summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-02-29 - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. FromDamien Miller
Debian patch via bernd AT openbsd.org
2008-02-29 - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.Darren Tucker
2008-02-29 - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) inDarren Tucker
configure (and there's not much point, as openssh won't work without it) so HAVE_SELECT is not defined and the poll(2) compat code doesn't get built in. Remove HAVE_SELECT so we can build on platforms without poll.
2008-02-28 - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use theDarren Tucker
same SyslogFacility as the rest of sshd. Patch from William Knox, ok djm@.
2008-02-28 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: ImplementDarren Tucker
getgrouplist via getgrset on AIX, rather than iterating over getgrent. This allows, eg, Match and AllowGroups directives to work with NIS and LDAP groups.
2008-02-28 - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSLDarren Tucker
compat glue into openssl-compat.h.
2008-02-28 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.cDarren Tucker
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat header to after OpenSSL headers, since some versions of OpenSSL have SSLeay_add_all_algorithms as a macro already.
2008-02-28 - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixesDarren Tucker
linking problems on AIX with gcc 4.1.x.
2008-02-25 - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffleDarren Tucker
headers so ./configure --with-ssl-engine actually works. Patch from Ian Lister.
2008-02-25 - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementationDarren Tucker
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
2008-02-25 - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hackDarren Tucker
since it now conflicts with the helper function in misc.c. From vinschen AT redhat.com.
2008-02-2520080224Darren Tucker
- (tim) [contrib/cygwin/ssh-host-config] Grammar changes on SYSCONFDIR LOCALSTATEDIR messages. Check more thoroughly that it's possible to create the /var/empty directory. Patch by vinschen AT redhat.com
2008-02-23[contrib/cygwin/ssh-host-config]Tim Rice
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages. Check more thoroughly that it's possible to create the /var/empty directory. Patch by vinschen AT redhat.com
2008-02-10 - djm@cvs.openbsd.org 2008/02/10 10:54:29Damien Miller
[servconf.c session.c] delay ~ expansion for ChrootDirectory so it expands to the logged-in user's home, rather than the user who starts sshd (probably root)
2008-02-10 - djm@cvs.openbsd.org 2008/02/10 09:55:37Damien Miller
[sshd_config.5] mantion that "internal-sftp" is useful with ForceCommand too
2008-02-10 - mcbride@cvs.openbsd.org 2008/02/09 12:15:43Damien Miller
[ssh.1 sshd.8] Document the correct permissions for the ~/.ssh/ directory. ok jmc
2008-02-10 - jmc@cvs.openbsd.org 2008/02/09 08:04:31Damien Miller
[sshd_config.5] missing `)';
2008-02-10 - djm@cvs.openbsd.org 2008/02/08 23:24:07Damien Miller
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
2008-02-10 - djm@cvs.openbsd.org 2008/02/08 23:24:07Damien Miller
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config] [sshd_config.5] add sshd_config ChrootDirectory option to chroot(2) users to a directory and tweak internal sftp server to work with it (no special files in chroot required). ok markus@
2008-02-10 - markus@cvs.openbsd.org 2008/02/04 21:53:00Damien Miller
[session.c sftp-server.c sftp.h] link sftp-server into sshd; feedback and ok djm@
2008-02-10 - jmc@cvs.openbsd.org 2008/01/31 20:06:50Damien Miller
[scp.1] explain how to handle local file names containing colons; requested by Tamas TEVESZ ok dtucker
2008-02-10 - dtucker@cvs.openbsd.org 2008/01/23 01:56:54Damien Miller
[clientloop.c packet.c serverloop.c] Revert the change for bz #1307 as it causes connection aborts if an IGNORE packet arrives while we're waiting in packet_read_expect (and possibly elsewhere).
