summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2006-06-24 - (dtucker) [configure.ac] Bug #1193: Define PASSWD_NEEDS_USERNAME on Solaris.Darren Tucker
Works around limitation in Solaris' passwd program for changing passwords where the username is longer than 8 characters. ok djm@
2006-06-23 - (dtucker) [channels.c configure.ac serverloop.c] Bug #1102: Around AIXDarren Tucker
4.3.3 ML3 or so, the AIX pty layer starting passing zero-length writes on the pty slave as zero-length reads on the pty master, which sshd interprets as the descriptor closing. Since most things don't do zero length writes this rarely matters, but occasionally it happens, and when it does the SSH pty session appears to hang, so we add a special case for this condition. ok djm@
2006-06-23 - (dtucker) [README.platform configure.ac openbsd-compat/port-tun.c] AddDarren Tucker
tunnel support for Mac OS X/Darwin via a third-party tun driver. Patch from reyk@, tested by anil@
2006-06-13 - (djm) [getput.h] This file has been replaced by functions in misc.cDamien Miller
2006-06-13 - djm@cvs.openbsd.org 2006/06/13 01:18:36Damien Miller
[ssh-agent.c] always use a format string, even when printing a constant - djm@cvs.openbsd.org 2006/06/13 02:17:07 [ssh-agent.c] revert; i am on drugs. spotted by alexander AT beard.se
2006-06-13 - markus@cvs.openbsd.org 2006/06/08 14:45:49Damien Miller
[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] do not set the gid, noted by solar; ok djm
2006-06-13 - markus@cvs.openbsd.org 2006/06/06 10:20:20Damien Miller
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm
2006-06-13 - markus@cvs.openbsd.org 2006/06/01 09:21:48Damien Miller
[sshd.c] call get_remote_ipaddr() early; fixes logging after client disconnects; report mpf@; ok dtucker@
2006-06-13 - mk@cvs.openbsd.org 2006/05/30 11:46:38Damien Miller
[ssh-add.c] Sync usage() with man page and reality. ok deraadt dtucker
2006-06-13 - jmc@cvs.openbsd.org 2006/05/29 16:13:23Damien Miller
[ssh.1] add GSSAPI to the list of authentication methods supported;
2006-06-13 - jmc@cvs.openbsd.org 2006/05/29 16:10:03Damien Miller
[ssh_config.5] oops - previous was too long; split the list of auths up
2006-06-13 - dtucker@cvs.openbsd.org 2006/05/29 12:56:33Damien Miller
[ssh_config] Add GSSAPIAuthentication and GSSAPIDelegateCredentials to examples in sample ssh_config. ok markus@
2006-06-13 - dtucker@cvs.openbsd.org 2006/05/29 12:54:08Damien Miller
[ssh_config.5] Add gssapi-with-mic to PreferredAuthentications default list; ok jmc
2006-06-13 - miod@cvs.openbsd.org 2006/05/18 21:27:25Damien Miller
[kexdhc.c kexgexc.c] paramter -> parameter
2006-06-13 - markus@cvs.openbsd.org 2006/05/17 12:43:34Damien Miller
[scp.c sftp.c ssh-agent.c ssh-keygen.c sshconnect.c] fix leak; coverity via Kylene Jo Hall
2006-06-13 - markus@cvs.openbsd.org 2006/05/16 09:00:00Damien Miller
[clientloop.c] missing free; from Kylene Hall
2006-06-13 - djm@cvs.openbsd.org 2006/05/08 10:49:48Damien Miller
[sshconnect2.c] uint32_t -> u_int32_t (which we use everywhere else) (Id sync only - portable already had this)
2006-05-21 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitorDarren Tucker
and slave, we can remove the special-case handling in the audit hook in auth_log.
2006-05-17 - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix fileDarren Tucker
pointer leak. From kjhall at us.ibm.com, found by coverity.
2006-05-15typoDarren Tucker
2006-05-15 - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back andDarren Tucker
do not allow kbdint again after the PAM account check fails. ok djm@
2006-05-15 - (dtucker) [defines.h] Find a value for IOV_MAX or use a conservativeDarren Tucker
default. Patch originally from tim@, ok djm
2006-05-15 - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead ofDarren Tucker
_res, prevents problems on some platforms that have _res as a global but don't have getrrsetbyname(), eg IRIX 5.3. Found and tested by georg.schwarz at freenet.de, ok djm@.
