| Age | Commit message (Collapse) | Author |
|---|
|
[servconf.h session.c sshd.c]
rekey arc4random and OpenSSL RNG in postauth child
closefrom fds > 2 before shell/command execution
ok markus@
|
|
[ssh.1 sshd.8 sshd_config.5]
bump Mdocdate for pages committed in "febuary", necessary because
of a typo in rcs.c;
|
|
either, so use our own.
|
|
Debian patch via bernd AT openbsd.org
|
|
|
|
configure (and there's not much point, as openssh won't work without it)
so HAVE_SELECT is not defined and the poll(2) compat code doesn't get
built in. Remove HAVE_SELECT so we can build on platforms without poll.
|
|
same SyslogFacility as the rest of sshd. Patch from William Knox,
ok djm@.
|
|
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
|
|
compat glue into openssl-compat.h.
|
|
openbsd-compat/openssl-compat.{c,h}] Bug #1437 Move the OpenSSL compat
header to after OpenSSL headers, since some versions of OpenSSL have
SSLeay_add_all_algorithms as a macro already.
|
|
linking problems on AIX with gcc 4.1.x.
|
|
headers so ./configure --with-ssl-engine actually works. Patch from
Ian Lister.
|
|
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
|
|
since it now conflicts with the helper function in misc.c. From
vinschen AT redhat.com.
|
|
- (tim) [contrib/cygwin/ssh-host-config]
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
|
|
Grammar changes on SYSCONFDIR LOCALSTATEDIR messages.
Check more thoroughly that it's possible to create the /var/empty directory.
Patch by vinschen AT redhat.com
|
|
[servconf.c session.c]
delay ~ expansion for ChrootDirectory so it expands to the logged-in user's
home, rather than the user who starts sshd (probably root)
|
|
[sshd_config.5]
mantion that "internal-sftp" is useful with ForceCommand too
|
|
[ssh.1 sshd.8]
Document the correct permissions for the ~/.ssh/ directory.
ok jmc
|
|
[sshd_config.5]
missing `)';
|
|
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in chroot
required). ok markus@
|
|
[servconf.c servconf.h session.c sftp-server.c sftp.h sshd_config]
[sshd_config.5]
add sshd_config ChrootDirectory option to chroot(2) users to a directory
and tweak internal sftp server to work with it (no special files in
chroot required). ok markus@
|
|
[session.c sftp-server.c sftp.h]
link sftp-server into sshd; feedback and ok djm@
|
|
[scp.1]
explain how to handle local file names containing colons;
requested by Tamas TEVESZ
ok dtucker
|
|
[clientloop.c packet.c serverloop.c]
Revert the change for bz #1307 as it causes connection aborts if an IGNORE
packet arrives while we're waiting in packet_read_expect (and possibly
elsewhere).
|
|
[sftp-client.c]
when a remote write error occurs during an upload, ensure that ACKs for
all issued requests are properly drained. patch from t8m AT centrum.cz
|
|
[sftp-server.c]
Remove the fixed 100 handle limit in sftp-server and allocate as many
as we have available file descriptors. Patch from miklos AT szeredi.hu;
ok dtucker@ markus@
|
|
[sftp.c]
When uploading, correctly handle the case of an unquoted filename with
glob metacharacters that match a file exactly but not as a glob, e.g. a
file called "[abcd]". report and test cases from duncan2nd AT gmx.de
|
|
[readconf.c readconf.h sshconnect2.c]
promote rekeylimit to a int64 so it can hold the maximum useful limit
of 2^32; report and patch from Jan.Pechanec AT Sun.COM, ok dtucker@
|
|
[channels.c]
When we added support for specified bind addresses for port forwards, we
added a quirk SSH_OLD_FORWARD_ADDR. There is a bug in our handling of
this for -L port forwards that causes the client to listen on both v4
and v6 addresses when connected to a server with this quirk, despite
having set 0.0.0.0 as a bind_address.
report and patch from Jan.Pechanec AT Sun.COM; ok dtucker@
|
|
[ssh-keygen.c]
unbreak line numbering (broken in revision 1.164), fix error message
|
|
[ssh-keygen.c]
when hashing individual hosts (ssh-keygen -Hf hostname), make sure we
hash just the specified hostname and not the entire hostspec from the
keyfile. It may be of the form "hostname,ipaddr", which would lead to
a hash that never matches. report and fix from jp AT devnull.cz
|
|
[sftp-client.c]
fix remote handle leak in do_download() local file open error path;
report and fix from sworley AT chkno.net
|
|
[ssh.c]
ignore SIGPIPE in multiplex client mode - we can receive this if the
server runs out of fds on us midway. Report and patch from
gregory_shively AT fanniemae.com
|
|
[clientloop.c]
fd leak on session multiplexing error path. Report and patch from
gregory_shively AT fanniemae.com
|
|
[scp.1]
scp -q implies ssh -q for the underlying connection, it doesn't just
hush the progress meter
|
|
[ssh.1]
satisfy the pedants: -q does not suppress all diagnostic messages (e.g.
some commandline parsing warnings go unconditionally to stdout).
|
|
[sftp-client.c sftp-client.h]
disable unused functions
initially from tobias@, but disabled them by placing them in
"#ifdef notyet" which was asked by djm@
ok djm@ tobias@
|
|
tsr2600 AT gmail.com
|
|
mikel AT mikelward.com
|
|
|
|
[moduli]
Updated moduli file; ok djm@
|
|
[sshd_config.5 servconf.c]
Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
only from the local network. ok markus@, man page bit ok jmc@
|
|
|
|
[scp.c]
If scp -p encounters a pre-epoch timestamp, use the epoch which is
as close as we can get given that it's used unsigned. Add a little
debugging while there. bz #828, ok djm@
|
|
[misc.c]
spaces -> tabs from my previous commit
|
|
[sshd.c]
When in inetd mode, have sshd generate a Protocol 1 ephemeral server
key only for connections where the client chooses Protocol 1 as opposed
to when it's enabled in the server's config. Speeds up Protocol 2
connections to inetd-mode servers that also allow Protocol 1. bz #440,
based on a patch from bruno at wolff.to, ok markus@
|
|
- dtucker@cvs.openbsd.org 2007/12/31 10:41:31
[readconf.c servconf.c]
Prevent strict-aliasing warnings on newer gcc versions. bz #1355, patch
from Dmitry V. Levin, ok djm@
|
|
builtin glob implementation on Mac OS X. Based on a patch from
vgiffin at apple.
|
|
[clientloop.c]
Use the correct packet maximum sizes for remote port and agent forwarding.
Prevents the server from killing the connection if too much data is queued
and an excessively large packet gets sent. bz #1360, ok djm@.
|
