Age | Commit message (Collapse) | Author |
|
http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16
respectively).
|
|
larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch
from Nicholas Marriott.
|
|
has been compiled in); report from nix-corp AT esperi.org.uk
ok dtucker@
|
|
[servconf.c]
do not try to print options that have been compile-time disabled
in config test mode (sshd -T); report from nix-corp AT esperi.org.uk
ok dtucker@
|
|
|
|
[contrib/suse/openssh.spec] Update version number in README and RPM specs
|
|
[version.h]
openssh-5.1
|
|
[sftp-server.8]
no need for .Pp before or after .Sh;
|
|
|
|
code, replace with equivalent cygwin library call. Patch from vinschen
at redhat.comi, ok djm@.
|
|
[auth2-hostbased.c]
strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes
report and patch from res AT qoxp.net (bz#1200); ok markus@
|
|
[sshconnect2.c]
strnvis preauth banner; pointed out by mpf@ ok markus@
|
|
[channels.c]
this loop index should be automatic, not static
|
|
[clientloop.c]
rename variable first_gc -> last_gc (since it is actually the last
in the list).
|
|
[sftp.1]
number of pipelined requests is now 64;
prodded by Iain.Morgan AT nasa.gov
|
|
return EAI_FAMILY when trying to lookup unsupported address family;
from vinschen AT redhat.com
|
|
[contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd]
Revamped and simplified Cygwin ssh-host-config script that uses
unified csih configuration tool. Requires recent Cygwin.
Patch from vinschen AT redhat.com
|
|
[sftp-server.8]
mention requirement for /dev/log inside chroot when using sftp-server
with ChrootDirectory
|
|
reported by cristian.ionescu-idbohrn AT axis.com
|
|
prototype; reported by cristian.ionescu-idbohrn AT axis.com
|
|
avoid clash with sin(3) function; reported by
cristian.ionescu-idbohrn AT axis.com
|
|
[sftp.c]
increase number of piplelined requests so they properly fill the
(recently increased) channel window. prompted by rapier AT psc.edu;
ok markus@
|
|
[channels.c]
use struct sockaddr_storage instead of struct sockaddr for accept(2)
address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
|
|
[ssh-keygen.c]
Change "ssh-keygen -F [host] -l" to not display random art unless
-v is also specified, making it consistent with the manual and other
uses of -l.
ok grunk@
|
|
[scp.1]
better description for -i flag:
s/RSA authentication/public key authentication/
|
|
- djm@cvs.openbsd.org 2008/07/12 04:52:50
[channels.c]
unbreak; move clearing of cctx struct to before first use
reported by dkrause@
|
|
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
sync v1 and v2 traffic accounting; add it to sshd, too;
ok djm@, dtucker@
|
|
[channels.c]
missing bzero; from mickey; ok djm@
|
|
[key.c]
/*NOTREACHED*/ for lint warning:
warning: function key_equal falls off bottom without returning value
ok djm@
|
|
[ttymodes.c]
we don't need arg after the debug3() was removed. from lint.
ok djm@
|
|
|
|
|
|
account check failure path. The vulnerable format buffer is supplied
from PAM and should not contain attacker-supplied data.
|
|
|
|
[PROTOCOL]
grammar
|
|
|
|
|
|
[auth1.c auth2.c]
Make protocol 1 MaxAuthTries logic match protocol 2's.
Do not treat the first protocol 2 authentication attempt as
a failure IFF it is for method "none".
Makes MaxAuthTries' user-visible behaviour identical for
protocol 1 vs 2.
ok dtucker@
|
|
- djm@cvs.openbsd.org 2008/07/04 23:08:25
[packet.c]
handle EINTR in packet_write_poll()l ok dtucker@
|
|
Tru64. readv doesn't seem to be a comparable object there.
bz#1386, patch from dtucker@ ok me
|
|
passwords disabled. bz#1083 report & patch from senthilkumar_sen AT
hotpop.com, w/ dtucker@
|
|
[packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
[sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
some platforms (HP nonstop) it is a distinct errno;
bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
|
|
[regress/conch-ciphers.sh]
explicitly disable conch options that could interfere with the test
|
|
[putty-transfer.sh putty-kex.sh putty-ciphers.sh]
remove "set -e" left over from debugging
|
|
[key-options.sh]
shell portability: use "=" instead of "==" in test(1) expressions,
double-quote string with backslash escaped /
|
|
returns EXDEV. Patch from Mike Garrison, ok djm@
|
|
[monitor.c]
Make debug a little clearer. ok djm@
|
|
[servconf.c groupaccess.h groupaccess.c]
support negation of groups in "Match group" block (bz#1315); ok dtucker@
|
|
[auth2-pubkey.c]
avoid nasty double free; ok dtucker@ djm@
|
|
[ssh.1 ssh.c]
When forking after authentication ("ssh -f") with ExitOnForwardFailure
enabled, delay the fork until after replies for any -R forwards have
been seen. Allows for robust detection of -R forward failure when
using -f (similar to bz#92); ok dtucker@
|