Age | Commit message (Collapse) | Author |
|
audit breakage in Solaris 11. Patch from Magnus Johansson.
|
|
to work. Spotted by Angel Gonzalez
|
|
it actually works.
|
|
unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
ok dtucker@
|
|
preserved Cygwin environment variables; from Corinna Vinschen
|
|
[version.h]
move from 6.0-beta to 6.0
|
|
[packet.c packet.h]
packet_read_poll() is not used anymore.
|
|
[authfile.c]
memleak in key_load_file(); from Jan Klemkow
|
|
[packet.c]
do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
ok dtucker@, djm@
|
|
[clientloop.c]
Ensure that $DISPLAY contains only valid characters before using it to
extract xauth data so that it can't be used to play local shell
metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
|
|
[ssh-pkcs11-client.c]
Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
While there, be sure to buffer_clear() between send_msg() and recv_msg().
ok markus@
|
|
[ssh-ecdsa.c]
Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
ok markus@
|
|
[mux.c]
fix double-free in new session handler
|
|
[monitor.c]
memleak on error path
|
|
that don't support ECC. Patch from Phil Oleson
|
|
null implementation of HMAC_CTX_init for the benefit of old versions
of OpenSSL that don't have it.
|
|
[auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
fix some harmless and/or unreachable int overflows;
reported Xi Wang, ok markus@
|
|
[mux.c]
revert:
> revision 1.32
> date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
> fix bz#1948: ssh -f doesn't fork for multiplexed connection.
> ok dtucker@
it interacts badly with ControlPersist
|
|
[mac.c]
fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
HMAC_init (this change in policy seems insane to me)
ok dtucker@
|
|
[mux.c]
fix bz#1948: ssh -f doesn't fork for multiplexed connection.
ok dtucker@
|
|
[sftp.c]
Don't leak list in complete_cmd_parse if there are no commands found.
Discovered when I was ``borrowing'' this code for something else.
ok djm@
|
|
|
|
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
with some rework from myself and djm. ok djm.
|
|
[moduli]
regenerated moduli file; ok deraadt
|
|
[session.c]
bz#1859: send tty break to pty master instead of (probably already
closed) slave side; "looks good" markus@
|
|
[ssh.c]
bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
was incorrectly requesting the forward in both the control master and
slave. skip requesting it in the master to fix. ok markus@
|
|
[umac.c]
typo in comment; patch from Michael W. Bombardieri
|
|
[moduli.c]
s/tmpfile/tmp/ to make this -Wshadow clean
|
|
[ssh-add.c]
add -k to usage(); reminded by jmc@
|
|
[ssh.c]
ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
|
|
fails. Patch from Corinna Vinschen.
|
|
[ssh-add.1 ssh-add.c]
new "ssh-add -k" option to load plain keys (skipping certificates);
"looks ok" markus@
|
|
[auth-options.c key.c]
remove explict search for \0 in packet strings, this job is now done
implicitly by buffer_get_cstring; ok markus
|
|
[moduli.c]
add missing includes to unbreak tree; fix from rpointel
|
|
[ssh-keygen.c]
put -K in the right place (usage());
|
|
[moduli.c ssh-keygen.1 ssh-keygen.c]
Add optional checkpoints for moduli screening. feedback & ok deraadt
|
|
[sftp-glob.c]
silence error spam for "ls */foo" in directory with files; bz#1683
|
|
[sshd.c]
fix inverted test that caused logspam; spotted by henning@
|
|
|
|
[auth2-pubkey.c]
improve the AuthorizedPrincipalsFile debug log message to include
file and line number
|
|
[mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c version.h]
unbreak remote portforwarding with dynamic allocated listen ports:
1) send the actual listen port in the open message (instead of 0).
this allows multiple forwardings with a dynamic listen port
2) update the matching permit-open entry, so we can identify where
to connect to
report: den at skbkontur.ru and P. Szczygielski
feedback and ok djm@
|
|
[channels.c auth-options.c servconf.c channels.h sshd.8]
Add wildcard support to PermitOpen, allowing things like "PermitOpen
localhost:*". bz #1857, ok djm markus.
|
|
|
|
openbsd-compat/strnlen.c] Add strnlen to the compat library.
|
|
from des AT des.no
|
|
of static __findenv() function from upstream setenv.c
|
|
[openbsd-compat/inet_ntop.c]
fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
|
|
marker. The upstream API has changed (function and structure names)
enough to put it out of sync with other providers of this interface.
|
|
The file was totally rewritten between what we had in tree and -current.
|
|
[mktemp.c]
Remove useless code, the kernel will set errno appropriately if an
element in the path does not exist. OK deraadt@ pvalchev@
|