Age | Commit message (Collapse) | Author |
|
|
|
installations or if you manually add 'HostKey
/etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
|
|
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.
- sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation. It is available through the "ln" command in the
client. The old "ln" behaviour of creating a symlink is available
using its "-s" option or through the preexisting "symlink" command.
- scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host (closes: #508613).
- ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded. This allows the mux clients to determine that the server
socket is either ready or stale without races (closes: #454784).
Stale server sockets are now automatically removed (closes: #523250).
- ssh(1): install a SIGCHLD handler to reap expired child process
(closes: #594687).
- ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
temporary directories (closes: #357469, although only if you arrange
for ssh-agent to actually see $TMPDIR since the setgid bit will cause
it to be stripped off).
|
|
|
|
|
|
|
|
|
|
|
|
[contrib/suse/openssh.spec] update versions in docs and spec files.
|
|
- djm@cvs.openbsd.org 2011/01/22 09:18:53
[version.h]
crank to OpenSSH-5.7
|
|
RSA_get_default_method() for the benefit of openssl versions that don't
have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
ok djm@.
|
|
0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
release testing (random crashes and failure to load ECC keys).
ok dtucker@
|
|
of RPM so build completes. Signatures were changed to .asc since 4.1p1.
|
|
configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
support, based on patches from Tomas Mraz and jchadima at redhat.
|
|
the tinderbox.
|
|
|
|
[regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
disabled on platforms that do not support them; add a "config_defined()"
shell function that greps for defines in config.h and use them to decide
on feature tests.
Convert a couple of existing grep's over config.h to use the new function
Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
backslash characters in filenames, enable it for Cygwin and use it to turn
of tests for quotes backslashes in sftp-glob.sh.
based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
|
|
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
to the old values. Feedback from vapier at gentoo org and djm, ok djm.
|
|
ssh-add to avoid $SUDO failures on Linux
|
|
its unique snowflake of a gdb error to the ones we look for.
|
|
$PATH, fix cleanup of droppings; reported by openssh AT
roumenpetrov.info; ok dtucker@
|
|
[clientloop.c]
a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
now that we use atomicio(), convert them from while loops to if statements
add test and cast to compile cleanly with -Wsigned
|
|
[sshconnect.c]
reset the SIGPIPE handler when forking to execute child processes;
ok dtucker@
|
|
[clientloop.c]
Use atomicio when flushing protocol 1 std{out,err} buffers at
session close. This was a latent bug exposed by setting a SIGCHLD
handler and spotted by kevin.brott AT gmail.com; ok dtucker@
|
|
on configurations that don't have it.
|
|
|
|
ecdsa bits.
|
|
|
|
host-key-force target rather than a substitution that is replaced with a
comment so that the Makefile.in is still a syntactically valid Makefile
(useful to run the distprep target)
|
|
[PROTOCOL.mux]
correct protocol names and add a couple of missing protocol number
defines; patch from bert.wesarg AT googlemail.com
|
|
[mux.c]
correct error messages; patch from bert.wesarg AT googlemail.com
|
|
should not depend on ECC support
|
|
#define that was causing diffie-hellman-group-exchange-sha256 to be
incorrectly disabled
|
|
target
|
|
gcc warning on platforms where it defaults to int
|
|
ecdsa keys. ok djm.
|
|
|
|
|
|
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
|
|
silly warnings on write() calls we don't care succeed or not.
|
|
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
|
|
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
|
|
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
|
|
[sshlogin.c]
fd leak on error paths; from zinovik@
NB. Id sync only; we use loginrec.c that was also audited and fixed
recently
|
|
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
|
|
|
|
source tree.
|
|
openssh AT roumenpetrov.info
|
|
test on OSX and others. Reported by imorgan AT nas.nasa.gov
|
|
[sshconnect.c]
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
ok markus@
|