Age | Commit message (Collapse) | Author |
|
Report from Janusz Mucka; ok djm@
|
|
[servconf.c]
Unbreak sshd ListenAddress for bare IPv6 addresses.
|
|
[readconf.c]
listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
|
|
[ssh.c]
fix -D listen_host initialisation, so it picks up gateway_ports setting
correctly
|
|
[packet.c]
missing packet_init_compression(); from solar
|
|
Sync current (thread-safe) version of realpath.c from OpenBSD (which is
in turn based on FreeBSD's). ok djm@
|
|
Report from skeleten AT shillest.net, ok djm@
|
|
Report by skeleten AT shillest.net
|
|
latter is specified in the standard.
|
|
individually and use a value less likely to collide with real values from
netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@
|
|
adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
|
|
with gcc. ok djm@
|
|
[scp.c hostfile.c sftp-client.c]
Silence bogus -Wuninitialized warnings; ok djm@
|
|
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
[sshconnect2.c sshd.c sshd_config sshd_config.5]
add a new compression method that delays compression until the user
has been authenticated successfully and set compression to 'delayed'
for sshd.
this breaks older openssh clients (< 3.5) if they insist on
compression, so you have to re-enable compression in sshd_config.
ok djm@
|
|
- otto@cvs.openbsd.org 2005/07/19 15:32:26
[auth-passwd.c]
auth_usercheck(3) can return NULL, so check for that. Report from
mpech@. ok markus@
|
|
tim@.
|
|
|
|
|
|
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
|
|
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
[cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
[serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
[sshconnect.c sshconnect2.c]
knf says that a 2nd level indent is four (not three or five) spaces
|
|
- djm@cvs.openbsd.org 2005/07/17 06:49:04
[channels.c channels.h session.c session.h]
Fix a number of X11 forwarding channel leaks:
1. Refuse multiple X11 forwarding requests on the same session
2. Clean up all listeners after a single_connection X11 forward, not just
the one that made the single connection
3. Destroy X11 listeners when the session owning them goes away
testing and ok dtucker@
|
|
|
|
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
|
|
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
[sshconnect.c]
spacing
|
|
socketpair stays open on in both the monitor and PAM process. Patch from
Joerg Sonnenberger.
|
|
compiler doesn't understand it to prevent warnings. If any mainstream
compiler versions acquire it we can test for those versions. Based on
discussion with djm@.
|
|
[misc.h]
use __sentinel__ attribute; ok deraadt@ djm@ markus@
|
|
[ssh_config.5]
new sentence, new line;
|
|
[ssh_config.5]
change BindAddress to match recent ssh -b change; prompted by markus@
|
|
[channels.h]
race when efd gets closed while there is still buffered data:
change CHANNEL_EFD_OUTPUT_ACTIVE()
1) c->efd must always be valid AND
2a) no EOF has been seen OR
2b) there is buffered data
report, initial fix and testing Chuck Cranor
|
|
[misc.c]
Make comment match code; ok djm@
|
|
[ssh.1]
clarify meaning of ssh -b ; with & ok jmc@
|
|
calls to krb5_init_ets, which has not been required since krb-1.1.x and
most Kerberos versions no longer export in their public API. From sxw
at inf.ed.ac.uk, ok djm@
|
|
in the case where the buffer is insufficient, so always return ENOMEM.
Also pointed out by sxw at inf.ed.ac.uk.
|
|
Kerberos code path into a common function and expand mkstemp template to be
consistent with the rest of OpenSSH. From sxw at inf.ed.ac.uk, ok djm@
|
|
[channels.c]
don't forget to set x11_saved_display
|
|
[ssh_config.5]
fix Xr and a little grammar;
|
|
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
implement support for X11 and agent forwarding over multiplex slave
connections. Because of protocol limitations, the slave connections inherit
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
their own.
ok dtucker@ "put it in" deraadt@
|
|
[channels.c]
don't free() if getaddrinfo() fails; report mpech@
|
|
|
|
[ssh.c]
do the default port filling code a few lines earlier, so it really
does fix %p
|
|
[ssh.c ssh_config.5]
allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
|
|
- djm@cvs.openbsd.org 2005/06/17 22:53:47
[ssh.c sshconnect.c]
Fix ControlPath's %p expanding to "0" for a default port,
spotted dwmw2 AT infradead.org; ok markus@
|
|
tested and fixes tim@
|
|
|
|
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
|
|
[auth1.c] split protocol 1 auth methods into separate functions, makes
authloop much more readable; fixes and ok markus@ (portable ok &
polish dtucker@)
|
|
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
and ok tim@
----------------------------------------------------------------------
automatically CVS: CVS: Committing in . CVS: CVS: Modified Files:
----------------------------------------------------------------------
|
|
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
make this -Wsign-compare clean; ok avsm@ markus@
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
NB2. more work may be needed to make portable Wsign-compare clean
|
|
[canohost.c channels.c sshd.c]
don't exit if getpeername fails for forwarded ports; bugzilla #1054;
ok djm
|