 | ||
12456 | echo "${ECHO_T}yes" >&6; } | ||
12457 | use_pkgconfig_for_libedit=yes | ||
12458 | else | ||
12459 | { echo "$as_me:$LINENO: result: no" >&5 | ||
12460 | echo "${ECHO_T}no" >&6; } | ||
12461 | fi | ||
12462 | fi | ||
12463 | else | ||
12330 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | 12464 | CPPFLAGS="$CPPFLAGS -I${withval}/include" |
12331 | if test -n "${need_dash_r}"; then | 12465 | if test -n "${need_dash_r}"; then |
12332 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | 12466 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" |
@@ -12334,13 +12468,20 @@ if test "${with_libedit+set}" = set; then | |||
12334 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | 12468 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" |
12335 | fi | 12469 | fi |
12336 | fi | 12470 | fi |
12471 | if test "x$use_pkgconfig_for_libedit" == "xyes"; then | ||
12472 | LIBEDIT=`$PKGCONFIG --libs-only-l libedit` | ||
12473 | CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" | ||
12474 | else | ||
12475 | LIBEDIT="-ledit -lcurses" | ||
12476 | fi | ||
12477 | OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` | ||
12337 | { echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 | 12478 | { echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 |
12338 | echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6; } | 12479 | echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6; } |
12339 | if test "${ac_cv_lib_edit_el_init+set}" = set; then | 12480 | if test "${ac_cv_lib_edit_el_init+set}" = set; then |
12340 | echo $ECHO_N "(cached) $ECHO_C" >&6 | 12481 | echo $ECHO_N "(cached) $ECHO_C" >&6 |
12341 | else | 12482 | else |
12342 | ac_check_lib_save_LIBS=$LIBS | 12483 | ac_check_lib_save_LIBS=$LIBS |
12343 | LIBS="-ledit -lcurses | 12484 | LIBS="-ledit $OTHERLIBS |
12344 | $LIBS" | 12485 | $LIBS" |
12345 | cat >conftest.$ac_ext <<_ACEOF | 12486 | cat >conftest.$ac_ext <<_ACEOF |
12346 | /* confdefs.h. */ | 12487 | /* confdefs.h. */ |
@@ -12402,7 +12543,6 @@ cat >>confdefs.h <<\_ACEOF | |||
12402 | #define USE_LIBEDIT 1 | 12543 | #define USE_LIBEDIT 1 |
12403 | _ACEOF | 12544 | _ACEOF |
12404 | 12545 | ||
12405 | LIBEDIT="-ledit -lcurses" | ||
12406 | LIBEDIT_MSG="yes" | 12546 | LIBEDIT_MSG="yes" |
12407 | 12547 | ||
12408 | 12548 | ||
@@ -14961,7 +15101,8 @@ done | |||
14961 | 15101 | ||
14962 | 15102 | ||
14963 | 15103 | ||
14964 | for ac_func in endutxent getutxent getutxid getutxline pututxline | 15104 | |
15105 | for ac_func in endutxent getutxent getutxid getutxline getutxuser pututxline | ||
14965 | do | 15106 | do |
14966 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | 15107 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` |
14967 | { echo "$as_me:$LINENO: checking for $ac_func" >&5 | 15108 | { echo "$as_me:$LINENO: checking for $ac_func" >&5 |
@@ -15056,7 +15197,8 @@ done | |||
15056 | 15197 | ||
15057 | 15198 | ||
15058 | 15199 | ||
15059 | for ac_func in setutxent utmpxname | 15200 | |
15201 | for ac_func in setutxdb setutxent utmpxname | ||
15060 | do | 15202 | do |
15061 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` | 15203 | as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` |
15062 | { echo "$as_me:$LINENO: checking for $ac_func" >&5 | 15204 | { echo "$as_me:$LINENO: checking for $ac_func" >&5 |
@@ -29373,8 +29515,8 @@ _ACEOF | |||
29373 | fi | 29515 | fi |
29374 | 29516 | ||
29375 | 29517 | ||
29376 | { echo "$as_me:$LINENO: checking if your system defines UTMPX_FILE" >&5 | 29518 | { echo "$as_me:$LINENO: checking if your system defines WTMPX_FILE" >&5 |
29377 | echo $ECHO_N "checking if your system defines UTMPX_FILE... $ECHO_C" >&6; } | 29519 | echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6; } |
29378 | cat >conftest.$ac_ext <<_ACEOF | 29520 | cat >conftest.$ac_ext <<_ACEOF |
29379 | /* confdefs.h. */ | 29521 | /* confdefs.h. */ |
29380 | _ACEOF | 29522 | _ACEOF |
@@ -29394,7 +29536,7 @@ cat >>conftest.$ac_ext <<_ACEOF | |||
29394 | int | 29536 | int |
29395 | main () | 29537 | main () |
29396 | { | 29538 | { |
29397 | char *utmpx = UTMPX_FILE; | 29539 | char *wtmpx = WTMPX_FILE; |
29398 | ; | 29540 | ; |
29399 | return 0; | 29541 | return 0; |
29400 | } | 29542 | } |
@@ -29424,48 +29566,59 @@ sed 's/^/| /' conftest.$ac_ext >&5 | |||
29424 | 29566 | ||
29425 | { echo "$as_me:$LINENO: result: no" >&5 | 29567 | { echo "$as_me:$LINENO: result: no" >&5 |
29426 | echo "${ECHO_T}no" >&6; } | 29568 | echo "${ECHO_T}no" >&6; } |
29427 | system_utmpx_path=no | 29569 | system_wtmpx_path=no |
29428 | 29570 | ||
29429 | fi | 29571 | fi |
29430 | 29572 | ||
29431 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | 29573 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext |
29432 | if test -z "$conf_utmpx_location"; then | 29574 | if test -z "$conf_wtmpx_location"; then |
29433 | if test x"$system_utmpx_path" = x"no" ; then | 29575 | if test x"$system_wtmpx_path" = x"no" ; then |
29434 | cat >>confdefs.h <<\_ACEOF | 29576 | cat >>confdefs.h <<\_ACEOF |
29435 | #define DISABLE_UTMPX 1 | 29577 | #define DISABLE_WTMPX 1 |
29436 | _ACEOF | 29578 | _ACEOF |
29437 | 29579 | ||
29438 | fi | 29580 | fi |
29439 | else | 29581 | else |
29440 | 29582 | ||
29441 | cat >>confdefs.h <<_ACEOF | 29583 | cat >>confdefs.h <<_ACEOF |
29442 | #define CONF_UTMPX_FILE "$conf_utmpx_location" | 29584 | #define CONF_WTMPX_FILE "$conf_wtmpx_location" |
29443 | _ACEOF | 29585 | _ACEOF |
29444 | 29586 | ||
29445 | fi | 29587 | fi |
29446 | 29588 | ||
29447 | { echo "$as_me:$LINENO: checking if your system defines WTMPX_FILE" >&5 | 29589 | |
29448 | echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6; } | 29590 | if test ! -z "$blibpath" ; then |
29449 | cat >conftest.$ac_ext <<_ACEOF | 29591 | LDFLAGS="$LDFLAGS $blibflags$blibpath" |
29592 | { echo "$as_me:$LINENO: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 | ||
29593 | echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} | ||
29594 | fi | ||
29595 | |||
29596 | CFLAGS="$CFLAGS $werror_flags" | ||
29597 | |||
29598 | if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then | ||
29599 | TEST_SSH_IPV6=no | ||
29600 | else | ||
29601 | TEST_SSH_IPV6=yes | ||
29602 | fi | ||
29603 | { echo "$as_me:$LINENO: checking whether BROKEN_GETADDRINFO is declared" >&5 | ||
29604 | echo $ECHO_N "checking whether BROKEN_GETADDRINFO is declared... $ECHO_C" >&6; } | ||
29605 | if test "${ac_cv_have_decl_BROKEN_GETADDRINFO+set}" = set; then | ||
29606 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
29607 | else | ||
29608 | cat >conftest.$ac_ext <<_ACEOF | ||
29450 | /* confdefs.h. */ | 29609 | /* confdefs.h. */ |
29451 | _ACEOF | 29610 | _ACEOF |
29452 | cat confdefs.h >>conftest.$ac_ext | 29611 | cat confdefs.h >>conftest.$ac_ext |
29453 | cat >>conftest.$ac_ext <<_ACEOF | 29612 | cat >>conftest.$ac_ext <<_ACEOF |
29454 | /* end confdefs.h. */ | 29613 | /* end confdefs.h. */ |
29455 | 29614 | $ac_includes_default | |
29456 | #include <sys/types.h> | ||
29457 | #include <utmp.h> | ||
29458 | #ifdef HAVE_UTMPX_H | ||
29459 | #include <utmpx.h> | ||
29460 | #endif | ||
29461 | #ifdef HAVE_PATHS_H | ||
29462 | # include <paths.h> | ||
29463 | #endif | ||
29464 | |||
29465 | int | 29615 | int |
29466 | main () | 29616 | main () |
29467 | { | 29617 | { |
29468 | char *wtmpx = WTMPX_FILE; | 29618 | #ifndef BROKEN_GETADDRINFO |
29619 | (void) BROKEN_GETADDRINFO; | ||
29620 | #endif | ||
29621 | |||
29469 | ; | 29622 | ; |
29470 | return 0; | 29623 | return 0; |
29471 | } | 29624 | } |
@@ -29487,51 +29640,24 @@ eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 | |||
29487 | test -z "$ac_c_werror_flag" || | 29640 | test -z "$ac_c_werror_flag" || |
29488 | test ! -s conftest.err | 29641 | test ! -s conftest.err |
29489 | } && test -s conftest.$ac_objext; then | 29642 | } && test -s conftest.$ac_objext; then |
29490 | { echo "$as_me:$LINENO: result: yes" >&5 | 29643 | ac_cv_have_decl_BROKEN_GETADDRINFO=yes |
29491 | echo "${ECHO_T}yes" >&6; } | ||
29492 | else | 29644 | else |
29493 | echo "$as_me: failed program was:" >&5 | 29645 | echo "$as_me: failed program was:" >&5 |
29494 | sed 's/^/| /' conftest.$ac_ext >&5 | 29646 | sed 's/^/| /' conftest.$ac_ext >&5 |
29495 | 29647 | ||
29496 | { echo "$as_me:$LINENO: result: no" >&5 | 29648 | ac_cv_have_decl_BROKEN_GETADDRINFO=no |
29497 | echo "${ECHO_T}no" >&6; } | ||
29498 | system_wtmpx_path=no | ||
29499 | |||
29500 | fi | 29649 | fi |
29501 | 29650 | ||
29502 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | 29651 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext |
29503 | if test -z "$conf_wtmpx_location"; then | ||
29504 | if test x"$system_wtmpx_path" = x"no" ; then | ||
29505 | cat >>confdefs.h <<\_ACEOF | ||
29506 | #define DISABLE_WTMPX 1 | ||
29507 | _ACEOF | ||
29508 | |||
29509 | fi | ||
29510 | else | ||
29511 | |||
29512 | cat >>confdefs.h <<_ACEOF | ||
29513 | #define CONF_WTMPX_FILE "$conf_wtmpx_location" | ||
29514 | _ACEOF | ||
29515 | |||
29516 | fi | 29652 | fi |
29517 | 29653 | { echo "$as_me:$LINENO: result: $ac_cv_have_decl_BROKEN_GETADDRINFO" >&5 | |
29518 | 29654 | echo "${ECHO_T}$ac_cv_have_decl_BROKEN_GETADDRINFO" >&6; } | |
29519 | if test ! -z "$blibpath" ; then | 29655 | if test $ac_cv_have_decl_BROKEN_GETADDRINFO = yes; then |
29520 | LDFLAGS="$LDFLAGS $blibflags$blibpath" | 29656 | TEST_SSH_IPV6=no |
29521 | { echo "$as_me:$LINENO: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 | ||
29522 | echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} | ||
29523 | fi | 29657 | fi |
29524 | 29658 | ||
29525 | CFLAGS="$CFLAGS $werror_flags" | 29659 | TEST_SSH_IPV6=$TEST_SSH_IPV6 |
29526 | 29660 | ||
29527 | if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \ | ||
29528 | test "x$ac_cv_func_getaddrinfo" != "xyes" ; then | ||
29529 | TEST_SSH_IPV6=no | ||
29530 | |||
29531 | else | ||
29532 | TEST_SSH_IPV6=yes | ||
29533 | |||
29534 | fi | ||
29535 | 29661 | ||
29536 | 29662 | ||
29537 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile ssh_prng_cmds survey.sh" | 29663 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile ssh_prng_cmds survey.sh" |
