Age | Commit message (Collapse) | Author |
|
build error on Ultrix. From Bernhard Simon.
|
|
[packet.c]
client NULL deref on protocol error; Tavis Ormandy, Google Security Team
|
|
[sftp.c]
Use S_IS* macros insted of masking with S_IF* flags. The latter may
have multiple bits set, which lead to surprising results. Spotted by
Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
|
|
Prevents macro redefinition warnings of "RDONLY".
|
|
macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
Allows build out of the box with older VAC and XLC compilers. Found by
David Bronder and Bernhard Simon.
|
|
|
|
|
|
using Protocol 1. From jhb at freebsd.
|
|
process so that any logging it does is with the right timezone. From
Scott Strickler, ok djm@.
|
|
|
|
[deattack.c deattack.h packet.c]
limit maximum work performed by the CRC compensation attack detector,
problem reported by Tavis Ormandy, Google Security Team;
ok markus@ deraadt@
|
|
Support SMF in Solaris Packages if enabled by configure. Patch from
Chad Mynhier, tested by dtucker@
|
|
by Pekka Savola.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
from Chris Adams.
|
|
chance of winning.
|
|
|
|
|
|
be used to drop privilege to; fixes Solaris GSSAPI crash reported by
Magnus Abrante; suggestion and feedback dtucker@
NB. this change will require that the privilege separation user must
exist on all the time, not just when UsePrivilegeSeparation=yes
|
|
|
|
|
|
updwdtmp seems to generate invalid wtmp entries. From Roger Cornelius,
ok djm@
|
|
declaration of writev(2) and declare it ourselves if necessary. Makes
the atomiciov() calls build on really old systems. ok djm@
|
|
openbsd-compat/bindresvport.c openbsd-compat/getrrsetbyname.c
openbsd-compat/port-tun.c openbsd-compat/rresvport.c] Include <arpa/inet.h>
for hton* and ntoh* macros. Required on (at least) HP-UX since we define
_XOPEN_SOURCE_EXTENDED. Found by santhi.amirta at gmail com.
|
|
|
|
versions.
|
|
test for GLOB_NOMATCH and use our glob functions if it's not found.
Stops sftp from segfaulting when attempting to get a nonexistent file on
Cygwin (previous versions of OpenSSH didn't use the native glob). Partly
from and tested by Corinna Vinschen.
|
|
warnings for binary_open and binary_close. Patch from Corinna Vinschen.
|
|
[openbsd-compat/rresvport.c] Some more headers: netinet/in.h
sys/socket.h and unistd.h in various places
|
|
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
[auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
[cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
[dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
[md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
[scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c rc4.diff]
[openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
[openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
[openbsd-compat/port-uw.c]
Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
compile problems reported by rac AT tenzing.org
|
|
while setting up the ssh service account. Patch from Corinna Vinschen.
|
|
[platform.c platform.h sshd.c openbsd-compat/Makefile.in]
[openbsd-compat/openbsd-compat.h openbsd-compat/port-solaris.c]
[openbsd-compat/port-solaris.h] Add support for Solaris process
contracts, enabled with --use-solaris-contracts. Patch from Chad
Mynhier, tweaked by dtucker@ and myself; ok dtucker@
|
|
loginsuccess on AIX immediately after authentication to clear the failed
login count. Previously this would only happen when an interactive
session starts (ie when a pty is allocated) but this means that accounts
that have primarily non-interactive sessions (eg scp's) may gradually
accumulate enough failures to lock out an account. This change may have
a side effect of creating two audit records, one with a tty of "ssh"
corresponding to the authentication and one with the allocated pty per
interactive session.
|
|
|
|
[version.h]
crank to 4.4
|
|
[sshconnect2.c]
Fix regression where SSH2 banner is printed at loglevels ERROR and FATAL
where previously it weren't. bz #1221, found by Dean Kopesky, ok djm@
|
|
[gss-genr.c]
Work around a problem in Heimdal that occurs when KRB5CCNAME file is
missing, by checking whether or not kerberos allocated us a context
before attempting to free it. Patch from Simon Wilkinson, tested by
biorn@, ok djm@
|
|
[channels.c session.c]
normalise some inconsistent (but harmless) NULL pointer checks
spotted by the Stanford SATURN tool, via Isil Dillig;
ok markus@ deraadt@
|
|
[sshd.8]
Add more detail about what permissions are and aren't accepted for
authorized_keys files. Corrections jmc@, ok djm@, "looks good" jmc@
|
|
- dtucker@cvs.openbsd.org 2006/08/21 08:14:01
[sshd_config.5]
Document HostbasedUsesNameFromPacketOnly. Corrections from jmc@,
ok jmc@ djm@
|
|
unused variable warning when we have a broken or missing mmap(2).
Now with 100% more diff!
|
|
unused variable warning when we have a broken or missing mmap(2).
|
|
|
|
|
|
on POSIX systems.
|