Age | Commit message (Collapse) | Author |
|
[version.h]
openssh-4.9
|
|
[auth-options.c auth-options.h session.c sshd.8]
add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
|
|
[session.c]
last patch had backwards test; spotted by termim AT gmail.com
|
|
[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
|
|
[monitor_fdpass.c]
msg_controllen has to be CMSG_SPACE so that the kernel can account for
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
|
|
[sftp-client.c]
prefer POSIX-style file renaming over filexfer rename behaviour if the
server supports the posix-rename@openssh.com extension.
Note that the old (filexfer) behaviour would refuse to clobber an
existing file. Users who depended on this should adjust their sftp(1)
usage.
ok deraadt@ markus@
|
|
[monitor_fdpass.c]
Repair the simple cases for msg_controllen where it should just be
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
|
|
[monitor_fdpass.c]
Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
an extensive discussion with otto, kettenis, millert, and hshoexer
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
|
|
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
|
|
crashes when used with ChrootDirectory
|
|
empty; report and patch from Peter Stuge
- (djm) [regress/test-exec.sh] Silence noise from detection of putty
commands; report from Peter Stuge
|
|
nas.nasa.gov
|
|
vinschen at redhat.com. Add () to put echo commands in subshell for lls test
I mistakenly left out of last commit.
|
|
|
|
from imorgan at nas.nasa.gov
|
|
by vinschen at redhat.com.
|
|
puttygen(1) by $PATH
|
|
self: make changes to Makefile.in next time, not the generated Makefile).
|
|
[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
[regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
basic (crypto, kex and transfer) interop regression tests against putty
To run these, install putty and run "make interop-tests" from the build
directory - the tests aren't run by default yet.
|
|
[regress/sftp-cmds.sh]
unbreak lls command and add a regress test that would have caught the
breakage; spotted by mouring@
NB. sftp code change already committed.
|
|
[regress/agent-getpeereid.sh regress/agent.sh]
more existant -> existent, from Martynas Venckus;
pfctl changes: ok henning
ssh changes: ok deraadt
|
|
[regress/Makefile regress/localcommand.sh]
Add simple regress test for LocalCommand; ok djm@
|
|
|
|
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
|
|
platforms where gcc understands the option but it's not supported (and
thus generates a warning).
|
|
equivalent of LLONG_MAX for the compat regression tests, which makes them
run on AIX and HP-UX. Patch from David Leonard.
|
|
implementation. It's not needed to fix bug #1081 and breaks the build
on some AIX configurations.
|
|
always work for all platforms and versions, so test what we can and
add a configure flag to turn it of if needed. ok djm@
|
|
|
|
[version.h]
crank version; from djm
|
|
[monitor_fdpass.c]
use a union to ensure alignment of the cmsg (pay attention: various other
parts of the tree need this treatment too); ok djm
|
|
[sftp-server.c]
add an extension method "posix-rename@openssh.com" to perform POSIX atomic
rename() operations. based on patch from miklos AT szeredi.hu in bz#1400;
ok dtucker@ markus@
|
|
[clientloop.c packet.c packet.h serverloop.c]
Allow all SSH2 packet types, including UNIMPLEMENTED to reset the
keepalive timer (bz #1307). ok markus@
|
|
[session.c]
closefrom() call was too early, delay it until just before we execute
the user's rc files (if any).
|
|
[session.c]
correct boolean encoding for coredump; der Mouse via dugsong
|
|
[sshd.c]
When started in configuration test mode (-t) do not check that sshd is
being started with an absolute path.
ok djm
|
|
[servconf.h session.c sshd.c]
rekey arc4random and OpenSSL RNG in postauth child
closefrom fds > 2 before shell/command execution
ok markus@
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
either, so use our own.
|
|
Debian patch via bernd AT openbsd.org
|
|
|
|
configure (and there's not much point, as openssh won't work without it)
so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
built in. Remove HAVE_SELECT so we can build on platforms without poll.
|
|
same SyslogFacility as the rest of sshd. Patch from William Knox,
ok djm@.
|
|
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
|
|
compat glue into openssl-compat.h.
|
|
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
header to after OpenSSL headers, since some versions of OpenSSL have
SSLeay_add_all_algorithms as a macro already.
|
|
linking problems on AIX with gcc 4.1.x.
|
|
headers so ./configure --with-ssl-engine actually works. Patch from
Ian Lister.
|