Age | Commit message (Collapse) | Author |
|
[moduli.c]
add missing includes to unbreak tree; fix from rpointel
|
|
[ssh-keygen.c]
put -K in the right place (usage());
|
|
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add optional checkpoints for moduli screening. feedback & ok deraadt
|
|
[sftp-glob.c]
silence error spam for "ls */foo" in directory with files; bz#1683
|
|
[sshd.c]
fix inverted test that caused logspam; spotted by henning@
|
|
|
|
[auth2-pubkey.c]
improve the AuthorizedPrincipalsFile debug log message to include
file and line number
|
|
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h]
unbreak remote portforwarding with dynamic allocated listen ports:
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
|
|
[channels.c auth-options.c servconf.c channels.h sshd.8]
Add wildcard support to PermitOpen, allowing things like "PermitOpen
localhost:*". bz #1857, ok djm markus.
|
|
|
|
|
|
openbsd-compat/strnlen.c] Add strnlen to the compat library.
|
|
from des AT des.no
|
|
of static __findenv() function from upstream setenv.c
|
|
[openbsd-compat/inet_ntop.c]
fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
|
|
marker. The upstream API has changed (function and structure names)
enough to put it out of sync with other providers of this interface.
|
|
The file was totally rewritten between what we had in tree and -current.
|
|
[mktemp.c]
Remove useless code, the kernel will set errno appropriately if an
element in the path does not exist. OK deraadt@ pvalchev@
|
|
[mktemp.c]
use arc4random_uniform(); ok djm millert
|
|
upstream version is YPified and we don't want this
|
|
[mktemp.c]
Comment fix about time consumption of _gettemp.
FreeBSD did this in revision 1.20.
OK deraadt@, krw@
|
|
longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
want this longhand version)
|
|
[openbsd-compat/strlcpy.c]
Convert do {} while loop -> while {} for clarity. No binary change
on most architectures. From Oliver Smith. OK deraadt@ and henning@
|
|
[strlcpy.c]
Convert do {} while loop -> while {} for clarity. No binary change
on most architectures. From Oliver Smith. OK deraadt@ and henning@
|
|
[sftp.c]
don't let remote_glob() implicitly sort its results in do_globbed_ls() -
in all likelihood, they will be resorted anyway
|
|
[sftp-client.c]
fix leak in do_lsreaddir(); ok djm
|
|
[sftp-client.c]
fix leaks in do_hardlink() and do_readlink(); bz#1921
from Loganaden Velvindron
|
|
[ssh.1]
document new -O cancel command; ok djm@
|
|
[channels.c channels.h clientloop.c ssh.1]
support cancellation of local/dynamic forwardings from ~C commandline;
ok & feedback djm@
|
|
[channels.c channels.h clientloop.h mux.c ssh.c]
support for cancelling local and remote port forwards via the multiplex
socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
the cancellation of the specified forwardings; ok markus@
|
|
[sshd.c]
kill the preauth privsep child on fatal errors in the monitor;
ok markus@
|
|
[scp.c]
suppress adding '--' to remote commandlines when the first argument
does not start with '-'. saves breakage on some difficult-to-upgrade
embedded/router platforms; feedback & ok dtucker ok markus
|
|
[PROTOCOL.mux]
MUX_C_CLOSE_FWD includes forward type in message (though it isn't
implemented anyway)
|
|
[ssh_config.5 sshd_config.5]
fix typo in IPQoS parsing: there is no "AF14" class, but there is
an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
|
|
[ssh-keygen.1]
typo (they vs the) found by Lawrence Teo
|
|
[scp.1]
knock out a useless Ns;
|
|
[misc.c]
fix typo in IPQoS parsing: there is no "AF14" class, but there is
an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
|
|
[scp.1 sftp.1]
mention ControlPersist and KbdInteractiveAuthentication in the -o
verbiage in these pages too (prompted by jmc@)
|
|
[ssh.1]
Add some missing ssh_config(5) options that can be used in ssh(1)'s
-o argument. Patch from duclare AT guu.fi
|
|
[glob.c]
fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
applied only to the gl_pathv vector and not the corresponding gl_statv
array. reported in OpenSSH bz#1935; feedback and okay matthew@
|
|
[glob.c]
In glob(3), limit recursion during matching attempts. Similar to
fnmatch fix. Also collapse consecutive '*' (from NetBSD).
ok miod deraadt
|
|
[openbsd-compat/glob.c]
When the max number of items for a directory has reached GLOB_LIMIT_READDIR
an error is returned but closedir() is not called.
spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
ok otto@, millert@
|
|
Colin Watson.
|
|
|
|
|
|
|
|
[contrib/suse/openssh.spec] Update version numbers.
|
|
ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen support.
|
|
regress errors for the sandbox to warnings. ok tim dtucker
|
|
to switch SELinux context away from unconfined_t, based on patch from
Jan Chadima; bz#1919 ok dtucker@
|