2006-05-06 - dtucker@cvs.openbsd.org 2006/05/06 08:35:40Darren Tucker
[auth-krb5.c] Add $OpenBSD$ in comment here too
2006-05-06 - djm@cvs.openbsd.org 2006/04/01 05:37:46Darren Tucker
[OVERVIEW] $OpenBSD$ in here too
2006-05-06 - djm@cvs.openbsd.org 2006/05/04 14:55:23Darren Tucker
[dh.c] tighter DH exponent checks here too; feedback and ok markus@
2006-05-06 - dtucker@cvs.openbsd.org 2006/04/25 08:02:27Darren Tucker
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c] Prevent ssh from trying to open private keys with bad permissions more than once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
2006-05-04 - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.cDarren Tucker
session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar) in Portable-only code; since calloc zeros, remove now-redundant memsets. Also add a couple of sanity checks. With & ok djm@
2006-05-03 - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.hDarren Tucker
and double including it on IRIX 5.3 causes problems. From Georg Schwarz, "no objections" tim@
2006-04-23missing fileDamien Miller
2006-04-23 - (djm) [auth.h dispatch.h kex.h] sprinkle in signal.h to getDamien Miller
sig_atomic_t
2006-04-23 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28Damien Miller
[bufaux.c bufbn.c Makefile.in] Move Buffer bignum functions into their own file, bufbn.c. This means that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@
2006-04-23 - stevesk@cvs.openbsd.org 2006/04/22 18:29:33Damien Miller
[crc32.c] remove extra spaces
2006-04-23 - djm@cvs.openbsd.org 2006/04/22 04:06:51Damien Miller
[uidswap.c] use setres[ug]id() to permanently revoke privileges; ok deraadt@ (ID Sync only - portable already uses setres[ug]id() whenever possible)
2006-04-23 - djm@cvs.openbsd.org 2006/04/20 21:53:44Damien Miller
[includes.h session.c sftp.c] Switch from using pipes to socketpairs for communication between sftp/scp and ssh, and between sshd and its subprocesses. This saves a file descriptor per session and apparently makes userland ppp over ssh work; ok markus@ deraadt@ (ID Sync only - portable makes this decision on a per-platform basis)
2006-04-23 - markus@cvs.openbsd.org 2006/04/20 09:47:59Damien Miller
[sshconnect.c] simplify; ok djm@
2006-04-23 - djm@cvs.openbsd.org 2006/04/20 09:27:09Damien Miller
[auth.h clientloop.c dispatch.c dispatch.h kex.h] replace the last non-sig_atomic_t flag used in a signal handler with a sig_atomic_t, unfortunately with some knock-on effects in other (non- signal) contexts in which it is used; ok markus@
2006-04-23 - dtucker@cvs.openbsd.org 2006/04/18 10:44:28Damien Miller
[bufaux.c bufbn.c] Move Buffer bignum functions into their own file, bufbn.c. This means that sftp and sftp-server (which use the Buffer functions in bufaux.c but not the bignum ones) no longer need to be linked with libcrypto. ok markus@
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 07:59:00Damien Miller
[atomicio.c] reorder sanity test so that it cannot dereference past the end of the iov array; well spotted canacar@!
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 00:54:10Damien Miller
[sftp-client.c] avoid making a tiny 4-byte write to send the packet length of sftp commands, which would result in a separate tiny packet on the wire by using atomiciov(writev, ...) to write the length and the command in one pass; ok deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 00:52:55Damien Miller
[atomicio.c atomicio.h] introduce atomiciov() function that wraps readv/writev to retry interrupted transfers like atomicio() does for read/write; feedback deraadt@ dtucker@ stevesk@ ok deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/16 00:48:52Damien Miller
[buffer.c buffer.h channels.c] Fix condition where we could exit with a fatal error when an input buffer became too large and the remote end had advertised a big window. The problem was a mismatch in the backoff math between the channels code and the buffer code, so make a buffer_check_alloc() function that the channels code can use to propsectivly check whether an incremental allocation will succeed. bz #1131, debugged with the assistance of cove AT wildpackets.com; ok dtucker@ deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/03 07:10:38Damien Miller
[gss-genr.c] GSSAPI buffers shouldn't be nul-terminated, spotted in bugzilla #1066 by dleonard AT vintela.com. use xasprintf() to simplify code while in there; "looks right" deraadt@
2006-04-23 - dtucker@cvs.openbsd.org 2006/04/02 08:34:52Damien Miller
[ssh-keysign.c] sessionid can be 32 bytes now too when sha256 kex is used; ok djm@
2006-04-23 - djm@cvs.openbsd.org 2006/04/01 05:51:34Damien Miller
[atomicio.c] ANSIfy; requested deraadt@
2006-04-23 - djm@cvs.openbsd.org 2006/04/01 05:50:29Damien Miller
[scp.c] xasprintification; ok deraadt@
2006-04-23 - (djm) OpenBSD CVS SyncDamien Miller
- deraadt@cvs.openbsd.org 2006/04/01 05:42:20 [scp.c] minimal lint cleanup (unused crud, and some size_t); ok djm
2006-04-22 - (djm) [Makefile.in configure.ac session.c sshpty.c]Damien Miller
[contrib/redhat/sshd.init openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] [openbsd-compat/port-linux.h] Add support for SELinux, setting the execution and TTY contexts. based on patch from Daniel Walsh, bz #880; ok dtucker@
2006-04-18 - (djm) Reorder IP options check so that it isn't broken byDamien Miller
mapped addresses; bz #1179 reported by markw wtech-llc.com; ok dtucker@
2006-03-31 - djm@cvs.openbsd.org 2006/03/31 09:13:56Damien Miller
[ssh_config.5] remote user escape is %r not %h; spotted by jmc@