Age | Commit message (Collapse) | Author |
|
[key.c]
fix uninitialised nonce variable; reported by Mateusz Kocielski
|
|
[PROTOCOL.mux]
cut'n'pasto; from bert.wesarg AT googlemail.com
|
|
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
|
|
20110125
- (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
|
|
before attempting setfscreatecon(). Check whether matchpathcon()
succeeded before using its result. Patch from cjwatson AT debian.org;
bz#1851
|
|
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
space changes for consistency/readability. Makes autoconf 2.68 happy.
"Nice work" djm
|
|
- (tim) [config.guess config.sub] Sync with upstream.
|
|
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
port-linux.c to avoid compilation errors. Add -lselinux to ssh when
building with SELinux support to avoid linking failure; report from
amk AT spamfence.net; ok dtucker
|
|
|
|
|
|
[contrib/suse/openssh.spec] update versions in docs and spec files.
|
|
- djm@cvs.openbsd.org 2011/01/22 09:18:53
[version.h]
crank to OpenSSH-5.7
|
|
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
|
|
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
release testing (random crashes and failure to load ECC keys).
ok dtucker@
|
|
of RPM so build completes. Signatures were changed to .asc since 4.1p1.
|
|
configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
support, based on patches from Tomas Mraz and jchadima at redhat.
|
|
the tinderbox.
|
|
|
|
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
disabled on platforms that do not support them; add a "config_defined()"
shell function that greps for defines in config.h and use them to decide
on feature tests.
Convert a couple of existing grep's over config.h to use the new function
Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
backslash characters in filenames, enable it for Cygwin and use it to turn
of tests for quotes backslashes in sftp-glob.sh.
based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
|
|
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
|
|
ssh-add to avoid $SUDO failures on Linux
|
|
its unique snowflake of a gdb error to the ones we look for.
|
|
$PATH, fix cleanup of droppings; reported by openssh AT
roumenpetrov.info; ok dtucker@
|
|
[clientloop.c]
a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
now that we use atomicio(), convert them from while loops to if statements
add test and cast to compile cleanly with -Wsigned
|
|
[sshconnect.c]
reset the SIGPIPE handler when forking to execute child processes;
ok dtucker@
|
|
[clientloop.c]
Use atomicio when flushing protocol 1 std{out,err} buffers at
session close. This was a latent bug exposed by setting a SIGCHLD
handler and spotted by kevin.brott AT gmail.com; ok dtucker@
|
|
on configurations that don't have it.
|
|
|
|
ecdsa bits.
|
|
|
|
host-key-force target rather than a substitution that is replaced with a
comment so that the Makefile.in is still a syntactically valid Makefile
(useful to run the distprep target)
|
|
[PROTOCOL.mux]
correct protocol names and add a couple of missing protocol number
defines; patch from bert.wesarg AT googlemail.com
|
|
[mux.c]
correct error messages; patch from bert.wesarg AT googlemail.com
|
|
should not depend on ECC support
|
|
#define that was causing diffie-hellman-group-exchange-sha256 to be
incorrectly disabled
|
|
target
|
|
gcc warning on platforms where it defaults to int
|
|
ecdsa keys. ok djm.
|
|
|
|
|
|
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
|
|
silly warnings on write() calls we don't care succeed or not.
|
|
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
|
|
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
|
|
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
|
|
[sshlogin.c]
fd leak on error paths; from zinovik@
NB. Id sync only; we use loginrec.c that was also audited and fixed
recently
|
|
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
|
|
|
|
source tree.
|
|
openssh AT roumenpetrov.info
|