Age | Commit message (Collapse) | Author |
|
[sftp-server.8 sshd.8 ssh-agent.1]
fix a few typographical errors found by spell(1).
ok dtucker@, jmc@
|
|
[ssh-agent.c]
My previous commit didn't fix the problem at all, so stick at my first
version of the fix presented to dtucker.
Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
ok dtucker
|
|
[ssh-agent.c]
Fixed a possible out-of-bounds memory access if the environment variable
SHELL is shorter than 3 characters.
with input by and ok dtucker
|
|
[ssh.1]
for "Ciphers", just point the reader to the keyword in ssh_config(5), just
as we do for "MACs": this stops us getting out of sync when the lists
change;
fixes documentation/6102, submitted by Peter J. Philipp
alternative fix proposed by djm
ok markus
|
|
- markus@cvs.openbsd.org 2009/03/17 21:37:00
[ssh.c]
pass correct argv[0] to openlog(); ok djm@
|
|
is a struct with a __val member. Fixes build on, eg, Redhat 6.2.
|
|
variable declarations. Should prevent unused warnings anywhere it's set
(only Crays as far as I can tell) and be a no-op everywhere else.
|
|
that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
Based on patch from vinschen at redhat com.
|
|
auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
version of Cygwin. Patch from vinschen at redhat com.
|
|
EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
in openssl 0.9.6) so add an explicit test for it.
|
|
|
|
|
|
EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
to use them. Allows building with older OpenSSL versions.
|
|
exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
has a /dev/random).
|
|
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
|
|
[uuencode.c]
document what these functions do so I don't ever have to recuse into
b64_pton/ntop to remember their return values
|
|
[auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
[sshconnect2.c]
refactor the (disabled) Schnorr proof code to make it a little more
generally useful
|
|
|
|
|
|
|
|
[version.h]
openssh-5.2
|
|
[sshd_config.5]
missing period
|
|
[ssh_config.5 sshd_config.5]
don't advertise experimental options
|
|
- tobias@cvs.openbsd.org 2009/02/21 19:32:04
[misc.c sftp-server-main.c ssh-keygen.c]
Added missing newlines in error messages.
ok dtucker
|
|
[contrib/suse/openssh.spec] Prepare for 5.2p1
|
|
[schnorr.c]
signature should hash over the entire group, not just the generator
(this is still disabled code)
|
|
[ssh_config]
sync with revised default ciphers; pointed out by dkrause@
|
|
systems; patch from Aurelien Jarno via rmh AT aybabtu.com
|
|
[regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled
interop tests from FATAL error to a warning. Allows some interop
tests to proceed if others are missing necessary prerequisites.
|
|
[PROTOCOL]
mention that eow and no-more-sessions extensions are sent only to
OpenSSH peers
|
|
[packet.c]
check for enc !=NULL in packet_start_discard
|
|
[ssh_config.5]
kill trailing whitespace;
|
|
[ssh_config.5]
document RemoteForward usage with 0 listen port
|
|
[ssh.1]
consistency: Dq => Ql
|
|
[ssh.1]
document -R0:... usage
|
|
[monitor.c]
some paranoia: check that the serialised key is really KEY_RSA before
diddling its internals
|
|
[serverloop.c]
tighten check for -R0:... forwarding: only allow dynamic allocation
if want_reply is set in the packet
|
|
[canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
[readconf.h serverloop.c ssh.c]
support remote port forwarding with a zero listen port (-R0:...) to
dyamically allocate a listen port at runtime (this is actually
specified in rfc4254); bz#1003 ok markus@
|
|
[sftp.c]
Initialize a few variables to prevent spurious "may be used
uninitialized" warnings from newer gcc's. ok djm@
|
|
OSX provides a getlastlogxbyname function that automates the reading of
a lastlog file. Also, the pututxline function will update lastlog so
there is no need for loginrec.c to do it explicitly. Collapse some
overly verbose code while I'm in there.
|
|
set ownership and modes, so avoid explicitly setting them
|
|
channels.c too, so move the definition for non-IP6 platforms to defines.h
where it can be shared.
|
|
|
|
If the CYGWIN environment variable is empty, the installer script
should not install the service with an empty CYGWIN variable, but
rather without setting CYGWNI entirely.
|
|
Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x.
The information given for the setting of the CYGWIN environment variable
is wrong for both releases so I just removed it, together with the
unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
|
|
[cipher.c cipher.h packet.c]
Work around the CPNI-957037 Plaintext Recovery Attack by always
reading 256K of data on packet size or HMAC errors (in CBC mode only).
Help, feedback and ok djm@
Feedback from Martin Albrecht and Paterson Kenny
|
|
[ssh_config.5 sshd_config.5]
sync list of preferred ciphers; ok djm@
|
|
[myproposal.h]
prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
modes; ok markus@
|
|
[auth-options.c]
another chunk of a2port() diff that got away. wtfdjm??
|
|
[clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
[serverloop.c ssh-keyscan.c ssh.c sshd.c]
make a2port() return -1 when it encounters an invalid port number
rather than 0, which it will now treat as valid (needed for future work)
adjust current consumers of a2port() to check its return value is <= 0,
which in turn required some things to be converted from u_short => int
make use of int vs. u_short consistent in some other places too
feedback & ok markus@
|