summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 20:48:13Darren Tucker
[sshconnect2.c] fall back to gethostname() when the outgoing connection is not on a socket, such as is the case when ProxyCommand is used. Gives hostbased auth an opportunity to work; bz#616, report and feedback stuart AT kaloram.com; ok markus@
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 07:55:29Darren Tucker
[sftp-server.c] bz#1286 stop reading and processing commands when input or output buffer is nearly full, otherwise sftp-server would happily try to grow the input/output buffers past the maximum supported by the buffer API and promptly fatal() based on patch from Thue Janus Kristensen; feedback & ok dtucker@
2007-05-20 - djm@cvs.openbsd.org 2007/05/17 07:50:31Darren Tucker
[log.c] save and restore errno when logging; ok deraadt@
2007-05-20 - dtucker@cvs.openbsd.org 2007/04/23 10:15:39Darren Tucker
[servconf.c] Remove debug() left over from development. ok deraadt@
2007-05-20 - stevesk@cvs.openbsd.org 2007/04/18 01:12:43Darren Tucker
[sftp-server.c] cast "%llu" format spec to (unsigned long long); do not assume a u_int64_t arg is the same as 'unsigned long long'. from Dmitry V. Levin <ldv@altlinux.org> ok markus@ 'Yes, that looks correct' millert@
2007-05-20 - stevesk@cvs.openbsd.org 2007/04/14 22:01:58Darren Tucker
[auth2.c] remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
2007-05-0920070509Tim Rice
- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
2007-04-29trim pastoDarren Tucker
2007-04-29 - (dtucker) [configure.ac defines.h] Have configure check for offsetofDarren Tucker
to prevent redefinition warnings.
2007-04-29 - (dtucker) [configure.ac defines.h] Prevent warnings about __attribute__Darren Tucker
__nonnull__ for versions of GCC that don't support it.
2007-04-29 - (dtucker) [configure.ac defines.h] Have configure check for MAXSYMLINKSDarren Tucker
so we don't get redefinition warnings.
2007-04-29 - (dtucker) [openbsd-compat/xmmap.c] Include stdlib.h for mkstemp prototype.Darren Tucker
2007-04-29 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1299: Use theDarren Tucker
platform's _res if it has one. Should fix problem of DNSSEC record lookups on NetBSD as reported by Curt Sampson.
2007-04-29 - (dtucker) [auth-shadow.c loginrec.c] Include time.h for time(2) prototype.Darren Tucker
2007-04-29 - (dtucker) [openbsd-compat/bsd-misc.c] Include unistd.h and sys/types.hDarren Tucker
for select(2) prototype.
2007-04-06 - (dtucker) [INSTALL] prngd lives at sourceforge these days.Darren Tucker
2007-04-06 - (dtucker) [INSTALL] Update the systems that have PAM as standard. LinkDarren Tucker
to OpenPAM too.
2007-03-2620070326Tim Rice
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
2007-03-25 - (dtucker) [Makefile.in configure.ac] Replace single-purpose LIBSELINUX,Darren Tucker
LIBWRAP and LIBPAM variables in Makefile with the general-purpose SSHDLIBS. "I like" djm@
2007-03-21 - (dtucker) [regress/agent-getpeereid.sh] Do peereid test if we haveDarren Tucker
HAVE_GETPEERUCRED too. Also from Jan Pechanec.
2007-03-21 - (dtucker) [configure.ac openbsd-compat/bsd-getpeereid.c] Bug #1287: UseDarren Tucker
getpeerucred to implement getpeereid (currently only Solaris 10 and up). Patch by Jan.Pechanec at Sun.
2007-03-21 - jmc@cvs.openbsd.org 2007/03/20 15:57:15Darren Tucker
[sshd.8] - let synopsis and description agree for -f - sort FILES - +.Xr ssh-keyscan 1 , from Igor Sobrado
2007-03-21 - tedu@cvs.openbsd.org 2007/03/20 03:56:12Darren Tucker
[readconf.c clientloop.c] remove some bogus *p tests from charles longeau ok deraadt millert
2007-03-21 - dtucker@cvs.openbsd.org 2007/03/19 12:16:42Darren Tucker
[ssh-agent.c] Remove the signal handler that checks if the agent's parent process has gone away, instead check when the select loop returns. Record when the next key will expire when scanning for expired keys. Set the select timeout to whichever of these two things happens next. With djm@, with & ok deraadt@ markus@
2007-03-21 - djm@cvs.openbsd.org 2007/03/19 01:01:29Darren Tucker
[sshd_config] Disable the legacy SSH protocol 1 for new installations via a configuration override. In the future, we will change the server's default itself so users who need the legacy protocol will need to turn it on explicitly
2007-03-21 - dtucker@cvs.openbsd.org 2007/03/09 05:20:06Darren Tucker
[servconf.c sshd.c] Move C/R -> kbdint special case to after the defaults have been loaded, which makes ChallengeResponse default to yes again. This was broken by the Match changes and not fixed properly subsequently. Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
2007-03-13 - (dtucker) [README.platform] Info about blibpath on AIX.Darren Tucker
2007-03-13 - (dtucker) [cipher-3des1.c cipher-bf1.c] The OpenSSL 0.9.8e problem inDarren Tucker
bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h in cipher-bf1.c. Patch from Juan Gallego.
