summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-03-27 - djm@cvs.openbsd.org 2008/03/27 00:16:49Damien Miller
[version.h] openssh-4.9
2008-03-27 - djm@cvs.openbsd.org 2008/03/26 21:28:14Damien Miller
[auth-options.c auth-options.h session.c sshd.8] add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
2008-03-27 - djm@cvs.openbsd.org 2008/03/25 23:01:41Damien Miller
[session.c] last patch had backwards test; spotted by termim AT gmail.com
2008-03-27 - djm@cvs.openbsd.org 2008/03/25 11:58:02Damien Miller
[session.c sshd_config.5] ignore ~/.ssh/rc if a sshd_config ForceCommand is specified; from dtucker@ ok deraadt@ djm@
2008-03-27 - deraadt@cvs.openbsd.org 2008/03/24 16:11:07Damien Miller
[monitor_fdpass.c] msg_controllen has to be CMSG_SPACE so that the kernel can account for each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
2008-03-27 - djm@cvs.openbsd.org 2008/03/23 12:54:01Damien Miller
[sftp-client.c] prefer POSIX-style file renaming over filexfer rename behaviour if the server supports the posix-rename@openssh.com extension. Note that the old (filexfer) behaviour would refuse to clobber an existing file. Users who depended on this should adjust their sftp(1) usage. ok deraadt@ markus@
2008-03-27 - deraadt@cvs.openbsd.org 2008/03/15 16:19:02Damien Miller
[monitor_fdpass.c] Repair the simple cases for msg_controllen where it should just be CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
2008-03-27 - deraadt@cvs.openbsd.org 2008/03/13 01:49:53Damien Miller
[monitor_fdpass.c] Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to an extensive discussion with otto, kettenis, millert, and hshoexer
2008-03-27 - jmc@cvs.openbsd.org 2008/02/11 07:58:28Damien Miller
[ssh.1 sshd.8 sshd_config.5] bump Mdocdate for pages committed in "febuary", necessary because of a typo in rcs.c;
2008-03-27 - (djm) Fix RCS ident in sftp-server-main.cDamien Miller
2008-03-27 - (dtucker) Cache selinux status earlier so we know if it's enabled after aDarren Tucker
chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@
2008-03-15 - (djm) [session.c] Relocate incorrectly-placed closefrom() that was causingDamien Miller
crashes when used with ChrootDirectory
2008-03-15 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they areDamien Miller
empty; report and patch from Peter Stuge - (djm) [regress/test-exec.sh] Silence noise from detection of putty commands; report from Peter Stuge
2008-03-14 - (tim) [regress/localcommand.sh] Shell portability fix. Reported by imorgan atTim Rice
nas.nasa.gov
2008-03-14 - (tim) [regress/sftp-cmds.sh] s/cd/lcd/ in lls test. Reported byTim Rice
vinschen at redhat.com. Add () to put echo commands in subshell for lls test I mistakenly left out of last commit.
2008-03-13forgot to add vinschen at redhat.com on last commitTim Rice
2008-03-13 - (tim) [regress/sftp-cmds.sh regress/ssh2putty.sh] Shell portability fixesTim Rice
from imorgan at nas.nasa.gov
2008-03-13 - (tim) [scp.c] Use poll.h if available, fall back to sys/poll.h if not. PatchTim Rice
by vinschen at redhat.com.
2008-03-13 - (djm) [Makefile.in regress/test-exec.sh] Find installed plink(1) andDamien Miller
puttygen(1) by $PATH
2008-03-13 - (djm) [Makefile.in regress/Makefile] Fix interop-tests target (note toDamien Miller
self: make changes to Makefile.in next time, not the generated Makefile).
2008-03-13 - djm@cvs.openbsd.org 2007/12/21 04:13:53Damien Miller
[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh] [regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh] basic (crypto, kex and transfer) interop regression tests against putty To run these, install putty and run "make interop-tests" from the build directory - the tests aren't run by default yet.
2008-03-12 - djm@cvs.openbsd.org 2007/12/12 05:04:03Damien Miller
[regress/sftp-cmds.sh] unbreak lls command and add a regress test that would have caught the breakage; spotted by mouring@ NB. sftp code change already committed.
2008-03-12 - jmc@cvs.openbsd.org 2007/11/25 15:35:09Damien Miller
[regress/agent-getpeereid.sh regress/agent.sh] more existant -> existent, from Martynas Venckus; pfctl changes: ok henning ssh changes: ok deraadt
2008-03-12 - dtucker@cvs.openbsd.org 2007/10/29 06:57:13Damien Miller
[regress/Makefile regress/localcommand.sh] Add simple regress test for LocalCommand; ok djm@
2008-03-11fix log dateDarren Tucker
2008-03-11 - (dtucker) [auth-pam.c monitor.c session.c sshd.c] Bug #926: MoveDarren Tucker
pam_open_session and pam_close_session into the privsep monitor, which will ensure that pam_session_close is called as root. Patch from Tomas Mraz.