@@ -30236,6 +30362,7 @@ LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim | |||
30236 | PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim | 30362 | PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim |
30237 | LD!$LD$ac_delim | 30363 | LD!$LD$ac_delim |
30238 | SSHDLIBS!$SSHDLIBS$ac_delim | 30364 | SSHDLIBS!$SSHDLIBS$ac_delim |
30365 | PKGCONFIG!$PKGCONFIG$ac_delim | ||
30239 | LIBEDIT!$LIBEDIT$ac_delim | 30366 | LIBEDIT!$LIBEDIT$ac_delim |
30240 | INSTALL_SSH_RAND_HELPER!$INSTALL_SSH_RAND_HELPER$ac_delim | 30367 | INSTALL_SSH_RAND_HELPER!$INSTALL_SSH_RAND_HELPER$ac_delim |
30241 | SSH_PRIVSEP_USER!$SSH_PRIVSEP_USER$ac_delim | 30368 | SSH_PRIVSEP_USER!$SSH_PRIVSEP_USER$ac_delim |
@@ -30255,7 +30382,6 @@ PROG_VMSTAT!$PROG_VMSTAT$ac_delim | |||
30255 | PROG_UPTIME!$PROG_UPTIME$ac_delim | 30382 | PROG_UPTIME!$PROG_UPTIME$ac_delim |
30256 | PROG_IPCS!$PROG_IPCS$ac_delim | 30383 | PROG_IPCS!$PROG_IPCS$ac_delim |
30257 | PROG_TAIL!$PROG_TAIL$ac_delim | 30384 | PROG_TAIL!$PROG_TAIL$ac_delim |
30258 | INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim | ||
30259 | _ACEOF | 30385 | _ACEOF |
30260 | 30386 | ||
30261 | if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then | 30387 | if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then |
@@ -30297,6 +30423,7 @@ _ACEOF | |||
30297 | ac_delim='%!_!# ' | 30423 | ac_delim='%!_!# ' |
30298 | for ac_last_try in false false false false false :; do | 30424 | for ac_last_try in false false false false false :; do |
30299 | cat >conf$$subs.sed <<_ACEOF | 30425 | cat >conf$$subs.sed <<_ACEOF |
30426 | INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim | ||
30300 | KRB5CONF!$KRB5CONF$ac_delim | 30427 | KRB5CONF!$KRB5CONF$ac_delim |
30301 | PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim | 30428 | PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim |
30302 | xauth_path!$xauth_path$ac_delim | 30429 | xauth_path!$xauth_path$ac_delim |
@@ -30312,7 +30439,7 @@ LIBOBJS!$LIBOBJS$ac_delim | |||
30312 | LTLIBOBJS!$LTLIBOBJS$ac_delim | 30439 | LTLIBOBJS!$LTLIBOBJS$ac_delim |
30313 | _ACEOF | 30440 | _ACEOF |
30314 | 30441 | ||
30315 | if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 13; then | 30442 | if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 14; then |
30316 | break | 30443 | break |
30317 | elif $ac_last_try; then | 30444 | elif $ac_last_try; then |
30318 | { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 | 30445 | { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 |
diff --git a/configure.ac b/configure.ac index dfd63765b..b82d48356 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.444 2010/03/05 04:04:35 djm Exp $ | 1 | # $Id: configure.ac,v 1.449 2010/04/10 12:58:01 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) | 17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) |
18 | AC_REVISION($Revision: 1.444 $) | 18 | AC_REVISION($Revision: 1.449 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | 20 | ||
21 | AC_CONFIG_HEADER(config.h) | 21 | AC_CONFIG_HEADER(config.h) |
@@ -512,6 +512,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
512 | *-*-dragonfly*) | 512 | *-*-dragonfly*) |
513 | SSHDLIBS="$SSHDLIBS -lcrypt" | 513 | SSHDLIBS="$SSHDLIBS -lcrypt" |
514 | ;; | 514 | ;; |
515 | *-*-haiku*) | ||
516 | LIBS="$LIBS -lbsd " | ||
517 | AC_CHECK_LIB(network, socket) | ||
518 | AC_DEFINE(HAVE_U_INT64_T) | ||
519 | MANTYPE=man | ||
520 | ;; | ||
515 | *-*-hpux*) | 521 | *-*-hpux*) |
516 | # first we define all of the options common to all HP-UX releases | 522 | # first we define all of the options common to all HP-UX releases |
517 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | 523 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" |
@@ -1272,7 +1278,18 @@ LIBEDIT_MSG="no" | |||
1272 | AC_ARG_WITH(libedit, | 1278 | AC_ARG_WITH(libedit, |
1273 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], | 1279 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], |
1274 | [ if test "x$withval" != "xno" ; then | 1280 | [ if test "x$withval" != "xno" ; then |
1275 | if test "x$withval" != "xyes"; then | 1281 | if test "x$withval" = "xyes" ; then |
1282 | AC_PATH_PROG(PKGCONFIG, pkg-config, no) | ||
1283 | if test "x$PKGCONFIG" != "xno"; then | ||
1284 | AC_MSG_CHECKING(if $PKGCONFIG knows about libedit) | ||
1285 | if "$PKGCONFIG" libedit; then | ||
1286 | AC_MSG_RESULT(yes) | ||
1287 | use_pkgconfig_for_libedit=yes | ||
1288 | else | ||
1289 | AC_MSG_RESULT(no) | ||
1290 | fi | ||
1291 | fi | ||
1292 | else | ||
1276 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | 1293 | CPPFLAGS="$CPPFLAGS -I${withval}/include" |
1277 | if test -n "${need_dash_r}"; then | 1294 | if test -n "${need_dash_r}"; then |
1278 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" | 1295 | LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" |
@@ -1280,14 +1297,20 @@ AC_ARG_WITH(libedit, | |||
1280 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" | 1297 | LDFLAGS="-L${withval}/lib ${LDFLAGS}" |
1281 | fi | 1298 | fi |
1282 | fi | 1299 | fi |
1300 | if test "x$use_pkgconfig_for_libedit" == "xyes"; then | ||
1301 | LIBEDIT=`$PKGCONFIG --libs-only-l libedit` | ||
1302 | CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" | ||
1303 | else | ||
1304 | LIBEDIT="-ledit -lcurses" | ||
1305 | fi | ||
1306 | OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` | ||
1283 | AC_CHECK_LIB(edit, el_init, | 1307 | AC_CHECK_LIB(edit, el_init, |
1284 | [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp]) | 1308 | [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp]) |
1285 | LIBEDIT="-ledit -lcurses" | ||
1286 | LIBEDIT_MSG="yes" | 1309 | LIBEDIT_MSG="yes" |
1287 | AC_SUBST(LIBEDIT) | 1310 | AC_SUBST(LIBEDIT) |
1288 | ], | 1311 | ], |
1289 | [ AC_MSG_ERROR(libedit not found) ], | 1312 | [ AC_MSG_ERROR(libedit not found) ], |
1290 | [ -lcurses ] | 1313 | [ $OTHERLIBS ] |
1291 | ) | 1314 | ) |
1292 | AC_MSG_CHECKING(if libedit version is compatible) | 1315 | AC_MSG_CHECKING(if libedit version is compatible) |
1293 | AC_COMPILE_IFELSE( | 1316 | AC_COMPILE_IFELSE( |
@@ -1558,8 +1581,8 @@ dnl Checks for utmp functions | |||
1558 | AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent) | 1581 | AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent) |
1559 | AC_CHECK_FUNCS(utmpname) | 1582 | AC_CHECK_FUNCS(utmpname) |
1560 | dnl Checks for utmpx functions | 1583 | dnl Checks for utmpx functions |
1561 | AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) | 1584 | AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline) |
1562 | AC_CHECK_FUNCS(setutxent utmpxname) | 1585 | AC_CHECK_FUNCS(setutxdb setutxent utmpxname) |
1563 | dnl Checks for lastlog functions | 1586 | dnl Checks for lastlog functions |
1564 | AC_CHECK_FUNCS(getlastlogxbyname) | 1587 | AC_CHECK_FUNCS(getlastlogxbyname) |
1565 | 1588 | ||
@@ -4088,34 +4111,6 @@ if test -n "$conf_wtmp_location"; then | |||
4088 | fi | 4111 | fi |
4089 | 4112 | ||
4090 | 4113 | ||
4091 | dnl utmpx detection - I don't know any system so perverse as to require | ||
4092 | dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out | ||
4093 | dnl there, though. | ||
4094 | AC_MSG_CHECKING([if your system defines UTMPX_FILE]) | ||
4095 | AC_TRY_COMPILE([ | ||
4096 | #include <sys/types.h> | ||
4097 | #include <utmp.h> | ||
4098 | #ifdef HAVE_UTMPX_H | ||
4099 | #include <utmpx.h> | ||
4100 | #endif | ||
4101 | #ifdef HAVE_PATHS_H | ||
4102 | # include <paths.h> | ||
4103 | #endif | ||
4104 | ], | ||
4105 | [ char *utmpx = UTMPX_FILE; ], | ||
4106 | [ AC_MSG_RESULT(yes) ], | ||
4107 | [ AC_MSG_RESULT(no) | ||
4108 | system_utmpx_path=no ] | ||
4109 | ) | ||
4110 | if test -z "$conf_utmpx_location"; then | ||
4111 | if test x"$system_utmpx_path" = x"no" ; then | ||
4112 | AC_DEFINE(DISABLE_UTMPX) | ||
4113 | fi | ||
4114 | else | ||
4115 | AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", | ||
4116 | [Define if you want to specify the path to your utmpx file]) | ||
4117 | fi | ||
4118 | |||
4119 | dnl wtmpx detection | 4114 | dnl wtmpx detection |
4120 | AC_MSG_CHECKING([if your system defines WTMPX_FILE]) | 4115 | AC_MSG_CHECKING([if your system defines WTMPX_FILE]) |
4121 | AC_TRY_COMPILE([ | 4116 | AC_TRY_COMPILE([ |
@@ -4152,12 +4147,13 @@ dnl Adding -Werror to CFLAGS early prevents configure tests from running. | |||
4152 | dnl Add now. | 4147 | dnl Add now. |
4153 | CFLAGS="$CFLAGS $werror_flags" | 4148 | CFLAGS="$CFLAGS $werror_flags" |
4154 | 4149 | ||
4155 | if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \ | 4150 | if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then |
4156 | test "x$ac_cv_func_getaddrinfo" != "xyes" ; then | 4151 | TEST_SSH_IPV6=no |
4157 | AC_SUBST(TEST_SSH_IPV6, no) | ||
4158 | else | 4152 | else |
4159 | AC_SUBST(TEST_SSH_IPV6, yes) | 4153 | TEST_SSH_IPV6=yes |
4160 | fi | 4154 | fi |
4155 | AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no) | ||
4156 | AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6) | ||
4161 | 4157 | ||
4162 | AC_EXEEXT | 4158 | AC_EXEEXT |
4163 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ | 4159 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ |
diff --git a/contrib/Makefile b/contrib/Makefile index 00e96e7b9..8b34eb221 100644 --- a/contrib/Makefile +++ b/contrib/Makefile | |||
@@ -7,7 +7,7 @@ gnome-ssh-askpass1: gnome-ssh-askpass1.c | |||
7 | `gnome-config --libs gnome gnomeui` | 7 | `gnome-config --libs gnome gnomeui` |
8 | 8 | ||
9 | gnome-ssh-askpass2: gnome-ssh-askpass2.c | 9 | gnome-ssh-askpass2: gnome-ssh-askpass2.c |
10 | $(CC) `pkg-config --cflags gtk+-2.0 x11` \ | 10 | $(CC) `pkg-config --cflags gtk+-2.0` \ |
11 | gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ | 11 | gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ |
12 | `pkg-config --libs gtk+-2.0 x11` | 12 | `pkg-config --libs gtk+-2.0 x11` |
13 | 13 | ||
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 7c291a0eb..6bea9a40f 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -17,11 +17,11 @@ | |||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %if %{use_stable} | 19 | %if %{use_stable} |