2007-03-13 - (dtucker) [LICENCE] Add Daniel Walsh as a copyright holder for theDarren Tucker
selinux bits in -portable.
2007-03-13 - (dtucker) [entropy.c scard-opensc.c ssh-rand-helper.c] Bug #1294: includeDarren Tucker
string.h to prevent warnings, from vapier at gentoo.org.
2007-03-08 - (djm) [README] correct link to release notesDamien Miller
2007-03-06 - (djm) Release 4.6p1Damien Miller
2007-03-06 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] crank spec files for release
2007-03-06 - djm@cvs.openbsd.org 2007/03/06 10:13:14Damien Miller
[version.h] openssh-4.6; "please" deraadt@
2007-03-06 - OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2007/03/01 16:19:33 [sshd_config.5] sort the `match' keywords;
2007-03-05 - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around aDarren Tucker
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256 ciphers from working correctly (disconnects with "Bad packet length" errors) as found by Ben Harris. ok djm@
2007-03-05 - (djm) [configure.ac] add a --without-openssl-header-check option toDamien Miller
configure, as some platforms (OS X) ship OpenSSL headers whose version does not match that of the shipping library. ok dtucker@
2007-03-03 - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little moreDarren Tucker
general to cover newer gdb versions on HP-UX.
2007-03-02 - (dtucker) [INSTALL] Update to autoconf-2.61.Darren Tucker
2007-03-02 - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allowsDarren Tucker
CRLF as well as LF lineendings) and write in binary mode. Patch from vinschen at redhat.com.
2007-03-01 - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.Tim Rice
"Looks sane" dtucker@
2007-03-01 - dtucker@cvs.openbsd.org 2007/03/01 10:28:02Darren Tucker
[auth2.c sshd_config.5 servconf.c] Remove ChallengeResponseAuthentication support inside a Match block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation.
2007-02-28 - dtucker@cvs.openbsd.org 2007/02/28 00:55:30Darren Tucker
[ssh-agent.c] Remove expired keys periodically so they don't remain in memory when the agent is entirely idle, as noted by David R. Piegdon. This is the simple fix, a more efficient one will be done later. With markus, deraadt, with & ok djm.
2007-02-25 - ray@cvs.openbsd.org 2007/02/24 03:30:11Darren Tucker
[moduli.c] - strlen returns size_t, not int. - Pass full buffer size to fgets. OK djm@, millert@, and moritz@.
2007-02-25 - dtucker@cvs.openbsd.org 2007/02/22 12:58:40Darren Tucker
[servconf.c] Check activep so Match and GatewayPorts work together; ok markus@
2007-02-25 - dtucker@cvs.openbsd.org 2007/02/21 11:00:05Darren Tucker
[sshd.c] Clear alarm() before restarting sshd on SIGHUP. Without this, if there's a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the newly exec'ed sshd will get the SIGALRM and not have a handler for it, and the default action will terminate the listening sshd. Analysis and patch from andrew at gaul.org.
2007-02-25 - djm@cvs.openbsd.org 2007/02/20 10:25:14Darren Tucker
[clientloop.c] set maximum packet and window sizes the same for multiplexed clients as normal connections; ok markus@
2007-02-19 - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to callocDarren Tucker
an array for signatures when there are none since "calloc(0, n) returns NULL on some platforms (eg Tru64), which is explicitly permitted by POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
2007-02-19 - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since someDarren Tucker
platforms don't have it. Patch from dleonard at vintela.com.
2007-02-19 - dtucker@cvs.openbsd.org 2007/02/19 10:45:58Darren Tucker
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5] Teach Match how handle config directives that are used before authentication. This allows configurations such as permitting password authentication from the local net only while requiring pubkey from offsite. ok djm@, man page bits ok jmc@