Age | Commit message (Collapse) | Author |
|
contrib/suse/openssh.spec] Crank version.
|
|
ok djm@
|
|
[version.h]
openssh 4.7
|
|
[clientloop.c]
do NOT fall back to the trused x11 cookie if generation of an untrusted
cookie fails; from security-alert at sun.com; ok dtucker
|
|
called with PAM_ESTABLISH_CRED at least once, which resolves a problem
with pam_dhkeys. Patch from David Leonard, ok djm@
|
|
Matt Kraai, ok djm@.
|
|
|
|
|
|
used anywhere and are a potential source of warnings.
|
|
and the AIX native login restrictions.
|
|
|
|
[clientloop.c clientloop.h ssh.c]
bz#1232: ensure that any specified LocalCommand is executed after the
tunnel device is opened. Also, make failures to open a tunnel device
fatal when ExitOnForwardFailure is active.
Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
|
|
[scp.1 scp.c]
the ellipsis is not an optional argument; while here, sync the usage
and synopsis of commands
lots of good ideas by jmc@
ok jmc@
|
|
[key.c]
Delint: remove some unreachable statements, from Bret Lambert.
OK markus@ and dtucker@.
|
|
|
|
files are installed.
|
|
Report/patch by David.Leonard AT quest.com
|
|
|
|
incorrectly fatal() on errors. patch from cjwatson AT debian.org;
ok dtucker
|
|
openbsd-compat/bsd-poll.{c,h} openbsd-compat/openbsd-compat.h]
Add an implementation of poll() built on top of select(2). Code from
OpenNTPD with changes suggested by djm. ok djm@
|
|
[atomicio.c]
Include <poll.h> like the man page says rather than <sys/poll.h>. ok djm@
|
|
atomicio.
|
|
[channels.c]
Correct test for window updates every three packets; prevents sending
window updates for every single packet. ok markus@
|
|
[atomicio.c]
if the fd passed to atomicio/atomiciov() is non blocking, then poll() to
avoid a spin if it is not yet ready for reading/writing; ok dtucker@
|
|
[ssh.c]
when waiting for the multiplex exit status, read until the master end
writes an entire int of data *and* closes the client_fd; fixes mux
regression spotted by dtucker, ok dtucker@
|
|
[ssh.c]
handle EINTR when waiting for mux exit status properly
|
|
[scp.c]
don't ftruncate() non-regular files; bz#1236 reported by wood AT
xmission.com; ok dtucker@
|
|
of USE_BUILTIN_RIJNDAEL since the <0.9.6 test is covered by the
subsequent <0.9.7 test.
|
|
sections. Fixes builds with early OpenSSL 0.9.6 versions.
|
|
USE_BUILTIN_RIJNDAEL compat goop to openssl-compat.h so it can be
shared with umac.c. Allows building with OpenSSL 0.9.5 again including
umac support. With tim@ djm@, ok djm.
|
|
[scp.c]
Encode filename with strnvis if the name contains a newline (which can't
be represented in the scp protocol), from bz #891. ok markus@
|
|
[ssh.1]
add -K to SYNOPSIS;
|
|
[ssh-add.1]
identies -> identities;
|
|
[gss-genr.c]
Pass GSS OID to gss_display_status to provide better information in
error messages. Patch from Simon Wilkinson via bz 1220. ok djm@
|
|
[ssh.c]
improved exit message from multiplex slave sessions; bz #1262
reported by alexandre.nunes AT gmail.com; ok dtucker@
|
|
[ssh.c ssh.1]
Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
GSSAPIDelegateCredentials=yes. This is symmetric with -k (disable GSSAPI)
and is useful for hosts with /home on Kerberised NFS; bz #1312
patch from Markus.Kuhn AT cl.cam.ac.uk; ok dtucker@ markus@
|
|
[ssh.c]
fix slave exit value when a control master goes away without passing the
full exit status by ensuring that the slave reads a full int. bz#1261
reported by frekko AT gmail.com; ok markus@ dtucker@
|
|
[scp.c]
make scp try to skip FIFOs rather than blocking when nothing is listening.
depends on the platform supporting sane O_NONBLOCK semantics for open
on FIFOs (apparently POSIX does not mandate this), which OpenBSD does.
bz #856; report by cjwatson AT debian.org; ok markus@
|
|
[ssh-gss.h gss-serv.c gss-genr.c]
relocate server-only GSSAPI code from libssh to server; bz #1225
patch from simon AT sxw.org.uk; ok markus@ dtucker@
|
|
[ssh-add.1]
better document ssh-add's -d option (delete identies from agent), bz#1224
new text based on some provided by andrewmc-debian AT celt.dias.ie;
ok dtucker@
|
|
[channels.h]
increase default channel windows; ok djm
|
|
[channels.c]
send 'window adjust' messages every tree packets and do not wait
until 50% of the window is consumed. ok djm dtucker
|
|
prevent warnings about redefinitions of various things in paths.h.
Spotted by cartmanltd at hotmail.com.
|
|
argument to nanosleep may be NULL. Currently this never happens in OpenSSH,
but check anyway in case this changes or the code gets used elsewhere.
|
|
fallback to provided bit-swizzing functions
|
|
[sshd_config.5]
oops, here too: put the MAC list into a display, like we do for
ciphers, since groff has trouble with wide lines;
|
|
[ssh_config.5]
put the MAC list into a display, like we do for ciphers,
since groff has trouble handling wide lines;
|
|
[ssh_config]
Add a "MACs" line after "Ciphers" with the default MAC algorithms,
to ease people who want to tweak both (eg. for performance reasons).
ok deraadt@ djm@ dtucker@
|
|
[kex.h mac.c mac.h monitor_wrap.c myproposal.h packet.c ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
Add a new MAC algorithm for data integrity, UMAC-64 (not default yet,
must specify umac-64@openssh.com). Provides about 20% end-to-end speedup
compared to hmac-md5. Represents a different approach to message
authentication to that of HMAC that may be beneficial if HMAC based on
one of its underlying hash algorithms is found to be vulnerable to a
new attack. http://www.ietf.org/rfc/rfc4418.txt
in conjunction with and OK djm@
|
|
fix; tested by dtucker@ and jochen.kirn AT gmail.com
|