| Age | Commit message (Collapse) | Author |
|---|
|
- djm@cvs.openbsd.org 2005/06/17 22:53:47
[ssh.c sshconnect.c]
Fix ControlPath's %p expanding to "0" for a default port,
spotted dwmw2 AT infradead.org; ok markus@
|
|
Luís Lopes; closes: #315477).
|
|
tested and fixes tim@
|
|
|
|
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
|
|
[auth1.c] split protocol 1 auth methods into separate functions, makes
authloop much more readable; fixes and ok markus@ (portable ok &
polish dtucker@)
|
|
|
|
|
|
|
|
/usr/lib/openssh/sftp-server (closes: #312891).
|
|
are available.
|
|
|
|
- Added SELinux capability, and turned it on be default. Added
restorecon calls in preinst and postinst (should not matter if the
machine is not SELinux aware). By and large, the changes made should
have no effect unless the rules file calls --with-selinux; and even
then there should be no performance hit for machines not actively
running SELinux.
- Modified the preinst and postinst to call restorecon to set the
security context for the generated public key files.
- Added a comment to /etc/pam.d/ssh to indicate that an SELinux system
may want to also include pam_selinux.so.
|
|
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
and ok tim@
----------------------------------------------------------------------
automatically CVS: CVS: Committing in . CVS: CVS: Modified Files:
----------------------------------------------------------------------
|
|
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
|
|
[canohost.c channels.c sshd.c]
don't exit if getpeername fails for forwarded ports; bugzilla #1054;
ok djm
|
|
- djm@cvs.openbsd.org 2005/06/16 03:38:36
[channels.c channels.h clientloop.c clientloop.h ssh.c]
move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
easier later; ok deraadt@
|
|
[cipher.c]
Correctly initialize end of array sentinel; ok djm@
(Id sync only, change already in portable)
|
|
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
add ControlMaster=auto/autoask options to support opportunistic
multiplexing; tested avsm@ and jakob@, ok markus@
|
|
[ssh-keygen.1 ssh-keygen.c sshd.8]
increase default rsa/dsa key length from 1024 to 2048 bits;
ok markus@ deraadt@
|
|
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
introduce a generic %foo expansion function. replace existing % expansion
and add expansion to ControlPath; ok markus@
|
|
- jaredy@cvs.openbsd.org 2005/06/07 13:25:23
[progressmeter.c]
catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
|
|
#313949).
|
|
|
|
openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
Move compatibility code for supporting older OpenSSL versions to the
compat layer. Suggested by and "no objection" djm@
|
|
conflicts with ssh (closes: #312475).
|
|
in today's episode we attempt to coax it from limits.h where it may be
hiding, failing that we take the DIY approach. Tested by tim@
|
|
|
|
supported by privsep. Requested by des AT des.no
|
|
openssh-unix-dev list. ok tim@ djm@
|
|
defined, and check that it helps before keeping it in CFLAGS. Some old
gcc's don't set an error code when encountering an unknown value in -std.
Found and tested by tim@.
|
|
Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
must be run on all platforms) Add missing ;; to case statement. OK dtucker@
|
|
|
|
|
|
|
|
|
|
|
|
[ssh.c]
fix -O for cases where no ControlPath has been specified or socket at
ControlPath is not contactable; spotted by and ok avsm@
|
|
[ssh-keygen.c]
uint32_t -> u_int32_t for consistency; ok djm@
|
|
[scp.c]
If copying multiple files to a target file (which normally fails, as it
must be a target directory), kill the spawned ssh child before exiting.
This stops it trying to authenticate and spewing lots of output.
deraadt@ ok
|
|
Add strtoll to the compat library, from OpenBSD.
|
|
arpa/nameser.h.
|
|
resurrected
|
|
|
|
vintela.com.
|
|
|
|
|
|
|
|
to "yes" in /etc/ssh/ssh_config), having a debconf question to ask whether
it should be setuid is overkill, and the question text had got out of date
anyway. Remove this question, ship ssh-keysign setuid in
openssh-client.deb, and set a statoverride if the debconf question was
previously set to false.
|
|
has not been the default since openssh 1:3.0.1p1-1. Users who need this
should edit sshd_config instead (closes: #147212).
|