20 | %define version 5.4p1 | 20 | %define version 5.5p1 |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 1 | 22 | %define release 1 |
23 | %else | 23 | %else |
24 | %define version 5.4p1 | 24 | %define version 5.5p1 |
25 | %define cvs cvs20050315 | 25 | %define cvs cvs20050315 |
26 | %define release 0r1 | 26 | %define release 0r1 |
27 | %endif | 27 | %endif |
@@ -360,4 +360,4 @@ fi | |||
360 | * Mon Jan 01 1998 ... | 360 | * Mon Jan 01 1998 ... |
361 | Template Version: 1.31 | 361 | Template Version: 1.31 |
362 | 362 | ||
363 | $Id: openssh.spec,v 1.69 2010/03/07 22:41:03 djm Exp $ | 363 | $Id: openssh.spec,v 1.70 2010/03/21 19:11:58 djm Exp $ |
diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile index 9f680c16c..dc857f2ed 100644 --- a/contrib/cygwin/Makefile +++ b/contrib/cygwin/Makefile | |||
@@ -42,11 +42,13 @@ install-sshdoc: | |||
42 | $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW | 42 | $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW |
43 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL | 43 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL |
44 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent | 44 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent |
45 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys | ||
46 | $(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux | ||
45 | $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README | 47 | $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README |
46 | $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns | 48 | $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns |
47 | $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform | 49 | $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform |
48 | $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep | 50 | $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep |
49 | $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard | 51 | $(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun |
50 | $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO | 52 | $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO |
51 | $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG | 53 | $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG |
52 | 54 | ||
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index b6f9511e2..d968d4619 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -90,7 +90,7 @@ update_services_file() { | |||
90 | fi | 90 | fi |
91 | _serv_tmp="${_my_etcdir}/srv.out.$$" | 91 | _serv_tmp="${_my_etcdir}/srv.out.$$" |
92 | 92 | ||
93 | mount -o text -f "${_win_etcdir}" "${_my_etcdir}" | 93 | mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}" |
94 | 94 | ||
95 | # Depends on the above mount | 95 | # Depends on the above mount |
96 | _wservices=`cygpath -w "${_services}"` | 96 | _wservices=`cygpath -w "${_services}"` |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index de24f1c5d..c13cfe60d 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 5.4p1 | 1 | %define ver 5.5p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index c09246d1f..52ed915dc 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -13,7 +13,7 @@ | |||
13 | 13 | ||
14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
15 | Name: openssh | 15 | Name: openssh |
16 | Version: 5.3p1 | 16 | Version: 5.5p1 |
17 | URL: http://www.openssh.com/ | 17 | URL: http://www.openssh.com/ |
18 | Release: 1 | 18 | Release: 1 |
19 | Source0: openssh-%{version}.tar.gz | 19 | Source0: openssh-%{version}.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 29a5c76f2..a116a76eb 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,16 @@ | |||
1 | openssh (1:5.5p1-1) UNRELEASED; urgency=low | ||
2 | |||
3 | * New upstream release: | ||
4 | - Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative | ||
5 | paths. | ||
6 | - Include a language tag when sending a protocol 2 disconnection | ||
7 | message. | ||
8 | - Make logging of certificates used for user authentication more clear | ||
9 | and consistent between CAs specified using TrustedUserCAKeys and | ||
10 | authorized_keys. | ||
11 | |||
12 | -- Colin Watson <cjwatson@ubuntu.com> Fri, 16 Apr 2010 10:21:10 +0100 | ||
13 | |||
1 | openssh (1:5.4p1-2) unstable; urgency=low | 14 | openssh (1:5.4p1-2) unstable; urgency=low |
2 | 15 | ||
3 | * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is | 16 | * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is |
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 32b1dcc72..34535f001 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
@@ -8,7 +8,7 @@ Index: b/Makefile.in | |||
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/Makefile.in | 9 | --- a/Makefile.in |
10 | +++ b/Makefile.in | 10 | +++ b/Makefile.in |
11 | @@ -285,6 +285,7 @@ | 11 | @@ -284,6 +284,7 @@ |
12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 | 12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 |
13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 | 13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 |
14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index c0567f264..e608bd20d 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -43,7 +43,7 @@ Index: b/servconf.c | |||
43 | { NULL, sBadOption, 0 } | 43 | { NULL, sBadOption, 0 } |
44 | }; | 44 | }; |
45 | 45 | ||
46 | @@ -1377,6 +1382,10 @@ | 46 | @@ -1386,6 +1391,10 @@ |
47 | charptr = &options->revoked_keys_file; | 47 | charptr = &options->revoked_keys_file; |
48 | goto parse_filename; | 48 | goto parse_filename; |
49 | 49 | ||
diff --git a/debian/patches/doc-connection-sharing.patch b/debian/patches/doc-connection-sharing.patch deleted file mode 100644 index d08f3d01f..000000000 --- a/debian/patches/doc-connection-sharing.patch +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | Description: ssh(1): Document that '-S none' disables connection sharing. | ||
2 | Author: martin f krafft <madduck@debian.org> | ||
3 | Author: Colin Watson <cjwatson@debian.org> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1724 | ||
5 | Bug-Debian: http://bugs.debian.org/471437 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/ssh.1 | ||
9 | =================================================================== | ||
10 | --- a/ssh.1 | ||
11 | +++ b/ssh.1 | ||
12 | @@ -558,7 +558,10 @@ | ||
13 | the listen port will be dynamically allocated on the server and reported | ||
14 | to the client at run time. | ||
15 | .It Fl S Ar ctl_path | ||
16 | -Specifies the location of a control socket for connection sharing. | ||
17 | +Specifies the location of a control socket for connection sharing, | ||
18 | +or the string | ||
19 | +.Dq none | ||
20 | +to disable connection sharing. | ||
21 | Refer to the description of | ||
22 | .Cm ControlPath | ||
23 | and | ||
diff --git a/debian/patches/gnome-ssh-askpass2-link.patch b/debian/patches/gnome-ssh-askpass2-link.patch deleted file mode 100644 index 6b9909641..000000000 --- a/debian/patches/gnome-ssh-askpass2-link.patch +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | Description: Use x11.pc when compiling/linking gnome-ssh-askpass2 | ||
2 | This fixes linking with binutils-gold. | ||
3 | Author: Colin Watson <cjwatson@debian.org> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1725 | ||
5 | Bug-Debian: http://bugs.debian.org/555951 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/contrib/Makefile | ||
9 | =================================================================== | ||
10 | --- a/contrib/Makefile | ||
11 | +++ b/contrib/Makefile | ||
12 | @@ -7,9 +7,9 @@ | ||
13 | `gnome-config --libs gnome gnomeui` | ||
14 | |||
15 | gnome-ssh-askpass2: gnome-ssh-askpass2.c | ||
16 | - $(CC) `pkg-config --cflags gtk+-2.0` \ | ||
17 | + $(CC) `pkg-config --cflags gtk+-2.0 x11` \ | ||
18 | gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ | ||
19 | - `pkg-config --libs gtk+-2.0` | ||
20 | + `pkg-config --libs gtk+-2.0 x11` | ||
21 | |||
22 | clean: | ||
23 | rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass | ||
diff --git a/debian/patches/gssapi-autoconf.patch b/debian/patches/gssapi-autoconf.patch index 5ef959de7..3ea221834 100644 --- a/debian/patches/gssapi-autoconf.patch +++ b/debian/patches/gssapi-autoconf.patch | |||
@@ -7,7 +7,7 @@ Index: b/config.h.in | |||
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/config.h.in | 8 | --- a/config.h.in |
9 | +++ b/config.h.in | 9 | +++ b/config.h.in |
10 | @@ -1378,6 +1378,9 @@ | 10 | @@ -1384,6 +1384,9 @@ |
11 | /* Use btmp to log bad logins */ | 11 | /* Use btmp to log bad logins */ |
12 | #undef USE_BTMP | 12 | #undef USE_BTMP |
13 | 13 | ||
@@ -17,7 +17,7 @@ Index: b/config.h.in | |||
17 | /* Use libedit for sftp */ | 17 | /* Use libedit for sftp */ |
18 | #undef USE_LIBEDIT | 18 | #undef USE_LIBEDIT |
19 | 19 | ||
20 | @@ -1390,6 +1393,9 @@ | 20 | @@ -1396,6 +1399,9 @@ |
21 | /* Use PIPES instead of a socketpair() */ | 21 | /* Use PIPES instead of a socketpair() */ |
22 | #undef USE_PIPES | 22 | #undef USE_PIPES |
23 | 23 | ||
diff --git a/debian/patches/gssapi-dump.patch b/debian/patches/gssapi-dump.patch index 9ed033359..6e09df484 100644 --- a/debian/patches/gssapi-dump.patch +++ b/debian/patches/gssapi-dump.patch | |||
@@ -11,7 +11,7 @@ Index: b/servconf.c | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/servconf.c | 12 | --- a/servconf.c |
13 | +++ b/servconf.c | 13 | +++ b/servconf.c |
14 | @@ -1668,7 +1668,10 @@ | 14 | @@ -1677,7 +1677,10 @@ |
15 | #endif | 15 | #endif |
16 | #ifdef GSSAPI | 16 | #ifdef GSSAPI |
17 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 17 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 5c1b83415..e39239fbd 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -1918,7 +1918,7 @@ Index: b/key.c | |||
1918 | =================================================================== | 1918 | =================================================================== |
1919 | --- a/key.c | 1919 | --- a/key.c |
1920 | +++ b/key.c | 1920 | +++ b/key.c |
1921 | @@ -969,6 +969,8 @@ | 1921 | @@ -982,6 +982,8 @@ |
1922 | return KEY_RSA_CERT; | 1922 | return KEY_RSA_CERT; |
1923 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { | 1923 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { |
1924 | return KEY_DSA_CERT; | 1924 | return KEY_DSA_CERT; |
@@ -2387,7 +2387,7 @@ Index: b/servconf.c | |||
2387 | #endif | 2387 | #endif |
2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
2390 | @@ -925,10 +942,22 @@ | 2390 | @@ -924,10 +941,22 @@ |
2391 | intptr = &options->gss_authentication; | 2391 | intptr = &options->gss_authentication; |
2392 | goto parse_flag; | 2392 | goto parse_flag; |
2393 | 2393 | ||
diff --git a/debian/patches/hurd-epfnosupport.patch b/debian/patches/hurd-epfnosupport.patch deleted file mode 100644 index e06b46309..000000000 --- a/debian/patches/hurd-epfnosupport.patch +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | Description: Fix X forwarding on the Hurd | ||
2 | socket() may return EPFNOSUPPORT, which != EAFNOSUPPORT on the Hurd. | ||
3 | Author: Robert Bihlmeyer <robbe@orcus.priv.at> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1721 | ||
5 | Bug-Debian: http://bugs.debian.org/102991 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/channels.c | ||
9 | =================================================================== | ||
10 | --- a/channels.c | ||
11 | +++ b/channels.c | ||
12 | @@ -3252,7 +3252,11 @@ | ||
13 | sock = socket(ai->ai_family, ai->ai_socktype, | ||
14 | ai->ai_protocol); | ||
15 | if (sock < 0) { | ||
16 | - if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { | ||
17 | + if ((errno != EINVAL) && (errno != EAFNOSUPPORT) | ||
18 | +#ifdef EPFNOSUPPORT | ||
19 | + && (errno != EPFNOSUPPORT) | ||
20 | +#endif | ||
21 | + ) { | ||
22 | error("socket: %.100s", strerror(errno)); | ||
23 | freeaddrinfo(aitop); | ||
24 | return -1; | ||
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 55d07e0d6..36335f475 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -68,8 +68,8 @@ Index: b/ssh_config.5 | |||
68 | If set to | 68 | If set to |
69 | .Dq yes , | 69 | .Dq yes , |
70 | passphrase/password querying will be disabled. | 70 | passphrase/password querying will be disabled. |
71 | +In addition, the | 71 | +In addition, the |
72 | +.Cm ServerAliveInterval | 72 | +.Cm ServerAliveInterval |
73 | +option will be set to 300 seconds by default. | 73 | +option will be set to 300 seconds by default. |
74 | This option is useful in scripts and other batch jobs where no user | 74 | This option is useful in scripts and other batch jobs where no user |
75 | -is present to supply the password. | 75 | -is present to supply the password. |
@@ -78,7 +78,7 @@ Index: b/ssh_config.5 | |||
78 | The argument must be | 78 | The argument must be |
79 | .Dq yes | 79 | .Dq yes |
80 | or | 80 | or |
81 | @@ -967,8 +971,15 @@ | 81 | @@ -963,8 +967,15 @@ |
82 | will send a message through the encrypted | 82 | will send a message through the encrypted |
83 | channel to request a response from the server. | 83 | channel to request a response from the server. |
84 | The default | 84 | The default |
@@ -95,7 +95,7 @@ Index: b/ssh_config.5 | |||
95 | .It Cm StrictHostKeyChecking | 95 | .It Cm StrictHostKeyChecking |
96 | If this flag is set to | 96 | If this flag is set to |
97 | .Dq yes , | 97 | .Dq yes , |
98 | @@ -1007,6 +1018,12 @@ | 98 | @@ -1003,6 +1014,12 @@ |
99 | other side. | 99 | other side. |
100 | If they are sent, death of the connection or crash of one | 100 | If they are sent, death of the connection or crash of one |
101 | of the machines will be properly noticed. | 101 | of the machines will be properly noticed. |
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch index 5949e3b94..955d38b50 100644 --- a/debian/patches/lintian-symlink-pickiness.patch +++ b/debian/patches/lintian-symlink-pickiness.patch | |||
@@ -9,7 +9,7 @@ Index: b/Makefile.in | |||
9 | =================================================================== | 9 | =================================================================== |
10 | --- a/Makefile.in | 10 | --- a/Makefile.in |
11 | +++ b/Makefile.in | 11 | +++ b/Makefile.in |
12 | @@ -295,9 +295,9 @@ | 12 | @@ -294,9 +294,9 @@ |
13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 | 14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 |
15 | -rm -f $(DESTDIR)$(bindir)/slogin | 15 | -rm -f $(DESTDIR)$(bindir)/slogin |
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index 0898c6ed3..dea370a1b 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -45,7 +45,7 @@ Index: b/ssh-keygen.1 | |||
45 | .Pp | 45 | .Pp |
46 | Normally this program generates the key and asks for a file in which | 46 | Normally this program generates the key and asks for a file in which |
47 | to store the private key. | 47 | to store the private key. |
48 | @@ -368,9 +366,7 @@ | 48 | @@ -367,9 +365,7 @@ |
49 | .It Fl q | 49 | .It Fl q |
50 | Silence | 50 | Silence |
51 | .Nm ssh-keygen . | 51 | .Nm ssh-keygen . |
@@ -60,7 +60,7 @@ Index: b/ssh.1 | |||
60 | =================================================================== | 60 | =================================================================== |
61 | --- a/ssh.1 | 61 | --- a/ssh.1 |
62 | +++ b/ssh.1 | 62 | +++ b/ssh.1 |
63 | @@ -759,6 +759,10 @@ | 63 | @@ -762,6 +762,10 @@ |
64 | .Sx HISTORY | 64 | .Sx HISTORY |
65 | section of | 65 | section of |
66 | .Xr ssl 8 | 66 | .Xr ssl 8 |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index b1162bfec..f45cc6968 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -38,7 +38,7 @@ Index: b/version.h | |||
38 | --- a/version.h | 38 | --- a/version.h |
39 | +++ b/version.h | 39 | +++ b/version.h |
40 | @@ -3,4 +3,9 @@ | 40 | @@ -3,4 +3,9 @@ |
41 | #define SSH_VERSION "OpenSSH_5.4" | 41 | #define SSH_VERSION "OpenSSH_5.5" |
42 | 42 | ||
43 | #define SSH_PORTABLE "p1" | 43 | #define SSH_PORTABLE "p1" |
44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch index 572a6e67c..96a26cf7e 100644 --- a/debian/patches/quieter-signals.patch +++ b/debian/patches/quieter-signals.patch | |||
@@ -16,7 +16,7 @@ Index: b/clientloop.c | |||
16 | =================================================================== | 16 | =================================================================== |
17 | --- a/clientloop.c | 17 | --- a/clientloop.c |
18 | +++ b/clientloop.c | 18 | +++ b/clientloop.c |
19 | @@ -1529,8 +1529,10 @@ | 19 | @@ -1530,8 +1530,10 @@ |
20 | exit_status = 0; | 20 | exit_status = 0; |
21 | } | 21 | } |
22 | 22 | ||
diff --git a/debian/patches/selinux-fix-chroot-directory.patch b/debian/patches/selinux-fix-chroot-directory.patch deleted file mode 100644 index 03942392b..000000000 --- a/debian/patches/selinux-fix-chroot-directory.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | Description: Make ChrootDirectory work with SELinux | ||
2 | After chroot() is called the SE Linux context setting won't work unless | ||
3 | /selinux and /proc are mounted in the chroot environment. Even worse, if | ||
4 | the user has control over the chroot environment then they may be able to | ||
5 | control the context that they get (I haven't verified this). | ||
6 | Author: Russell Coker <russell@coker.com.au> | ||
7 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1726 | ||
8 | Bug-Debian: http://bugs.debian.org/556644 | ||
9 | Last-Update: 2010-03-01 | ||
10 | |||
11 | Index: b/session.c | ||
12 | =================================================================== | ||
13 | --- a/session.c | ||
14 | +++ b/session.c | ||
15 | @@ -1551,6 +1551,10 @@ | ||
16 | } | ||
17 | #endif /* HAVE_SETPCRED */ | ||
18 | |||
19 | +#ifdef WITH_SELINUX | ||
20 | + ssh_selinux_setup_exec_context(pw->pw_name); | ||
21 | +#endif | ||
22 | + | ||
23 | if (options.chroot_directory != NULL && | ||
24 | strcasecmp(options.chroot_directory, "none") != 0) { | ||
25 | tmp = tilde_expand_filename(options.chroot_directory, | ||
26 | @@ -1575,10 +1579,6 @@ | ||
27 | |||
28 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | ||
29 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | ||
30 | - | ||
31 | -#ifdef WITH_SELINUX | ||
32 | - ssh_selinux_setup_exec_context(pw->pw_name); | ||
33 | -#endif | ||
34 | } | ||
35 | |||
36 | static void | ||
diff --git a/debian/patches/series b/debian/patches/series index a75b0a0f5..699dbaa98 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -6,7 +6,6 @@ gssapi-dump.patch | |||
6 | 6 | ||
7 | # SELinux | 7 | # SELinux |
8 | selinux-role.patch | 8 | selinux-role.patch |
9 | selinux-fix-chroot-directory.patch | ||
10 | 9 | ||
11 | # Key blacklisting | 10 | # Key blacklisting |
12 | ssh-vulnkey.patch | 11 | ssh-vulnkey.patch |
@@ -21,12 +20,9 @@ quieter-signals.patch | |||
21 | helpful-wait-terminate.patch | 20 | helpful-wait-terminate.patch |
22 | 21 | ||
23 | # Miscellaneous bug fixes | 22 | # Miscellaneous bug fixes |
24 | gnome-ssh-askpass2-link.patch | ||
25 | user-group-modes.patch | 23 | user-group-modes.patch |
26 | hurd-epfnosupport.patch | ||
27 | scp-quoting.patch | 24 | scp-quoting.patch |
28 | shell-path.patch | 25 | shell-path.patch |
29 | ssh-copy-id-status-check.patch | ||
30 | ssh-copy-id-trailing-colons.patch | 26 | ssh-copy-id-trailing-colons.patch |
31 | dnssec-sshfp.patch | 27 | dnssec-sshfp.patch |
32 | 28 | ||
@@ -41,7 +37,6 @@ lintian-symlink-pickiness.patch | |||
41 | # Documentation | 37 | # Documentation |
42 | openbsd-docs.patch | 38 | openbsd-docs.patch |
43 | ssh-argv0.patch | 39 | ssh-argv0.patch |
44 | doc-connection-sharing.patch | ||
45 | doc-hash-tab-completion.patch | 40 | doc-hash-tab-completion.patch |
46 | 41 | ||
47 | # Debian-specific configuration | 42 | # Debian-specific configuration |
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index 7caeff704..851687dfd 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
@@ -11,7 +11,7 @@ Index: b/ssh.1 | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/ssh.1 | 12 | --- a/ssh.1 |
13 | +++ b/ssh.1 | 13 | +++ b/ssh.1 |
14 | @@ -1427,6 +1427,7 @@ | 14 | @@ -1430,6 +1430,7 @@ |
15 | .Xr sftp 1 , | 15 | .Xr sftp 1 , |
16 | .Xr ssh-add 1 , | 16 | .Xr ssh-add 1 , |
17 | .Xr ssh-agent 1 , | 17 | .Xr ssh-agent 1 , |
diff --git a/debian/patches/ssh-copy-id-status-check.patch b/debian/patches/ssh-copy-id-status-check.patch deleted file mode 100644 index efc76d0fc..000000000 --- a/debian/patches/ssh-copy-id-status-check.patch +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | Description: ssh-copy-id: Check exit status of 'ssh-add -L' | ||
