| Age | Commit message (Collapse) | Author |
|---|
|
[regress/test-exec.sh]
re-enable protocol v1 for the tests.
|
|
[sftp-client.c]
d_type isn't portable so use lstat to get dirent modes. Suggested by and
"looks sane" deraadt@
|
|
[sshd_config.5 ssh_config.5 sshd.8 ssh.1]
some tweaks now that protocol 1 is not offered by default; ok markus
|
|
- markus@cvs.openbsd.org 2009/10/08 14:03:41
[sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt
|
|
dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
lstat.
|
|
stat(), needed on at least cygwin.
|
|
least dragonflybsd.
|
|
|
|
|
|
[regress/ssh2putty.sh]
Add OpenBSD tag to make syncs easier
|
|
[ssh-com-sftp.sh]
fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos
Silva for Google Summer of Code
|
|
[sftp-batch.sh sftp-badcmds.sh sftp.sh sftp-cmds.sh sftp-glob.sh]
date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
add "-P port" to match scp(1). Fortunately, the -P option is only really
used by our regression scripts.
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
of Code work; ok deraadt markus
|
|
[regress/Makefile]
regression test for port number parsing. written as part of the a2port
change that went into 5.2 but I forgot to commit it at the time...
|
|
[regress/multiplex.sh]
Always specify ssh_config for multiplex tests: prevents breakage caused
by options in ~/.ssh/config. From Dan Peterson.
|
|
[regress/addrmatch.sh]
match string "passwordauthentication" only at start of line, not anywhere
in sshd -T output
|
|
[session.c]
bz#1596: fflush(NULL) before exec() to ensure that everying (motd
in particular) has made it out before the streams go away.
|
|
[dh.c]
fix a cast
ok djm@ markus@
|
|
[ssh-agent.c]
fix a race condition in ssh-agent that could result in a wedged or
spinning agent: don't read off the end of the allocated fd_sets, and
don't issue blocking read/write on agent sockets - just fall back to
select() on retriable read/write errors. bz#1633 reported and tested
by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
|
|
[sftp-server.8]
document -e and -h; prodded by jmc@
|
|
[sftp-server.c]
check correct variable for error message, spotted by martynas@
|
|
[authfd.c ssh-add.c authfd.h]
Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
when the agent refuses the constrained add request. This was a useful
migration measure back in 2002 when constraints were new, but just
adds risk now.
bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
|
|
[sftp-server.8]
allow setting an explicit umask on the commandline to override whatever
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
|
|
[ssh-keygen.c]
force use of correct hash function for random-art signature display
as it was inheriting the wrong one when bubblebabble signatures were
activated; bz#1611 report and patch from fwojcik+openssh AT besh.com;
ok markus@
|
|
[sftp-server.c]
allow setting an explicit umask on the commandline to override whatever
default the user has. bz#1229; ok dtucker@ deraadt@ markus@
|
|
[mux.c]
subsystem_flag is defined in ssh.c so it's extern; ok djm
|
|
[sftp.1]
ether -> either;
|
|
[sftp.1]
fix "get" command usage, spotted by jmc@
|
|
[sftp-client.h sftp.1 sftp-client.c sftp.c]
recursive transfer support for get/put and on the commandline
work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code
with some tweaks by me; "go for it" deraadt@
|
|
[sshd_config.5]
Add PubkeyAuthentication to the list allowed in a Match block (bz #1577)
|
|
[auth.h]
remove unused define. markus@ ok.
(Id sync only, Portable still uses this.)
|
|
[sftp-client.c]
make the "get_handle: ..." error messages vaguely useful by allowing
callers to specify their own error message strings.
|
|
[sftp.1 sftp.c]
sync synopsis and usage();
|
|
[sftp.1 sftp.c]
Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
add "-P port" to match scp(1). Fortunately, the -P option is only really
used by our regression scripts.
part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
of Code work; ok deraadt markus
|
|
[sftp.1]
sort options;
|
|
[sftp.c sftp.1]
support most of scp(1)'s commandline arguments in sftp(1), as a first
step towards making sftp(1) a drop-in replacement for scp(1).
One conflicting option (-P) has not been changed, pending further
discussion.
Patch from carlosvsilvapt@gmail.com as part of his work in the
Google Summer of Code
|
|
spotted by des AT des.no
|
|
20090926
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
[contrib/suse/openssh.spec] Update for release
- (djm) [README] update relnotes URL
- (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere
- (djm) Release 5.3p1
|
|
10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch
from jbasney at ncsa uiuc edu.
|
|
(-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@
|
|
krb5-config if it's not in the location specified by --with-kerberos5.
Patch from jchadima at redhat.
|
|
text from Chris Pepper in bug #1631.
|
|
|
|
size a compile-time option and set it to 64k on Cygwin, since Corinna
reports that it makes a significant difference to performance. ok djm@
|
|
the pty master on Solaris, since it never succeeds and can hang if large
amounts of data is sent to the slave (eg a copy-paste). Based on a patch
originally from Doke Scott, ok djm@
|
|
in argv, so pass them in the environment; ok dtucker@
|
|
attempting atomic rename(); ok dtucker@
|
|
and mention PAM as another provider for ChallengeResponseAuthentication;
bz#1408; ok dtucker@
|
|
another provider for ChallengeResponseAuthentication; bz#1408; ok dtucker@
|
|
causes problems in some Tru64 configurations.
|
|
the setpcred call on AIX to immediately before the permanently_set_uid().
Ensures that we still have privileges when we call chroot and
pam_open_sesson. Based on a patch from David Leonard.
|
