Age | Commit message (Collapse) | Author |
|
|
|
[hostfile.c]
fix fd leak; spotted and ok dtucker
|
|
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
|
|
[auth-rsa.c]
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
bz#1829; patch from ldv AT altlinux.org; ok markus@
|
|
- djm@cvs.openbsd.org 2010/12/03 23:49:26
[schnorr.c]
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
(this code is still disabled, but apprently people are treating it as
a reference implementation)
|
|
debugging. Spotted by djm.
|
|
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
|
|
instead of (arc4random() % range)
|
|
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
[sshconnect.h sshconnect2.c]
automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@
|
|
[authfile.c]
correctly load comment for encrypted rsa1 keys;
report/fix Joachim Schipper; ok djm@
|
|
[scp.c]
Pass through ssh command-line flags and options when doing remote-remote
transfers, e.g. to enable agent forwarding which is particularly useful
in this case; bz#1837 ok dtucker@
|
|
[session.c]
replace close() loop for fds 3->64 with closefrom();
ok markus deraadt dtucker
|
|
[channels.c]
remove a debug() that pollutes stderr on client connecting to a server
in debug mode (channel_close_fds is called transitively from the session
code post-fork); bz#1719, ok dtucker
|
|
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
|
|
[auth.c]
use strict_modes already passed as function argument over referencing
global options.strict_modes
|
|
[authfile.c]
Refactor internals of private key loading and saving to work on memory
buffers rather than directly on files. This will make a few things
easier to do in the future; ok markus@
|
|
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
|
|
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
[auth2-pubkey.c]
clean up cases of ;;
|
|
|
|
|
|
group read/write. ok dtucker@
|
|
into the platform-specific code Only affects SCO, tested by and ok tim@.
|
|
from vapier at gentoo org.
|
|
[scp.1 sftp.1 ssh.1 sshd_config.5]
add IPQoS to the various -o lists, and zap some trailing whitespace;
|
|
[ssh_config.5]
libary -> library;
|
|
[clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
[servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
hardcoding lowdelay/throughput.
bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
|
|
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
these have been around for years by this time. ok markus
|
|
[packet.c]
whitespace KNF
|
|
platforms that don't support ECC. Fixes some spurious warnings reported
by tim@
|
|
support for platforms missing isblank(). ok djm@
|
|
Feedback from dtucker@
|
|
|
|
tree.
|
|
the correct typedefs.
|
|
|
|
strictly correct since while ECC requires sha256 the reverse is not true
however it does prevent spurious test failures.
|
|
|
|
Import recent changes to regress/Makefile, pass a flag to enable ECC tests
from configure through to regress/Makefile and use it in the tests.
|
|
|
|
check into platform.c
|
|
non-LOGIN_CAP case into platform.c.
|
|
platform.c.
|
|
|
|
platform.c
|
|
the LOGIN_CAP case into platform.c.
|
|
retain previous behavior.
|
|
|
|
platform.c
|
|
after the user's groups are established and move the selinux calls into it.
|
|
openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
ok djm@
|