2008-02-10 - djm@cvs.openbsd.org 2008/01/21 19:20:17Damien Miller
[sftp-client.c] when a remote write error occurs during an upload, ensure that ACKs for all issued requests are properly drained. patch from t8m AT centrum.cz
2008-02-10 - djm@cvs.openbsd.org 2008/01/21 17:24:30Damien Miller
[sftp-server.c] Remove the fixed 100 handle limit in sftp-server and allocate as many as we have available file descriptors. Patch from miklos AT szeredi.hu; ok dtucker@ markus@
2008-02-10 - djm@cvs.openbsd.org 2008/01/20 00:38:30Damien Miller
[sftp.c] When uploading, correctly handle the case of an unquoted filename with glob metacharacters that match a file exactly but not as a glob, e.g. a file called "[abcd]". report and test cases from duncan2nd AT gmx.de
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 23:09:49Damien Miller
[readconf.c readconf.h sshconnect2.c] promote rekeylimit to a int64 so it can hold the maximum useful limit of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 23:02:40Damien Miller
[channels.c] When we added support for specified bind addresses for port forwards, we added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of this for -L port forwards that causes the client to listen on both v4 and v6 addresses when connected to a server with this quirk, despite having set 0.0.0.0 as a bind_address. report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 22:37:19Damien Miller
[ssh-keygen.c] unbreak line numbering (broken in revision 1.164), fix error message
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 22:22:58Damien Miller
[ssh-keygen.c] when hashing individual hosts (ssh-keygen -Hf hostname), make sure we hash just the specified hostname and not the entire hostspec from the keyfile. It may be of the form "hostname,ipaddr", which would lead to a hash that never matches. report and fix from jp AT devnull.cz
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 22:04:57Damien Miller
[sftp-client.c] fix remote handle leak in do_download() local file open error path; report and fix from sworley AT chkno.net
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 20:51:26Damien Miller
[ssh.c] ignore SIGPIPE in multiplex client mode - we can receive this if the server runs out of fds on us midway. Report and patch from gregory_shively AT fanniemae.com
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 20:48:53Damien Miller
[clientloop.c] fd leak on session multiplexing error path. Report and patch from gregory_shively AT fanniemae.com
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 19:25:50Damien Miller
[scp.1] scp -q implies ssh -q for the underlying connection, it doesn't just hush the progress meter
2008-02-10 - djm@cvs.openbsd.org 2008/01/19 19:13:28Damien Miller
[ssh.1] satisfy the pedants: -q does not suppress all diagnostic messages (e.g. some commandline parsing warnings go unconditionally to stdout).
2008-02-10 - chl@cvs.openbsd.org 2008/01/11 07:22:28Damien Miller
[sftp-client.c sftp-client.h] disable unused functions initially from tobias@, but disabled them by placing them in "#ifdef notyet" which was asked by djm@ ok djm@ tobias@
2008-01-20 - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch fromDamien Miller
tsr2600 AT gmail.com
2008-01-20 - (djm) Silence noice from expr in ssh-copy-id; patch fromDamien Miller
mikel AT mikelward.com
2008-01-02 - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.Darren Tucker
2008-01-02 - dtucker@cvs.openbsd.org 2008/01/01 08:51:20Darren Tucker
[moduli] Updated moduli file; ok djm@
2008-01-01 - dtucker@cvs.openbsd.org 2008/01/01 09:27:33Darren Tucker
[sshd_config.5 servconf.c] Allow PermitRootLogin in a Match block. Allows for, eg, permitting root only from the local network. ok markus@, man page bit ok jmc@
2008-01-01Add missing ChangeLog entriesDarren Tucker
2008-01-01 - dtucker@cvs.openbsd.org 2008/01/01 09:06:39Darren Tucker
[scp.c] If scp -p encounters a pre-epoch timestamp, use the epoch which is as close as we can get given that it's used unsigned. Add a little debugging while there. bz #828, ok djm@
2008-01-01 - dtucker@cvs.openbsd.org 2008/01/01 08:47:04Darren Tucker
[misc.c] spaces -> tabs from my previous commit
2008-01-01 - dtucker@cvs.openbsd.org 2007/12/31 15:27:04Darren Tucker
[sshd.c] When in inetd mode, have sshd generate a Protocol 1 ephemeral server key only for connections where the client chooses Protocol 1 as opposed to when it's enabled in the server's config. Speeds up Protocol 2 connections to inetd-mode servers that also allow Protocol 1. bz #440, based on a patch from bruno at wolff.to, ok markus@
2008-01-01 - (dtucker) OpenBSD CVS SyncDarren Tucker
- dtucker@cvs.openbsd.org 2007/12/31 10:41:31 [readconf.c servconf.c] Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch from Dmitry V. Levin, ok djm@
2007-12-31 - (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use ofDarren Tucker
builtin glob implementation on Mac OS X. Based on a patch from vgiffin at apple.
2007-12-29 - dtucker@cvs.openbsd.org 2007/12/28 22:34:47Darren Tucker
[clientloop.c] Use the correct packet maximum sizes for remote port and agent forwarding. Prevents the server from killing the connection if too much data is queued and an excessively large packet gets sent. bz #1360, ok djm@.
2007-12-29 - dtucker@cvs.openbsd.org 2007/12/28 15:32:24Darren Tucker
[clientloop.c serverloop.c packet.c] Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the ServerAlive and ClientAlive timers. Prevents dropping a connection when these are enabled but the peer does not support our keepalives. bz #1307, ok djm@.
2007-12-29 - dtucker@cvs.openbsd.org 2007/12/27 14:22:08Darren Tucker
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c sshd.c] Add a small helper function to consistently handle the EAI_SYSTEM error code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
2007-12-29 - djm@cvs.openbsd.org 2007/12/12 05:04:03Darren Tucker
[sftp.c] unbreak lls command and add a regress test that would have caught the breakage; spotted by mouring@