| Age | Commit message (Collapse) | Author |
|---|
|
[channels.c channels.h session.c]
make Channel->path an allocated string, saving a few bytes here and
there and fixing bz#1380 in the process; ok markus@
|
|
[readconf.c]
1) use obsolete instead of alias for consistency
2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is
so move the comment.
3) reorder so like options are together
ok djm@
|
|
[channels.c]
support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
"looks ok" markus@
|
|
[kexgexs.c]
fix hash calculation for KEXGEX: hash over the original client-supplied
values and not the sanity checked versions that we acutally use;
bz#1540 reported by john.smith AT arrows.demon.co.uk
ok markus@
|
|
[channels.c]
call channel destroy callbacks on receipt of open failure messages.
fixes client hangs when connecting to a server that has MaxSessions=0
set spotted by imorgan AT nas.nasa.gov; ok markus@
|
|
[sshd_config.5]
add AllowAgentForwarding to available Match keywords list
ok djm
|
|
[pathnames.h]
no need to escape single quotes in comments
|
|
[ssh-keyscan.1]
fix example, default key type is rsa for 3+ years; from
frederic.perrin@resel.fr
|
|
[addrmatch.c]
o cannot be NULL here but use xfree() to be consistent; ok djm@
|
|
[clientloop.c]
fix typo in error message
|
|
[sftp.1 sftp.c]
update for the synopses displayed by the 'help' command, there are a
few missing flags; add 'bye' to the output of 'help'; sorting and spacing.
jmc@ suggested replacing .Oo/.Oc with a single .Op macro.
ok jmc@
|
|
[auth2-chall.c]
replace by-hand string building with xasprinf(); ok deraadt@
|
|
[channels.c servconf.c]
channel_print_adm_permitted_opens() should deal with all the printing
for that config option. suggested by markus@; ok markus@ djm@
dtucker@
|
|
ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity"
key). Patch from cjwatson AT debian.org
|
|
launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked;
ok dtucker@
|
|
Patch based on one from vgiffin AT apple.com; ok dtucker@
|
|
#511771).
|
|
than O_RDWR.
|
|
|
|
really fix the bug (thanks to Kevin Price for testing), so for the
meantime we'll just use '/etc/init.d/ssh restart', even though it is
unfortunately heavyweight.
|
|
|
|
corresponds to sshd before running '/etc/init.d/ssh reload' from if-up
script; SIGHUP is racy if called at boot before sshd has a chance to
install its signal handler, but fortunately the pid file is written
after that which lets us avoid the race (closes: #502444).
|
|
- packet_disconnect() on padding error, too. Should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
|
|
OpenServer 6 doesn't need libcrypt.
|
|
openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
OK djm@ dtucker@
|
|
[sftp.1 sftp.c]
correct sftp(1) and corresponding usage syntax;
bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@
|
|
[readconf.c]
don't leave junk (free'd) pointers around in Forward *fwd argument on
failure; avoids double-free in ~C -L handler when given an invalid
forwarding specification; bz#1539 report from adejong AT debian.org
via Colin Watson; ok markus@ dtucker@
|
|
[sftp.c]
Deal correctly with failures in remote stat() operation in sftp,
correcting fail-on-error behaviour in batchmode. bz#1541 report and
fix from anedvedicky AT gmail.com; ok markus@
|
|
[clientloop.c]
The ~C escape handler does not work correctly for multiplexed sessions -
it opens a commandline on the master session, instead of on the slave
that requested it. Disable it on slave sessions until such time as it
is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
ok markus@
|
|
[channels.c]
s/remote_id/id/ to be more consistent with other code; ok djm@
|
|
[serverloop.c]
backout 1.149, since it's not necessary and openssh clients send
broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
|
|
[clientloop.c]
we have to use the recipient's channel number (RFC 4254) for
SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
otherwise we trigger 'Non-public channel' error messages on sshd
systems with clientkeepalive enabled; noticed by sturm; ok djm;
|
|
use some stack in main().
Report and suggested fix from vapier AT gentoo.org
|
|
[monitor_fdpass.c]
Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@
|
|
[packet.c]
packet_disconnect() on padding error, too. should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
ok djm@
|
|
and tweak the is-sshd-running check in ssh-host-config. Patch from
vinschen at redhat com.
|
|
|
|
using ~C (closes: #505330; forwarded upstream as
https://bugzilla.mindrot.org/show_bug.cgi?id=1539).
|
|
- Only send eow and no-more-sessions requests to openssh 5 and newer;
fixes interop problems with broken ssh v2 implementations (closes:
#495917).
|
|
|
|
declarations, removing an unnecessary union member and adding whitespace.
ok djm some time ago.
|
|
member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
feedback by djm@
|
|
|
|
[regress/putty-ciphers.sh]
PuTTY supports AES CTR modes, so interop test against them too
|
|
[channels.c]
for sshd -T print 'permitopen any' vs. 'permitopen' for case of no
permitopen's; ok and input dtucker@
|
|
[servconf.c]
USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing
kerberosgetafstoken. ok dtucker@
(Id sync only, we still want the ifdef in portable)
|
|
[session.c ssh.1]
typo fixed (overriden -> overridden)
ok espie, jmc
|
|
[auth2-jpake.c]
Move JPAKE define to make life easier for portable. ok djm@
|
|
[nchan.c]
add space to some log/debug messages for readability; ok djm@ markus@
|
|
[ssh-keygen.c]
spelling/typo in comment
|