2 | This fixes behaviour when an agent is running with no identities loaded. | ||
3 | Author: Adeodato Simó <asp16@alu.ua.es> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1723 | ||
5 | Bug-Debian: http://bugs.debian.org/221675 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/contrib/ssh-copy-id | ||
9 | =================================================================== | ||
10 | --- a/contrib/ssh-copy-id | ||
11 | +++ b/contrib/ssh-copy-id | ||
12 | @@ -19,7 +19,7 @@ | ||
13 | shift # and this should leave $1 as the target name | ||
14 | fi | ||
15 | else | ||
16 | - if [ x$SSH_AUTH_SOCK != x ] ; then | ||
17 | + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then | ||
18 | GET_ID="$GET_ID ssh-add -L" | ||
19 | fi | ||
20 | fi | ||
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 73a30186b..af56dc031 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
@@ -62,15 +62,15 @@ Index: b/Makefile.in | |||
62 | # test driver for the loginrec code - not built by default | 62 | # test driver for the loginrec code - not built by default |
63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o | 63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o |
64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) | 64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) |
65 | @@ -269,6 +274,7 @@ | 65 | @@ -268,6 +273,7 @@ |
66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper $(DESTDIR)$(SSH_PKCS11_HELPER) | 66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp | 67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) | 68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
69 | + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey $(DESTDIR)$(bindir)/ssh-vulnkey | 69 | + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT) |
70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
73 | @@ -286,6 +292,7 @@ | 73 | @@ -285,6 +291,7 @@ |
74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
@@ -78,7 +78,7 @@ Index: b/Makefile.in | |||
78 | -rm -f $(DESTDIR)$(bindir)/slogin | 78 | -rm -f $(DESTDIR)$(bindir)/slogin |
79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
81 | @@ -367,6 +374,7 @@ | 81 | @@ -366,6 +373,7 @@ |
82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
@@ -86,7 +86,7 @@ Index: b/Makefile.in | |||
86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
89 | @@ -380,6 +388,7 @@ | 89 | @@ -379,6 +387,7 @@ |
90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
@@ -198,7 +198,7 @@ Index: b/auth2-pubkey.c | |||
198 | =================================================================== | 198 | =================================================================== |
199 | --- a/auth2-pubkey.c | 199 | --- a/auth2-pubkey.c |
200 | +++ b/auth2-pubkey.c | 200 | +++ b/auth2-pubkey.c |
201 | @@ -325,9 +325,10 @@ | 201 | @@ -328,9 +328,10 @@ |
202 | int success; | 202 | int success; |
203 | char *file; | 203 | char *file; |
204 | 204 | ||
@@ -498,7 +498,7 @@ Index: b/servconf.c | |||
498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
501 | @@ -1010,6 +1014,10 @@ | 501 | @@ -1009,6 +1013,10 @@ |
502 | intptr = &options->tcp_keep_alive; | 502 | intptr = &options->tcp_keep_alive; |
503 | goto parse_flag; | 503 | goto parse_flag; |
504 | 504 | ||
@@ -509,7 +509,7 @@ Index: b/servconf.c | |||
509 | case sEmptyPasswd: | 509 | case sEmptyPasswd: |
510 | intptr = &options->permit_empty_passwd; | 510 | intptr = &options->permit_empty_passwd; |
511 | goto parse_flag; | 511 | goto parse_flag; |
512 | @@ -1688,6 +1696,7 @@ | 512 | @@ -1697,6 +1705,7 @@ |
513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
@@ -584,7 +584,7 @@ Index: b/ssh-keygen.1 | |||
584 | =================================================================== | 584 | =================================================================== |
585 | --- a/ssh-keygen.1 | 585 | --- a/ssh-keygen.1 |
586 | +++ b/ssh-keygen.1 | 586 | +++ b/ssh-keygen.1 |
587 | @@ -629,6 +629,7 @@ | 587 | @@ -628,6 +628,7 @@ |
588 | .Xr ssh 1 , | 588 | .Xr ssh 1 , |
589 | .Xr ssh-add 1 , | 589 | .Xr ssh-add 1 , |
590 | .Xr ssh-agent 1 , | 590 | .Xr ssh-agent 1 , |
@@ -1236,7 +1236,7 @@ Index: b/ssh.1 | |||
1236 | =================================================================== | 1236 | =================================================================== |
1237 | --- a/ssh.1 | 1237 | --- a/ssh.1 |
1238 | +++ b/ssh.1 | 1238 | +++ b/ssh.1 |
1239 | @@ -1423,6 +1423,7 @@ | 1239 | @@ -1426,6 +1426,7 @@ |
1240 | .Xr ssh-agent 1 , | 1240 | .Xr ssh-agent 1 , |
1241 | .Xr ssh-keygen 1 , | 1241 | .Xr ssh-keygen 1 , |
1242 | .Xr ssh-keyscan 1 , | 1242 | .Xr ssh-keyscan 1 , |
@@ -1284,7 +1284,7 @@ Index: b/ssh_config.5 | |||
1284 | =================================================================== | 1284 | =================================================================== |
1285 | --- a/ssh_config.5 | 1285 | --- a/ssh_config.5 |
1286 | +++ b/ssh_config.5 | 1286 | +++ b/ssh_config.5 |
1287 | @@ -1055,6 +1055,23 @@ | 1287 | @@ -1051,6 +1051,23 @@ |
1288 | .Dq any . | 1288 | .Dq any . |
1289 | The default is | 1289 | The default is |
1290 | .Dq any:any . | 1290 | .Dq any:any . |
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch index ccd9a668e..7682c0761 100644 --- a/debian/patches/ssh1-keepalive.patch +++ b/debian/patches/ssh1-keepalive.patch | |||
@@ -52,7 +52,7 @@ Index: b/ssh_config.5 | |||
52 | =================================================================== | 52 | =================================================================== |
53 | --- a/ssh_config.5 | 53 | --- a/ssh_config.5 |
54 | +++ b/ssh_config.5 | 54 | +++ b/ssh_config.5 |
55 | @@ -956,7 +956,10 @@ | 55 | @@ -952,7 +952,10 @@ |
56 | .Cm ServerAliveCountMax | 56 | .Cm ServerAliveCountMax |
57 | is left at the default, if the server becomes unresponsive, | 57 | is left at the default, if the server becomes unresponsive, |
58 | ssh will disconnect after approximately 45 seconds. | 58 | ssh will disconnect after approximately 45 seconds. |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 22cb3084a..4d7ebe566 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -60,7 +60,7 @@ Index: b/ssh.1 | |||
60 | =================================================================== | 60 | =================================================================== |
61 | --- a/ssh.1 | 61 | --- a/ssh.1 |
62 | +++ b/ssh.1 | 62 | +++ b/ssh.1 |
63 | @@ -1321,6 +1321,8 @@ | 63 | @@ -1324,6 +1324,8 @@ |
64 | .Xr ssh_config 5 . | 64 | .Xr ssh_config 5 . |
65 | Because of the potential for abuse, this file must have strict permissions: | 65 | Because of the potential for abuse, this file must have strict permissions: |
66 | read/write for the user, and not accessible by others. | 66 | read/write for the user, and not accessible by others. |
@@ -73,7 +73,7 @@ Index: b/ssh_config.5 | |||
73 | =================================================================== | 73 | =================================================================== |
74 | --- a/ssh_config.5 | 74 | --- a/ssh_config.5 |
75 | +++ b/ssh_config.5 | 75 | +++ b/ssh_config.5 |
76 | @@ -1208,6 +1208,8 @@ | 76 | @@ -1204,6 +1204,8 @@ |
77 | This file is used by the SSH client. | 77 | This file is used by the SSH client. |
78 | Because of the potential for abuse, this file must have strict permissions: | 78 | Because of the potential for abuse, this file must have strict permissions: |
79 | read/write for the user, and not accessible by others. | 79 | read/write for the user, and not accessible by others. |
@@ -25,7 +25,7 @@ | |||
25 | #ifndef _DEFINES_H | 25 | #ifndef _DEFINES_H |
26 | #define _DEFINES_H | 26 | #define _DEFINES_H |
27 | 27 | ||
28 | /* $Id: defines.h,v 1.159 2010/01/13 23:44:34 tim Exp $ */ | 28 | /* $Id: defines.h,v 1.160 2010/04/09 08:13:27 dtucker Exp $ */ |
29 | 29 | ||
30 | 30 | ||
31 | /* Constants */ | 31 | /* Constants */ |
@@ -674,7 +674,7 @@ struct winsize { | |||
674 | #else | 674 | #else |
675 | /* Simply select your favourite login types. */ | 675 | /* Simply select your favourite login types. */ |
676 | /* Can't do if-else because some systems use several... <sigh> */ | 676 | /* Can't do if-else because some systems use several... <sigh> */ |
677 | # if defined(UTMPX_FILE) && !defined(DISABLE_UTMPX) | 677 | # if !defined(DISABLE_UTMPX) |
678 | # define USE_UTMPX | 678 | # define USE_UTMPX |
679 | # endif | 679 | # endif |
680 | # if defined(UTMP_FILE) && !defined(DISABLE_UTMP) | 680 | # if defined(UTMP_FILE) && !defined(DISABLE_UTMP) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.85 2010/03/04 01:44:57 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.86 2010/03/15 19:40:02 stevesk Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -802,6 +802,19 @@ key_type(const Key *k) | |||
802 | } | 802 | } |
803 | 803 | ||
804 | const char * | 804 | const char * |
805 | key_cert_type(const Key *k) | ||
806 | { | ||
807 | switch (k->cert->type) { | ||
808 | case SSH2_CERT_TYPE_USER: | ||
809 | return "user"; | ||
810 | case SSH2_CERT_TYPE_HOST: | ||
811 | return "host"; | ||
812 | default: | ||
813 | return "unknown"; | ||
814 | } | ||
815 | } | ||
816 | |||
817 | const char * | ||
805 | key_ssh_name(const Key *k) | 818 | key_ssh_name(const Key *k) |
806 | { | 819 | { |
807 | switch (k->type) { | 820 | switch (k->type) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.29 2010/03/15 19:40:02 stevesk Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -83,6 +83,7 @@ int key_equal(const Key *, const Key *); | |||
83 | char *key_fingerprint(Key *, enum fp_type, enum fp_rep); | 83 | char *key_fingerprint(Key *, enum fp_type, enum fp_rep); |
84 | u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); | 84 | u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); |
85 | const char *key_type(const Key *); | 85 | const char *key_type(const Key *); |
86 | const char *key_cert_type(const Key *); | ||
86 | int key_write(const Key *, FILE *); | 87 | int key_write(const Key *, FILE *); |
87 | int key_read(Key *, char **); | 88 | int key_read(Key *, char **); |
