| Age | Commit message (Collapse) | Author |
|---|
|
- djm@cvs.openbsd.org 2008/04/13 00:22:17
[dh.c sshd.c]
Use arc4random_buf() when requesting more than a single word of output
Use arc4random_uniform() when the desired random number upper bound
is not a power of two
ok deraadt@ millert@
|
|
[configure.ac] Implement arc4random_buf(), import implementation of
arc4random_uniform() from OpenBSD
|
|
[sshd_config.5]
HostbasedAuthentication is supported under Match too
|
|
[sshd_config.5]
oops, some unrelated stuff crept into that commit - backout.
spotted by jmc@
|
|
- djm@cvs.openbsd.org 2008/04/04 05:14:38
[sshd_config.5]
ChrootDirectory is supported in Match blocks (in fact, it is most useful
there). Spotted by Minstrel AT minstrel.org.uk
|
|
strnvis first. Ok dtucker@
|
|
time warnings on LynxOS. Patch from ops AT iki.fi
|
|
|
|
|
|
[contrib/suse/openssh.spec] Crank version numbers in RPM spec files
|
|
[version.h]
openssh-5.0
|
|
[sshd.8]
remove trailing whitespace;
|
|
[channels.c]
avoid possible hijacking of x11-forwarded connections (back out 1.183)
CVE-2008-1483; ok djm@
|
|
|
|
[contrib/suse/openssh.spec] Crank version numbers in RPM spec files
|
|
|
|
|
|
|
|
|
|
[regress/sftp-badcmds.sh]
disable no-replace rename test now that we prefer a POSIX rename; spotted
by dkrause@
|
|
[version.h]
openssh-4.9
|
|
[auth-options.c auth-options.h session.c sshd.8]
add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc
|
|
[session.c]
last patch had backwards test; spotted by termim AT gmail.com
|
|
[session.c sshd_config.5]
ignore ~/.ssh/rc if a sshd_config ForceCommand is specified;
from dtucker@ ok deraadt@ djm@
|
|
[monitor_fdpass.c]
msg_controllen has to be CMSG_SPACE so that the kernel can account for
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This
works now that kernel fd passing has been fixed to accept a bit of
sloppiness because of this ABI repair.
lots of discussion with kettenis
|
|
[sftp-client.c]
prefer POSIX-style file renaming over filexfer rename behaviour if the
server supports the posix-rename@openssh.com extension.
Note that the old (filexfer) behaviour would refuse to clobber an
existing file. Users who depended on this should adjust their sftp(1)
usage.
ok deraadt@ markus@
|
|
[monitor_fdpass.c]
Repair the simple cases for msg_controllen where it should just be
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because
of alignment; ok kettenis hshoexer
|
|
[monitor_fdpass.c]
Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to
an extensive discussion with otto, kettenis, millert, and hshoexer
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
|
|
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
|
|
crashes when used with ChrootDirectory
|
|
empty; report and patch from Peter Stuge
- (djm) [regress/test-exec.sh] Silence noise from detection of putty
commands; report from Peter Stuge
|
|
nas.nasa.gov
|
|
vinschen at redhat.com. Add () to put echo commands in subshell for lls test
I mistakenly left out of last commit.
|
|
|
|
from imorgan at nas.nasa.gov
|
|
by vinschen at redhat.com.
|
|
puttygen(1) by $PATH
|
|
self: make changes to Makefile.in next time, not the generated Makefile).
|
|
[regress/Makefile regress/test-exec.sh regress/putty-ciphers.sh]
[regress/putty-kex.sh regress/putty-transfer.sh regress/ssh2putty.sh]
basic (crypto, kex and transfer) interop regression tests against putty
To run these, install putty and run "make interop-tests" from the build
directory - the tests aren't run by default yet.
|
|
[regress/sftp-cmds.sh]
unbreak lls command and add a regress test that would have caught the
breakage; spotted by mouring@
NB. sftp code change already committed.
|
|
[regress/agent-getpeereid.sh regress/agent.sh]
more existant -> existent, from Martynas Venckus;
pfctl changes: ok henning
ssh changes: ok deraadt
|
|
[regress/Makefile regress/localcommand.sh]
Add simple regress test for LocalCommand; ok djm@
|
|
|
|
pam_open_session and pam_close_session into the privsep monitor, which
will ensure that pam_session_close is called as root. Patch from Tomas
Mraz.
|
|
platforms where gcc understands the option but it's not supported (and
thus generates a warning).
|
|
equivalent of LLONG_MAX for the compat regression tests, which makes them
run on AIX and HP-UX. Patch from David Leonard.
|
|
implementation. It's not needed to fix bug #1081 and breaks the build
on some AIX configurations.
|
|
always work for all platforms and versions, so test what we can and
add a configure flag to turn it of if needed. ok djm@
|
