| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
flag tests that don't depend on gcc version at all; suggested by and
ok dtucker@
|
|
silly warnings on write() calls we don't care succeed or not.
|
|
avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
and sanity check arguments (these will be unnecessary when we switch
struct glob members from being type into to size_t in the future);
"looks ok" tedu@ feedback guenther@
|
|
[openbsd-compat/glob.c]
Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
from ARG_MAX to 64K.
Fixes glob-using programs (notably ftp) able to be triggered to hit
resource limits.
Idea from a similar NetBSD change, original problem reported by jasper@.
ok millert tedu jasper
|
|
[clientloop.c ssh-keygen.c sshd.c]
some unsigned long long casts that make things a bit easier for
portable without resorting to dropping PRIu64 formats everywhere
|
|
[sshlogin.c]
fd leak on error paths; from zinovik@
NB. Id sync only; we use loginrec.c that was also audited and fixed
recently
|
|
[clientloop.c]
use host and not options.hostname, as the latter may have unescaped
substitution characters
|
|
|
|
source tree.
|
|
openssh AT roumenpetrov.info
|
|
test on OSX and others. Reported by imorgan AT nas.nasa.gov
|
|
[sshconnect.c]
reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
ok markus@
|
|
[regress/Makefile regress/host-expand.sh]
regress test for LocalCommand %n expansion from bert.wesarg AT
googlemail.com; ok markus@
|
|
[clientloop.c]
when exiting due to ServerAliveTimeout, mention the hostname that caused
it (useful with backgrounded controlmaster)
|
|
[ssh.c]
unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
googlemail.com; ok markus@
|
|
for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
|
|
[ssh-keyscan.c]
handle ecdsa-sha2 with various key lengths; hint and ok djm@
|
|
[auth-options.c]
don't send the actual forced command in a debug message; ok markus deraadt
|
|
[readpass.c]
fix ControlMaster=ask regression
reset SIGCHLD handler before fork (and restore it after) so we don't miss
the the askpass child's exit status. Correct test for exit status/signal to
account for waitpid() failure; with claudio@ ok claudio@ markus@
|
|
[sshconnect.c]
don't mention key type in key-changed-warning, since we also print
this warning if a new key type appears. ok djm@
|
|
[scp.1 scp.c]
scp.1: grammer fix
scp.c: add -3 to usage()
|
|
[scp.1 scp.c]
add a new -3 option to scp: Copies between two remote hosts are
transferred through the local host. Without this option the data
is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
|
|
formatter if it is present, followed by nroff and groff respectively.
Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
in favour of mandoc). feedback and ok tim
|
|
|
|
with Heimdal krb5 support. On OpenBSD this library no longer exists,
so linking it unconditionally causes a build failure; ok dtucker
|
|
|
|
[ssh_config.5 sshd_config.5]
explain that IPQoS arguments are separated by whitespace; iirc requested
by jmc@ a while back
|
|
[regress/sftp-cmds.sh]
adjust for hard-link support
|
|
|
|
[hostfile.c]
fix fd leak; spotted and ok dtucker
|
|
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
add a protocol extension to support a hard link operation. It is
available through the "ln" command in the client. The old "ln"
behaviour of creating a symlink is available using its "-s" option
or through the preexisting "symlink" command; based on a patch from
miklos AT szeredi.hu in bz#1555; ok markus@
|
|
[auth-rsa.c]
move check for revoked keys to run earlier (in auth_rsa_key_allowed)
bz#1829; patch from ldv AT altlinux.org; ok markus@
|
|
- djm@cvs.openbsd.org 2010/12/03 23:49:26
[schnorr.c]
check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
(this code is still disabled, but apprently people are treating it as
a reference implementation)
|
|
debugging. Spotted by djm.
|
|
shims for the new, non-deprecated OpenSSL key generation functions for
platforms that don't have the new interfaces.
|
|
instead of (arc4random() % range)
|
|
[auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
[sshconnect.h sshconnect2.c]
automatically order the hostkeys requested by the client based on
which hostkeys are already recorded in known_hosts. This avoids
hostkey warnings when connecting to servers with new ECDSA keys
that are preferred by default; with markus@
|
|
[authfile.c]
correctly load comment for encrypted rsa1 keys;
report/fix Joachim Schipper; ok djm@
|
|
[scp.c]
Pass through ssh command-line flags and options when doing remote-remote
transfers, e.g. to enable agent forwarding which is particularly useful
in this case; bz#1837 ok dtucker@
|
|
[session.c]
replace close() loop for fds 3->64 with closefrom();
ok markus deraadt dtucker
|
|
[channels.c]
remove a debug() that pollutes stderr on client connecting to a server
in debug mode (channel_close_fds is called transitively from the session
code post-fork); bz#1719, ok dtucker
|
|
[clientloop.c]
avoid NULL deref on receiving a channel request on an unknown or invalid
channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
|
|
[auth.c]
use strict_modes already passed as function argument over referencing
global options.strict_modes
|
|
[authfile.c]
Refactor internals of private key loading and saving to work on memory
buffers rather than directly on files. This will make a few things
easier to do in the future; ok markus@
|
|
[clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
honour $TMPDIR for client xauth and ssh-agent temporary directories;
feedback and ok markus@
|
|
- deraadt@cvs.openbsd.org 2010/11/20 05:12:38
[auth2-pubkey.c]
clean up cases of ;;
|
|
|
|
|