88 | u_int key_size(const Key *); | 89 | u_int key_size(const Key *); |
diff --git a/loginrec.c b/loginrec.c index bca959707..6f655cb16 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -207,6 +207,7 @@ int syslogin_write_entry(struct logininfo *li); | |||
207 | 207 | ||
208 | int getlast_entry(struct logininfo *li); | 208 | int getlast_entry(struct logininfo *li); |
209 | int lastlog_get_entry(struct logininfo *li); | 209 | int lastlog_get_entry(struct logininfo *li); |
210 | int utmpx_get_entry(struct logininfo *li); | ||
210 | int wtmp_get_entry(struct logininfo *li); | 211 | int wtmp_get_entry(struct logininfo *li); |
211 | int wtmpx_get_entry(struct logininfo *li); | 212 | int wtmpx_get_entry(struct logininfo *li); |
212 | 213 | ||
@@ -508,6 +509,10 @@ getlast_entry(struct logininfo *li) | |||
508 | #ifdef USE_LASTLOG | 509 | #ifdef USE_LASTLOG |
509 | return(lastlog_get_entry(li)); | 510 | return(lastlog_get_entry(li)); |
510 | #else /* !USE_LASTLOG */ | 511 | #else /* !USE_LASTLOG */ |
512 | #if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \ | ||
513 | defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER) | ||
514 | return (utmpx_get_entry(li)); | ||
515 | #endif | ||
511 | 516 | ||
512 | #if defined(DISABLE_LASTLOG) | 517 | #if defined(DISABLE_LASTLOG) |
513 | /* On some systems we shouldn't even try to obtain last login | 518 | /* On some systems we shouldn't even try to obtain last login |
@@ -1608,6 +1613,32 @@ lastlog_get_entry(struct logininfo *li) | |||
1608 | #endif /* HAVE_GETLASTLOGXBYNAME */ | 1613 | #endif /* HAVE_GETLASTLOGXBYNAME */ |
1609 | #endif /* USE_LASTLOG */ | 1614 | #endif /* USE_LASTLOG */ |
1610 | 1615 | ||
1616 | #if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \ | ||
1617 | defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER) | ||
1618 | int | ||
1619 | utmpx_get_entry(struct logininfo *li) | ||
1620 | { | ||
1621 | struct utmpx *utx; | ||
1622 | |||
1623 | if (setutxdb(UTXDB_LASTLOGIN, NULL) != 0) | ||
1624 | return (0); | ||
1625 | utx = getutxuser(li->username); | ||
1626 | if (utx == NULL) { | ||
1627 | endutxent(); | ||
1628 | return (0); | ||
1629 | } | ||
1630 | |||
1631 | line_fullname(li->line, utx->ut_line, | ||
1632 | MIN_SIZEOF(li->line, utx->ut_line)); | ||
1633 | strlcpy(li->hostname, utx->ut_host, | ||
1634 | MIN_SIZEOF(li->hostname, utx->ut_host)); | ||
1635 | li->tv_sec = utx->ut_tv.tv_sec; | ||
1636 | li->tv_usec = utx->ut_tv.tv_usec; | ||
1637 | endutxent(); | ||
1638 | return (1); | ||
1639 | } | ||
1640 | #endif /* USE_UTMPX && HAVE_SETUTXDB && UTXDB_LASTLOGIN && HAVE_GETUTXUSER */ | ||
1641 | |||
1611 | #ifdef USE_BTMP | 1642 | #ifdef USE_BTMP |
1612 | /* | 1643 | /* |
1613 | * Logs failed login attempts in _PATH_BTMP if that exists. | 1644 | * Logs failed login attempts in _PATH_BTMP if that exists. |
diff --git a/logintest.c b/logintest.c index 7e9fbbfbb..4897ae0f9 100644 --- a/logintest.c +++ b/logintest.c | |||
@@ -264,7 +264,7 @@ showOptions(void) | |||
264 | printf("\tUSE_UTMP (UTMP_FILE=%s)\n", UTMP_FILE); | 264 | printf("\tUSE_UTMP (UTMP_FILE=%s)\n", UTMP_FILE); |
265 | #endif | 265 | #endif |
266 | #ifdef USE_UTMPX | 266 | #ifdef USE_UTMPX |
267 | printf("\tUSE_UTMPX (UTMPX_FILE=%s)\n", UTMPX_FILE); | 267 | printf("\tUSE_UTMPX\n"); |
268 | #endif | 268 | #endif |
269 | #ifdef USE_WTMP | 269 | #ifdef USE_WTMP |
270 | printf("\tUSE_WTMP (WTMP_FILE=%s)\n", WTMP_FILE); | 270 | printf("\tUSE_WTMP (WTMP_FILE=%s)\n", WTMP_FILE); |
@@ -69,4 +69,4 @@ SEE ALSO | |||
69 | Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer | 69 | Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer |
70 | Protocol, RFC 4419, 2006. | 70 | Protocol, RFC 4419, 2006. |
71 | 71 | ||
72 | OpenBSD 4.6 June 26, 2008 2 | 72 | OpenBSD 4.7 June 26, 2008 2 |
diff --git a/openbsd-compat/bsd-arc4random.c b/openbsd-compat/bsd-arc4random.c index 9d4c8690e..d7c586253 100644 --- a/openbsd-compat/bsd-arc4random.c +++ b/openbsd-compat/bsd-arc4random.c | |||
@@ -84,7 +84,7 @@ arc4random_stir(void) | |||
84 | } | 84 | } |
85 | #endif /* !HAVE_ARC4RANDOM */ | 85 | #endif /* !HAVE_ARC4RANDOM */ |
86 | 86 | ||
87 | #ifndef ARC4RANDOM_BUF | 87 | #ifndef HAVE_ARC4RANDOM_BUF |
88 | void | 88 | void |
89 | arc4random_buf(void *_buf, size_t n) | 89 | arc4random_buf(void *_buf, size_t n) |
90 | { | 90 | { |
@@ -102,7 +102,7 @@ arc4random_buf(void *_buf, size_t n) | |||
102 | } | 102 | } |
103 | #endif /* !HAVE_ARC4RANDOM_BUF */ | 103 | #endif /* !HAVE_ARC4RANDOM_BUF */ |
104 | 104 | ||
105 | #ifndef ARC4RANDOM_UNIFORM | 105 | #ifndef HAVE_ARC4RANDOM_UNIFORM |
106 | /* | 106 | /* |
107 | * Calculate a uniformly distributed random number less than upper_bound | 107 | * Calculate a uniformly distributed random number less than upper_bound |
108 | * avoiding "modulo bias". | 108 | * avoiding "modulo bias". |
@@ -145,4 +145,4 @@ AUTHORS | |||
145 | Timo Rinne <tri@iki.fi> | 145 | Timo Rinne <tri@iki.fi> |
146 | Tatu Ylonen <ylo@cs.hut.fi> | 146 | Tatu Ylonen <ylo@cs.hut.fi> |
147 | 147 | ||
148 | OpenBSD 4.6 February 8, 2010 3 | 148 | OpenBSD 4.7 February 8, 2010 3 |
diff --git a/servconf.c b/servconf.c index 62417def7..d42dd527b 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.c,v 1.204 2010/03/04 10:36:03 djm Exp $ */ | 1 | /* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -500,15 +500,14 @@ parse_token(const char *cp, const char *filename, | |||
500 | char * | 500 | char * |
501 | derelativise_path(const char *path) | 501 | derelativise_path(const char *path) |
502 | { | 502 | { |
503 | char *expanded, *ret, *cwd; | 503 | char *expanded, *ret, cwd[MAXPATHLEN]; |
504 | 504 | ||
505 | expanded = tilde_expand_filename(path, getuid()); | 505 | expanded = tilde_expand_filename(path, getuid()); |
506 | if (*expanded == '/') | 506 | if (*expanded == '/') |
507 | return expanded; | 507 | return expanded; |
508 | if ((cwd = getcwd(NULL, 0)) == NULL) | 508 | if (getcwd(cwd, sizeof(cwd)) == NULL) |
509 | fatal("%s: getcwd: %s", __func__, strerror(errno)); | 509 | fatal("%s: getcwd: %s", __func__, strerror(errno)); |
510 | xasprintf(&ret, "%s/%s", cwd, expanded); | 510 | xasprintf(&ret, "%s/%s", cwd, expanded); |
511 | xfree(cwd); | ||
512 | xfree(expanded); | 511 | xfree(expanded); |
513 | return ret; | 512 | return ret; |
514 | } | 513 | } |
@@ -1269,7 +1268,17 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1269 | charptr = (opcode == sAuthorizedKeysFile) ? | 1268 | charptr = (opcode == sAuthorizedKeysFile) ? |
1270 | &options->authorized_keys_file : | 1269 | &options->authorized_keys_file : |
1271 | &options->authorized_keys_file2; | 1270 | &options->authorized_keys_file2; |
1272 | goto parse_filename; | 1271 | arg = strdelim(&cp); |
1272 | if (!arg || *arg == '\0') | ||
1273 | fatal("%s line %d: missing file name.", | ||
1274 | filename, linenum); | ||
1275 | if (*activep && *charptr == NULL) { | ||
1276 | *charptr = tilde_expand_filename(arg, getuid()); | ||
1277 | /* increase optional counter */ | ||
1278 | if (intptr != NULL) | ||
1279 | *intptr = *intptr + 1; | ||
1280 | } | ||
1281 | break; | ||
1273 | 1282 | ||
1274 | case sClientAliveInterval: | 1283 | case sClientAliveInterval: |
1275 | intptr = &options->client_alive_interval; | 1284 | intptr = &options->client_alive_interval; |
diff --git a/sftp-server.0 b/sftp-server.0 index 6628dcfca..0c2654c8d 100644 --- a/sftp-server.0 +++ b/sftp-server.0 | |||
@@ -60,4 +60,4 @@ HISTORY | |||
60 | AUTHORS | 60 | AUTHORS |
61 | Markus Friedl <markus@openbsd.org> | 61 | Markus Friedl <markus@openbsd.org> |
62 | 62 | ||
63 | OpenBSD 4.6 January 9, 2010 1 | 63 | OpenBSD 4.7 January 9, 2010 1 |
@@ -316,4 +316,4 @@ SEE ALSO | |||
316 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- | 316 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- |
317 | filexfer-00.txt, January 2001, work in progress material. | 317 | filexfer-00.txt, January 2001, work in progress material. |
318 | 318 | ||
319 | OpenBSD 4.6 February 8, 2010 5 | 319 | OpenBSD 4.7 February 8, 2010 5 |
@@ -106,4 +106,4 @@ AUTHORS | |||
106 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 106 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
107 | versions 1.5 and 2.0. | 107 | versions 1.5 and 2.0. |
108 | 108 | ||
109 | OpenBSD 4.6 March 5, 2010 2 | 109 | OpenBSD 4.7 March 5, 2010 2 |
diff --git a/ssh-agent.0 b/ssh-agent.0 index c178dcd01..536eac756 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
@@ -115,4 +115,4 @@ AUTHORS | |||
115 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 115 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
116 | versions 1.5 and 2.0. | 116 | versions 1.5 and 2.0. |
117 | 117 | ||
118 | OpenBSD 4.6 January 17, 2010 2 | 118 | OpenBSD 4.7 January 17, 2010 2 |
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index c9877300e..aed4a14ad 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -165,8 +165,14 @@ DESCRIPTION | |||
165 | section for details. The constraints that are valid for user | 165 | section for details. The constraints that are valid for user |
166 | certificates are: | 166 | certificates are: |
167 | 167 | ||
168 | no-x11-forwarding | 168 | clear Clear all enabled permissions. This is useful for clear- |
169 | Disable X11 forwarding (permitted by default). | 169 | ing the default set of permissions so permissions may be |
170 | added individually. | ||
171 | |||
172 | force-command=command | ||
173 | Forces the execution of command instead of any shell or | ||
174 | command specified by the user when the certificate is | ||
175 | used for authentication. | ||
170 | 176 | ||
171 | no-agent-forwarding | 177 | no-agent-forwarding |
172 | Disable ssh-agent(1) forwarding (permitted by default). | 178 | Disable ssh-agent(1) forwarding (permitted by default). |
@@ -180,12 +186,8 @@ DESCRIPTION | |||
180 | Disable execution of ~/.ssh/rc by sshd(8) (permitted by | 186 | Disable execution of ~/.ssh/rc by sshd(8) (permitted by |
181 | default). | 187 | default). |
182 | 188 | ||
183 | clear Clear all enabled permissions. This is useful for clear- | 189 | no-x11-forwarding |
184 | ing the default set of permissions so permissions may be | 190 | Disable X11 forwarding (permitted by default). |
