Age | Commit message (Collapse) | Author |
|
[channels.c]
When we added support for specified bind addresses for port forwards, we
added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
this for -L port forwards that causes the client to listen on both v4
and v6 addresses when connected to a server with this quirk, despite
having set 0.0.0.0 as a bind_address.
report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
|
|
[ssh-keygen.c]
unbreak line numbering (broken in revision 1.164), fix error message
|
|
[ssh-keygen.c]
when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
hash just the specified hostname and not the entire hostspec from the
keyfile. It may be of the form "hostname,ipaddr", which would lead to
a hash that never matches. report and fix from jp AT devnull.cz
|
|
[sftp-client.c]
fix remote handle leak in do_download() local file open error path;
report and fix from sworley AT chkno.net
|
|
[ssh.c]
ignore SIGPIPE in multiplex client mode - we can receive this if the
server runs out of fds on us midway. Report and patch from
gregory_shively AT fanniemae.com
|
|
[clientloop.c]
fd leak on session multiplexing error path. Report and patch from
gregory_shively AT fanniemae.com
|
|
[scp.1]
scp -q implies ssh -q for the underlying connection, it doesn't just
hush the progress meter
|
|
[ssh.1]
satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
some commandline parsing warnings go unconditionally to stdout).
|
|
[sftp-client.c sftp-client.h]
disable unused functions
initially from tobias@, but disabled them by placing them in
"#ifdef notyet" which was asked by djm@
ok djm@ tobias@
|
|
tsr2600 AT gmail.com
|
|
mikel AT mikelward.com
|
|
|
|
[moduli]
Updated moduli file; ok djm@
|
|
[sshd_config.5 servconf.c]
Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
only from the local network. ok markus@, man page bit ok jmc@
|
|
|
|
[scp.c]
If scp -p encounters a pre-epoch timestamp, use the epoch which is
as close as we can get given that it's used unsigned. Add a little
debugging while there. bz #828, ok djm@
|
|
[misc.c]
spaces -> tabs from my previous commit
|
|
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440,
based on a patch from bruno at wolff.to, ok markus@
|
|
- dtucker@cvs.openbsd.org 2007/12/31 10:41:31
[readconf.c servconf.c]
Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch
from Dmitry V. Levin, ok djm@
|
|
builtin glob implementation on Mac OS X. Based on a patch from
vgiffin at apple.
|
|
[clientloop.c]
Use the correct packet maximum sizes for remote port and agent forwarding.
Prevents the server from killing the connection if too much data is queued
and an excessively large packet gets sent. bz #1360, ok djm@.
|
|
[clientloop.c serverloop.c packet.c]
Make SSH2_MSG_UNIMPLEMENTED and SSH2_MSG_IGNORE messages reset the
ServerAlive and ClientAlive timers. Prevents dropping a connection
when these are enabled but the peer does not support our keepalives.
bz #1307, ok djm@.
|
|
[servconf.c canohost.c misc.c channels.c sshconnect.c misc.h ssh-keyscan.c
sshd.c]
Add a small helper function to consistently handle the EAI_SYSTEM error
code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417.
ok markus@ stevesk@
|
|
[sftp.c]
unbreak lls command and add a regress test that would have caught the
breakage; spotted by mouring@
|
|
[ssh.c]
avoid errno trashing in signal handler; ok dtucker
|
|
[ssh.c]
Use xstrdup/xfree when saving pwname and pwdir; ok deraadt@
|
|
[ssh.c]
bz #1377: getpwuid results were being clobbered by another getpw* call
inside tilde_expand_filename(); save the data we need carefully
ok djm
|
|
[clientloop.c]
fix memory leak in process_cmdline(), patch from Jan.Pechanec AT Sun.COM;
ok dtucker@
|
|
[ssh_config.5]
clean up after previous macro removal;
|
|
[ssh.c]
Make LocalCommand work for Protocol 1 too; ok djm@
|
|
[ssh_config.5]
ProxyCommand and LocalCommand use the user's shell, not /bin/sh; ok djm@
|
|
[monitor_wrap.c monitor.c]
Send config block back to slave for invalid users too so options
set by a Match block (eg Banner) behave the same for non-existent
users. Found by and ok djm@
|
|
[ssh.c]
Plug tiny mem leaks in ControlPath and ProxyCommand option processing;
ok djm@
|
|
[auth2-gss.c]
Allow build without -DGSSAPI; ok deraadt@
(Id sync only, Portable already has the ifdefs)
|
|
leftover debug code.
|
|
gcc supports it. ok djm@
|
|
[openbsd-compat/sys-tree.h]
remove extra backslash at the end of RB_PROTOTYPE, report from
Jan.Pechanec AT Sun.COM; ok deraadt@
|
|
GLOB_NOESCAPE is POSIX so move it out of the #ifndef _POSIX_SOURCE
block.
(NB. mostly an RCS ID sync, as portable strips out the conditionals)
|
|
[openbsd-compat/sys-queue.h]
Enable QUEUE_MACRO_DEBUG on DIAGNOSTIC kernels.
Input and okays from krw@, millert@, otto@, deraadt@, miod@.
|
|
[openbsd-compat/sys-queue.h]
Introduce debugging aid for queue macros. Disabled by default; but
developers are encouraged to run with this enabled.
ok krw@ fgsch@ deraadt@
|
|
[openbsd-compat/sys-queue.h]
Some uvm problem is being exposed with the more strict macros.
Revert until we've found out what's causing the panics.
|
|
[openbsd-compat/sys-queue.h]
Partly backout. NOLIST, used in LISTs is probably interfering.
requested by deraadt@
|
|
[openbsd-compat/sys-queue.h]
Performing certain operations on queue.h data structurs produced
funny results. An example is calling LIST_REMOVE on the same
element twice. This will not fail, but result in a data structure
referencing who knows what. Prevent these accidents by NULLing some
fields on remove and replace. This way, either a panic or segfault
will be produced on the faulty operation.
|
|
[openbsd-compat/sys-queue.h]
minor white spacing
|
|
[openbsd-compat/sys-queue.h]
Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
ok millert krw deraadt
|
|
[openbsd-compat/sys-tree.h]
typo
|
|
[openbsd-compat/tree.h]
sync to Niels Provos' version. avoid unused variable warning in
RB_NEXT()
|
|
[openbsd-compat/getrrsetbyname.c openbsd-compat/getrrsetbyname.h]
use RRSIG instead of SIG for DNSSEC. ok djm@
|
|
[openbsd-compat/base64.c]
remove calls to abort(3) that can't happen anyway; from
<bret dot lambert at gmail.com>; ok millert@ deraadt@
|
|
Sync RCS ID after irrelevant (for portable OpenSSH) header shuffling
|