| Age | Commit message (Collapse) | Author |
|---|
|
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
|
|
[sshd_config.5]
Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
|
|
- dtucker@cvs.openbsd.org 2012/05/13 01:42:32
[servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
to match. Feedback and ok djm@ markus@.
|
|
pkg-config so it does the right thing when cross-compiling. Patch from
cjwatson at debian org.
|
|
from cjwatson at debian org.
|
|
to fix building on some plaforms. Fom bowman at math utah edu and
des at des no.
|
|
platform rather than exiting early, so that we still clean up and return
status to test-exec.sh
|
|
ok dtucker@
|
|
via Niels
|
|
[channels.c]
fix function proto/source mismatch
|
|
[ssh.1]
use "brackets" instead of "braces", for consistency;
|
|
[sftp.c]
setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
|
|
[sshd_config sshd_config.5]
mention AuthorizedPrincipalsFile=none default
|
|
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@
|
|
[ssh-keyscan.1 ssh-keyscan.c]
now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
look for them by default; bz#1971
|
|
[sshd.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
|
|
[auth.c]
Support "none" as an argument for AuthorizedPrincipalsFile to indicate
no file should be read.
|
|
[channels.c channels.h clientloop.c serverloop.c]
don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
while; ok deraadt@ markus@
|
|
[channels.c channels.h servconf.c]
Add PermitOpen none option based on patch from Loganaden Velvindron
(bz #1949). ok djm@
|
|
[PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert.
|
|
[session.c]
root should always be excluded from the test for /etc/nologin instead
of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@
|
|
[ssh-keygen.c]
allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
|
|
|
|
|
|
[contrib/suse/openssh.spec] Update for release 6.0
|
|
contains openpty() but not login()
|
|
mode for Linux's new seccomp filter; patch from Will Drewry; feedback
and ok dtucker@
|
|
assumptions when building on Cygwin; patch from Corinna Vinschen
|
|
openssh binaries on a newer fix release than they were compiled on.
with and ok dtucker@
|
|
file from spec file. From crighter at nuclioss com.
|
|
addressed connections. ok dtucker@
|
|
systems where sshd is run in te wrong context. Patch from Sven
Vermeulen; ok dtucker@
|
|
audit breakage in Solaris 11. Patch from Magnus Johansson.
|
|
to work. Spotted by Angel Gonzalez
|
|
it actually works.
|
|
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
ok dtucker@
|
|
preserved Cygwin environment variables; from Corinna Vinschen
|
|
[version.h]
move from 6.0-beta to 6.0
|
|
[packet.c packet.h]
packet_read_poll() is not used anymore.
|
|
[authfile.c]
memleak in key_load_file(); from Jan Klemkow
|
|
[packet.c]
do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
ok dtucker@, djm@
|
|
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
|
|
[ssh-pkcs11-client.c]
Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
While there, be sure to buffer_clear() between send_msg() and recv_msg().
ok markus@
|
|
[ssh-ecdsa.c]
Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
ok markus@
|
|
[mux.c]
fix double-free in new session handler
|
|
[monitor.c]
memleak on error path
|
|
that don't support ECC. Patch from Phil Oleson
|
|
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
|
|
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
fix some harmless and/or unreachable int overflows;
reported Xi Wang, ok markus@
|
|
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
|