185 | added individually. | ||
186 | |||
187 | permit-x11-forwarding | ||
188 | Allows X11 forwarding. | ||
189 | 191 | ||
190 | permit-agent-forwarding | 192 | permit-agent-forwarding |
191 | Allows ssh-agent(1) forwarding. | 193 | Allows ssh-agent(1) forwarding. |
@@ -199,16 +201,14 @@ DESCRIPTION | |||
199 | permit-user-rc | 201 | permit-user-rc |
200 | Allows execution of ~/.ssh/rc by sshd(8). | 202 | Allows execution of ~/.ssh/rc by sshd(8). |
201 | 203 | ||
202 | force-command=command | 204 | permit-x11-forwarding |
203 | Forces the execution of command instead of any shell or | 205 | Allows X11 forwarding. |
204 | command specified by the user when the certificate is | ||
205 | used for authentication. | ||
206 | 206 | ||
207 | source-address=address_list | 207 | source-address=address_list |
208 | Restrict the source addresses from which the certificate | 208 | Restrict the source addresses from which the certificate |
209 | is considered valid from. The address_list is a comma- | 209 | is considered valid. The address_list is a comma-sepa- |
210 | separated list of one or more address/netmask pairs in | 210 | rated list of one or more address/netmask pairs in CIDR |
211 | CIDR format. | 211 | format. |
212 | 212 | ||
213 | At present, no constraints are valid for host keys. | 213 | At present, no constraints are valid for host keys. |
214 | 214 | ||
@@ -257,9 +257,9 @@ DESCRIPTION | |||
257 | in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative | 257 | in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative |
258 | time (to the current time) consisting of a minus sign followed by | 258 | time (to the current time) consisting of a minus sign followed by |
259 | a relative time in the format described in the TIME FORMATS sec- | 259 | a relative time in the format described in the TIME FORMATS sec- |
260 | tion of ssh_config(5). The end time may be specified as a YYYYM- | 260 | tion of sshd_config(5). The end time may be specified as a |
261 | MDD date, a YYYYMMDDHHMMSS time or a relative time starting with | 261 | YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting |
262 | a plus character. | 262 | with a plus character. |
263 | 263 | ||
264 | For example: ``+52w1d'' (valid from now to 52 weeks and one day | 264 | For example: ``+52w1d'' (valid from now to 52 weeks and one day |
265 | from now), ``-4w:+4w'' (valid from four weeks ago to four weeks | 265 | from now), ``-4w:+4w'' (valid from four weeks ago to four weeks |
@@ -329,12 +329,12 @@ CERTIFICATES | |||
329 | 329 | ||
330 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub | 330 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
331 | 331 | ||
332 | The resultant certificate will be placed in /path/to/user_key_cert.pub. | 332 | The resultant certificate will be placed in /path/to/user_key-cert.pub. |
333 | A host certificate requires the -h option: | 333 | A host certificate requires the -h option: |
334 | 334 | ||
335 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub | 335 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub |
336 | 336 | ||
337 | The host certificate will be output to /path/to/host_key_cert.pub. In | 337 | The host certificate will be output to /path/to/host_key-cert.pub. In |
338 | both cases, key_id is a "key identifier" that is logged by the server | 338 | both cases, key_id is a "key identifier" that is logged by the server |
339 | when the certificate is used for authentication. | 339 | when the certificate is used for authentication. |
340 | 340 | ||
@@ -344,7 +344,7 @@ CERTIFICATES | |||
344 | pals: | 344 | pals: |
345 | 345 | ||
346 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub | 346 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub |
347 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain $0 | 347 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub |
348 | 348 | ||
349 | Additional limitations on the validity and use of user certificates may | 349 | Additional limitations on the validity and use of user certificates may |
350 | be specified through certificate constraints. A constrained certificate | 350 | be specified through certificate constraints. A constrained certificate |
@@ -431,4 +431,4 @@ AUTHORS | |||
431 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 431 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
432 | versions 1.5 and 2.0. | 432 | versions 1.5 and 2.0. |
433 | 433 | ||
434 | OpenBSD 4.6 March 8, 2010 7 | 434 | OpenBSD 4.7 March 13, 2010 7 |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 9dec5a098..64638aa9c 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.88 2010/03/08 00:28:55 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.92 2010/03/13 23:38:13 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -37,7 +37,7 @@ | |||
37 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 37 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
38 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 38 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
39 | .\" | 39 | .\" |
40 | .Dd $Mdocdate: March 8 2010 $ | 40 | .Dd $Mdocdate: March 13 2010 $ |
41 | .Dt SSH-KEYGEN 1 | 41 | .Dt SSH-KEYGEN 1 |
42 | .Os | 42 | .Os |
43 | .Sh NAME | 43 | .Sh NAME |
@@ -305,8 +305,15 @@ Please see the | |||
305 | section for details. | 305 | section for details. |
306 | The constraints that are valid for user certificates are: | 306 | The constraints that are valid for user certificates are: |
307 | .Bl -tag -width Ds | 307 | .Bl -tag -width Ds |
308 | .It Ic no-x11-forwarding | 308 | .It Ic clear |
309 | Disable X11 forwarding (permitted by default). | 309 | Clear all enabled permissions. |
310 | This is useful for clearing the default set of permissions so permissions may | ||
311 | be added individually. | ||
312 | .It Ic force-command Ns = Ns Ar command | ||
313 | Forces the execution of | ||
314 | .Ar command | ||
315 | instead of any shell or command specified by the user when | ||
316 | the certificate is used for authentication. | ||
310 | .It Ic no-agent-forwarding | 317 | .It Ic no-agent-forwarding |
311 | Disable | 318 | Disable |
312 | .Xr ssh-agent 1 | 319 | .Xr ssh-agent 1 |
@@ -321,12 +328,8 @@ Disable execution of | |||
321 | by | 328 | by |
322 | .Xr sshd 8 | 329 | .Xr sshd 8 |
323 | (permitted by default). | 330 | (permitted by default). |
324 | .It Ic clear | 331 | .It Ic no-x11-forwarding |
325 | Clear all enabled permissions. | 332 | Disable X11 forwarding (permitted by default). |
326 | This is useful for clearing the default set of permissions so permissions may | ||
327 | be added individually. | ||
328 | .It Ic permit-x11-forwarding | ||
329 | Allows X11 forwarding. | ||
330 | .It Ic permit-agent-forwarding | 333 | .It Ic permit-agent-forwarding |
331 | Allows | 334 | Allows |
332 | .Xr ssh-agent 1 | 335 | .Xr ssh-agent 1 |
@@ -340,14 +343,10 @@ Allows execution of | |||
340 | .Pa ~/.ssh/rc | 343 | .Pa ~/.ssh/rc |
341 | by | 344 | by |
342 | .Xr sshd 8 . | 345 | .Xr sshd 8 . |
343 | .It Ic force-command=command | 346 | .It Ic permit-x11-forwarding |
344 | Forces the execution of | 347 | Allows X11 forwarding. |
345 | .Ar command | 348 | .It Ic source-address Ns = Ns Ar address_list |
346 | instead of any shell or command specified by the user when | 349 | Restrict the source addresses from which the certificate is considered valid. |
347 | the certificate is used for authentication. | ||
348 | .It Ic source-address=address_list | ||
349 | Restrict the source addresses from which the certificate is considered valid | ||
350 | from. | ||
351 | The | 350 | The |
352 | .Ar address_list | 351 | .Ar address_list |
353 | is a comma-separated list of one or more address/netmask pairs in CIDR | 352 | is a comma-separated list of one or more address/netmask pairs in CIDR |
@@ -410,7 +409,7 @@ in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting | |||
410 | of a minus sign followed by a relative time in the format described in the | 409 | of a minus sign followed by a relative time in the format described in the |
411 | .Sx TIME FORMATS | 410 | .Sx TIME FORMATS |
412 | section of | 411 | section of |
413 | .Xr ssh_config 5 . | 412 | .Xr sshd_config 5 . |
414 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or | 413 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or |
415 | a relative time starting with a plus character. | 414 | a relative time starting with a plus character. |
416 | .Pp | 415 | .Pp |
@@ -515,7 +514,7 @@ To generate a user certificate: | |||
515 | .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub | 514 | .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
516 | .Pp | 515 | .Pp |
517 | The resultant certificate will be placed in | 516 | The resultant certificate will be placed in |
518 | .Pa /path/to/user_key_cert.pub . | 517 | .Pa /path/to/user_key-cert.pub . |
519 | A host certificate requires the | 518 | A host certificate requires the |
520 | .Fl h | 519 | .Fl h |
521 | option: | 520 | option: |
@@ -523,7 +522,7 @@ option: | |||
523 | .Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub | 522 | .Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub |
524 | .Pp | 523 | .Pp |
525 | The host certificate will be output to | 524 | The host certificate will be output to |
526 | .Pa /path/to/host_key_cert.pub . | 525 | .Pa /path/to/host_key-cert.pub . |
527 | In both cases, | 526 | In both cases, |
528 | .Ar key_id | 527 | .Ar key_id |
529 | is a "key identifier" that is logged by the server when the certificate | 528 | is a "key identifier" that is logged by the server when the certificate |
@@ -535,7 +534,7 @@ By default, generated certificates are valid for all users or hosts. | |||
535 | To generate a certificate for a specified set of principals: | 534 | To generate a certificate for a specified set of principals: |
536 | .Pp | 535 | .Pp |
537 | .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub | 536 | .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub |
538 | .Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub | 537 | .Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub" |
