Age | Commit message (Collapse) | Author |
|
[umac.c]
make MAC key, data to be hashed and nonce for final hash const;
checked with -Wcast-qual
|
|
[krl.c]
fix verification error in (as-yet usused) KRL signature checking path
|
|
[auth-krb5.c gss-serv-krb5.c gss-serv.c]
fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
|
|
[ssh-agent.c]
call cleanup_handler on SIGINT when in debug mode to ensure sockets
are cleaned up on manual exit; bz#2120
|
|
[ssh-keygen.c ssh.c]
More useful error message on missing current user in /etc/passwd
|
|
[umac.c]
use a union to ensure correct alignment; ok deraadt
|
|
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
[servconf.h session.c sshd.c sshd_config.5]
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
ok djm@
|
|
[ssh.1]
be more exact wrt perms for ~/.ssh/config; bz#2078
|
|
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
|
|
[ssh.c]
set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
|
|
[ssh-keygen.c]
do_print_resource_record() can never be called with a NULL filename, so
don't attempt (and bungle) asking for one if it has not been specified
bz#2127 ok dtucker@
|
|
[misc.c]
in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
errno == 0. Avoids confusing error message in some broken resolver
cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
|
|
[sftp.c ssh-keygen.c ssh-pkcs11.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
|
|
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
[hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
|
|
[dh.c]
remove extra whitespace
|
|
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
do not use Sx for sections outwith the man page - ingo informs me that
stuff like html will render with broken links;
issue reported by Eric S. Raymond, via djm
|
|
[scp.c]
improved time_t overflow check suggested by guenther@
|
|
[scp.c]
make this -Wsign-compare clean after time_t conversion
|
|
[dh.c]
sprinkle in some error() to explain moduli(5) parse failures
|
|
[ssh_config.5]
explicitly mention that IdentitiesOnly can be used with IdentityFile
to control which keys are offered from an agent.
|
|
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
for hostbased authentication, print the client host and user on
the auth success/failure line; bz#2064, ok dtucker@
|
|
[krl.c]
don't leak the rdata blob on errors; ok djm@
|
|
[scp.c]
Handle time_t values as long long's when formatting them and when
parsing them from remote servers.
Improve error checking in parsing of 'T' lines.
ok dtucker@ deraadt@
|
|
[readconf.c]
revert 1.203 while we investigate crashes reported by okan@
|
|
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
the Cygwin README file (which hasn't been updated for ages), drop
unsupported OSes from the ssh-host-config help text, and drop an
unneeded option from ssh-user-config. Patch from vinschen at redhat com.
|
|
and add some comments so it's clear what goes where.
|
|
the required OpenSSL support. Patch from naddy at freebsd.
|
|
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
|
|
[channels.c channels.h clientloop.c]
Add an "ABANDONED" channel state and use for mux sessions that are
disconnected via the ~. escape sequence. Channels in this state will
be able to close if the server responds, but do not count as active channels.
This means that if you ~. all of the mux clients when using ControlPersist
on a broken network, the backgrounded mux master will exit when the
Control Persist time expires rather than hanging around indefinitely.
bz#1917, also reported and tested by tedu@. ok djm@ markus@.
|
|
platforms that don't have multibyte character support (specifically,
mblen).
|
|
[readconf.c]
plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
|
|
[sshconnect2.c]
Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
|
|
[sshd.c]
When running sshd -D, close stderr unless we have explicitly requesting
logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
so, err, ok dtucker.
|
|
[mux.c]
fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
ok djm
|
|
[sftp.c]
Make sftp's libedit interface marginally multibyte aware by building up
the quoted string by character instead of by byte. Prevents failures
when linked against a libedit built with wide character support (bz#1990).
"looks ok" djm
|
|
[scp.c]
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
|
[mac.c]
force the MAC output to be 64-bit aligned so umac won't see unaligned
accesses on strict-alignment architectures. bz#2101, patch from
tomas.kuthan at oracle.com, ok djm@
|
|
[clientloop.h clientloop.c mux.c]
No need for the mux cleanup callback to be visible so restore it to static
and call it through the detach_user function pointer. ok djm@
|
|
[channels.h]
typo in comment
|
|
modpipe in case there's anything in there we need.
|
|
forwarding test is extremely slow copying data on some machines so switch
back to copying the much smaller ls binary until we can figure out why
this is.
|
|
Patch from cjwatson at debian.
|
|
functions, not from the openssl version.
|
|
sys/socket.h.
|
|
|
|
|
|
feedback and ok dtucker
|
|
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
dealing with shell portability issues in regression tests, we let
configure find us a capable shell on those platforms with an old /bin/sh.
|
|
Patch from Nathan Osman.
|
|
to prevent noise from configure. Patch from Nathan Osman.
|