| Age | Commit message (Collapse) | Author |
|---|
|
[servconf.c]
Make "PermitOpen all" first-match within a block to match the way other
options work. ok markus@ djm@
|
|
[servconf.c]
Make PermitOpen work with multiple values like the man pages says.
bz #1267 with details from peter at dmtz.com, with & ok djm@
|
|
[channels.c compat.c compat.h]
bz #1019: some ssh.com versions apparently can't cope with the
remote port forwarding bind_address being a hostname, so send
them an address for cases where they are not explicitly
specified (wildcard or localhost bind). reported by daveroth AT
acm.org; ok dtucker@ deraadt@
|
|
[ssh-keygen.1 ssh.1]
add rfc 4716 (public key format); ok jmc
|
|
[misc.c sftp.c]
Don't access buf[strlen(buf) - 1] for zero-length strings.
``ok by me'' djm@.
|
|
- deraadt@cvs.openbsd.org 2006/11/14 19:41:04
[ssh-keygen.c]
use argc and argv not some made up short form
|
|
|
|
occur if the server did not have the privsep user and an invalid user
tried to login and both privsep and krb5 auth are disabled.
|
|
[dh.c]
BN_hex2bn returns int; from dtucker@
|
|
|
|
versions.
|
|
[monitor.c version.h]
correctly check for bad signatures in the monitor, otherwise the monitor
and the unpriv process can get out of sync. with dtucker@, ok djm@,
dtucker@
|
|
[auth-rsa.c kexgexc.c kexdhs.c key.c ssh-dss.c sshd.c kexgexs.c
ssh-keygen.c bufbn.c moduli.c scard.c kexdhc.c sshconnect1.c dh.c rsa.c]
add missing checks for openssl return codes; with & ok djm@
|
|
if we absolutely need it. Pointed out by Corinna, ok djm@
|
|
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c]
check DH_compute_key() for -1 even if it should not happen because of
earlier calls to dh_pub_is_valid(); report krahmer at suse.de; ok djm
|
|
- otto@cvs.openbsd.org 2006/10/28 18:08:10
[ssh.1]
correct/expand example of usage of -w; ok jmc@ stevesk@
|
|
events fatal in Solaris process contract support and tell it to signal
only processes in the same process group when something happens.
Based on information from andrew.benham at thus.net and similar to
a patch from Chad Mynhier. ok djm@
|
|
|
|
autoconf 2.60 from complaining.
|
|
[sftp-client.c]
cancel progress meter when upload write fails; ok deraadt@
|
|
[clientloop.c serverloop.c]
exit instead of doing a blocking tcp send if we detect a client/server
timeout, since the tcp sendqueue might be already full (of alive
requests); ok dtucker, report mpf
|
|
[sshconnect.c]
sleep before retrying (not after) since sleep changes errno; fixes
pr 5250; rad@twig.com; ok dtucker djm
|
|
[session.c]
xmalloc -> xcalloc that was missed previously, from portable
(NB. Id sync only for portable, obviously)
|
|
[ssh-agent.c ssh-keyscan.c ssh.c]
sys/resource.h needs sys/time.h; prompted by brad@
(NB. Id sync only for portable)
|
|
- ray@cvs.openbsd.org 2006/09/30 17:48:22
[sftp.c]
Clear errno before calling the strtol functions.
From Paul Stoeber <x0001 at x dot de1 dot cc>.
OK deraadt@.
|
|
on older versions of OS X. ok djm@
|
|
[ssh-keyscan.1 ssh.1]
Change "a SSH" to "an SSH". Hurray, I'm not the only one who
pronounces "SSH" as "ess-ess-aich".
OK jmc@ and stevesk@.
|
|
on older (2.0) Linuxes. Based on patch from thmo-13 at gmx de.
|
|
Allow setting alternate awk in openssh-config.local.
|
|
SELinux functions so they're detected correctly. Patch from pebenito at
gentoo.org.
|
|
- (tim) [buildpkg.sh.in] Use uname -r instead of -v in OS_VER for Solaris.
Differentiate between OpenServer 5 and OpenServer 6
|
|
section so additional platform specific CHECK_HEADER tests will work
correctly. Fixes "<net/if_tap.h> on FreeBSD" problem report by des AT des.no
Feedback and "seems like a good idea" dtucker@
|
|
|
|
support. Patch from andrew.benham at thus net.
|
|
on Solaris 8 w/out /dev/random or prngd. Patch from rl at
math.technion.ac.il.
|
|
|
|
|
|
referenced any more. ok djm@
|
|
|
|
- (tim) [configure.ac] Remove CFLAGS hack for UnixWare 1.x/2.x (added
to rev 1.308) to work around broken gcc 2.x header file.
|
|
$LDFLAGS. Patch from vapier at gentoo org.
|
|
some platforms (eg HP-UX 11.00). From santhi.amirta at gmail com.
|
|
build error on Ultrix. From Bernhard Simon.
|
|
[packet.c]
client NULL deref on protocol error; Tavis Ormandy, Google Security Team
|
|
[sftp.c]
Use S_IS* macros insted of masking with S_IF* flags. The latter may
have multiple bits set, which lead to surprising results. Spotted by
Paul Stoeber, more to come. ok millert@ pedro@ jaredy@ djm@
|
|
Prevents macro redefinition warnings of "RDONLY".
|
|
macro redefinitions, and if not, remove "-qlanglvl=ansi" from the flags.
Allows build out of the box with older VAC and XLC compilers. Found by
David Bronder and Bernhard Simon.
|
|
|
|
|
|
using Protocol 1. From jhb at freebsd.
|