539 | .Pp | 538 | .Pp |
540 | Additional limitations on the validity and use of user certificates may | 539 | Additional limitations on the validity and use of user certificates may |
541 | be specified through certificate constraints. | 540 | be specified through certificate constraints. |
diff --git a/ssh-keygen.c b/ssh-keygen.c index dd662c907..37e516ff2 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.184 2010/03/07 22:16:01 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.185 2010/03/15 19:40:02 stevesk Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1393,7 +1393,8 @@ do_show_cert(struct passwd *pw) | |||
1393 | SSH_FP_MD5, SSH_FP_HEX); | 1393 | SSH_FP_MD5, SSH_FP_HEX); |
1394 | 1394 | ||
1395 | printf("%s:\n", identity_file); | 1395 | printf("%s:\n", identity_file); |
1396 | printf(" %s certificate %s\n", key_type(key), key_fp); | 1396 | printf(" %s %s certificate %s\n", key_type(key), |
1397 | key_cert_type(key), key_fp); | ||
1397 | printf(" Signed by %s CA %s\n", | 1398 | printf(" Signed by %s CA %s\n", |
1398 | key_type(key->cert->signature_key), ca_fp); | 1399 | key_type(key->cert->signature_key), ca_fp); |
1399 | printf(" Key ID \"%s\"\n", key->cert->key_id); | 1400 | printf(" Key ID \"%s\"\n", key->cert->key_id); |
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 1100a69b6..8a0ef60e4 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
@@ -104,4 +104,4 @@ BUGS | |||
104 | This is because it opens a connection to the ssh port, reads the public | 104 | This is because it opens a connection to the ssh port, reads the public |
105 | key, and drops the connection as soon as it gets the key. | 105 | key, and drops the connection as soon as it gets the key. |
106 | 106 | ||
107 | OpenBSD 4.6 January 9, 2010 2 | 107 | OpenBSD 4.7 January 9, 2010 2 |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index ab15e88bc..20a8eaa87 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -39,4 +39,4 @@ HISTORY | |||
39 | AUTHORS | 39 | AUTHORS |
40 | Markus Friedl <markus@openbsd.org> | 40 | Markus Friedl <markus@openbsd.org> |
41 | 41 | ||
42 | OpenBSD 4.6 May 31, 2007 1 | 42 | OpenBSD 4.7 May 31, 2007 1 |
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index 2760cad94..9eb2bc96a 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 | |||
@@ -22,4 +22,4 @@ HISTORY | |||
22 | AUTHORS | 22 | AUTHORS |
23 | Markus Friedl <markus@openbsd.org> | 23 | Markus Friedl <markus@openbsd.org> |
24 | 24 | ||
25 | OpenBSD 4.6 February 10, 2010 1 | 25 | OpenBSD 4.7 February 10, 2010 1 |
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index d3bfb9838..8e3f57ace 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c | |||
@@ -17,8 +17,6 @@ | |||
17 | 17 | ||
18 | #include "includes.h" | 18 | #include "includes.h" |
19 | 19 | ||
20 | #ifdef ENABLE_PKCS11 | ||
21 | |||
22 | #include <sys/types.h> | 20 | #include <sys/types.h> |
23 | #ifdef HAVE_SYS_TIME_H | 21 | #ifdef HAVE_SYS_TIME_H |
24 | # include <sys/time.h> | 22 | # include <sys/time.h> |
@@ -39,6 +37,8 @@ | |||
39 | #include "authfd.h" | 37 | #include "authfd.h" |
40 | #include "ssh-pkcs11.h" | 38 | #include "ssh-pkcs11.h" |
41 | 39 | ||
40 | #ifdef ENABLE_PKCS11 | ||
41 | |||
42 | /* borrows code from sftp-server and ssh-agent */ | 42 | /* borrows code from sftp-server and ssh-agent */ |
43 | 43 | ||
44 | struct pkcs11_keyinfo { | 44 | struct pkcs11_keyinfo { |
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0 index 72bfcdf64..51b6f5571 100644 --- a/ssh-rand-helper.0 +++ b/ssh-rand-helper.0 | |||
@@ -48,4 +48,4 @@ AUTHORS | |||
48 | SEE ALSO | 48 | SEE ALSO |
49 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) | 49 | ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) |
50 | 50 | ||
51 | OpenBSD 4.6 April 14, 2002 1 | 51 | OpenBSD 4.7 April 14, 2002 1 |
@@ -308,9 +308,10 @@ DESCRIPTION | |||
308 | allocated on the server and reported to the client at run time. | 308 | allocated on the server and reported to the client at run time. |
309 | 309 | ||
310 | -S ctl_path | 310 | -S ctl_path |
311 | Specifies the location of a control socket for connection shar- | 311 | Specifies the location of a control socket for connection sharing |
312 | ing. Refer to the description of ControlPath and ControlMaster | 312 | or the string ``none'' to disable connection sharing. Refer to |
313 | in ssh_config(5) for details. | 313 | the description of ControlPath and ControlMaster in ssh_config(5) |
314 | for details. | ||
314 | 315 | ||
315 | -s May be used to request invocation of a subsystem on the remote | 316 | -s May be used to request invocation of a subsystem on the remote |
316 | system. Subsystems are a feature of the SSH2 protocol which fa- | 317 | system. Subsystems are a feature of the SSH2 protocol which fa- |
@@ -876,4 +877,4 @@ AUTHORS | |||
876 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 877 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
877 | versions 1.5 and 2.0. | 878 | versions 1.5 and 2.0. |
878 | 879 | ||
879 | OpenBSD 4.6 March 5, 2010 14 | 880 | OpenBSD 4.7 March 26, 2010 14 |
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.303 2010/03/26 00:26:58 djm Exp $ |
38 | .Dd $Mdocdate: March 5 2010 $ | 38 | .Dd $Mdocdate: March 26 2010 $ |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -558,7 +558,7 @@ argument is | |||
558 | the listen port will be dynamically allocated on the server and reported | 558 | the listen port will be dynamically allocated on the server and reported |
559 | to the client at run time. | 559 | to the client at run time. |
560 | .It Fl S Ar ctl_path | 560 | .It Fl S Ar ctl_path |
561 | Specifies the location of a control socket for connection sharing, | 561 | Specifies the location of a control socket for connection sharing |
562 | or the string | 562 | or the string |
563 | .Dq none | 563 | .Dq none |
564 | to disable connection sharing. | 564 | to disable connection sharing. |
diff --git a/ssh_config.0 b/ssh_config.0 index 48969a22a..1a2c64ce1 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -425,8 +425,8 @@ DESCRIPTION | |||
425 | Specifies the order in which the client should try protocol 2 au- | 425 | Specifies the order in which the client should try protocol 2 au- |
426 | thentication methods. This allows a client to prefer one method | 426 | thentication methods. This allows a client to prefer one method |
427 | (e.g. keyboard-interactive) over another method (e.g. password) | 427 | (e.g. keyboard-interactive) over another method (e.g. password) |
428 | The default for this option is: ``gssapi-with-mic,hostbased, | 428 | The default for this option is: ``gssapi-with- |
429 | publickey, keyboard-interactive, password''. | 429 | mic,hostbased,publickey,keyboard-interactive,password''. |
430 | 430 | ||
431 | Protocol | 431 | Protocol |
432 | Specifies the protocol versions ssh(1) should support in order of | 432 | Specifies the protocol versions ssh(1) should support in order of |
@@ -673,4 +673,4 @@ AUTHORS | |||
673 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 673 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
674 | versions 1.5 and 2.0. | 674 | versions 1.5 and 2.0. |
675 | 675 | ||
676 | OpenBSD 4.6 March 5, 2010 11 | 676 | OpenBSD 4.7 March 26, 2010 11 |
diff --git a/ssh_config.5 b/ssh_config.5 index 91c0e1bb0..45496cfbc 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $ |
38 | .Dd $Mdocdate: March 5 2010 $ | 38 | .Dd $Mdocdate: March 26 2010 $ |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -144,8 +144,8 @@ Valid arguments are | |||
144 | If set to | 144 | If set to |
145 | .Dq yes , | 145 | .Dq yes , |
146 | passphrase/password querying will be disabled. | 146 | passphrase/password querying will be disabled. |
147 | In addition, the | 147 | In addition, the |
148 | .Cm ServerAliveInterval | 148 | .Cm ServerAliveInterval |
149 | option will be set to 300 seconds by default. | 149 | option will be set to 300 seconds by default. |
150 | This option is useful in scripts and other batch jobs where no user | 150 | This option is useful in scripts and other batch jobs where no user |
151 | is present to supply the password, | 151 | is present to supply the password, |
@@ -785,11 +785,7 @@ This allows a client to prefer one method (e.g.\& | |||
785 | over another method (e.g.\& | 785 | over another method (e.g.\& |
786 | .Cm password ) | 786 | .Cm password ) |
787 | The default for this option is: | 787 | The default for this option is: |
788 | .Do gssapi-with-mic , | 788 | .Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password |
789 | hostbased, | ||
790 | publickey, | ||
791 | keyboard-interactive, | ||
792 | password | ||
793 | .Dc . | 789 | .Dc . |
794 | .It Cm Protocol | 790 | .It Cm Protocol |
795 | Specifies the protocol versions | 791 | Specifies the protocol versions |
@@ -614,4 +614,4 @@ CAVEATS | |||
614 | System security is not improved unless rshd, rlogind, and rexecd are dis- | 614 | System security is not improved unless rshd, rlogind, and rexecd are dis- |
615 | abled (thus completely disabling rlogin and rsh into the machine). | 615 | abled (thus completely disabling rlogin and rsh into the machine). |
616 | 616 | ||
617 | OpenBSD 4.6 March 5, 2010 10 | 617 | OpenBSD 4.7 March 5, 2010 10 |
diff --git a/sshd_config.0 b/sshd_config.0 index a9162f18d..94935c07f 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -656,4 +656,4 @@ AUTHORS | |||
656 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 656 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
657 | for privilege separation. | 657 | for privilege separation. |
658 | 658 | ||
659 | OpenBSD 4.6 March 4, 2010 10 | 659 | OpenBSD 4.7 March 4, 2010 10 |
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: version.h,v 1.57 2010/03/07 22:01:32 djm Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.58 2010/03/16 16:36:49 djm Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_5.4" | 3 | #define SSH_VERSION "OpenSSH_5.5" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p1" | 5 | #define SSH_PORTABLE "p1" |
6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | 6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |