Age | Commit message (Collapse) | Author |
|
[sftp-server.c]
bz#1286 stop reading and processing commands when input or output buffer
is nearly full, otherwise sftp-server would happily try to grow the
input/output buffers past the maximum supported by the buffer API and
promptly fatal()
based on patch from Thue Janus Kristensen; feedback & ok dtucker@
|
|
[log.c]
save and restore errno when logging; ok deraadt@
|
|
[servconf.c]
Remove debug() left over from development. ok deraadt@
|
|
[sftp-server.c]
cast "%llu" format spec to (unsigned long long); do not assume a
u_int64_t arg is the same as 'unsigned long long'.
from Dmitry V. Levin <ldv@altlinux.org>
ok markus@ 'Yes, that looks correct' millert@
|
|
[auth2.c]
remove unused macro; from Dmitry V. Levin <ldv@altlinux.org>
|
|
- (tim) [configure.ac] Bug #1287: Add missing test for ucred.h.
|
|
|
|
to prevent redefinition warnings.
|
|
__nonnull__ for versions of GCC that don't support it.
|
|
so we don't get redefinition warnings.
|
|
|
|
platform's _res if it has one. Should fix problem of DNSSEC record lookups
on NetBSD as reported by Curt Sampson.
|
|
|
|
for select(2) prototype.
|
|
|
|
to OpenPAM too.
|
|
- (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines
to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@
|
|
LIBWRAP and LIBPAM variables in Makefile with the general-purpose
SSHDLIBS. "I like" djm@
|
|
HAVE_GETPEERUCRED too. Also from Jan Pechanec.
|
|
getpeerucred to implement getpeereid (currently only Solaris 10 and up).
Patch by Jan.Pechanec at Sun.
|
|
[sshd.8]
- let synopsis and description agree for -f
- sort FILES
- +.Xr ssh-keyscan 1 ,
from Igor Sobrado
|
|
[readconf.c clientloop.c]
remove some bogus *p tests from charles longeau
ok deraadt millert
|
|
[ssh-agent.c]
Remove the signal handler that checks if the agent's parent process
has gone away, instead check when the select loop returns. Record when
the next key will expire when scanning for expired keys. Set the select
timeout to whichever of these two things happens next. With djm@, with &
ok deraadt@ markus@
|
|
[sshd_config]
Disable the legacy SSH protocol 1 for new installations via
a configuration override. In the future, we will change the
server's default itself so users who need the legacy protocol
will need to turn it on explicitly
|
|
[servconf.c sshd.c]
Move C/R -> kbdint special case to after the defaults have been
loaded, which makes ChallengeResponse default to yes again. This
was broken by the Match changes and not fixed properly subsequently.
Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
|
|
|
|
bug #1291 also affects Protocol 1 3des. While at it, use compat-openssl.h
in cipher-bf1.c. Patch from Juan Gallego.
|
|
selinux bits in -portable.
|
|
string.h to prevent warnings, from vapier at gentoo.org.
|
|
|
|
|
|
[contrib/suse/openssh.spec] crank spec files for release
|
|
[version.h]
openssh-4.6; "please" deraadt@
|
|
- jmc@cvs.openbsd.org 2007/03/01 16:19:33
[sshd_config.5]
sort the `match' keywords;
|
|
bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
ciphers from working correctly (disconnects with "Bad packet length"
errors) as found by Ben Harris. ok djm@
|
|
configure, as some platforms (OS X) ship OpenSSL headers whose version
does not match that of the shipping library. ok dtucker@
|
|
general to cover newer gdb versions on HP-UX.
|
|
|
|
CRLF as well as LF lineendings) and write in binary mode. Patch from
vinschen at redhat.com.
|
|
"Looks sane" dtucker@
|
|
[auth2.c sshd_config.5 servconf.c]
Remove ChallengeResponseAuthentication support inside a Match
block as its interaction with KbdInteractive makes it difficult to
support. Also, relocate the CR/kbdint option special-case code into
servconf. "please commit" djm@, ok markus@ for the relocation.
|
|
[ssh-agent.c]
Remove expired keys periodically so they don't remain in memory when
the agent is entirely idle, as noted by David R. Piegdon. This is the
simple fix, a more efficient one will be done later. With markus,
deraadt, with & ok djm.
|
|
[moduli.c]
- strlen returns size_t, not int.
- Pass full buffer size to fgets.
OK djm@, millert@, and moritz@.
|
|
[servconf.c]
Check activep so Match and GatewayPorts work together; ok markus@
|
|
[sshd.c]
Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
newly exec'ed sshd will get the SIGALRM and not have a handler for it,
and the default action will terminate the listening sshd. Analysis and
patch from andrew at gaul.org.
|
|
[clientloop.c]
set maximum packet and window sizes the same for multiplexed clients
as normal connections; ok markus@
|
|
an array for signatures when there are none since "calloc(0, n) returns
NULL on some platforms (eg Tru64), which is explicitly permitted by
POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
|
|
platforms don't have it. Patch from dleonard at vintela.com.
|
|
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
Teach Match how handle config directives that are used before
authentication. This allows configurations such as permitting password
authentication from the local net only while requiring pubkey from
offsite. ok djm@, man page bits ok jmc@
|
|
[bufbn.c]
typos in comments; ok jmc@
|