Age | Commit message (Collapse) | Author |
|
[strlcpy.c]
Convert do {} while loop -> while {} for clarity. No binary change
on most architectures. From Oliver Smith. OK deraadt@ and henning@
|
|
[sftp.c]
don't let remote_glob() implicitly sort its results in do_globbed_ls() -
in all likelihood, they will be resorted anyway
|
|
[sftp-client.c]
fix leak in do_lsreaddir(); ok djm
|
|
[sftp-client.c]
fix leaks in do_hardlink() and do_readlink(); bz#1921
from Loganaden Velvindron
|
|
[ssh.1]
document new -O cancel command; ok djm@
|
|
[channels.c channels.h clientloop.c ssh.1]
support cancellation of local/dynamic forwardings from ~C commandline;
ok & feedback djm@
|
|
[channels.c channels.h clientloop.h mux.c ssh.c]
support for cancelling local and remote port forwards via the multiplex
socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
the cancellation of the specified forwardings; ok markus@
|
|
[sshd.c]
kill the preauth privsep child on fatal errors in the monitor;
ok markus@
|
|
[scp.c]
suppress adding '--' to remote commandlines when the first argument
does not start with '-'. saves breakage on some difficult-to-upgrade
embedded/router platforms; feedback & ok dtucker ok markus
|
|
[PROTOCOL.mux]
MUX_C_CLOSE_FWD includes forward type in message (though it isn't
implemented anyway)
|
|
[ssh_config.5 sshd_config.5]
fix typo in IPQoS parsing: there is no "AF14" class, but there is
an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
|
|
[ssh-keygen.1]
typo (they vs the) found by Lawrence Teo
|
|
[scp.1]
knock out a useless Ns;
|
|
[misc.c]
fix typo in IPQoS parsing: there is no "AF14" class, but there is
an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
|
|
[scp.1 sftp.1]
mention ControlPersist and KbdInteractiveAuthentication in the -o
verbiage in these pages too (prompted by jmc@)
|
|
[ssh.1]
Add some missing ssh_config(5) options that can be used in ssh(1)'s
-o argument. Patch from duclare AT guu.fi
|
|
[glob.c]
fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
applied only to the gl_pathv vector and not the corresponding gl_statv
array. reported in OpenSSH bz#1935; feedback and okay matthew@
|
|
[glob.c]
In glob(3), limit recursion during matching attempts. Similar to
fnmatch fix. Also collapse consecutive '*' (from NetBSD).
ok miod deraadt
|
|
[openbsd-compat/glob.c]
When the max number of items for a directory has reached GLOB_LIMIT_READDIR
an error is returned but closedir() is not called.
spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
ok otto@, millert@
|
|
Colin Watson.
|
|
|
|
|
|
|
|
[contrib/suse/openssh.spec] Update version numbers.
|
|
ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen support.
|
|
regress errors for the sandbox to warnings. ok tim dtucker
|
|
to switch SELinux context away from unconfined_t, based on patch from
Jan Chadima; bz#1919 ok dtucker@
|
|
|
|
|
|
MAC tests for platforms that hack EVP_SHA2 support
|
|
[regress/cipher-speed.sh regress/try-ciphers.sh]
add SHA256/SHA512 based HMAC modes
|
|
[connect-privsep.sh]
test with sandbox enabled; ok djm@
|
|
[regress/cfgmatch.sh]
use OBJ to find test configs, patch from Tim Rice
|
|
bisson AT archlinux.org
|
|
an explicitly requested sandbox type
|
|
binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
|
|
OpenSSL 0.9.7. ok djm
|
|
identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
AT gmail.com; ok dtucker@
|
|
[contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
init scrips from imorgan AT nas.nasa.gov
|
|
change error by reporting old and new context names Patch from
jchadima at redhat.
|
|
[sftp.1]
typo, fix from Laurent Gautrot
|
|
[moduli.5]
probabalistic -> probabilistic; from naddy
|
|
[moduli.5]
"Diffie-Hellman" is the usual spelling for the cryptographic protocol
first published by Whitfield Diffie and Martin Hellman in 1976.
ok jmc@
|
|
- jmc@cvs.openbsd.org 2008/06/26 06:59:39
[moduli.5]
tweak previous;
|
|
[ssh.c]
typo in comment
|
|
[version.h]
crank now, release later
|
|
[mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
Add new SHA256 and SHA512 based HMAC modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
Patch from mdb AT juniper.net; feedback and ok markus@
|
|
[gss-serv.c]
prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
report Adam Zabrock; ok djm@, deraadt@
|
|
[sandbox-systrace.c]
fail open(2) with EPERM rather than SIGKILLing the whole process. libc
will call open() to do strerror() when NLS is enabled;
feedback and ok markus@
|
|
[authfd.c]
bzero the agent address. the kernel was for a while very cranky about
these things. evne though that's fixed, always good to initialize
memory. ok deraadt djm
|