2008-03-09 - (dtucker) [configure.ac] Run stack-protector tests with -Werror to catchDarren Tucker
platforms where gcc understands the option but it's not supported (and thus generates a warning).
2008-03-09 - (dtucker) [openbsd-compat/regress/strtonumtest.c] Bug #1347: Use platform'sDarren Tucker
equivalent of LLONG_MAX for the compat regression tests, which makes them run on AIX and HP-UX. Patch from David Leonard.
2008-03-09 - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroupsDarren Tucker
implementation. It's not needed to fix bug #1081 and breaks the build on some AIX configurations.
2008-03-09 - (dtucker) [configure.ac] It turns out gcc's -fstack-protector-all doesn'tDarren Tucker
always work for all platforms and versions, so test what we can and add a configure flag to turn it of if needed. ok djm@
2008-03-07 - (tim) [regress/sftp-glob.sh] Shell portability fix.Tim Rice
2008-03-07 - deraadt@cvs.openbsd.org 2008/03/04 21:15:42Damien Miller
[version.h] crank version; from djm
2008-03-07 - deraadt@cvs.openbsd.org 2008/03/02 18:19:35Damien Miller
[monitor_fdpass.c] use a union to ensure alignment of the cmsg (pay attention: various other parts of the tree need this treatment too); ok djm
2008-03-07 - djm@cvs.openbsd.org 2008/02/27 20:21:15Damien Miller
[sftp-server.c] add an extension method "posix-rename@openssh.com" to perform POSIX atomic rename() operations. based on patch from miklos AT szeredi.hu in bz#1400; ok dtucker@ markus@
2008-03-07 - dtucker@cvs.openbsd.org 2008/02/22 20:44:02Damien Miller
[clientloop.c packet.c packet.h serverloop.c] Allow all SSH2 packet types, including UNIMPLEMENTED to reset the keepalive timer (bz #1307). ok markus@
2008-03-07 - djm@cvs.openbsd.org 2008/02/22 05:58:56Damien Miller
[session.c] closefrom() call was too early, delay it until just before we execute the user's rc files (if any).
2008-03-07 - markus@cvs.openbsd.org 2008/02/20 15:25:26Damien Miller
[session.c] correct boolean encoding for coredump; der Mouse via dugsong
2008-03-07 - mbalmer@cvs.openbsd.org 2008/02/14 13:10:31Damien Miller
[sshd.c] When started in configuration test mode (-t) do not check that sshd is being started with an absolute path. ok djm
2008-03-07 - djm@cvs.openbsd.org 2008/02/13 22:38:17Damien Miller
[servconf.h session.c sshd.c] rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@
2008-03-07 - jmc@cvs.openbsd.org 2008/02/11 07:58:28Damien Miller
[ssh.1 sshd.8 sshd_config.5] bump Mdocdate for pages committed in "febuary", necessary because of a typo in rcs.c;
2008-03-02 - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expectDarren Tucker
either, so use our own.
2008-02-29 - (djm) [contrib/gnome-ssh-askpass2.h] Keep askpass windown on top. FromDamien Miller
Debian patch via bernd AT openbsd.org
2008-02-29 - (dtucker) [scp.c] Include sys/poll.h inside HAVE_SYS_POLL_H.Darren Tucker
2008-02-29 - (dtucker) [openbsd-compat/bsd-poll.c] We don't check for select(2) inDarren Tucker
configure (and there's not much point, as openssh won't work without it) so HAVE_SELECT is not defined and the poll(2) compat code doesn't get built in. Remove HAVE_SELECT so we can build on platforms without poll.
2008-02-28 - (dtucker) [sshd.c] Bug #1042: make log messages for tcpwrappers use theDarren Tucker
same SyslogFacility as the rest of sshd. Patch from William Knox, ok djm@.
2008-02-28 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: ImplementDarren Tucker
getgrouplist via getgrset on AIX, rather than iterating over getgrent. This allows, eg, Match and AllowGroups directives to work with NIS and LDAP groups.
2008-02-28 - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSLDarren Tucker
compat glue into openssl-compat.h.
2008-02-28 - (dtucker) [includes.h ssh-add.c ssh-agent.c ssh-keygen.c ssh.c sshd.cDarren Tucker
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat header to after OpenSSL headers, since some versions of OpenSSL have SSLeay_add_all_algorithms as a macro already.
2008-02-28 - (dtucker) [configure.ac] Add -fstack-protector to LDFLAGS too, fixesDarren Tucker
linking problems on AIX with gcc 4.1.x.
2008-02-25 - (dtucker) [includes.h openbsd-compat/openssl-compat.c] Bug #1437: reshuffleDarren Tucker
headers so ./configure --with-ssl-engine actually works. Patch from Ian Lister.